(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Details about a new vulnerability related to SSL and TLS, entitled Decrypting RSA with Obsolete and Weakened eNcryption, or DROWN, have surfaced that takes advantage of a weakness in SSLv2. The most significant impact of this vulnerability to date relates to OpenSSL, which released an update today that addresses this vulnerability, and several others. The US-CERT published a notification today as well, stating Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. unless it has been enabled as part of the deployment, which should be identified during vulnerability testing. font-size:11.0pt">font-size:11.0pt">While secure default configurations, patches, and updates will often address the technical shortcomings in applications and libraries, it will not address architectural issues where integrations exist which rely on older encryption methods. Organizations that rely on SSLv2 for integrations may want to consider an enterprise effort to finally make the move, and eliminate the risk entirely.font-size:11.0pt">font-size:11.0pt">US-CERT Post

tony d0t carothers --gmail

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

John McAfee announces a rather implausible plan.

Former antivirus developer and presidential wannabe John McAfee claimed a couple of weeks ago to have the perfect solution to the FBI-Apple stand-off. He offered to crack the iPhone for the FBI for free. This would let the government agency gain access to the phone while freeing Apple from any demands to assist. So confident was McAfee of his ability to help out that he said he'd eat a shoe on TV if he couldn't get into the phone.

It will probably not come as much of a surprise to anyone to learn that the FBI has not been beating down McAfee's door.

Perhaps they were unconvinced by the strategy that the man outlined. He said that he and his team would primarily use "social engineering," which is to say, manipulating people into telling you what you want to know through gaining their trust. It can be a powerful technique, but it certainly isn't a panacea. It's often less effective when the victims are aware that you're trying to socially engineer them (for example, by announcing your intent to do so on the Internet). It's less effective still when the people holding the information are in fact dead. McAfee may be persuasive, but probably not so persuasive as to be able to coax a corpse to give up its PIN.

Read 12 remaining paragraphs | Comments


Before Diffie-Hellman, symmetric cryptography—as exemplified by this Nazi-era Enigma machine—was the norm. (credit: Michele M. F.)

On Tuesday, the Association for Computing Machinery, the nation’s leading organization for computer science, awarded its annual top prize of $1 million to two men whose name will forever be immortalized in cryptography: Whitfield Diffie and Martin Hellman.

The 2015 ACM Turing Award, which is sometimes referred to as the "Nobel Prize of Computing," was awarded to a former chief security officer at Sun Microsystems and a professor at Stanford University, respectively.

In their landmark 1976 paper, the Diffie-Hellman key exchange was the first to explore ideas of "public-key cryptography." That concept underpins much of modern cryptography, including PGP encrypted e-mail, TLS, and more. Public-key cryptography, also known as asymmetric cryptography, relies on two keys, one a freely shareable public key, the other a secret private key, thus eliminating the historic key management problem of the same key being kept by both the recipient and sender.

Read 3 remaining paragraphs | Comments

[SECURITY] [DSA 3501-1] perl security update
[SECURITY] [DSA 3500-1] openssl security update

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

As announced last week, an update to the OpenSSL library and tools was released today. The update fixes 6 vulnerabilities and disables weak ciphers in the default build for SSLv3 and higher. SSLv2 is also no longer included in the default build. Also the req app used to create certificate signing requests will now create 2048 bit keys by default just like other parts of OpenSSL.

CVE-2016-0799 is probably the only vulnerability with some potential of remote code execution. But its exposure is limited.

CVE-2016-0800: Disable SSLv2 default build, default negotiations, and weak ciphers

This patch will make it less likely that SSLv2 is used. A developer will have to specifically request SSLv2 to be used, and any version flexible methods will use SSLv3. SSlv2 40 bit EXPORT ciphers, and 56 bit DES is no longer available as these ciphers can be brute forced easily (for a long time now).

CVE-2016-0705: Fix a double free in DSA Code

If OpenSSL parses corrupt private DSA keys, a memory corruption and denial of service may be triggered. For the most part, private keys are configured by administrators and only in very few cases, an attacker may be able to provide a private key. Exposure of this vulnerability is unlikely.

CVE-2016-0798:Disable SRP fake user seed to address a server memory leak

This patch introduces a new function,SRP_VBASE_get1_by_user which will replace SRP_VBASE_get_by_user. The new function ignores a fake user SRP seed that lead to the memory leak.

CVE-2016-0797:Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption

If large ammounts of data are passed to BN_hex2nb/BN_dec2bn, then a heap corruption can occur. This function is used to parse configuration data, that tends to be trusted and the bug is unlikely to be exploitable.

CVE-2016-0799:Fix memory issues in BIO_*printf functions

Details about the BIO_*printf function vulnerability were released already, giving attackers a slight head start on this one. However, exploitation is unlikely. Applications could use the function directly and expose it that way. OpenSSL only uses it to print human-readable dumps of ASN.1 data, which tends not to happen in servers (more likely in the command line utilities that are used interactively).

CVE-2016-0702:Fix side channel attack on modular exponentiation

This fixes a problem specific to Intels Sandy Bridge CPUs. The vulnerability could lead to leaks of private keys if the attackers code runs on the same CPU core as te SSL code using the key.

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allowa arbitrary (remote) code execution WITH escalation of privilege

Enlarge (credit: Aviram et al.)

More than 11 million websites and e-mail services protected by the transport layer security protocol are vulnerable to a newly discovered, low-cost attack that decrypts sensitive communications in a matter of hours and in some cases almost immediately, an international team of researchers warned Tuesday. More than 81,000 of the top 1 million most popular Web properties are among the vulnerable HTTPS-protected sites.

The attack works against TLS-protected communications that rely on the RSA cryptosystem when the key is exposed even indirectly through SSLv2, a TLS precursor that was retired almost two decades ago because of crippling weaknesses. The vulnerability allows an attacker to decrypt an intercepted TLS connection by repeatedly using SSLv2 to make connections to a server. In the process, the attacker learns a few bits of information about the encryption key each time. While many security experts believed the removal of SSLv2 support from browser and e-mail clients prevented abuse of the legacy protocol, some misconfigured TLS implementations still tacitly support the legacy protocol when an end-user computer specifically requests its use. The most notable implementation subject to such fatal misconfigurations is the OpenSSL cryptographic library, which on Tuesday is expected to release an update that makes such settings much less likely to occur.

Recent scans of the Internet at large show that more than 5.9 million Web servers, comprising 17 percent of all HTTPS-protected machines, directly support SSLv2. The same scans reveal that at least 936,000 TLS-protected e-mail servers also support the insecure protocol. That's a troubling finding, given widely repeated advice that SSLv2—short for secure sockets layer version 2—be disabled. More troubling still, even when a server doesn't allow SSLv2 connections, it may still be susceptible to attack if the underlying RSA key pair is reused on a separate server that does support the old protocol. A website, for instance, that forbids SSLv2 may still be vulnerable if its key is used on an e-mail server that allows SSLv2. By the researchers' estimate, that leaves 11.5 million HTTPS-protected websites and a significant number of TLS-protected e-mail servers open to attack.

Read 17 remaining paragraphs | Comments

[SYSS-2016-009] Sophos UTM 525 Web Application Firewall - Cross-Site Scripting in

WDATP can detect anomalous behavior even when the malware scanner doesn't find anything wrong. (credit: Microsoft)

Microsoft is beefing up Windows Defender, the anti-malware program that ships with Windows 10, to give it the power to tell companies that they've been hacked after the fact.

Attacks that depend on social engineering rather than software flaws, as well as those taking advantage of unpatched zero-day vulnerabilities, can evade traditional anti-malware software. Microsoft says that there were thousands of such attacks in 2015 and that on average they took 200 days to detect and a further 80 days to contain, giving attackers ample time to steal data and incurring average costs of $12 million per incident. The catchily named Windows Defender Advanced Threat Protection is designed to detect this kind of attack, not by looking for specific pieces of malware, but rather by detecting system activity that looks out of the ordinary.

For example, a social engineering attack might encourage a victim to run a program that was attached to an e-mail or execute a suspicious-looking PowerShell command. The Advanced Persistent Threat (APT) software that's typically used in such attacks may scan ports, connect to network shares to look for data to steal, or connect to remote systems to seek new instructions and exfiltrate data. Windows Defender Advanced Threat Protection can monitor this behavior and see how it deviates from normal, expected system behavior. The baseline is the aggregate behavior collected anonymously from more than 1 billion Windows systems. If systems on your network start doing something that the "average Windows machine" doesn't, WDATP will alert you.

Read 6 remaining paragraphs | Comments

WordPress plugin GravityForms Cross-site Scripting vulnerability
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Internet Storm Center Infocon Status