Hackin9
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Attackers are actively exploiting a previously unknown vulnerability in all supported versions of Internet Explorer that allows them to surreptitiously hijack vulnerable computers, Microsoft warned Sunday.

The zero-day code-execution hole in IE versions 6 through 11 represents a significant threat to the Internet security because there is currently no fix for the underlying bug, which affects an estimated 26 percent of the total browser market. It's also the first significant vulnerability to target Windows XP users since Microsoft withdrew support for that aging OS earlier this month. Users who have the option of using an alternate browser should avoid all use of IE for the time being. Those who remain dependent on the Microsoft browser should immediately install EMET, Microsoft's freely available toolkit that greatly extends the security of Windows systems.

The vulnerability is formally indexed as CVE-2014-1776. Microsoft has blog posts here, here, and here that lay out bare bones details uncovered at this early stage in its investigation. Although there is no exploited vulnerability in Adobe Flash, disabling the browser add-on will also neutralize attacks, analysts at security firm FireEye Research Labs wrote in a separate blog post published Sunday. Disabling vector markup language support in IE also mitigates attacks.

Read 4 remaining paragraphs | Comments

 

CSG Invotas to Participate in InfoSec Europe 2014
SYS-CON Media (press release)
Infosecurity Europe is Europe's number one information security event. It features more than 325 exhibitors, the most diverse range of new products and services, an unrivalled education program, and over 13,000 unique visitors from every segment of the ...

and more »
 
Aurich Lawson / Thinkstock

By now everyone knows about the OpenSSL Heartbleed vulnerability: a missing bounds check in one of the most popular TLS implementations has made millions of Web servers (and more) leak all sorts of sensitive information from memory. This can leak login credentials, authentication cookies, and Web traffic to attackers. But could it be used to recover the site’s TLS private key? This would enable complete decryption of previously-recorded traffic if perfect forward secrecy was not negotiated at the time and otherwise Man-in-The-Middle attacks to all future TLS sessions.

Since this would be a much more serious consequence of Heartbleed, I decided to investigate. The results were positive: I was able to extract private keys from a test Nginx server after a few days' work. Later I applied my techniques to solve the CloudFlare Challenge. Along with a few other security researchers, we independently demonstrated that RSA private keys are indeed at risk. Let's go through the details on how to extract the private key and why the attack is possible.

How to extract the private key

Readers not familiar with RSA can read about it here. To simplify things a bit, a large (2048 bits) number N is constructed by multiplying together two large randomly generated prime numbers p and q. N is made public while p and q are kept secret. Finding p or allows recovery of the private key. A generic attack is just factorizing N, but this is believed to be difficult. However, with a vulnerability like Heartbleed, the attack is much simpler: since the Web server needs the private key in memory to sign the TLS handshake, p and q must live in memory and we can try to obtain them with Heartbleed packets. The problem simply becomes how to identify them in the returned data. This is easy, as we know p and q are 1024 bits (128 bytes) long, and OpenSSL represents big numbers little-endian in memory. A brute-force approach treating every 128 consecutive bytes in the Heartbleed packets as little-endian numbers and testing if it divides N is sufficient to spot potential leaks. This is how most people solved the CloudFlare challenge.

Read 10 remaining paragraphs | Comments

 

CSG Invotas to Participate in InfoSec Europe 2014
MarketWatch
Infosecurity Europe is Europe's number one information security event. It features more than 325 exhibitors, the most diverse range of new products and services, an unrivalled education program, and over 13,000 unique visitors from every segment of the ...

and more »
 
Microsoft on Saturday told customers that cyber-criminals are exploiting an unpatched and critical vulnerability in Internet Explorer (IE) using "drive-by" attacks.
 

Microsoft released a Security Advisory yesterday(1) which impacts Internet Explorer versions 6 through 11, taking advantage of a vulnerability in Flash.  The Microsoft advisory notes  that “The vulnerability is a remote code execution vulnerability. … The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.” 

This exploit is currently being seen in limited attacks at this time against versions IE9-IE11, according to the security vendor Fireeye(2), who is working with MS at this time.  At the time of this writing, a patch is not yet available.

Actions to take to limit the impact of the vulnerability:

- Install EMET . According to Fireeye's testing, EMET 4.1 and 5 do break the exploit.

- Disable Flash . Note that IE 10 and later on Windows 8 do include Flash. But you can still disable it. This is an IE vulnerability but Flash is needed to exploit it and bypass some of the protection techniques implemented in newer versions of IE/Windows.

- Enable the Internet Explorer "Enhanced Protection Mode" (EPM) which became available in Internet Explorer 10. But it may break some plugins.

 

(1)https://technet.microsoft.com/en-US/library/security/2963983

(2)http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html


tony d0t carothers --gmail

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Oracle Java SE CVE-2014-2423 Remote Security Vulnerability
 
Oracle Java SE CVE-2014-2410 Remote Security Vulnerability
 
Oracle Java SE CVE-2014-0456 Remote Code Execution Vulnerability
 
Apple has confirmed that some iPhone 5 smartphones have defective sleep/wake/power buttons and on Friday kicked off a free component replacement program in the U.S. and Canada.
 
Oracle Java SE CVE-2014-2422 Remote Security Vulnerability
 
Oracle Java SE CVE-2014-0463 Remote Security Vulnerability
 
Internet Storm Center Infocon Status