December 18, 2018

Search Results for: BEAST

Chrome 15 Broke The Wall Street Journal While Trying to Beat the BEAST

(LiveHacking.Com) – Earlier this month Juliano Rizzo and Thai Duong released details of a vulnerability in the encryption mechanism used in HTTPS (Secure Hypertext Transfer Protocol). They also released a tool known as BEAST (Browser Exploit Against SSL/TLS). Consequently browser makers, including Google, have been trying to tweak the SSL implementations in their browsers to reduce the risks from the BEAST.

As part of the Chrome 15 release Google did some SSL tweaking:

The NSS network library was updated to include a defense against so-called BEAST. This defense may expose bugs in Brocade hardware. Brocade is working on the issue.

Well it looks like it did expose problems. As soon as users started to upgrade to Chrome 15, reports started that users couldn’t login to Barrons Online or The Wall Street Journal.

Further investigation by Google revealed that a change, which sends only one byte of data in the first CBC encrypted application data record, broke the sites.

Google back tracked on the change and released Chrome 15.0.874.106 for Windows, Mac and Linux. Since then Barron’s has updated its site, and secure sign-in is now working with 1/n-1 SSL record splitting when using the development build of Chrome 16. No word on what, if any, changes The Wall Street Journal has made to its site.

Microsoft Issues Security Advisory to Combat the BEAST

(LiveHacking.Com) – As reported yesterday, the mechanism behind earlier versions of  SSL/TLS are susceptible to attack due the way they use block ciphers. Now Microsoft has made a blog post and issued a security advisory about the problem.

This is an industry-wide issue with limited impact that affects the Internet ecosystem as a whole rather than any specific platform. Our Advisory addresses the issue via the Windows operating system.

According to Microsoft’s analysis  users are at minimal risk. To successfully exploit this issue, the would-be attacker must meet several conditions:

  • The targeted user must be in an active HTTPS session;
  • The malicious code the attacker needs to decrypt the HTTPS traffic must be injected and run in the user’s browser session; and,
  • The attacker’s malicious code must be treated as from the same origin as the HTTPS server in order to it to be allowed to piggyback the existing HTTPS connection.
  • The attack must make several hundred HTTPS requests before the attack could be successful.
  • TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
For those who run servers on Windows, Microsoft suggest use of the RC4 algorithm. Since the attack only affects cipher suites that use symmetric encryption algorithms in CBC mode, such as AES, the RC4 algorithm is not vulnerable. System administrators can prioritize the RC4 algorithm on their servers using the instructions given here:  Prioritizing Schannel Cipher Suites.

Is SSL/TLS Under Attack from the BEAST?

 

(LiveHacking.Com) – Juliano Rizzo and Thai Duong have released details of a vulnerability in  TLS (Transport Layer Security) 1.0, the encryption mechanism used in HTTPS (Secure Hypertext Transfer Protocol). TLS is the successor to SSL (Secure Sockets Layer) and is widely used on the Internet. The vulnerability resides in versions 1.0 and earlier of TLS, but not in versions 1.1 and 1.2, however they remain almost entirely unsupported in browsers and websites.

At the Ekoparty security conference in Buenos Aires, Juliano and Thai released a tool, known as BEAST (Browser Exploit Against SSL/TLS), that compromises TLS by exploiting the vulnerability  that has actually been known about for years but which has been regarded as just theoretical until now.

The problem is all to do with block ciphers and Cipher Block Chaining (CBC). With CBC, each ciphertext message starts with a single extra random block, or IV (“initialization vector”). TLS <= 1.0 uses CBC but has a problem in that instead of using a new random IV for every TLS message sent, it uses the ciphertext of the last block of the last message as the IV for the next message. This means that the IV is now something an attacker can predict. A more detailed look at how the attack works can be found here.

The two-factor authentication service PhoneFactor has suggested websites use the RC4 cipher to encrypt SSL traffic instead of algorithms such as AES and DES, as RC4 is not vulnerabile to this CBC/IV problem.

According to Sophos, the pair reported their findings to the major browser vendors a month ago. However so far Google is the only company to respond with a fix (which can currently be found in the beta test versions of the browser).

Google Fixes Critical Vulnerabilities in Chrome 19.0.1084.52

(LiveHacking.Com) – Google has released Chrome 19.0.1084.52 for Windows, Linux and Mac and in doing so it has fixed two Critical security vulnerabilities and patched nine other High priority security related bugs. Historically Google are quick to release new versions of its web browser and release frequent incremental updates to the current stable version of Chrome to patch any security vulnerabilities discovered. To help it do this, Google has a rewards scheme where it pays hard cash to developers and security researcher who find vulnerabilities. For this release Google paid out $3837.

The first Critical bug squashed is a  browser memory corruption with websockets over SSL. Memory corruptions are often used by attackers to create exploits, especially exploits which can execute arbitrary code. The second Critical fix is a use-after-free in browser cache. Like memory corruptions, it is theoretically possible to create an exploit from use-after-free bugs . This particular bug was found by “efbiaiinzinz” who was rewarded $1337 by Google.

The full list of fixes, along with credits and rewards, is as follows:

  • [117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community (Brett Wilson).
  • [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).
  • [$1000] [120912] High CVE-2011-3105: Use-after-free in first-letter handling. Credit to miaubiz.
  • [122654] Critical CVE-2011-3106: Browser memory corruption with websockets over SSL. Credit to the Chromium development community (Dharani Govindan).
  • [124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings. Credit to the Chromium development community (Dharani Govindan).
  • [$1337] [125159] Critical CVE-2011-3108: Use-after-free in browser cache. Credit to “efbiaiinzinz”.
  • [Linux only] [$1000] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholomé.
  • [126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.
  • [$500] [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian Holler.
  • [127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.
  • [127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.
  • [128014] High CVE-2011-3114: Buffer overflows with PDF functions. Credit to Google Chrome Security Team (scarybeasts).
  • [$1000] [128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian Holler.

Note that the referenced bugs are kept private until a majority of Chrome users are up to date with the fixes.

 

90% of all HTTPS Websites Insecure

(LiveHacking.Com) – SSL Pulse, a new project that monitors the quality of SSL sites across the Internet and reports on its findings, has discovered that 90% of all HTTPS websites are insecure. The project has tested the top 200,000 SSL web sites on the Internet and discovered that nearly 180,000 of them are insecure.

The project measures key features about an SSL configuration and ranks the website according to the SSL Server Rating Guide. According to the report 40% of the worlds top SSL sites use 128 bit (or less) ciphers for data transfer and a handful of sites have certificates with keys below 1024 bits.

The biggest weaknesses are insecure renegotiation and susceptibility to a BEAST attack. Over 8,500 sites support insecure renegotiation which since 2009 as been considered insecure. A successful exploitation of this vulnerability allows an active man-in-the-middle attacker to inject arbitrary content into an encrypted data stream. The results is that the attacker can impersonate a valid client and steal confidential data.

The SSL Pulse survey reports that 75% of SSL websites are still open to BEAST attacks. A BEAST attack is based on a flaw in the SSL protocol. A successful exploitation of this issue will result in a disclosure of a victim’s session cookies, allowing the attacker to completely hijack the application session. It was resolved in TLS v1.1, but now six years later, most clients and servers do not support newer protocol versions. To protected against a BEAST attack servers need to be configured to use TLS v1.1 or to only use RC4 with TLS v1.0 or SSL v3.0.

“About 50% (99,903 sites) got an A, which is a good result. Unfortunately, many of these A-grade sites (still) support insecure renegotiation (8,522 sites, or 8.5% of the well-configured ones) or are vulnerable to the BEAST attack (72,357 sites, or 72.4% of the well-configured ones). This leaves us with only 19,024 sites (or 9.59% of all sites) that are genuinely secure at this level of analysis,” wrote Ivan Ristic, director of engineering at Qualys and creator of SSL Labs.

The project hopes that these startling numbers will raise awareness of these issues and help web site owners improve their SSL implementations.

Google Releases Chrome 18 – Fixes Security Bugs, Adds Faster Graphics

(LiveHacking.Com) – The version numbers keep flying upwards! Google has released Chrome 18.0.1025.142 for Windows, Mac and Linux with a number of new features (including faster and fancier graphics) and a collection of security fixes. None of the security fixes in this release are marked as Critical but there are three High severity fixes.

Under Google’s definitions, High severity means that the vulnerability lets an attacker read or modify confidential data belonging to other web sites or if the attacker can execute arbitrary code within the confines of the sandbox. Vulnerabilities that interfere with browser security features are also high severity.

The first of the High severity bug fixed was an off-by-one error in OpenType Sanitizer, the next was a use-after-free error in SVG clipping and the third a memory corruption in Skia.

As part of the Chrome Vulnerability Rewards Program, which was created to help reward the contributions of security researchers who invest their time and effort in to making Chrome more secure, Google paid out $3000 for this release.

The full list of security related bug fixed are:

  • [$500] [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa.
  • [$500] [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis.
  • [$500] [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz.
  • [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google.
  • [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team.
  • [117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team).
  • [$1000] [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG.
  • [$1000] [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
  • [$500] [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.

Google have also said that some of these items represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition.

Note that the referenced bugs may be kept private until a majority of Chrome users are up to date with the fixes.

New Features

Chrome 18 also introduces some new features, specifically Google have enabled GPU-accelerated Canvas2D on capable Windows and Mac computers. This feature had previously been enabled in the Beta channel and Google hope developers have had a chance to try it out. Chrome 18 also enables SwiftShader, a software rasterizer licensed from TransGaming, for users with graphics cards which can’t cope with WebGL rendering.

Flash 11.2

Chrome 18 also includes Flash Player 11.2 which contains a number of new features along with security updates. See our post here.

Is SSL Falling Apart? New Research Papers Find More Holes

(LiveHacking.Com) – Two new research papers (here and here) have been published which examine the low level details of SSL, specifically randomness aspects, and the results are surprising. According to the “Ron was wrong, Whit is right” paper,  two out of every one thousand RSA moduli that on the Internet today offer no security. While the Princeton’s Center for Information Technology Policy blog shows that 0.4% of all the public keys used for SSL web site security can be remotely compromised.

Two in one thousand is  0.2%, Princeton is talking 0.4%. These aren’t huge numbers… but a search on Google for how many sites have “https://” in the URL shows 19,640,000,000 sites. Some of these are sites about HTTPS and aren’t secure sites. If just one quarter of those are really using https, that is 4,910,000,000 sites. 0.4% of 1,964,000,000. That is a lot of SSL certificates. And a huge potential number of sites which can be hacked.

“Our conclusion is that the validity of the assumption is questionable and that generating keys in the real world for “multiple-secrets” cryptosystems such as RSA is signi cantly riskier than for “single-secret” ones such as ElGamal or (EC)DSA which are based on Die-Hellman,” wrote Arjen K. Lenstra et al.

SSL has been having a hard time recently and it is starting to look as if this system isn’t as robust as previously thought. Recent SSL stories include the BEAST, Diginotar and Verisign.

“Unfortunately, we’ve found vulnerable devices from nearly every major manufacturer and we suspect that more than 200,000 devices, representing 4.1% of the SSL keys in our dataset, were generated with poor entropy. Any weak keys found to be generated by a device suggests that the entire class of devices may be vulnerable upon further analysis,” wrote Nadia Heninger.

Google Release Chrome 17.0.963.56 to Fix Vulnerabilities and Update Flash

(LiveHacking.Com) – Google has updated Chrome to 17.0.963.56 for Windows, Mac and Linux.  This release includes a number of stability and security fixes and also includes a new version of Flash. Google paid out nearly $7000 to security researchers who contributed to fixing these security issues.

The full list of security related bugs fixed is:

  • [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts).
  • [$500] [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz.
  • [$1000] [108695] High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz.
  • [$1000] [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG.
  • [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team.
  • [111575] Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community.
  • [$1000] [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis.
  • [112236] Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes).
  • [$500] [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt.
  • [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot.
  • [$500] [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Sławomir Błażek.
  • [$1337] [112822] High CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Jüri Aedla.
  • [$1000] [112847] High CVE-2011-3027: Bad cast in column handling. Credit to miaubiz.

Note that the referenced bugs may be kept private until a majority of Chrome users are up to date with the fix.  Full details about what changes are in this release are available in the SVN revision log.

Adobe recetnly released a new version of Flash for Windows, OS X, Linux and Android. This new version of Chrome incorporates the updated version. The update addresses critical vulnerabilities in Adobe Flash Player. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

This update also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. However this is only being exploited in Internet Explorer on Windows and not Chrome. More info on the Flash update is available from Adobe.

Microsoft Fixes Eight Security Vulnerabilities in its Products

(LiveHacking.Com) – Microsoft has released seven security bulletins as part of its Patch Tuesday program. One of seven bulletins is rated Critical, with the remaining six classified as Important. The Critical bulletin addresses two issues in Windows Media Player. If exploited these vulnerabilities would allow remote code execution on the affected PC. Although there are no known active exploitations of these bugs, they can be triggered by a hacker crafting a malicious MIDI or DirectShow file. If the user then opened this file their PC would become vulnerable as the attacker could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The remaining fixes are:

  • Vulnerability in Windows Object Packager That Could Allow Remote Code Execution – The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file.
  • Vulnerability in Windows Client/Server Run-time Subsystem That Could Allow Elevation of Privilege – The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. The attacker could then take complete control of the affected system and install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability can only be exploited on systems configured with a Chinese, Japanese, or Korean system locale.
  • Vulnerability in Microsoft Windows That Could Allow Remote Code Execution – The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application.
  • Vulnerability in SSL/TLS Could Allow Information Disclosure – This vulnerability affects the SSL 3.0 and TLS 1.0 protocols and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected. This should protect users  from the tool known as BEAST (Browser Exploit Against SSL/TLS).
  • Vulnerability in AntiXSS Library Could Allow Information Disclosure – The vulnerability could allow information disclosure if a an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library.

Google Pays out $6000 to Security Researchers for Chrome 16

(LiveHacking.Com) – Google has released Chrome 16 (16.0.912.63) for Windows, Mac, and Linux. As well as improvements to Sync and the ability to create multiple profiles on a single instance of Chrome, Chrome 16 also contains some important security fixes.

The security fixes (and related awards) are:

  • [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit to David Holloway of the Chromium development community.
  • [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google Chrome Security Team (Inferno).
  • [$500] [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to Aki Helin of OUSPG.
  • [$1000] [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to Luka Treiber of ACROS Security.
  • [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to Aki Helin of OUSPG.
  • [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS property array. Credit to Google Chrome Security Team (scarybeasts) and Chu.
  • [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame handling. Credit to Google Chrome Security Team (Cris Neckar).
  • [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google Chrome Security Team (scarybeasts) and Robert Swiecki of the Google Security Team.
  • [$1000] [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to Arthur Gerkis.
  • [$1000] [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to Arthur Gerkis.
  • [$1000] [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling. Credit to Sławomir Błażek.
  • [$1000] [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit to Atte Kettunen of OUSPG.
  • [$500] [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross references. Credit to Atte Kettunen of OUSPG.
  • [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher. Credit to Google Chrome Security Team (Marty Barbella).
  • [107258] High CVE-2011-3904: Use-after-free in bidi handling. Credit to Google Chrome Security Team (Inferno) and miaubiz.
Note that the referenced bugs are kept private by Google until a majority of Chrome users have updated.