February 5, 2012

You are here: Home / Archives for Cryptography

Six Security Flaws Fixed in OpenSSL

January 9, 2012 By

(LiveHacking.Com) – The OpenSSL project team has released two new versions of the popular open source toolkit for SSL/TLS. OpenSSL 1.0.0f and 0.9.8s fix a total of six security flaws. Of the six fixes, four apply to 1.0.0f and 0.9.8s together and then each version has one unique fix for its code stream.

The relevant security advisory lists the following:

  1. DTLS Plaintext Recovery Attack (CVE-2011-4108) - Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can befound at http://www.isg.rhul.ac.uk/~kp/dtls.pdf
  2. Double-free in Policy Checks (CVE-2011-4109) - If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected.
  3. Uninitialized SSL 3.0 Padding (CVE-2011-4576) - OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}_method or SSLv23_{server|client}_method. It does not affect TLS. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. However, in practice, most deployments do not use SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer any any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue.
  4. Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577) - RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. Note, however, that in the standard release of OpenSSL, RFC 3779 support is disabled by default, and in this case OpenSSL is not vulnerable. Builds of OpenSSL are vulnerable if configured with “enable-rfc3779″.
  5. SGC Restart DoS Attack (CVE-2011-4619) - Support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack.
  6. Invalid GOST parameters DoS Attack (CVE-2012-0027) - A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack. Only users of the OpenSSL GOST ENGINE are affected by this bug.

OpenSSL 1.0.0f  is considered the current best version of OpenSSL available and it is recommended that users of older versions upgrade as soon as possible. OpenSSL 1.0.0f is available for download via HTTP and FTP from the following master locations:

For a complete list of changes, please seehttp://cvs.openssl.org/getfile?f=openssl/CHANGES&v=OpenSSL_1_0_0f.

 

Filed Under: Cryptography, News, OpenSSL, Security, Vulnerability Tagged With: , ,

Stratfor Site Still Down as Password Analysis Reveals Weaknesses

January 5, 2012 By

(LiveHacking.Com) – Stratfor.com, the website of global intelligence-analysing firm Strategic Forecasting Inc., remains offline after the Christmas Eve hacker attack. The site currently says that Stratfor is investigating the security breach and is working diligently to prevent it from ever happening again! Stratfor will only restore the website once its security review is finished.

In the mean time, the nearly one million records stolen by the hackers have been published online and The Tech Herald has examined the list of passwords hashes and started cracking them with surprising results. The passwords which were stored as MD5 hashes are cracked using a variety of methods including dictionary attacks and brute force attacks. Using the Hashcat password recovery tool (together with GPU processing) the Tech Herald team managed to crack 81,883 of the 860,160 published password hashes in under 5 hours. That’s 270 password per minute. Why? Due to the weaknesses in the password. And when I say weak, I mean stupidly weak. One account even had the password ****** – yes, six asterisks.

By just using a set of small word lists, made up of common passwords, names and words from the King James Bible, the teams decoded nearly 26,000 passwords in 7 minutes. The team then went on to use larger and larger word lists including words and phrases from other languages (like Russian and Italian), surnames and common keyboard combinations (eg. 123ewqasd).

Some of the interesting passwords found include:

  • 111222333444
  • 12345stratfor
  • blackberry
  • blockbuster
  • globalization
  • hello123
  • qwerty
  • password
  • mypassword1
  • stratfor
  • Password123
  • washington
Filed Under: Cryptography, News Tagged With: , , ,

Wi-Fi Protected Setup Vulnerable to Brute Force Attack

January 3, 2012 By

(LiveHacking.Com) – Security researcher Stefan Viehböck has revealed a design and implementation flaw in Wi-Fi Protected Setup (WPS) that that makes Wi-Fi networks vulnerable to brute-force attacks.  US CERT has issued an advisory which suggests disabling WPS. The WPS specification has three methods of simplifying the connection of wireless devices to WPA2 protected access points. One of those methods involves using an eight digit PIN from a label on the router which authorizes the client to obtain the WPA2 configuration details.

An eight digit pin should have 100,000,000 different combinations, however a design flaw means that one of the digits is just a checksum and so reduces the possibilites down to 10,000,000. However the real weakness is that the protocol is designed in such a way that the first half and second half are sent separately and the protocol will confirm if just that half is correct. This reduces the number of PIN possibilities to 10,000 (4 digits) plus 1,000 (3 digits as checksum can be calculated) which is just 11,000 possibilities.

According to Viehböck  this means that some routers, which don’t employ any mechanisms to slow down brute force attacks, can be cracked within 44 hours. More information about this vulnerability can be found in Stefan’s paper: Brute forcing Wi-Fi Protected Setup. He has also released a PoC Brute Force Tool that can be found here.

Note: This vulnerability was also independently discovered by Craig Heffner (/dev/ttyS0Tactical Network Solutions) who has released a tool called “Reaver” on Google Code.

Filed Under: Attack, Cryptography, Security, Tools, Vulnerability Tagged With: , , , , ,

World’s First USB Based Two-factor Authentication for Email

December 28, 2011 By

(LiveHacking.Com) – Swiss Hacker GmBh, a Swiss IT security company that offers its services via a SaaS model, has launched Secure Mail Key a two-factor authentication email solution. By using the supplied USB key (which works with Windows, OS X and Linux) SMK have developed a secure messaging solution to protect sensitive emails from hackers. The traditional single factor authentication method of username and password is inadequate to protect sensitive commercial or military information. By using social engineering, keyloggers, man-in-the-middle attacks or phishing attacks it is possible to discover and exploit users’ passwords.

However with a two-factor authentication system the second authentication factor (normally a pin or token generated by an external device) needs to be entered for successful login. With SMK the second factor is automatically generated by the supplied USB key. Simply pressing the button on the key causes the device to generate a unique one time password which is automatically filled into the relevant field on the login page.

Google introduced optional two-factor authentication for its gmail service earlier this year. Having entered your password, Google will call you with the code, send you an SMS message or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iOS device. However Google’s services only use SSL during the login phase. SMK however use a secure connection end to end via Cloudflare.

Other benefits of SMK include:

  • Military grade encryption
  • Govt. approved : DOD, ANSI standard and tested by over 1000 Hackers
  • No Key-loggers, Virus, phishing attacks are possible
Filed Under: Cryptography, News, Security Tagged With: , ,

Another Dutch CA Hacked?

December 9, 2011 By

(LiveHacking.Com) - Gemnet, a subsidiary of KPN (a leading telecommunications and ICT service provider in The Netherlands), has taken its website offline to investigate a possible hack. Hacked websites are not a rarity today, however according to Webwereld the hack is related to CA certificates.

In response to these allegations KPN issued a statement saying that the suggestions that there is a connection between the hack and creation of certificates is true. “The hack of the site has no connection with the issuance and management of Government PKI certificates.

Despite the statement issued by KPN,  a second website belonging to a subsidiary of the telecommunications  company that also issues digital certificates to the Dutch government was also taken down.

According to the original Webwereld article by Brenno de Winter, the attack was launched through a PHP MyAdmin account that didn’t have a password. The attacker then used the database to create files including executable scripts.

Filed Under: Attack, Cryptography, News, Security Tagged With: , , ,

Whisper Systems Bought by Twitter

November 29, 2011 By

(LiveHacking.Com) - Whisper Systems, a mobile device security and privacy company, has been bought by Twitter. The company, which specialises in security for Android devices, announced that during to the transition it is taking all of its products and services offline.

However they assure their fans that the products will live on (under a Twitter brand??) and that they have some surprises in store once the transition is complete.

The question is, what do Twitter want with an Android security company. Twitter is available on a multitude of platforms and not just Android.

One interesting possibility is that Whisper System developed a product called RedPhone, which provides end-to-end encryption for phone calls. Could it be that Twitter want to joing the likes of Skype, Google and Yahoo in providing a VoIP service?

Filed Under: Android, Cryptography Tagged With: , ,

Researchers Crack HD Con­tent Pro­tec­tion System

November 25, 2011 By

(LiveHacking.Com) - Security researchers have broken the High-band­width Di­gi­tal Con­tent Pro­tec­tion (HDCP) system used on HD devices (such as Blu-ray) with HDMI ports to pro­tect di­gi­tal video sent to TVs and monitors against un­aut­ho­ri­zed copying.

Using a man-in-the-middle (or in this case a computer board in the middle), Prof. Dr.-Ing Tim Güneysu of the Secure Hardware Group at Germany’s Ruhr University of Bochum, has found a way to con­nect any non-com­pli­ant mo­ni­tor (which would include devices able to record the video) to a HDCP ­pro­tec­ted video sour­ce.

To do the decoding the professor and his students used a low-cost Di­gi­lent’s Atlys De­ve­lop­ment Board with a Xi­l­inx Spar­tan-6 LX45 FPGA. The board has all the necessary con­nec­tors for video input and out­put. The total setup cost no more than $250.

“We developed an independent hardware solution instead, based on a cheap FPGA board” explained Prof. Dr.-Ing. Tim Güneysu, who set to work with the final year student Benno Lomb. “We were able to tap the HDCP encrypted data streams, decipher them and send the digital content to an unprotected screen via a corresponding HDMI 1.3-compatible receiver.”

The result is that the team can now:

  • Suc­cess­ful­ly con­nect any non-com­pli­ant mo­ni­tor to a HDCP ­pro­tec­ted video sour­ce
  • Extract all secret ses­si­on keys es­ta­blis­hed du­ring au­then­ti­cation
  • De­crypt sin­gle-link video streams with a re­so­lu­ti­on of 720p or 1080i in re­al-ti­me.

This man-in-the-middle attack is of little interest for pirates as there are simplier ways to “rip” a Blu-Ray disc. However Prof. Güneysu does see a real threat to security-critical systems, for example at authorities or in the military.

Although Intel is already offering a new security system, HDCP 2.0, but since it is backward compatibile, the weak point will also remain a problem in coming years.

Filed Under: Cryptography, News, Uncategorized Tagged With: , , ,

Stolen Certificate Used to Sign Malware

November 15, 2011 By

(LiveHacking.Com) -  A certificate stolen from the Malaysian Agricultural Research and Development Institute, which was taken “quite some time ago”, has turned up as the digital signature used on a piece of malware known as Trojan-Downloader:W32/Agent.DTIW.

The malware, which spreads via malicious PDF files that install it after exploiting holes in Adobe Reader 8, downloads additional malicious components from a server called worldnewsmagazines.org.

By using a private signing certificate that belongs to the Malaysian government the malware is able to bypass the warnings issued by Windows about untrusted software.

According to F-Secure, who discovered the malware signed with the a stolen certificate:

It’s not that common to find a signed copy of malware. It’s even rarer that it’s signed with an official key belonging to a government.

The use of digital certificates and the role of Certificate Authorities (CA) continues to be a hot topic following several well publicized security breaches (Diginotar and Comodo) and the subsequent revoking of fraudulently issued certificates.

Filed Under: Cryptography, Malware Tagged With: , , , ,

Microsoft to Revoke Trust in Malaysian CA

November 7, 2011 By

Microsoft has issued a notice that it will shortly revoke the trust in the Intermediate Certificate Authority DigiCert Sdn. Bhd. (Digicert Malaysia) via Windows Update. The reason for the revoke isn’t that the CA has been compromised or suffered a security breach, but rather they were caught issuing certificates with weak 512 bit keys.

The requirements of the  the Microsoft Root Program are that a minimum crypto key size of RSA 2048-bit modulus is used for any root and all issuing CAs. Microsoft used to accept root certificates with RSA 1024-bit modulus however these existing legacy 1024-bit RSA root certificates were phased out at the end of last year. The fact that this Malaysian CA issued 512-bit certificates is a clear violation of Microsoft requirements.

“The subordinate CA has clearly demonstrated poor CA security practices and Microsoft intends to revoke trust in the intermediate certificates” said Jerry Bryant, Group manager, Response Communications, Trustworthy Computing.

Although Microsoft have no indication that any of the 22 certificates were issued fraudulently, however, these weak keys have allowed some of the certificates to be compromised.  These compromised certificates could allow an attacker to impersonate the legitimate owner and make a user believe they are trusting a website or signed software that was created for malicious use.

Filed Under: Cryptography, Microsoft Tagged With: , , ,

Chrome 15 Broke The Wall Street Journal While Trying to Beat the BEAST

October 27, 2011 By

(LiveHacking.Com) - Earlier this month Juliano Rizzo and Thai Duong released details of a vulnerability in the encryption mechanism used in HTTPS (Secure Hypertext Transfer Protocol). They also released a tool known as BEAST (Browser Exploit Against SSL/TLS). Consequently browser makers, including Google, have been trying to tweak the SSL implementations in their browsers to reduce the risks from the BEAST.

As part of the Chrome 15 release Google did some SSL tweaking:

The NSS network library was updated to include a defense against so-called BEAST. This defense may expose bugs in Brocade hardware. Brocade is working on the issue.

Well it looks like it did expose problems. As soon as users started to upgrade to Chrome 15, reports started that users couldn’t login to Barrons Online or The Wall Street Journal.

Further investigation by Google revealed that a change, which sends only one byte of data in the first CBC encrypted application data record, broke the sites.

Google back tracked on the change and released Chrome 15.0.874.106 for Windows, Mac and Linux. Since then Barron’s has updated its site, and secure sign-in is now working with 1/n-1 SSL record splitting when using the development build of Chrome 16. No word on what, if any, changes The Wall Street Journal has made to its site.

Filed Under: Chrome, Cryptography, Google Tagged With: , , ,
« Older Posts