January 16, 2019

In brief: NIST declares Keccak winner of Secure Hash Algorithm (SHA-3) competition

(LiveHacking.Com) – The National Institute of Standards and Technology (NIST) has announced the winner of its five-year competition to select a new cryptographic hash algorithm. At the end of 2007, NIST announced a free-for-all competition to find the next Secure Hash Algorithm (known as SHA-3). Now after five years, 64 entries and three rounds of eliminations, there is a winner: Keccak. Pronounced “catch-ack”, it was created by Guido Bertoni, Joan Daemen and Gilles Van Assche of STMicroelectronics and Michaël Peeters of NXP Semiconductors.

Hash algorithms are widely-used to creates “fingerprints”, or “message digests” of a file. The marks of a good hash algorithm are that any change in the original data will change the digest, and for any given file it must be infeasible for a forger to create a different file with the same hash. NIST liked Keccak because of its elegant design and its ability to run well on many different computing devices.

NIST received sixty-four entries in total. Fifty-one were selected as first-round candidates, and this was narrowed down to fourteen second-round candidates in July 2009. On December 9, 2010, NIST announced five third-round candidates – BLAKE, Grøstl, JH, Keccak and Skein.

“Keccak has the added advantage of not being vulnerable in the same ways SHA-2 might be,” says NIST computer security expert Tim Polk. “An attack that could work on SHA-2 most likely would not work on Keccak because the two algorithms are designed so differently. The Internet as we know it is expanding to link devices that many people do not ordinarily think of as being part of a network. SHA-3 provides a new security tool for system and protocol designers, and that may create opportunities for security in networks that did not exist before.”

In brief: Google adds OAuth 2.0 support for IMAP/SMTP and XMPP

(LiveHacking.Com) – Google has been a long time proponent of using OAuth 2.0 for its services and APIs. Now it has extended its use of the open standard authorization mechanism by adding OAuth 2.0 support for IMAP/SMTP and XMPP.

It was just over a year ago that Google announced its recommendation that OAuth 2.0 become the standard authentication mechanism for itsAPIs. Using it has several security benefits including access to Google’s two-factor authentication process.

“When clients use OAuth 2.0, they never ask users for passwords. Users have tighter control over what data clients have access to, and clients never see a user’s password, making it much harder for a password to be stolen. If a user has their laptop stolen, or has any reason to believe that a client has been compromised, they can revoke the client’s access without impacting anything else that has access to their data,” said Ryan Troll from Google’s Application Security Team.

Google has alos announced that it will deprecate the older authentication mechanisms such as XOAUTH for IMAP/SMTP and X-GOOGLE-TOKEN and SASL PLAIN for XMPP.

In brief: Chip and pin random numbers not random enough

(LiveHacking.Com) – A vulnerability in the chip and pin payment system has been discovered by Cambridge University researchers. The chip and pin system is used throughout Europe and much of Asia, and is starting to be introduced in North America too.

As part of the system the payment card contains a chip that understands the system’s authentication protocol. As part of the protcol the point-of-sale (POS) terminals or the ATMs need to generate a random number for each transaction. However the team have discovered that some POSs and ATMs merely  used counters, timestamps or home-grown algorithms to generate this number.

The vulneravility leaves the system open to “pre-play” attacks which are indistinguishable from card cloning attacks.

The team’s research was presented at a cryptography conference in Leuven, Belgium, on Tuesday.

“If you can predict [the UN], you can record everything you need from momentary access to a chip card to play it back and impersonate the card at a future date and location,” said researcher Mike Bond in a blog post. “You can as good as clone the chip. It’s called a pre-play attack.”

The Cambridge team have been in contact with leading banks to explain the risks to them, but they discovered that some had been “explicitly aware of the problem for a number of years”.

“The sort of frauds we’re seeing are easily explained by this, and by no other modus operandi we can think of,” researcher Prof Ross Anderson told the BBC. “For example, a physics professor from Stockholm last Christmas bought a meal for some people for 255 euros ($326, £200), and just an hour and a half later, there were two withdrawals of 750 euros made from a nearby cash machine used by what appears to have been a clone of his card.”

Microsoft releases MS-CHAP v2 authentication security advisory

(LiveHacking.com) – A few weeks ago, at Defcon 20, Moxie Marlinspike and David Hulton gave a presentation on cracking MS-CHAPv2 and subsequently integrated the techniques presented into the CloudCracker service.

MS-CHAP2 is an old authentication protocol which Microsoft introduced with NT4.0 SP4 and Windows 98. Today the protocol is still widely used for PPTP VPNs, as well as in WPA2 Enterprise environments.

Using the new techniques presented at Defcon 20, David Hulton’s PicoComputing built a box, using FPGAs, which can crack MS-CHAP2 in at most 24 hours and often in just half that amount of time.

As a response to this, Microsoft has released a security advisory called “Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure.” The advisory notifies Microsoft customers of the known cryptographic weaknesses in the MS-CHAP v2 protocol.

To exploit the weaknesses and obtain user credentials, the attacker has to be able to intercept the victim’s MS-CHAP v2 handshake by performing man-in-the-middle attacks or by intercepting open wireless traffic.

Microsoft offers two workarounds (suggested actions):

1. Secure your MS-CHAP v2/PPTP based tunnel with PEAP (see Microsoft Knowledge Base Article 2744850)

2. Use a more secure VPN tunnel – Microsoft recommends using L2TP, IKEv2, or SSTP VPN tunnels in conjunction with MS-CHAP v2 or EAP-MS-CHAP v2 for authentication.

For more information on these, see the following links:


AMD and Philips hacked by r00tbeer

(LiveHacking.Com) – A hacking group known as r00tbeer has claimed to have hacked AMD’s blog and broken into several small sites belonging to Philips. The hackers, whose Twitter account was only created a few days ago, tweeted:

#AMD – R.I.P http://blogs.amd.com , database will be released in few minutes. #r00tbeersec

And then the next day tweeted:

http://www.philips.com  Database dumps – http://www.mediafire.com/?********** … includes 197,000+ emails. RT/Share. #r00tbeersec

During the AMD hack, the hacking group defaced the website and stole a database. AMD has since taken its blog down, replacing it with a message stating that it is undergoing “routine maintenance”.

It is believed that AMD was using WordPress to host its blogs and although the WordPress user database was stolen and subsequently leaked onto the Internet, the passwords in the database should be hard to crack as WordPress uses the strong password hashing framework phpass.

As for the attack on Philips, the gang stolen a few small SQL databases from the  Dutch technology giant and leaked them in full online. Included in the online dump was nearly 200,000 email addresses which will no doubt be used for sending spam!

It does appear that Philips have been a little careless with regards to security as some of the databases dumped contained passwords using simple MD5 hashing and no salting. One database even used plain text to store the passwords.



CloudCracker uses custom hardware to crack any VPN or Wi-Fi MS-CHAPv2 based password

(LiveHacking.com) — Moxie Marlinspike and David Hulton recently made a presentation at Defcon 20 on cracking MS-CHAPv2; now they have now integrated the techniques presented into the CloudCracker service.

Source: https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/

MS-CHAP2 is an old authentication protocol which was first introduced by Microsoft with NT4.0 SP4 and Windows 98. Today, nearly 15 years later, the protocol is still widely used for PPTP VPNs, as well as in WPA2 Enterprise environments.

Since it was introduced the protocol has been analysed many times and various weaknesses have been found. These weaknesses severely reduce the complexity of brute-force attacks and made them realistic with modern hardware. Now Marlinspike and Hulton have reduced the complexity of breaking MS-CHAPv2 to that of breaking a single DES key.

David Hulton’s company, PicoComputing, which specializes in building FPGA hardware for cryptography applications, has built a box which can crack MS-CHAP2 in at most 24 hours and often in just half that amount of time.

The FPGAs (field programmable gate arrays) implement DES as a pipeline and can perform one DES operation per clock cycle. The box uses 48 cores at 450Mhz giving a performance of more than 18 billion keys/second.

The pair have also published a tool called chapcrack, which parses a network capture for any MS-CHAPv2 handshakes. For each handshake found, it outputs the username along with the various ciphertexts and a token which can be used directly with CloudCracker.

Once CloudCracker has cracked the authentication, the result can be put back into the chapcrack tool and it will decrypt the entire network capture (and all future captures for that user). Also the user’s VPN service will become exposed.

The power and ease of the cracking process now means that:

  1. All users and providers of PPTP VPN solutions should immediately start migrating to a different VPN protocol. PPTP traffic should be considered unencrypted.
  2. Enterprises who are depending on the mutual authentication properties of MS-CHAPv2 for connection to their WPA2 Radius servers should immediately start migrating to something else.


8 million passwords posted online from German gaming website Gamigo

(LiveHacking.Com) – The German gaming website Gamigo was hacked in February and over 8. million e-mail addresses and passwords were stolen. The passwords, which were hashed, were dumped on to crypto-cracking forum InsidePro. Now, four months later, underground crypto analysts have broken the hash.

A user on the forum, who claims to have cracked the one-way hash, has decrypted 94% of the passwords. PwnedList,  a tool that allows people to check if their online accounts have been compromised, told Forbes of the decrypted password which contains a huge 8.2 million unique email addresses. Of the 8.2 million, 3 million are from the USA , 2.4 million from Germany, and 1.3 million from France.

For those that aren’t familiar with Gamigo, it is a Massively Multiplayer Online Role-Playing Games (MMORPGs) publisher with a repertoire of 14 client games and five browser-based games. And obviously, it has over 8 million users worldwide.

After the original hack, back in February, Gamigo sent an email to its users which confirmed that there “was an attack on the Gamigo database in which user information, such as alias usernames and encrypted passwords were stolen.” All passwords were then reset for all Gamigo games.

While the decrypted passwords are unlikely to work on the Gamigo site, because of the forced password resets, users should check that they aren’t using the same username and password on any other sites.

In terms of size, this is the biggest cache of passwords stolen this year. Previously this unwanted honor fell to LinkedIn who had over 6 million passwords stolen.

Microsoft has started to harden Windows Update as it prepares for June’s Patch Tuesday

Microsoft has started to roll out  additional hardening measures for its Windows Update service. Microsoft is taking these new steps in response to the discovery that the Flame malware was using Windows Update to propagate itself. At the same time, Microsoft is planning to go ahead and release its scheduled patches for Windows next Tuesday via Windows Update.

For Windows XP and Windows Server 2003, Flame was able to use false certificates issued by Microsoft’s now invalid Terminal Server Licensing Service. For all versions of Windows after and including Vista, the malware also had to use a  MD5 hash-collision attack. The hackers needed to use a MD5 hash-collision attack on the certificates issued by the Terminal Server Licensing Service because, by default, the attacker’s certificate would not work on Windows Vista or above. The collision attack was necessary to forge a certificate that would be valid for code signing. The Redmond company has posted more details on the nature of the MD5 hash collision attack here.

“Windows Update can only be spoofed with an unauthorized certificate combined with a man-in-the-middle attack. To address this issue, we are also taking steps to harden the Windows Update infrastructure and ensure additional protections are in place,” wrote Mike Reavey, a Senior Director of the Microsoft Security Response Center.

Microsoft has decided to go ahead with this month’s Patch Tuesday and has  published its advance notification. This month’s patches includes 7 bulletins addressing 25 vulnerabilities in Microsoft Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX, and the .NET Framework. Three of the bulletins are rated as Critical and will require a system reboot after the patches have been applied.

Bulletin 4, which is rated as Important, concerns Microsoft Office 2003 Service Pack 3, Microsoft Office 2007 Service Pack 2 and Microsoft Office 2007 Service Pack 3. It also applies to Microsoft Office 2010 (both 32-bit and 64-bit editions) but according to Microsoft there are no known attack vectors for the vulnerabilities  in Office 2010 . However, as a defense-in-depth measure, Microsoft will recommend that users apply the update.

Untrusted SSL Certificate on MasterCard Australia Website

[UPDATE:  MasterCard has fixed the issue]

(LiveHacking.Com) – It appears as if one part of the MasterCard Australia Website has not been audited recently as it is using an untrusted digital certificate. The error was noticed on the https://migs.mastercard.com.au/ site when a Mastecard customer was trying to pay for some insurance.

Since this is a financial site which processes financial transactions, the certificate on the site should be one globally recognized. Without a valid certificate any user of the service can not be sure that the site hasn’t been spoofed or hijacked in some way.

A copy of the exported certificate can be downloaded from here.

LinkedIn Confirms That Millions of User Passwords Have Been Posted Online

(LiveHacking.Com) – LinkedIn has confirmed that passwords posted onto a Russian hacking forum belong to LinkedIn accounts. The hacker uploaded 6,458,020 hashed passwords, but no usernames. There is no current confirmation if the hacker obtained the usernames as well, but it is very likely that the hacker does have them but has simply chosen not to post them online. The passwords are an unsalted lists of SHA-1 hashes which should be hard to crack, however the SHA-1 algorithm isn’t fool proof and isn’t collision-free. Simple dictionary passwords will be easy enough to crack by creating the SHA-1 of the word and then looking in the password list for any examples of that hash. These 6.5 millions password examples will now be used to populate rainbow tables and will be an obvious choice for seeding a dictionary attack for any future database leaks.

LinkedIn has disabled the compromised accounts and is sending users an email with instructions on how to reset their passwords. It is worth nothing that there will not be any links in this email. This is because phishing attacks often rely on links in emails that lead to fake sites designed to trick people into typing in their password. Once the password has been reset any affected members will receive a second email providing a bit more context on this situation and why they are being asked to change their passwords.

LinkedIn has recently added some more security to their system including better hashing and salting of the password databases.