April 22, 2019

Flame Malware Using Unauthorized Microsoft Certificates

(LiveHacking.Com) – Microsoft has released a security advisory outlining how components of the Flame malware have been signed by unauthorized Microsoft certificates. The result is that the signed components appear as if they were produced by Microsoft.  The problem originates with an older cryptography algorithm that can be exploited and then be used to sign code. Specifically, Microsoft’s Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in the enterprise, used the older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft.

To fix the problem Microsoft has done three things: First, it released another security advisory outlining steps users can take to block software signed by these unauthorized certificates. Second, it released a software update that automatically takes this step and third, the Terminal Server Licensing Service has been changed to no longer issues certificates that allow code signing.

Microsoft’s update, which  is available through Windows Update and Automatic Updates, revokes three intermediate certificate authorities, pushing the following certificates into the “Untrusted Certificates Store”:

  • Microsoft Enforced Licensing Intermediate PCA (2a 83 e9 02 05 91 a5 5f c6 dd ad 3f b1 02 79 4c 52 b2 4e 70) – Issued by Microsoft Root Authority
  • Microsoft Enforced Licensing Intermediate PCA (3a 85 00 44 d8 a1 95 cd 40 1a 68 0c 01 2c b0 a3 b5 f8 dc 08) – Issued by Microsoft Root Authority
  • Microsoft Enforced Licensing Registration Authority CA (SHA1) (fa 66 60 a9 4a b4 5f 6a 88 c0 d7 87 4d 89 a8 63 d7 4d ee 97) – Issued by Microsoft Root Certificate Authority

Microsoft is also concerned that the same technique could have been used by other types of malware. “Our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks.  Therefore, to help protect both targeted customers and those that may be at risk in the future, we are sharing our discoveries and taking steps to mitigate the risk to customers,” wrote Jonathan Ness from Microsoft Security Response Center.

90% of all HTTPS Websites Insecure

(LiveHacking.Com) – SSL Pulse, a new project that monitors the quality of SSL sites across the Internet and reports on its findings, has discovered that 90% of all HTTPS websites are insecure. The project has tested the top 200,000 SSL web sites on the Internet and discovered that nearly 180,000 of them are insecure.

The project measures key features about an SSL configuration and ranks the website according to the SSL Server Rating Guide. According to the report 40% of the worlds top SSL sites use 128 bit (or less) ciphers for data transfer and a handful of sites have certificates with keys below 1024 bits.

The biggest weaknesses are insecure renegotiation and susceptibility to a BEAST attack. Over 8,500 sites support insecure renegotiation which since 2009 as been considered insecure. A successful exploitation of this vulnerability allows an active man-in-the-middle attacker to inject arbitrary content into an encrypted data stream. The results is that the attacker can impersonate a valid client and steal confidential data.

The SSL Pulse survey reports that 75% of SSL websites are still open to BEAST attacks. A BEAST attack is based on a flaw in the SSL protocol. A successful exploitation of this issue will result in a disclosure of a victim’s session cookies, allowing the attacker to completely hijack the application session. It was resolved in TLS v1.1, but now six years later, most clients and servers do not support newer protocol versions. To protected against a BEAST attack servers need to be configured to use TLS v1.1 or to only use RC4 with TLS v1.0 or SSL v3.0.

“About 50% (99,903 sites) got an A, which is a good result. Unfortunately, many of these A-grade sites (still) support insecure renegotiation (8,522 sites, or 8.5% of the well-configured ones) or are vulnerable to the BEAST attack (72,357 sites, or 72.4% of the well-configured ones). This leaves us with only 19,024 sites (or 9.59% of all sites) that are genuinely secure at this level of analysis,” wrote Ivan Ristic, director of engineering at Qualys and creator of SSL Labs.

The project hopes that these startling numbers will raise awareness of these issues and help web site owners improve their SSL implementations.

Congress Warned That Foreign Spies Penetrate US Military Networks

(LiveHacking.Com) – It should be assumed that foreign spies have penetrated the US military networks was the message sent to American’s politicians last week when security experts testified at hearings held by the US Senate Armed Services Committee on cybersecurity. The committee was told that enforcing a perimeter to keep out spies is unsupportable, and that the US should assume that its networks have already been fully penetrated. Instead, the committee was told, cyberdefence should be about protecting data not controlling access.

“We’ve got the wrong mental model here,” said Dr James Peery, head of the Information Systems Analysis Centre at the Sandia National Laboratories. “I think we have to go to a model where we assume that the adversary is in our networks.”

As part of a prepared statement to the committee Dr. Peery said “A silver bullet for solving the ‘cyber problem’ for DoD, DOE, dot-gov or the private sector does not exist. It is impossible to make an absolutely secure information technology (IT) system.

Dr. Peery

Dr. Kaigham Gabriel, current head of the Defence Advanced Research Projects Agency, likened the current cybersecurity efforts of the US DoD to treading water in the middle of the ocean.  The DoD oversees 15,000 networks that connect about seven million devices which presents numerous security challenges to the DoD. These challenges include:

  •  Attackers can penetrate our networks: In just 3 days and at a cost of only $18,000, the Host-Based Security System was penetrated.
  • User authentication is a weak link: 53,000 passwords were provided to teams at  Defcon; within 48 hours, 38,000 were cracked.
  • The Defense supply chain is at risk: More than two-thirds of electronics in U.S. advanced fighter aircraft are fabricated in off-shore foundries.
  • Physical systems are at risk: A smartphone hundreds of miles away took control  of a car’s drive system through an exploit in a wireless interface.
  • The United States continues to spend on cybersecurity with limited increase in security: The Federal Government expended billions of dollars in 2010, but the  number of malicious cyber intrusions has increased.

With regards to cyber offense (rather than defense) Dr. Gabriel wrote: “DARPA’s belief is that the Department must have the capability to conduct offensive operations in cyberspace to defend our Nation, Allies, and interests. To be relevant, DoD needs cyber tools to provide the President with a full range of options to use in securing our national interests. These tools must address different timescales and new targets, and will require the integrated work of cyber and electronic warfare at unprecedented levels.”

Dr. Michael A. Wertheimer, director of research and development at the NSA, told the Senators that the federal government also faces a shortage of talent. Historically, the government has lost about one percent of their IT talent annually; this year the government is set to lose 10 percent of that workforce, the experts claimed. Wertheimer said that 44 percent of the NSA resigns from their position as opposed to retiring. Within the NSA’s IT staff, that figure is 77 percent resigning as opposed to retiring.

 

Mozilla Sends Another Message to Certificate Authorities

(LiveHacking.Com) – Mozilla has sent an email to all certificate authorities in the Mozilla root program to reiterate that the issuance of subordinate CA certificates for the purposes of SSL man-in-the-middle interception or traffic management is unacceptable. Mozilla has asked the CAs to revoke any such certificates by April 27, 2012. After that date, if it is found that a subordinate CA is being used for MITM, Mozilla could remove the corresponding root certificate from the Mozilla root program. This would mean the applications like Mozilla FireFox wouldn’t accept the certificate when presented.

“We made it clear that this practice remains unacceptable even when the intended deployment of such a certificate is restricted to a closed network,” said Johnathan Nightingale, Senior Director of Firefox Engineering.

Mozilla also reinforced the the Certificate Authorities responsibilities reminding them that they are accountable for every certificate they sign, directly or through its subordinates.

This isn’t the first time Mozilla has asked CAs to be more responsible. In September 2011 Mozilla sent a message to all the certificate authorities (which participate in the Mozilla root certificate program) requesting that they complete an audit of their PKI systems. This call to review and confirm the integrity of their certificate systems came after Mozilla removed the DigiNotar root certificate in response to its failure to promptly detect, contain, and notify Mozilla of a security breach regarding their root and subordinate certificates.

Is SSL Falling Apart? New Research Papers Find More Holes

(LiveHacking.Com) – Two new research papers (here and here) have been published which examine the low level details of SSL, specifically randomness aspects, and the results are surprising. According to the “Ron was wrong, Whit is right” paper,  two out of every one thousand RSA moduli that on the Internet today offer no security. While the Princeton’s Center for Information Technology Policy blog shows that 0.4% of all the public keys used for SSL web site security can be remotely compromised.

Two in one thousand is  0.2%, Princeton is talking 0.4%. These aren’t huge numbers… but a search on Google for how many sites have “https://” in the URL shows 19,640,000,000 sites. Some of these are sites about HTTPS and aren’t secure sites. If just one quarter of those are really using https, that is 4,910,000,000 sites. 0.4% of 1,964,000,000. That is a lot of SSL certificates. And a huge potential number of sites which can be hacked.

“Our conclusion is that the validity of the assumption is questionable and that generating keys in the real world for “multiple-secrets” cryptosystems such as RSA is signi cantly riskier than for “single-secret” ones such as ElGamal or (EC)DSA which are based on Die-Hellman,” wrote Arjen K. Lenstra et al.

SSL has been having a hard time recently and it is starting to look as if this system isn’t as robust as previously thought. Recent SSL stories include the BEAST, Diginotar and Verisign.

“Unfortunately, we’ve found vulnerable devices from nearly every major manufacturer and we suspect that more than 200,000 devices, representing 4.1% of the SSL keys in our dataset, were generated with poor entropy. Any weak keys found to be generated by a device suggests that the entire class of devices may be vulnerable upon further analysis,” wrote Nadia Heninger.

Six Security Flaws Fixed in OpenSSL

(LiveHacking.Com) – The OpenSSL project team has released two new versions of the popular open source toolkit for SSL/TLS. OpenSSL 1.0.0f and 0.9.8s fix a total of six security flaws. Of the six fixes, four apply to 1.0.0f and 0.9.8s together and then each version has one unique fix for its code stream.

The relevant security advisory lists the following:

  1. DTLS Plaintext Recovery Attack (CVE-2011-4108) – Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can befound at http://www.isg.rhul.ac.uk/~kp/dtls.pdf
  2. Double-free in Policy Checks (CVE-2011-4109) – If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected.
  3. Uninitialized SSL 3.0 Padding (CVE-2011-4576) – OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}_method or SSLv23_{server|client}_method. It does not affect TLS. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. However, in practice, most deployments do not use SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer any any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue.
  4. Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577) – RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. Note, however, that in the standard release of OpenSSL, RFC 3779 support is disabled by default, and in this case OpenSSL is not vulnerable. Builds of OpenSSL are vulnerable if configured with “enable-rfc3779”.
  5. SGC Restart DoS Attack (CVE-2011-4619) – Support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack.
  6. Invalid GOST parameters DoS Attack (CVE-2012-0027) – A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack. Only users of the OpenSSL GOST ENGINE are affected by this bug.

OpenSSL 1.0.0f  is considered the current best version of OpenSSL available and it is recommended that users of older versions upgrade as soon as possible. OpenSSL 1.0.0f is available for download via HTTP and FTP from the following master locations:

For a complete list of changes, please seehttp://cvs.openssl.org/getfile?f=openssl/CHANGES&v=OpenSSL_1_0_0f.

 

Stratfor Site Still Down as Password Analysis Reveals Weaknesses

(LiveHacking.Com) – Stratfor.com, the website of global intelligence-analysing firm Strategic Forecasting Inc., remains offline after the Christmas Eve hacker attack. The site currently says that Stratfor is investigating the security breach and is working diligently to prevent it from ever happening again! Stratfor will only restore the website once its security review is finished.

In the mean time, the nearly one million records stolen by the hackers have been published online and The Tech Herald has examined the list of passwords hashes and started cracking them with surprising results. The passwords which were stored as MD5 hashes are cracked using a variety of methods including dictionary attacks and brute force attacks. Using the Hashcat password recovery tool (together with GPU processing) the Tech Herald team managed to crack 81,883 of the 860,160 published password hashes in under 5 hours. That’s 270 password per minute. Why? Due to the weaknesses in the password. And when I say weak, I mean stupidly weak. One account even had the password ****** – yes, six asterisks.

By just using a set of small word lists, made up of common passwords, names and words from the King James Bible, the teams decoded nearly 26,000 passwords in 7 minutes. The team then went on to use larger and larger word lists including words and phrases from other languages (like Russian and Italian), surnames and common keyboard combinations (eg. 123ewqasd).

Some of the interesting passwords found include:

  • 111222333444
  • 12345stratfor
  • blackberry
  • blockbuster
  • globalization
  • hello123
  • qwerty
  • password
  • mypassword1
  • stratfor
  • Password123
  • washington

Wi-Fi Protected Setup Vulnerable to Brute Force Attack

(LiveHacking.Com) – Security researcher Stefan Viehböck has revealed a design and implementation flaw in Wi-Fi Protected Setup (WPS) that that makes Wi-Fi networks vulnerable to brute-force attacks.  US CERT has issued an advisory which suggests disabling WPS. The WPS specification has three methods of simplifying the connection of wireless devices to WPA2 protected access points. One of those methods involves using an eight digit PIN from a label on the router which authorizes the client to obtain the WPA2 configuration details.

An eight digit pin should have 100,000,000 different combinations, however a design flaw means that one of the digits is just a checksum and so reduces the possibilites down to 10,000,000. However the real weakness is that the protocol is designed in such a way that the first half and second half are sent separately and the protocol will confirm if just that half is correct. This reduces the number of PIN possibilities to 10,000 (4 digits) plus 1,000 (3 digits as checksum can be calculated) which is just 11,000 possibilities.

According to Viehböck  this means that some routers, which don’t employ any mechanisms to slow down brute force attacks, can be cracked within 44 hours. More information about this vulnerability can be found in Stefan’s paper: Brute forcing Wi-Fi Protected Setup. He has also released a PoC Brute Force Tool that can be found here.

Note: This vulnerability was also independently discovered by Craig Heffner (/dev/ttyS0Tactical Network Solutions) who has released a tool called “Reaver” on Google Code.

World’s First USB Based Two-factor Authentication for Email

(LiveHacking.Com) – Swiss Hacker GmBh, a Swiss IT security company that offers its services via a SaaS model, has launched Secure Mail Key a two-factor authentication email solution. By using the supplied USB key (which works with Windows, OS X and Linux) SMK have developed a secure messaging solution to protect sensitive emails from hackers. The traditional single factor authentication method of username and password is inadequate to protect sensitive commercial or military information. By using social engineering, keyloggers, man-in-the-middle attacks or phishing attacks it is possible to discover and exploit users’ passwords.

However with a two-factor authentication system the second authentication factor (normally a pin or token generated by an external device) needs to be entered for successful login. With SMK the second factor is automatically generated by the supplied USB key. Simply pressing the button on the key causes the device to generate a unique one time password which is automatically filled into the relevant field on the login page.

Google introduced optional two-factor authentication for its gmail service earlier this year. Having entered your password, Google will call you with the code, send you an SMS message or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iOS device. However Google’s services only use SSL during the login phase. SMK however use a secure connection end to end via Cloudflare.

Other benefits of SMK include:

  • Military grade encryption
  • Govt. approved : DOD, ANSI standard and tested by over 1000 Hackers
  • No Key-loggers, Virus, phishing attacks are possible

Another Dutch CA Hacked?

(LiveHacking.Com) – Gemnet, a subsidiary of KPN (a leading telecommunications and ICT service provider in The Netherlands), has taken its website offline to investigate a possible hack. Hacked websites are not a rarity today, however according to Webwereld the hack is related to CA certificates.

In response to these allegations KPN issued a statement saying that the suggestions that there is a connection between the hack and creation of certificates is true. “The hack of the site has no connection with the issuance and management of Government PKI certificates.

Despite the statement issued by KPN,  a second website belonging to a subsidiary of the telecommunications  company that also issues digital certificates to the Dutch government was also taken down.

According to the original Webwereld article by Brenno de Winter, the attack was launched through a PHP MyAdmin account that didn’t have a password. The attacker then used the database to create files including executable scripts.