May 19, 2013

You are here: Home / Archives for SSL

Many Android apps open to man-in-the-middle attacks due to weak SSL usage

October 23, 2012 by

After injecting a virus signature database via a MITM attack over broken SSL, the AntiVirus app recognized itself as a virus and recommended to delete the detected malware.

Security researchers from the Leibniz University of Hanover and the computer science department at the Philipps University of Marburg have tested 13,500 popular free Android apps and found that 8.0% of these apps contain SSL/TLS implementations that are vulnerable to  Man-in-the-Middle (MITM) attacks.

The researchers created a tool called MalloDroid which is designed to detect potential vulnerabilities against MITM attacks. The tool performs static code analysis to analyze the networking API calls and extract valid HTTP(S) URLs, check the validity of the SSL certificates of all the extracted HTTPS hosts; and  identify apps that contain non-default trust managers. Running the tool on the 13,500 samples showed that 1,074 of the apps exhibited some kind of potential vulnerability.

From this 1,074 app a further 100 apps were picked for manual audit to investigate different SSL problem  including the accepting of all SSL certificates regardless of their validity. This manual audit revealed that 41 of the apps were vulnerable to MITM attacks due to SSL misuse.

A particularly embarrassing case the researchers found that the Zoner AntiVirus app updated its virus signatures via a broken SSL connection. As the developers considered the connection to be secure and couldn’t be tampered with there is no built-in verification or validation of the signature files downloaded. This meant that the team was able to insert its own signatures files. In one test they added the signature for the anti-virus app itself. The app then proceeded to recognize itself as malware and recommended that itself be to deleted. The Zoner AntiVirus app has been downloaded more than 500,000 times!

By the end of their research the team had managed to capture credentials for American Express, Diners Club, Paypal, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, IBM Sametime, remote servers, bank accounts and email accounts.

The total cumulative number of installs of all the MITM vulnerable apps is between 39.5 and 185 million users, according to the download numbers from Google’s Play Store.

Filed Under: Android, Cryptography Tagged With: , , ,

90% of all HTTPS Websites Insecure

April 27, 2012 by

(LiveHacking.Com) – SSL Pulse, a new project that monitors the quality of SSL sites across the Internet and reports on its findings, has discovered that 90% of all HTTPS websites are insecure. The project has tested the top 200,000 SSL web sites on the Internet and discovered that nearly 180,000 of them are insecure.

The project measures key features about an SSL configuration and ranks the website according to the SSL Server Rating Guide. According to the report 40% of the worlds top SSL sites use 128 bit (or less) ciphers for data transfer and a handful of sites have certificates with keys below 1024 bits.

The biggest weaknesses are insecure renegotiation and susceptibility to a BEAST attack. Over 8,500 sites support insecure renegotiation which since 2009 as been considered insecure. A successful exploitation of this vulnerability allows an active man-in-the-middle attacker to inject arbitrary content into an encrypted data stream. The results is that the attacker can impersonate a valid client and steal confidential data.

The SSL Pulse survey reports that 75% of SSL websites are still open to BEAST attacks. A BEAST attack is based on a flaw in the SSL protocol. A successful exploitation of this issue will result in a disclosure of a victim’s session cookies, allowing the attacker to completely hijack the application session. It was resolved in TLS v1.1, but now six years later, most clients and servers do not support newer protocol versions. To protected against a BEAST attack servers need to be configured to use TLS v1.1 or to only use RC4 with TLS v1.0 or SSL v3.0.

“About 50% (99,903 sites) got an A, which is a good result. Unfortunately, many of these A-grade sites (still) support insecure renegotiation (8,522 sites, or 8.5% of the well-configured ones) or are vulnerable to the BEAST attack (72,357 sites, or 72.4% of the well-configured ones). This leaves us with only 19,024 sites (or 9.59% of all sites) that are genuinely secure at this level of analysis,” wrote Ivan Ristic, director of engineering at Qualys and creator of SSL Labs.

The project hopes that these startling numbers will raise awareness of these issues and help web site owners improve their SSL implementations.

Filed Under: Cryptography, Security Tagged With: , , ,

New Security Updates For All Active Branches of PostgreSQL

February 29, 2012 by

(LiveHacking.Com) – New security updates for all active versions PostgreSQL, the object-relational database system, have been released by the PostgreSQL Global Development Group. The updates are available for versions 9.1.3, 9.0.7, 8.4.11 and 8.3.18.

The update fixes vulnerability in three areas:

  • Permissions on a function called by a trigger are not checked.
  • SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances.
  • Line breaks in object names can be exploited to execute code when loading a pg_dump file.

The first fix prevents users from defining triggers which execute functions for which the user does not have EXECUTE permission. The problem was that CREATE TRIGGER failed to make any permissions check on the trigger function to be called. If the trigger function was marked SECURITY DEFINER, privilege escalation becomes possible.

The SSL fix resolves a problem with SSL common name truncation, which could allow hijacking of an SSL connection under exceptional circumstances. Since the name extracted from an SSL certificate was incorrectly truncated to 32 characters it was theoretically possible to spoof the name on a false certificate.

The final security fix is to the pg_dump program. pg_dump copies object names into comments in a SQL script without sanitizing them by using an object name which includes a newline it is possible to add SQL commands to the dump script. When the dump script is reloaded, the command would be executed with the privileges of whoever is running the script.

Users of pg_dump, users of SSL certificates for validation or users of triggers using SECURITY DEFINER should upgrade their installations immediately.

This release also contains 45 fixes to version 9.1, and a smaller number of fixes to older versions, including:

  • Fix btree index corruption from insertions concurrent with vacuuming
  • Recover from errors occurring during WAL replay of DROP TABLESPACE
  • Fix transient zeroing of shared buffers during WAL replay
  • Fix postmaster to attempt restart after a hot-standby crash
  • Fix corner case in SSI transaction cleanup
  • Update per-column permissions, not only per-table permissions, when changing table owner
  • Fix handling of data-modifying WITH subplans in READ COMMITTED rechecking
  • Fix for “could not find plan for CTE” failures
  • Fix unsupported node type error caused by COLLATE in an INSERT expression
  • Avoid crashing when we have problems deleting table files post-commit
  • Fix recently-introduced memory leak in processing of inet/cidr
  • Fix GIN cost estimation to handle column IN (…) index conditions
  • Fix I/O-conversion-related memory leaks in plpgsql
  • Teach pg_upgrade to handle renaming of plpython’s shared library (affecting upgrades to 9.1)

More information about the updates, including a full list of fixes and changes, can be found in the 9.1.39.0.78.4.11 and 8.3.18 release notes.

PostgreSQL can be downloaded from:

Filed Under: News, Security, Vulnerability Tagged With: ,

Mozilla Sends Another Message to Certificate Authorities

February 20, 2012 by

(LiveHacking.Com) – Mozilla has sent an email to all certificate authorities in the Mozilla root program to reiterate that the issuance of subordinate CA certificates for the purposes of SSL man-in-the-middle interception or traffic management is unacceptable. Mozilla has asked the CAs to revoke any such certificates by April 27, 2012. After that date, if it is found that a subordinate CA is being used for MITM, Mozilla could remove the corresponding root certificate from the Mozilla root program. This would mean the applications like Mozilla FireFox wouldn’t accept the certificate when presented.

“We made it clear that this practice remains unacceptable even when the intended deployment of such a certificate is restricted to a closed network,” said Johnathan Nightingale, Senior Director of Firefox Engineering.

Mozilla also reinforced the the Certificate Authorities responsibilities reminding them that they are accountable for every certificate they sign, directly or through its subordinates.

This isn’t the first time Mozilla has asked CAs to be more responsible. In September 2011 Mozilla sent a message to all the certificate authorities (which participate in the Mozilla root certificate program) requesting that they complete an audit of their PKI systems. This call to review and confirm the integrity of their certificate systems came after Mozilla removed the DigiNotar root certificate in response to its failure to promptly detect, contain, and notify Mozilla of a security breach regarding their root and subordinate certificates.

Filed Under: Cryptography, Mozilla, Security Tagged With: , , ,

Is SSL Falling Apart? New Research Papers Find More Holes

February 17, 2012 by

(LiveHacking.Com) – Two new research papers (here and here) have been published which examine the low level details of SSL, specifically randomness aspects, and the results are surprising. According to the “Ron was wrong, Whit is right” paper,  two out of every one thousand RSA moduli that on the Internet today offer no security. While the Princeton’s Center for Information Technology Policy blog shows that 0.4% of all the public keys used for SSL web site security can be remotely compromised.

Two in one thousand is  0.2%, Princeton is talking 0.4%. These aren’t huge numbers… but a search on Google for how many sites have “https://” in the URL shows 19,640,000,000 sites. Some of these are sites about HTTPS and aren’t secure sites. If just one quarter of those are really using https, that is 4,910,000,000 sites. 0.4% of 1,964,000,000. That is a lot of SSL certificates. And a huge potential number of sites which can be hacked.

“Our conclusion is that the validity of the assumption is questionable and that generating keys in the real world for “multiple-secrets” cryptosystems such as RSA is signi cantly riskier than for “single-secret” ones such as ElGamal or (EC)DSA which are based on Die-Hellman,” wrote Arjen K. Lenstra et al.

SSL has been having a hard time recently and it is starting to look as if this system isn’t as robust as previously thought. Recent SSL stories include the BEAST, Diginotar and Verisign.

“Unfortunately, we’ve found vulnerable devices from nearly every major manufacturer and we suspect that more than 200,000 devices, representing 4.1% of the SSL keys in our dataset, were generated with poor entropy. Any weak keys found to be generated by a device suggests that the entire class of devices may be vulnerable upon further analysis,” wrote Nadia Heninger.

Filed Under: Cryptography, News, Security Tagged With: , ,

OpenSSL Fix Flaw in Recent Bug Fix

January 20, 2012 by

(LiveHacking.Com) – Earlier this month, the OpenSSL project released updates to two new versions (OpenSSL 1.0.0f and 0.9.8s) of the popular open source toolkit for SSL/TLS to fix a total of six security flaws. One of the vulnerabilities fixed (CVE-2011-4108) was in OpenSSL’s DTLS implementation which allowed an efficient plaintext recovery attack. However Antonio Martin from Cisco Systems, Inc found a flaw in the in the fix that can be exploited in a denial of service attack. Only DTLS applications using OpenSSL 1.0.0f and 0.9.8s are affected.

To remedy this the OpenSSL project have now released OpenSSL 1.0.0g and OpenSSL 0.9.8t.

Filed Under: News, Open Source, OpenSSL, Security, Vulnerability Tagged With: , ,

Microsoft Fixes Eight Security Vulnerabilities in its Products

January 11, 2012 by

(LiveHacking.Com) – Microsoft has released seven security bulletins as part of its Patch Tuesday program. One of seven bulletins is rated Critical, with the remaining six classified as Important. The Critical bulletin addresses two issues in Windows Media Player. If exploited these vulnerabilities would allow remote code execution on the affected PC. Although there are no known active exploitations of these bugs, they can be triggered by a hacker crafting a malicious MIDI or DirectShow file. If the user then opened this file their PC would become vulnerable as the attacker could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The remaining fixes are:

  • Vulnerability in Windows Object Packager That Could Allow Remote Code Execution – The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file.
  • Vulnerability in Windows Client/Server Run-time Subsystem That Could Allow Elevation of Privilege – The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. The attacker could then take complete control of the affected system and install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability can only be exploited on systems configured with a Chinese, Japanese, or Korean system locale.
  • Vulnerability in Microsoft Windows That Could Allow Remote Code Execution – The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application.
  • Vulnerability in SSL/TLS Could Allow Information Disclosure – This vulnerability affects the SSL 3.0 and TLS 1.0 protocols and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected. This should protect users  from the tool known as BEAST (Browser Exploit Against SSL/TLS).
  • Vulnerability in AntiXSS Library Could Allow Information Disclosure – The vulnerability could allow information disclosure if a an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library.
Filed Under: Microsoft, Microsoft, Vulnerability Tagged With: , , ,

Six Security Flaws Fixed in OpenSSL

January 9, 2012 by

(LiveHacking.Com) – The OpenSSL project team has released two new versions of the popular open source toolkit for SSL/TLS. OpenSSL 1.0.0f and 0.9.8s fix a total of six security flaws. Of the six fixes, four apply to 1.0.0f and 0.9.8s together and then each version has one unique fix for its code stream.

The relevant security advisory lists the following:

  1. DTLS Plaintext Recovery Attack (CVE-2011-4108) - Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can befound at http://www.isg.rhul.ac.uk/~kp/dtls.pdf
  2. Double-free in Policy Checks (CVE-2011-4109) - If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected.
  3. Uninitialized SSL 3.0 Padding (CVE-2011-4576) - OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}_method or SSLv23_{server|client}_method. It does not affect TLS. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. However, in practice, most deployments do not use SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer any any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue.
  4. Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577) - RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. Note, however, that in the standard release of OpenSSL, RFC 3779 support is disabled by default, and in this case OpenSSL is not vulnerable. Builds of OpenSSL are vulnerable if configured with “enable-rfc3779″.
  5. SGC Restart DoS Attack (CVE-2011-4619) - Support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack.
  6. Invalid GOST parameters DoS Attack (CVE-2012-0027) - A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack. Only users of the OpenSSL GOST ENGINE are affected by this bug.

OpenSSL 1.0.0f  is considered the current best version of OpenSSL available and it is recommended that users of older versions upgrade as soon as possible. OpenSSL 1.0.0f is available for download via HTTP and FTP from the following master locations:

For a complete list of changes, please seehttp://cvs.openssl.org/getfile?f=openssl/CHANGES&v=OpenSSL_1_0_0f.

 

Filed Under: Cryptography, News, OpenSSL, Security, Vulnerability Tagged With: , ,

Microsoft to Revoke Trust in Malaysian CA

November 7, 2011 by

Microsoft has issued a notice that it will shortly revoke the trust in the Intermediate Certificate Authority DigiCert Sdn. Bhd. (Digicert Malaysia) via Windows Update. The reason for the revoke isn’t that the CA has been compromised or suffered a security breach, but rather they were caught issuing certificates with weak 512 bit keys.

The requirements of the  the Microsoft Root Program are that a minimum crypto key size of RSA 2048-bit modulus is used for any root and all issuing CAs. Microsoft used to accept root certificates with RSA 1024-bit modulus however these existing legacy 1024-bit RSA root certificates were phased out at the end of last year. The fact that this Malaysian CA issued 512-bit certificates is a clear violation of Microsoft requirements.

“The subordinate CA has clearly demonstrated poor CA security practices and Microsoft intends to revoke trust in the intermediate certificates” said Jerry Bryant, Group manager, Response Communications, Trustworthy Computing.

Although Microsoft have no indication that any of the 22 certificates were issued fraudulently, however, these weak keys have allowed some of the certificates to be compromised.  These compromised certificates could allow an attacker to impersonate the legitimate owner and make a user believe they are trusting a website or signed software that was created for malicious use.

Filed Under: Cryptography, Microsoft Tagged With: , , ,

Chrome 15 Broke The Wall Street Journal While Trying to Beat the BEAST

October 27, 2011 by

(LiveHacking.Com) - Earlier this month Juliano Rizzo and Thai Duong released details of a vulnerability in the encryption mechanism used in HTTPS (Secure Hypertext Transfer Protocol). They also released a tool known as BEAST (Browser Exploit Against SSL/TLS). Consequently browser makers, including Google, have been trying to tweak the SSL implementations in their browsers to reduce the risks from the BEAST.

As part of the Chrome 15 release Google did some SSL tweaking:

The NSS network library was updated to include a defense against so-called BEAST. This defense may expose bugs in Brocade hardware. Brocade is working on the issue.

Well it looks like it did expose problems. As soon as users started to upgrade to Chrome 15, reports started that users couldn’t login to Barrons Online or The Wall Street Journal.

Further investigation by Google revealed that a change, which sends only one byte of data in the first CBC encrypted application data record, broke the sites.

Google back tracked on the change and released Chrome 15.0.874.106 for Windows, Mac and Linux. Since then Barron’s has updated its site, and secure sign-in is now working with 1/n-1 SSL record splitting when using the development build of Chrome 16. No word on what, if any, changes The Wall Street Journal has made to its site.

Filed Under: Chrome, Cryptography, Google Tagged With: , , ,
«Older Posts