Archive for June, 2007
Author: Dave Lewis
June 29, 2007 at 8:40 am · Filed under Crypto, Security Mgmt
From NIST:
A revised draft of guidelines for a cryptographic authentication scheme has been released for public comment by the National Institute of Standards and Technology.
Special Publication 800-38D, Recommendation for Block Cipher Modes of Operation, specifies a mode of operation for the Advanced Encryption Standard algorithm that can be used to check protected data for both accidental and intentional modification.
The scheme is called the Galois/Counter Mode, which combines a variation of the Counter Mode for encryption with an authentication mechanism, based on a universal hash function that uses a binary finite, or Galois, field. GCM is constructed from an approved symmetric key block cipher with a block size of 128 bits; in other words, AES. The publication is the fourth in a series of recommendations for modes of operation of AES.
GCM provides stronger authentication than non-cryptographic checksums or error detecting codes, but its security depends upon the uniqueness of initialization strings used in the process. “Therefore, this mode of operation should not be deployed unless compliance with this uniqueness requirement is ensured,” NIST warns.
Download SP800-38D
Tags: NIST, Cryptography, Hashing Standards, AES
Author: Dave Lewis
June 29, 2007 at 8:35 am · Filed under News
It’s the Canada Day long weekend! Looking forward to kicking back and relaxing. I hope that everyone has a good and safe weekend.
And now, the news…
- EU clears Swift to continue giving banking data to US
- EU Makes Deal With U.S. on Passenger Data
- Lawmakers worry over government network breaches
- Vodafone touts secure remote working
- Authorities Probe Benoit Wikipedia Entry
- Homeland Security to host closed-door security forum (?)
- Harry Potter worm claims teenage wizard is dead (that didn’t take long)
- If this had been an actual emergency …
- Policy experts split on spyware laws
- Joanna’s Shocking Confession: There Exists Some Amount Of Money For Which I Would Agree To See BluePill Detected By Lawson, Ferrie, Dai Zovi and Ptacek. (loving watching this spin up)
Click here to subscribe to Liquidmatrix Security Digest!
Tags: News, Daily Links, Security Blog, MySpace, Harry Potter Worm, Blue Pill, Spyware, DHS Forum
Author: Dave Lewis
June 29, 2007 at 8:17 am · Filed under Mobile, Vulnerability
This isn’t a ’sky is falling’ moment by any stretch but, it does affect a very large user population so I thought I would share this one.
From Secunia:
Description:
Sipera VIPER Lab has reported some vulnerabilities in Blackberry, which can be exploited by malicious people to cause a DoS (Denial of Service).
1) A format string error in the handling of SIP INVITE messages can be exploited to prevent the BlackBerry smartphone from making a call by sending a specially crafted SIP INVITE message containing a URI with a user name but no host name in the Contact header.
2) An error exists in the processing of SIP INVITE messages can be exploited to prevent the BlackBerry smartphone from clearing the INVITE transaction state properly resulting in the phone being blocked for approximately 40 seconds.
3) An error in the handling of SIP INVITE messages can be exploited to prevent the BlackBerry smartphone from making a call by sending a specially crafted SIP INVITE message.
Successful exploitation of these vulnerabilities requires access to a private branch exchange (PBX) from within an enterprise network.
The vulnerabilities are reported in the BlackBerry Device Software 4.0 Service Pack 1 Bundle 83 and earlier on a BlackBerry 7270 smartphone. Reportedly this does not affect any other BlackBerry device.
Solution:
Update to BlackBerry Device Software 4.0 Service Pack 1 Bundle 108 or later.
Article Link
Tags: Blackberry, Blackberry Vulnerabilities, RIM
Author: Dave Lewis
June 28, 2007 at 10:30 pm · Filed under Conventions, Malware
Tom Ptacek from Matasano Security is calling out our fav, Joanna Rutkowska. Ptacek is presenting a paper on how to detect the “blue pill” root kit.
Joanna, we respectfully request terms under which you’d agree to an “undetectable rootkit detection challenge”. We’ll concede almost anything reasonable; we want the same access to the (possibly-)infected machine than any antivirus software would get.
The backstory:
Dino Dai Zovi, under Matasano colors, presented a hypervisor rootkit (“Vitriol”) for Intel’s VT-X extensions at Black Hat last year, at the same time as Joanna presented BluePill for AMD’d SVM.
We concede: Joanna’s rootkit is coolor than ours. I particularly liked using the debug registers to grab network traffic out of the drivers. We stopped weaponizing Vitriol.
From Joanna’s site we find this:
First, we believe that 2 machines are definitely not enough, because the chance of correct guess, using a completely random (read: unreliable) detection method is 50%. Thus we think that the reasonable number is 5 machines. Each of them could be in a state 0 or 1 (i.e. infected or not). On each of this machines we install two files: bluepill.exe and bluepill.sys
The .sys file is digitally signed, so it loads without any problem (we could use one of our methods for loading unsigned code on vista that we’re planning to demonstrate at BH, but this is not part of the challenge, so we will use the official way).
The bluepill.exe takes one argument which is 0 or 1. If it’s 1 it loads the driver and infects the machines. If it’s 0 it also loads the driver, but the driver does not infect the machine.
This year’s Black Hat is shaping up to be rather interesting indeed. That coupled with the paper on TPM that was mysteriously pulled. I’m still wondering what that was all about. Of course I have my natural suspicions.
Article Link
Tags: Tom Ptacek, Joanna Rutkowska, Blue Pill, Rootkit, Black Hat 2007
Author: Dave Lewis
June 28, 2007 at 10:07 pm · Filed under Politics, Spy Game
Can you feel the walls closing in on you George and Dick?
The US Senate has issued subpoenas demanding the White House hand over documents relating to its policy of snooping on US citizens without getting warrants or other legal clearance.
Senate Judiciary Committee chairman Patrick Leahy yesterday issued subpoenas to the Department of Justice, the Office of the White House, the Office of the Vice-President and the National Security Council asking for documents relating to the committee’s inquiry into warrantless wiretapping and how such wiretaps were authorised.
Leahy’s letter said: “Over the past 18 months, this committee has made no fewer than nine formal requests to the Department of Justice and to the White House, seeking information and documents about the authorization of and legal justification for this program. All requests have been rebuffed. Our attempts to obtain information through testimony of administration witnesses have been met with a consistent pattern of evasion and misdirection.”
The committee also wants letters or other documents that detail how the administration worked with telecoms companies to listen to citizens’ phonecalls.
Et tu Brute?
Article Link
Tags: Subpoenas, Bush and Cheney, Illegal Wiretapping
Author: Dave Lewis
June 28, 2007 at 6:25 am · Filed under News
There is a very interesting story on the wires today. Apparently a paper that was dedicated to discussing the breaking of Trusted Computing (TPM) has been withdrawn without explanation. Checkout the article link below (#2)
And now, the news…
- DOJ warns US citizens of phishing attack
- Black Hat paper on breaking Trusted Platform Module withdrawn
- US Senate reins in ID card project
- Serious security hole plugged in RealPlayer and HelixPlayer
- Security vendors question accuracy of AV tests
- Three critical bugs in Kerberos
- eBay targets Romanian fraudsters
- Cyber-bullying gathers pace in US
- Web Worm Whacks MySpace Users
- Private-eye hackers are convicted
Click here to subscribe to Liquidmatrix Security Digest!
Tags: News, Daily Links, Security Blog, MySpace, Hackers, AV Tests, Black Hat Paper Withdrawn, Black Hat, DOJ Phishing
Author: Dave Lewis
June 27, 2007 at 9:38 pm · Filed under Exploit
From The Reg:
In his research he focused on using a web browser as a beachhead to launch Metasploit-style attacks. What this means is that any Javascript enabled web browser might be used to launch an attack against a service, for example a VoIP server, and gain complete control of the box.
Generally exploits are executed inside a development framework such as Metasploit, or run directly from the code. But this time, the code would run inside the browser, using Javascript. And all of this takes palce without exploiting any bugs in the browser itself.
Your browser is now an active menace against the security of your internal network. However, the problem can’t be easily fixed, because it is not based on a bug: it simply uses “Web 2.0″ technologies against you.
Article Link
Tags: Metasploit, Exploitation, Worms
Author: Dave Lewis
June 27, 2007 at 9:34 pm · Filed under OS Security, Vulnerability
From Secunia:
Description:
Sun has acknowledged a vulnerability in Solaris, which can potentially be exploited by malicious people to compromise a vulnerable system.
For more information:
SA25800
The vulnerability affects Sun Solaris 8, 9, and 10 for both the SPARC and x86 platforms.
Solution:
Apply patches.
– SPARC Platform –
Solaris 8:
Apply patch 126928-01.
http://sunsolve.sun.com/search/docume…setkey=urn:cds:docid:1-21-126928-01-1
Solaris 9:
Apply T-patch T113318-31.
Solaris 10:
Apply patch 123809-02.
http://sunsolve.sun.com/search/docume…setkey=urn:cds:docid:1-21-123809-02-1
– x86 Platform –
Solaris 8:
Apply patch 126929-01.
http://sunsolve.sun.com/search/docume…setkey=urn:cds:docid:1-21-126929-01-1
Solaris 9:
Apply T-patch T117468-17.
Solaris 10:
Apply patch 126837-01.
http://sunsolve.sun.com/search/docume…setkey=urn:cds:docid:1-21-126837-01-1
Preliminary T-patches are available from:
http://sunsolve.sun.com/tpatches
A final resolution is reportedly pending completion.
Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102914-1
Article Link
Tags: Sun, Solaris, Kerberos Vulnerability
Author: Dave Lewis
June 27, 2007 at 7:59 am · Filed under News
It is freaking hot here in the Toronto area yesterday and again today. It got up to 41C with humidity. That’s 106F for our American cousins. Be aware today that there is a fake Microsoft update making the rounds for MS07-0065. It’s malware. What else?
And now, the news…
- New tool for testing application security
- The decline of antivirus and the rise of whitelisting (Kurt baiting…)
- Mobile phones ‘offensive weapons’
- Trojan hides behind Yes & No video
- MySpace Flux Malware
- Don’t download Microsoft Security Bulletin MS07-0065!
- Cisco vows to maintain IronPort tech, talent (you mean they’re not going to bury it?)
- Security Appliances Sitting Ducks for Known Bug
- From Facebook To a Yearbook, Teens Get a Jolt
- Europe’s banks must inform customers of US snooping
Click here to subscribe to Liquidmatrix Security Digest!
Tags: News, Daily Links, Security Blog, IronPort, Privacy, Spam, MS07-0065, MySpace Malware, Antivirus, UTM
Author: Dave Lewis
June 26, 2007 at 9:20 pm · Filed under Spy Game
By now you may or may now have heard that the CIA is going to declassify roughly 700 pages of, the family jewels as they call it. Well, here they are.
Download the Family Jewels (.pdf 27 MB)
The CIA said Thursday it has decided to declassify most of a voluminous 1973 file known as “the family jewels,” which details some of the agency’s most notorious operations.
Assassination plots, human experimentation, illegal wiretaps and surveillance of journalists in the 1950s through the early 1970s are among the activities documented in the 693-page file, according to previously released documents about “the family jewels.”
“Much of it has been in the press before, and most of it is unflattering, but it is CIAs history,” CIA director Michael Hayden, who announced the decision in a speech to the Society of Historians of American Foreign Relations.
“The documents provide a glimpse of a very different time and a very different Agency,” he said.
Former CIA director James Schlesinger ordered the unearthing of the agency’s skeletons in 1973.
Article Link
Tags: CIA Family Jewels, Skeletons in the Closet, CIA, Family Jewels Download, Family Jewels Torrent
Next entries »
Explore
Security Bloggers Network
