Joanna Rutkowska is back in the news. This time with colleague Rafal Wojtczuk discussing their way to bypass security in Intel’s TXT.
From Search Security:
It’s a very sophisticated attack method that few could pull off, but the security bugs exploited by security researchers Joanna Rutkowska and colleague Rafal Wojtczuk to bypass Intel Trusted Execution Technology (TXT) should be noted by security pros. Especially those considering the potential applications of TXT to drive virtualization to Intel-based desktops, servers and mobile devices. There is no need for IT to panic yet; as there are no known attacks and the vulnerabilities take great expertise to exploit.
The attack is noteworthy because Citrix and VMware have recently announced major partnerships using Intel’s vPro architecture and TXT as a foundation. Intel is looking at the vulnerability and has pledged to ensure the security of TXT.
Interesting reading. For Eric Ogren’s full article head over to TechTarget.
I received an email from the folks over at Tripwire today. They have released a tool that can be used to check the security on VMWare configs. I haven’t got the time to review this one so I’ll leave to you the good readership to arrive at your own conclusions.
From Tripwire:
Tripwire® ConfigCheckTM is a free utility that rapidly assesses the security of VMware ESX 3.5 hypervisor configurations compared to the VMware Infrastructure 3 Security Hardening guidelines. Developed by Tripwire in cooperation with VMware, Tripwire ConfigCheck ensures ESX environments are properly configured—offering immediate insight into unintentional vulnerabilities in virtual environments—and provides the necessary steps towards full remediation when they are not.
And the best part? It’s free.
Now it would be nice if more vendors would take a hint and release free tools from time to time to help us get our job done. It would leave us collectively better disposed to them and their product portfolios in the long run.
The VMWare folks released patches yesterday to deal with a privilege escalation problem and a security bypass issue as well as five other problems.
From VMWare Advisory:
Problem description:
a. Host to guest shared folder (HGFS) traversal vulnerability
On Windows hosts, if you have configured a VMware host to guest shared folder (HGFS), it is possible for a program running in the guest to gain access to the host’s file system and create or modify executable files in sensitive locations.
NOTE: VMware Server is not affected because it doesn’t use host to guest shared folders. No versions of ESX Server, including ESX Server 3i, are affected by this vulnerability. Because ESX Server is based on a bare-metal hypervisor architecture and not a hosted architecture, and it doesn’t include any shared folder abilities. Fusion and Linux based hosted products are unaffected.
and…
b. Insecure named pipes
An internal security audit determined that a malicious Windows user could attain and exploit LocalSystem privileges by causing the authd process to connect to a named pipe that is opened and controlled by the malicious user.
The same internal security audit determined that a malicious Windows user could exploit an insecurely created named pipe object to escalate privileges or create a denial of service attack. In this situation, the malicious user could successfully impersonate authd and attain privileges under which Authd is executing.
For the rest of the issues please read the full advisory over on VMWare dot com.
Tags: VMWare, VMWare Vulnerabilities
With a headline like that you can’t help but, to shake your head.
From Electronics Talk:
The Padded Cell Secure Hypervisor and its EAL6+ compliant security policies enable breakthroughs for many of the world’s long unresolved security problems
Green Hills Software has released the world’s first secure hypervisor. The Padded Cell Secure Hypervisor supports the widest range of computing platforms, from embedded devices to enterprise desktop and server systems. It runs on top of Green Hills Software’s Integrity separation kernel. ‘Many people believe that hypervisors are the solution to security problems’.
‘But existing hypervisors actually make security problems worse by providing another avenue for attack’, said Dan O’Dowd, founder and Chief Executive Officer, Green Hills Software.
‘Everybody has become accustomed to the fail-first, patch-later mentality adopted by the world’s largest software organisations and products’.
‘The fact is that it is possible to build totally secure, hacker-proof software upon which critical computing assets and resources can depend’.
‘Our introduction of Padded Cell Secure Hypervisor continues to demonstrate this by pushing the envelope of applications that can benefit from our proven approach to safety, security and reliability’.
You know, I wish them well in this endeavour. I really do. I just can’t forget the Oracle “unhackable” campaign or Microsoft’s “more secure than the popemobile” billboards when Windows 2000 came out. It’s like they’re taunting the hackers. And, they will invariably rise to the challenge and smite them.
Tags: Virtualization, Hypervisor, Hacker, Hacker Proof
Like any emerging technology, the analyst said virtualisation will be the target of new security threats. It warned that simply applying the technologies and best practices for securing physical servers won’t provide sufficient protections for virtual machines.
As a result, Gartner predicts 60 per cent of virtual machines used in production environments will be less secure than their physical equivalents by 2009.
Now bearing in mind these are the same folks that claimed IDS was dead. I tend to take a dim view of Gartner releases in general. Basically one would be ill advised to take them solely on face value. As with any resource on the web for that matter (yes, us as well).
Gartner goes on to advise that virtual machines should be locked down before deployment.
Sigh, I find it disturbing that they felt it necessary to outline this aspect. Although I guess I can understand this point of view having encountered some, er, interesting IT managers in my day. To treat a virtual machine any differently (by which I mean, in a lax manner) is a flawed approach. This is especially true if these systems are being deployed in a production environment. Security does in fact have to take a greater role here due to the overwhelming “new car smell” this technology holds for most businesses. There are discussions on rootkit VMs and the like to be sure. A VM should be treated as any operating system that you deploy. OK, you have the ability to recover if something goes wrong but, that would only apply if you detect a breach in the first place. By then who knows how much customer data might have flown out the front door?
Intrusion detection (for example) has merit and defense in depth still applies.
UPDATE: Almost as if on cue I see this advisory for VMWare.
Tags: Virtual Machines, Gartner, IDS, VM Rootkits
