recentpopularlog in

itsicherheit_exploit_flaw

« earlier   
DARPA Wants to Find Botnets Before They Attack
The Defense Advanced Research Projects Agency on Aug. 30 awarded a $1.2 million contract to cybersecurity firm Packet Forensics to develop novel ways to locate and identify these hidden online armies. The award comes as part of the agency’s Harnessing Autonomy for Countering Cyber-adversary Systems program, a DARPA spokesperson told Nextgov. Through the HACCS program, DARPA aims to build a system that can automatically pinpoint botnet-infected devices and disable their malware without their owners ever knowing. Launched in 2017, the program is investing in three main technologies: systems that uncover and fingerprint botnets across the internet, tools that upload software to infected devices through known security gaps, and software that disables botnet malware once it’s uploaded. Packet Forensics’ technology falls under that first category, the DARPA spokesperson said.The effort is scheduled to last to four years, with the first phase running 16 months. Later phases include additional funding.
defense one, 12.09.2018
militär_us_darpa_projekt_haccs  militär_allg_infiltration_tech  itsicherheit_botnetz_c&c  itsicherheit_malware_spyware  itsicherheit_exploit_flaw  geheimdienst_us_nsa_treasure_map  geheimdienst_us_nsa_turbulence_genie_turbine  geheimdienst_us_nsa_tao_quantum  tech_dual_use  militär_allg_kriegsführung_elektro_it_ki  unternehmen_packet_forensics  land_usa  itsicherheit_botnetz_c&c_gchq_nsa 
12 days ago by kraven
UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm
The authenticity of the data stored in India's controversial Aadhaar identity database, which contains the biometrics and personal information of over 1 billion Indians, has been compromised by a software patch that disables critical security features of the software used to enrol new Aadhaar users, a three month-long investigation by HuffPost India reveals. The patch—freely available for as little as Rs 2,500 (around $35)— allows unauthorised persons, based anywhere in the world, to generate Aadhaar numbers at will, and is still in widespread use. This has significant implications for national security at a time when the Indian government has sought to make Aadhaar numbers the gold standard for citizen identification, and mandatory for everything from using a mobile phone to accessing a bank account. HuffPost India is in possession of the patch, and had it analysed by three internationally reputed experts, and two Indian analysts (one of whom sought anonymity as he works at a state-funded university), to find that: The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers. The patch disables the enrolment software's in-built GPS security feature (used to identify the physical location of every enrolment centre), which means anyone anywhere in the world — say, Beijing, Karachi or Kabul — can use the software to enrol users. The patch reduces the sensitivity of the enrolment software's iris-recognition system, making it easier to spoof the software with a photograph of a registered operator, rather than requiring the operator to be present in person. The experts consulted by HuffPost India said that the vulnerability is intrinsic to a technology choice made at the inception of the Aadhaar programme, which means that fixing it and other future threats would require altering Aadhaar's fundamental structure. HuffPost India could not establish just how many enrolment centres used the patch, but even the UIDAI has admitted that the enrolment process has been marred by corruption. In 2017, the UIDAI said it had blacklisted 49,000 enrolment centres for various violations, and in February 2018, the UIDAI terminated all contracts with common service centres as well. Henceforth, only banks and government institutions like the postal service can enrol Aadhaar users. As a consequence, tens of thousands of young men, with rudimentary education but great familiarity with the Aadhaar system, were put out of work.
huffington post, 11.09.2018
datenbank_biometrie_in_aadhaar  land_indien  itsicherheit_by_obscurity  datenbank_population  itsicherheit_authentisierung_biometrie  biometrie_täuschung  itsicherheit_implementierung  itsicherheit_exploit_flaw  datenschutz_id_management  itsicherheit_datensicherheit  staat_inkompetenz  staat_outsourcing  in_uidai  in_nciipc  biometrie_erfassung  video_youtube  gesellschaft_armut  staat_politik_desinformation 
13 days ago by kraven
Worries arise about security of new WebAuthn protocol
At the end of last month, the team of security researchers at Paragon Initiative, known for their strong background in cryptography, have taken a close look at this new protocol making its way into browsers like Chrome, Edge, and Firefox. In a security audit, researchers say they identified various issues with the algorithms used to generate the attestation keys (signatures). They point out that the W3C WebAuthn specification recommends the use of outdated algorithms such as the FIDO Alliance's Elliptic Curve (EC) Direct Anonymous Attestation (DAA), or RSASSA-PKCS1-v1_5. The Paragon team detailed a long list of issues with both algorithms in a technical report, here, but in short, they are vulnerable to quite a few known cryptographic attacks. In particular, they took an issue with the use of RSASSA-PKCS1-v1_5. But the FIDO Alliance's custom ECDAA crypto algorithm is not that safe either. "If converted into a practical exploit, the ECDAA attacks discussed in the article would allow attackers to steal the key from a [server's] TPM, which would allow attackers to effectively clone the user's hardware security token remotely," Arciszewski said. "The scenarios that follow depend on how much trust was placed into the hardware security token," he added. "At minimum, I imagine it would enable 2FA bypasses and re-enable phishing attacks. However, if companies elected to use hardware security tokens to obviate passwords, it would allow direct user impersonation by attackers." In subsequent email exchanges with the Paragon team, ZDNet understands that at the heart of the issue may be the confusing WebAuthn documentation released by the FIDO Alliance team, which, for legacy purposes, categorizes both algorithms as "required" (for RSASSA-PKCS1-v1_5) and "recommended" (two ECDAA-based algorithms). This may lead to situations where implementers may believe the two algorithms may be minimal thresholds for implementation and support only these. "There are plenty of COSE algorithms to choose from," Arciszewski said.
zdnet, 09.09.2018
internet_spezifikation_w3c_webauthn  itsicherheit_by_obscurity  itsicherheit_exploit_flaw  itsicherheit_implementierung  itsicherheit_authentisierung_2fa_u2f_fido  itsicherheit_authentisierung_id_token  internet_spezifikation_cose  internet_spezifikation_jose  krypto_algo_fido_ecdaa  krypto_algo_rsassa_pkcs1v15  unternehmen_paragonie 
14 days ago by kraven
Chaos Computer Club fordert strikt defensive Cyber-Sicherheitsstrategie
Die Bundesregierung hat heute die Gründung einer „Agentur für disruptive Innovationen in der Cybersicherheit“ verkündet. Die Ausrichtung unter der Ägide von Innen- und Verteidigungsministerium lässt große Zweifel aufkommen, ob es hier wirklich um Cybersicherheit und nicht vielmehr um die Ausweitung der Cyber-Bewaffnung geht. Der Chaos Computer Club fordert, die deutsche Cybersicherheits-Strategie strikt defensiv auszurichten. Eine sinnvolle Strategie für eine sichere digitale Welt für Bürger und Wirtschaft erfordert, unabhängige zivile Organisationen und auch das Bundesamt für Sicherheit in der Informationstechnik (BSI) zu stärken, und gerade keine weitere Militarisierung und Vergeheimdienstlichung des Themas. „Wenn die Bundeswehr und die Geheimdienste den Ton bei der Agentur angeben, wird der Schwerpunkt auf Cyber-Offensiv-Waffen liegen“, sagte CCC-Sprecher Frank Rieger. „Dies ist das falsche Signal und wird die desolate Situation in der IT-Sicherheit verschlechtern und nicht verbessern.“ Ob ein „Zurückhacken“ und offensive digitale Angriffe, zumal durch das deutsche Militär, überhaupt mit geltendem deutschen Recht und dem Völkerrecht vereinbar ist, steht ohnehin in Zweifel. Darüber kann auch die euphemistische Verbrämung des Vorhabens durch die irreführende Namensgebung der Agentur nicht hinwegtäuschen. Dass offenbar militärische, geheimdienstliche und polizeiliche Interessen weiter vermengt werden, wenn die Agentur diese aus gutem Grund rechtlich getrennten Bereiche bedient, ist nicht akzeptabel.
ccc, 29.08.2018
land_deutschland  de_ministerium_bmi  de_ministerium_bmvg_adic  itsicherheit_malware_spyware  itsicherheit_exploit_flaw  geheimdienst_polizei_infiltration_tech  militär_allg_infiltration_tech  sicherheitsforschung_de  staat_propaganda_itsicherheit  staat_politik_desinformation  militär_allg_kriegsführung_elektro_it_ki 
26 days ago by kraven
Neue Behörde: Agentur für Hackbacks und Quantenkryptographie
Die Bundesregierung will mit der Gründung einer neuen Agentur für Innovationen in der Cybersicherheit "völlig neue Wege" in der Forschungsförderung gehen. Das sagte Bundesverteidigungsministerin Ursula von der Leyen (CDU) bei der Vorstellung der neuen Behörde am Mittwoch in Berlin. Nach Darstellung von Bundesinnenminister Horst Seehofer (CSU) soll die Agentur "Schlüsseltechnologien mit hohem Innovationspotenzial fördern". Da die Förderung in einem sehr frühen Stadium erfolgen solle, sei ebenso wie bei privaten Risikokapitalgebern das Scheitern von Projekten einkalkuliert. Laut von der Leyen sollen der Agentur in den kommenden fünf Jahren 200 Millionen Euro zur Verfügung stehen. Davon sollen 80 Prozent in Förderprojekte fließen. Weitere Details sind noch offen.
golem, 29.08.2018
land_deutschland  de_ministerium_bmi  de_ministerium_bmvg_adic  itsicherheit_malware_spyware  itsicherheit_exploit_flaw  geheimdienst_polizei_infiltration_tech  militär_allg_infiltration_tech  sicherheitsforschung_de  staat_propaganda_itsicherheit  staat_politik_desinformation  staat_politik_wirtschaft_förderung_schutz  unternehmen_allg_start_up  militär_allg_kriegsführung_elektro_it_ki 
26 days ago by kraven
The Problems and Promise of WebAssembly
This blog post gives an overview of the features and attack surface of WebAssembly, as well as the vulnerabilities we found. WebAssembly binaries consist of a series of sections (binary blobs) with different lengths and types. If a section has a code that is not specified in the above table, it is called a custom section. Some browsers use custom sections to implement upcoming or experimental features. Unrecognized custom sections are skipped when loading a Module, and can be accessed as TypedArrays in JavaScript. Module loading starts off by parsing the module. This involves going through each section, verifying its format and then loading the needed information into a native structure inside the WebAssembly engine. Most of the bugs that Project Zero found in WebAssembly occured in this phase. There are two emerging features of WebAssembly that are likely to have a security impact. One is threading. Currently, WebAssembly only supports concurrency via JavaScript workers, but this is likely to change. Since JavaScript is designed assuming that this is the only concurrency model, WebAssembly threading has the potential to require a lot of code to be thread safe that did not previously need to be, and this could lead to security problems. WebAssembly GC is another potential feature of WebAssembly that could lead to security problems. Currently, some uses of WebAssembly have performance problems due to the lack of higher-level memory management in WebAssembly. If WebAssembly GC is implemented, it will increase the number of applications that WebAssembly can be used for, but it will also make it more likely that vulnerabilities related to memory management will occur in both WebAssembly engines and applications written in WebAssembly.
project zero, 16.08.2018
software_browser_allg_wasm  software_javascript  itsicherheit_exploit_flaw  itsicherheit_speicher  itsicherheit_software_browser 
5 weeks ago by kraven
Three more data-leaking security holes found in Intel chips as designers swap security for speed
Intel will today disclose three more vulnerabilities in its processors that can be exploited by malware and malicious virtual machines to potentially steal secret information from computer memory. These secrets can include passwords, personal and financial records, and encryption keys. They can be potentially lifted from other applications and other customers' virtual machines, as well as SGX enclaves, and System Management Mode (SMM) memory. SGX is Intel's technology that is supposed to protect these secrets from snooping code. SMM is your computer's hidden janitor that has total control over the hardware, and total access to its data. Across the board, Intel's desktop, workstation, and server CPUs are vulnerable. Crucially, they do not work as documented: where their technical manuals say memory can be marked off limits, it simply is not. This means malicious software on a vulnerable machine, and guest virtual machines on a cloud platform, can potentially lift sensitive data from other software and other customers' virtual machines. Here are the three cockups, which Intel has dubbed its L1 Terminal Fault (L1TF) bugs because they involve extracting secret information from the CPU level-one data cache: CVE-2018-3615: This affects Software Guard Extensions (SGX). This vulnerability was named Foreshadow by the team who uncovered it. CVE-2018-3620: This affects operating systems and SMM. CVE-2018-3646: This affects hypervisors and virtual machines. The upshot is malware or a malicious guest operating system can exploit this to ascertain data it shouldn't be able to read, by forcing pages to be marked as not present and observing what's fetched speculatively from the L1 cache before the page fault circuitry in the processor can step in and halt proceedings. This requires the exploit code to run on the same physical CPU core as the victim code, because it needs to observe the L1 data cache.
register, 14.08.2018
unternehmen_intel  itsicherheit_cpu_meltdown_spectre  itsicherheit_seitenkanal_analyse_angriff  tech_hw_chip_cpu_smm_smi  tech_hw_chip_intel_sgx  tech_virtualisierung  tech_hw_chip_cpu_cache  itsicherheit_by_obscurity  itsicherheit_malware_spyware  itsicherheit_exploit_flaw 
5 weeks ago by kraven
Police Bodycams Can Be Hacked to Doctor Footage
At the DefCon security conference in Las Vegas on Saturday, one researcher will present findings that many body cameras on the market today are vulnerable to remote digital attacks, including some that could result in the manipulation of footage. Josh Mitchell, a consultant at the security firm Nuix, analyzed five body camera models from five different companies: Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc. The companies all market their devices to law enforcement groups around the US. Mitchell's presentation does not include market leader Axon—although the company did acquire Vievu in May. In all but the Digital Ally device, the vulnerabilities would allow an attacker to download footage off a camera, edit things out or potentially make more intricate modifications, and then re-upload it, leaving no indication of the change. Or an attacker could simply delete footage they don't want law enforcement to have.
wired, 11.08.2018
überwachung_video_mobil  itsicherheit_by_obscurity  itsicherheit_exploit_flaw  itsicherheit_datensicherheit  itsicherheit_authentisierung  itsicherheit_firmware_peripherie  itsicherheit_hardware  polizei_allg_streife_patrouille 
6 weeks ago by kraven
Seehofer und von der Leyen planen Cyberwaffen-Agentur
Verteidigungsministerin Ursula von der Leyen (CDU) und Innenminister Horst Seehofer (CSU) treiben die Entwicklung von staatlichen Cyberwaffen voran. Am kommenden Mittwoch soll das Bundeskabinett die Gründung einer gemeinsamen "Agentur für Innovation in der Cybersicherheit" zur Stärkung der Sicherheit nach außen und im Inneren beschließen. Was sich erst einmal harmlos anhört, markiert den Einstieg in die staatliche Forschung auf der Suche nach defensiven aber auch offensiven Cyberwaffen. Ziel der Agentur soll es sein, Forschungs- und Entwicklungsvorhaben mit hohem Innovationspotenzial auf dem Gebiet der IT-Sicherheit zu fördern und zu finanzieren, soweit an diesen ein Interesse des Bundes besteht.
spiegel, 11.08.2018
land_deutschland  de_ministerium_bmi  de_ministerium_bmvg_adic  itsicherheit_malware_spyware  itsicherheit_exploit_flaw  geheimdienst_polizei_infiltration_tech  militär_allg_infiltration_tech  sicherheitsforschung_de  militär_allg_kriegsführung_elektro_it_ki 
6 weeks ago by kraven
Aktivitäten der Bundeswehr im digitalen Raum und gesetzgeberische Maßnahmen der Bundesregierung
Im Kommando Cyber- und Informationsraum der Bundeswehr sind derzeit 13.989 Dienstposten eingerichtet, von denen 10.364 besetzt sind. Die teilt die Bundesregierung in ihrer Antwort (19/3420) auf eine Kleine Anfrage der Fraktion Bündnis 90/Die Grünen (19/2618) mit. Bedingt durch die Neuaufstellung des Kommandos zum 1. April 2017 befinde sich noch Personal in der Ausbildung, das auf den unbesetzten Dienstposten eingesetzt werden soll. Der Aufbau einer "Cyber-Reserve" zur bedarfsorientierten Unterstützung des aktiven Personals soll bis Ende 2019 abgeschlossen sein. Derzeit seien 635 Interessenten nach fachlichen Kriterien und Verfügbarkeit erfasst worden.
hib, 10.08.2018
land_deutschland  militär_de_bundeswehr_kdocir  itsicherheit_angriff_zuschreibung  itsicherheit_malware_spyware  itsicherheit_exploit_flaw  militär_allg_infiltration_tech  staat_politik_geheimhaltung  unternehmen_allg_exploit_malware_dealer  militär_de_bundeswehr_kdocir_itbw_zcsbw  de_ministerium_bmvg  de_bundestag_dip  de_bundesamt_bsi  de_ministerium_bmvg_cih  de_ministerium_bmvg_adic  unternehmen_allg_start_up  unternehmen_bwi  sicherheitsforschung_de  militär_nato_coc  staat_politik_sicherheit_rüstung_kontrolle_wettlauf  militär_allg_kriegsführung_elektro_it_ki 
6 weeks ago by kraven
Voice Authentication is Broken, Researchers Say
According to two researchers John Seymour and Azeem Aqil, both with Salesforce’s research team, voice authentication for account access is extremely insecure. At a Black Hat session Thursday, the two showed how easy it is to spoof someone’s voice well enough to access protected accounts. Voice synthesis, a technology that creates life-like synthesized voices, can be used to recreate any person’s voice. The results are astounding, thanks to artificial intelligence technology such as Google’s WaveNet and other technologies such as Adobe’s Project VoCo. “Recent advances in machine learning have shown that text-to-speech systems can generate synthetic, high-quality audio of subjects using audio recordings of their speech,” researchers said. “Current techniques for audio generation are good enough to spoof voice authentication algorithms.” The hurdle for attacks attempting to spoof a voice well enough to bypass voice authentication methods is that the sample set of voice data needs to be huge. Some systems require of up to 24 hours of high-quality voice samples before machine learning programs can process and recreate a voice. But researchers found that voice quality didn’t need to be perfect. It only needed to be good enough in order to trick a voice-protected feature, service or account. In a technique developed by Seymour and Aqil, they were able to use a tiny sample set of 10 minutes of audio in order to create a synthesized voice of a target and spoof their voice using text-to-speech. That was enough, in many cases, to fool voice authentication systems and access a protected account.
threatpost, 10.08.2018
itsicherheit_authentisierung_biometrie  biometrie_stimme  software_sprachsynthese  itsicherheit_by_obscurity  itsicherheit_exploit_flaw  tech_ki_maschinelles_lernen_deep_learning  tech_ki_sprache 
6 weeks ago by kraven
Crowdfense launches platform to source new zero-day vulnerabilities for sale
The Dubai-based exploit buyer said on Thursday that the new Vulnerability Research Platform (VRP) will provide an area for "vulnerability researchers to safely submit, discuss and quickly sell single zero-day exploits and chains of exploits." Crowdfense purchases vulnerabilities and exploit chains in order to sell them on to "global institutional customers," which may include government entities or law enforcement. "Through the VRP, Crowdfense experts work in real time with researchers to evaluate, test, document and refine their findings," said Andrea Zapparoli Manzoni, Director of Crowdfense. "The findings can be both within the scope of Crowdfense public bug bounty program or freely proposed by researchers." Crowdfense's bug bounty program, launched earlier this year, offers financial rewards ranging from $500,000 to $3 million for zero-day bugs as well as partial exploit chains. "This process-centric approach ensures a faster time-to-market for sellers and higher quality products for customers since all assets are delivered with the Crowdfense stamp of approval and are fully tested, document and vetted in advance," the company says. "The VRP is committed to becoming a standardized, user-friendly tool for vulnerability researchers and brokers who want to speed up and simplify the process for evaluating and trading zero-day capabilities within a highly confidential, legal and financially lucrative platform."
zdnet, 10.08.2018
itsicherheit_exploit_flaw  itsicherheit_malware_spyware  unternehmen_allg_exploit_malware_dealer  unternehmen_crowdfense  geheimdienst_polizei_infiltration_tech 
6 weeks ago by kraven
The Sensors That Power Smart Cities Are a Hacker's Dream
Researchers from IBM Security and data security firm Threatcare looked at sensor hubs from three companies—Libelium, Echelon, and Battelle—that sell systems to underpin smart city schemes. Smart city spending worldwide is estimated to reach about $81 billion globally in 2018, and the three companies all have different areas of influence. Echelon, for example, is one of the top suppliers of smart street lighting deployments in the world. An accidental missile alert in January sent Hawaii's residents scrambling, while a hack set off Dallas's tornado sirens last year. In fact, those incidents and others like it inspired Daniel Crowley of IBM X-Force Red and Jennifer Savage of Threatcare to investigate these systems in the first place. What they found dismayed them. In just their initial survey, the researchers found a total of 17 new vulnerabilities in products from the three companies, including eight critical flaws. “The reason we wanted to focus on hubs was that if you control the central authority that runs the whole show then you can manipulate a lot of information that’s being passed around,” Crowley says. Simple checks on IoT crawlers like Shodan and Censys yielded thousands of vulnerable smart city products deployed in the wild. The researchers contacted officials from a major US city that they found using vulnerable devices to monitor traffic, and a European country with at-risk radiation detectors.
wired, 09.08.2018
gesellschaft_stadt_smart_city  überwachung_sensor_netzwerk  überwachung_stadt_smart_city  itsicherheit_exploit_flaw  itsicherheit_strategie  itsicherheit_netzwerk  itsicherheit_implementierung  itsicherheit_iot_m2m  internet_iot_m2m 
6 weeks ago by kraven
New Method Simplifies Cracking WPA/WPA2 Passwords on 802.11 Networks
A new technique has been discovered to easily retrieve the Pairwise Master Key Identifier (PMKID) from a router using WPA/WPA2 security, which can then be used to crack the wireless password of the router. While previous WPA/WPA2 cracking methods required an attacker to wait for a user to login to a wireless network and capture a full authentication handshake, this new method only requires a single frame which the attacker can request from the AP because it is a regular part of the protocol. This new method was discovered by Jens "atom" Steube, the developer of the popular Hashcat password cracking tool, when looking for new ways to crack the WPA3 wireless security protocol. According to Steube, this method will work against almost all routers utilizing 802.11i/p/q/r networks with roaming enabled. This method works by extracting the RSN IE (Robust Security Network Information Element) from a single EAPOL frame. The RSN IE is a optional field that contains the Pairwise Master Key Identifier (PMKID) generated by a router when a user tries to authenticate. The PMK is part of the normal 4-way handshake that is used to confirm that both the router and client know the Pre-Shared Key (PSK), or wireless password, of the network. While Steube's new method makes it much easier to access a hash that contains the pre-shared key that hash still needs to be cracked. This process can still take a long time depending on the complexity of the password. In order to properly protect your wireless network it is important to create your own key rather than using the one generated by the router. Furthermore this key should long and complex by consisting of numbers, lower case letters, upper case letters, and symbols (&%$!).
bleeping computer, 06.08.2018
internet_wlan  tech_wifi_wlan  itsicherheit_exploit_flaw  itsicherheit_implementierung  krypto_algo_wpa2  itsicherheit_authentisierung_passwort  itsicherheit_authentisierung_protokoll  krypto_analyse_bruteforce  krypto_passwort_hash  software_krypto_hashcat 
7 weeks ago by kraven
CPU-Lücken ret2spec und SpectreRSB entdeckt
Auch der Return Stack Buffer (RSB) von Intel-Prozessoren lässt sich zum Auslesen vermeintlich geschützter Speicherbereiche durch spekulative Ausführung missbrauchen. Eine dieser RSB-Sicherheitslücken haben Giorgi Maisuradze und Christian Rossow vom Center for IT-Security, Privacy and Accountability (CISPA) der Uni Saarland ret2spec beziehungsweise Spectre v5 getauft. Intel, AMD und ARM haben die Schwachstelle bestätigt. Eine CVE-Nummer existiert bislang aber anscheinend noch nicht. Eine naheliegende Möglichkeit, ret2spec für Angriffe zu nutzen, wären präparierte Webseiten oder E-Mails mit JavaScript- oder WebAssembly-Schadcode. Einige der schon bisher gegen Spectre & Co. per Update in Browsern eingebauten Schutzmaßnahmen helfen auch gegen ret2spec, wie die CISPA-Forscher in ihrem Paper erläutern.
heise, 24.07.2018
itsicherheit_cpu_meltdown_spectre  itsicherheit_exploit_flaw  itsicherheit_seitenkanal_analyse_angriff  unternehmen_intel  unternehmen_amd  unternehmen_arm  uni_de_saarland  software_javascript  software_browser_allg_wasm  itsicherheit_malware_spyware  itsicherheit_sandbox_isolierung  itsicherheit_software_browser 
9 weeks ago by kraven
Researchers Detail New CPU Side-Channel Attack Named SpectreRSB
Academics from the University of California, Riverside (UCR) have published details last week about a new Spectre-class attack that they call SpectreRSB. The difference from previous Spectre-like attacks is that SpectreRSB recovers data from the speculative execution process by attacking a different CPU component involved in this "speculation" routine, namely the Return Stack Buffer (RSB). In the grand architecture of a CPU, the RSB is a component that is involved in the speculative execution routine and works by predicting the return address of an operation the CPU is trying to compute in advance, part of its "speculation." In a research paper published last week, UCR researchers said the could pollute the RSB code to control the return address and poison a CPU's speculative execution routine. For example, in two attacks, they polluted the RSB to expose and recover data from other applications running on the same CPU, and in a third, they polluted the RSB "to cause a misspeculation that exposes data outside an SGX compartment." Researchers said they reported the issue to Intel, but also to AMD and ARM.
bleeping computer, 23.07.2018
itsicherheit_cpu_meltdown_spectre  itsicherheit_exploit_flaw  itsicherheit_seitenkanal_analyse_angriff  tech_hw_chip_intel_sgx  unternehmen_intel  unternehmen_amd  unternehmen_arm  uni_us_uc_riverside 
9 weeks ago by kraven
TLS 1.2: Client-Zertifikate als Tracking-Falle
Die Kombination von Client-Zertifikaten mit TLS 1.2 ist toxisch, warnte ein Forscherteam der TU München im Rahmen des Treffens der Internet Engineering Task Force (IETF) diese Woche in Montreal. Weil die Zertifkate bei TLS 1.2 unverschlüsselt übertragen werden, erlaubten sie bis Anfang vergangenen Jahres beispielsweise das Tracking von Millionen von Apple-Push-Nutzern. Anders als beim Nachfolger TLS 1.3 werden die zur Authentifizierung genutzten Zertifikate in TLS 1.2 beim Verbindungsaufbau offen ausgetauscht. Vor allem beim Einsatz von Client-Zertifikaten (CCA) ist das ein Problem. Im CCA steckt ein dem Gerät, beziehungsweise dessen Nutzer zugeordneter individueller Schlüssel, Daten, wann dieser erstellt wurde und möglicherweise weitere Informationen. Bei jedem Verbindungsaufbau hinterlässt der Nutzer so einen leicht zu identifizierenden Fußabdruck.
hesie, 20.07.2018
krypto_tls_cert_client  überwachung_fingerprint_software  überwachung_identifizierung_itk_nutzer  überwachung_internet_tracking  krypto_verschlüsselung_transport  itsicherheit_exploit_flaw  uni_de_tu_münchen  npo_ietf 
9 weeks ago by kraven
Intel-Prozessoren: Management Engine (ME) über Netzwerk angreifbar
Intel hat Schwachstellen in seiner Management Engine (ME) gefunden, die es in sich haben: Durch eine davon kann ein Angreifer im gleichen Netz beliebigen Code zur Ausführung bringen. Es handelt sich um einen ausnutzbaren Pufferüberlauf in der Converged Security Manageability Engine, der beim Verarbeiten von HTTP-Anfragen auftritt (CVE-2018-3628): Eine Pufferüberlauf im Event Handler erlaubt es Angreifern zudem, eine Denial-of-Service-Attacke aus dem gleichen Netz zu fahren (CVE-2018-3629). Die dritte Schwachstelle ist ein weniger brisanter Speicherfehler (CVE-2018-3632). Darüber hinaus meldet Intel den Fund eines Logikfehlers, durch die ein lokaler Admin beliebigen Code ausführen kann (CVE-2018-3627).
heise, 20.07.2018
unternehmen_intel  tech_hw_chip_intel_me_amt  itsicherheit_exploit_flaw  tech_computer_fernwartung 
9 weeks ago by kraven
Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States
In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them. ES&S is the top voting machine maker in the country, a position it held in the years 2000-2006 when it was installing pcAnywhere on its systems. The company's machines were used statewide in a number of states, and at least 60 percent of ballots cast in the US in 2006 were tabulated on ES&S election-management systems. It’s not clear why ES&S would have only installed the software on the systems of “a small number of customers” and not all customers, unless other customers objected or had state laws preventing this. The company told Wyden it stopped installing pcAnywhere on systems in December 2007, after the Election Assistance Commission, which oversees the federal testing and certification of election systems used in the US, released new voting system standards. ES&S customers who had pcAnywhere installed also had modems on their election-management systems so ES&S technicians could dial into the systems and use the software to troubleshoot, thereby creating a potential port of entry for hackers as well. In its letter to Wyden, ES&S defended its installation of pcAnywhere, saying that during the time it installed the software on customer machines prior to 2006, this was "considered an accepted practice by numerous technology companies, including other voting system manufacturers."
motherboard, 17.07.2018
absurdität_kuriosität  land_usa  tech_hw_wahlcomputer  tech_computer_fernwartung  itsicherheit_by_obscurity  itsicherheit_exploit_flaw  staat_wahl_manipulation  überwachung_backdoor_software 
9 weeks ago by kraven
Spectre-NG: Intel dokumentiert "spekulativen Buffer Overflow"
Die neueste Offenlegung heißt im Intel-Slang "Bounds Check Bypass Store" und bedeutet in etwa: Unter bestimmten Umständen lassen Intel-CPUs einen Buffer Overflow Exploit erstmal zu (spekulative Ausführung). Es handelt sich bei dem von Vladimir Kiriansky und Carl Waldspurger entdeckten Problem um eine interessante Variation der klassischen Spectre-Lücken. Die Forscher zeigen in ihrer Veröffentlichung Speculative Buffer Overflows: Attacks and Defenses, dass ein Exploit auf Verdacht auch in verbotenen Speicher schreiben kann. Genauer beschreibt das Intel in der aktuellen Version 4.0 der Intel Analysis of Speculative Execution Side Channels (auch dieses Analyse wird offenbar häppchenweise um neue Informationen ergänzt). Intel beschreibt das Problem "Bounds Check Bypass Store" in seinem soeben erweiterten Security Advisory INTEL-OSS-10002 als CVE-2018-3693.
heise, 11.07.2018
unternehmen_intel  itsicherheit_cpu_meltdown_spectre  itsicherheit_exploit_flaw  itsicherheit_seitenkanal_analyse_angriff 
10 weeks ago by kraven

Copy this bookmark:





to read