recentpopularlog in


Millions of Binaries Later: a Look Into Linux Hardening in the Wild
In this post, we explore the adoption of Linux hardening schemes across five popular distributions by examining their out-of-the-box properties. For each distribution, we analyzed its default kernel configuration, downloaded all its packages, and analyzed the hardening schemes of their enclosed binaries. Our dataset includes the OpenSUSE 12.4, Debian 9, CentOS and RHEL 6.10 & 7 distributions, as well as the Ubuntu 14.04, 12.04, and 18.04 LTS distributions. Our findings confirm that even basic hardening schemes, such as stack canaries and position independent code, are not fully adopted. The situation is even worse when it comes to other compiler protections like stack clash hardening, which recently came into the spotlight due to last month’s systemd vulnerabilities. However, not all is hopeless. A good portion of shipped binaries have basic mitigations in place, and the numbers have improved from version to version. Our experiments indicate that Ubuntu 18.04 shows the largest adoption of OS and application-level mitigations, followed by Debian 9. On the other hand, OpenSUSE 12.4, CentOS 7 and RHEL 7 also deploy common hardening schemes, and show wider adoption stack-clash mitigations while shipping a much more tight-knit set of packages by default.
capsule8, 28.02.2019
unternehmen_capsule8  itsicherheit_audit  itsicherheit_implementierung  itsicherheit_software_hardening  software_os_linux  software_os_linux_kernel  itsicherheit_os 
4 days ago by kraven
Do You Trust Your VPN? Are You Sure?
One industry analysis estimates that VPN usage worldwide quadrupled between 2016 and 2018, while a forecast by Global Market Insights predicts the U.S. VPN market will be worth more than $54 billion by 2024. When I set out to find the right VPN, I ran into an awkward problem: figuring out which of the scores of VPN providers to trust. The search for a VPN I could rely on led me on a convoluted journey through accusations and counteraccusations, companies with shadowy leadership and those with conflicts of interest, and VPN ratings sites that might be even shadier than the companies they’re reviewing. Many VPNs appear to be outright scams. Others make internet browsing sluggish. Free versions bombard you with ads. It’s a world so thicketed that the leading firms and experts can’t agree on the basic criteria for what counts as “reputable,” let alone which companies best meet that description. I thought when I began writing this story that I’d figure out which VPN I’d trust for my own use. Several weeks, dozens of calls, and thousands of words later, I can’t say I’m much closer to a clear-cut answer.
slate, 28.02.2019
internet_dienst_vpn  unternehmen_allg_geheimhaltung  unternehmen_allg_desinformation_propaganda  land_china  überwachung_internet_nutzung  überwachung_internet_tracking  unternehmen_allg_marketing  unternehmen_allg_werbung  itsicherheit_strategie  itsicherheit_implementierung  datenschutz  ngo_cdt  itsicherheit_audit  überwachung_person_profil 
14 days ago by kraven
Downgrade Attack on TLS 1.3 and Vulnerabilities in Major TLS Libraries
On November 30, 2018. We disclosed CVE-2018-12404, CVE-2018-19608, CVE-2018-16868, CVE-2018-16869, and CVE-2018-16870. These were from vulnerabilities found back in August 2018 in several TLS libraries. Back on May 15, I approached Yuval Yarom with a few issues I had found in some TLS implementations. This led to a collaboration between Eyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, Yuval Yarom and me. And as you can see, the inventor of RSA himself is now recommending you to deprecate RSA in TLS. We tested nine different TLS implementations against cache attacks and seven were found to be vulnerable: OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS. The cat is not dead yet, with two lives remaining thanks to BearSSL (developed by my colleague Thomas Pornin) and Google's BoringSSL. The attack leverages a side-channel leak via cache access timings of these implementations in order to break the RSA key exchanges of TLS implementations. The attack is interesting from multiple points of view (besides the fact that it affects many major TLS implementations): It affects all versions of TLS (including TLS 1.3) and QUIC. Where the latter version of TLS does not even offer an RSA key exchange! This prowess is achieved because of the only known downgrade attack on TLS 1.3. It uses state-of-the-art cache attack techniques. Flush+Reload? Prime+Probe? Branch-Predition? We have it. The attack is very efficient. We found ways to ACTIVELY target any browser, slow some of them down, or use the long tail distribution to repeatdly try to break a session. We even make use of lattices to speed up the problem. Manger and Ben-Or on RSA PKCS#1 v1.5. You heard of Bleichenbacher's million messages attack? Guess what, we found better. We use Manger's OAEP attack on RSA PKCS#1 v1.5 and even Ben-Or's algorithm which is more efficient than and was published BEFORE Bleichenbacher's work in 1998.
ncc group, 07.02.2019
itsicherheit_exploit_flaw  krypto_tls  krypto_algo_rsa  krypto_analyse_seitenkanal  krypto_downgrading  krypto_key_agreement_exchange  krypto_tls_cert  itsicherheit_seitenkanal_analyse_angriff  krypto_signierung  itsicherheit_implementierung  krypto_entschlüsselung  überwachung_internet_mitm  software_javascript 
5 weeks ago by kraven
The year in post-quantum crypto
The world is finally catching on to the urgency of deploying post-quantum cryptography: cryptography designed to survive attacks by quantum computers. NIST's post-quantum competition is in full swing, and network protocols are exploring post-quantum extensions. This talk will take the audience on a journey
through selected recent highlights from the post-quantum world.
35c3, 28.12.2018
krypto_algo_pqc  krypto_analyse  us_ministerium_handel_nist  krypto_algo  krypto_algo_wettbewerb  tech_computing_quantum_universal  wissenschaft_mathematik  itsicherheit_implementierung  eu_projekt_pqcrypto  itsicherheit_audit  recht_patent  recht_urheberrecht_drm  krypto_ecc  krypto_bibliothek_libpqcrypto 
11 weeks ago by kraven
Attacking end-to-end email encryption: Efail, other attacks and lessons learned
In this talk, I’ll present several attacks that leak the plaintext of OpenPGP or S/MIME encrypted emails to an attacker. Some of the attacks are technically interesting, i.e. the two different efail attacks, some are somewhat silly, yet effective. Some abuse HTML emails, some also work with plain ASCII emails. The disclosure of the efail vulnerabilities caused a lot of stir in the press and the community, which also led to confusion about how the vulnerabilities work, about the mitigations and about the consequences for the OpenPGP and S/MIME standards. I’ll discuss our lessons learned and describe the efail-related changes to mail clients and the OpenPGP and S/MIME standards.
35c3, 28.12.2018
krypto_openpgp  software_krypto_gnupg  itsicherheit_exploit_flaw  krypto_smime  itsicherheit_implementierung  itsicherheit_verdeckterkanal_data_exfil  krypto_openpgp_mdc  internet_protokoll_mime  itsicherheit_software_mua 
11 weeks ago by kraven
Smart Home - Smart Hack: Wie der Weg ins digitale Zuhause zum Spaziergang wird
Mehr als 10.000 unterschiedliche Device-Hersteller aus aller Welt verwenden die Basis-Plattform (WIFI-Modul, Cloud, App) eines einzigen Unternehmens zur technischen Umsetzung ihrer Smart-Home-Produkte. Die Analyse dieser Basis zeigt erhebliche Sicherheitsmängel auch konzeptioneller Natur und somit diverse Angriffspunkte, von denen mehrere Millionen Smart Devices betroffen sind. Der Vortrag stellt die Funktionsweise smarter Geräte im Zusammenhang mit der genannten Basis-Plattform dar, zeigt das Ausmaß der Sicherheitslücken anhand diverser Angriffsszenarien und bietet der Community eine Lösung für die sichere Nutzung der betroffenen Geräte. Die Analyse der "Smart"-Devices, die diese Basis-Plattform verwenden, ist allgemein erschreckend. Einfachste Sicherheitsregeln werden nicht befolgt und es gibt gravierende systematische und konzeptionelle Mängel, die stark zu Lasten der Sicherheit der Endanwender gehen. Aufgrund der einfachen Möglichkeit des Bezugs und Inverkehrbringens solcher Smart-Devices sind ganz neuartige kriminelle Konzepte denkbar, die auch ohne großes Experten-Hacker-Wissen in die Tat umgesetzt werden könnten. Der Vortrag stellt die Funktionsweise der untersuchten smarten Geräte im Zusammenhang mit der verwendeten Basis-Plattform dar und zeigt das Ausmaß der Sicherheitslücken anhand diverser Angriffsszenarien. Abschließend wird eine Lösung des Sicherheitsdilemmas bei der Verwendung betroffener Smart-Devices angeboten, welche die sichere Nutzung dieser Geräte im eigenen Zuhause, auch für Nichtexperten, möglich macht.
35c3, 28.12.2018
internet_iot_m2m  überwachung_smart_home  itsicherheit_by_obscurity  itsicherheit_implementierung  internet_cloud_datenspeicher  internet_cloud  itsicherheit_computing_cloud  tech_computing_cloud  itsicherheit_firmware  tech_hw_smart_gerät  internet_protokoll_mqtt  itsicherheit_authentisierung_passwort  krypto_verschlüsselung_datenträger  krypto_verschlüsselung_transport  überwachung_verhalten  überwachung_person_profil  internet_dienst_cloud  itsicherheit_angriff_modell  internet_protokoll_http  überwachung_internet_mitm  absurdistan  unternehmen_vtrust  itsicherheit_trafficmanipulation_paketinjektion  itsicherheit_malware_spyware  itsicherheit_netzwerk  itsicherheit_iot_m2m_smart  itsicherheit_botnetz_c&c  itsicherheit_datensicherheit  datenschutz  anonymisierung_anti_anon_war 
11 weeks ago by kraven
All Your Gesundheitsakten Are Belong To Us: "So sicher wie beim Online-Banking" - Die elektronische Patientenakte kommt - für alle.
Die elektronische Gesundheitskarte ist gescheitert. Stattdessen kommt jetzt die elektronische Patientenakte: In spätestens drei Jahren sollen die Befunde, Diagnosen, Röntgenbilder und Rezepte aller gesetzlich Krankenversicherten online und zentral gespeichert verfügbar sein. Schon heute können Millionen Versicherte eine solche Lösung nutzen und, wie Gesundheitsminister Jens Spahn fordert, "auch auf Tablets und Smartphones auf ihre elektronische Patientenakte zugreifen". Zeitgleich zur elektronischen Patientenakte steht die Onlinebehandlung vor der Tür: Das Fernbehandlungsverbot wurde vor wenigen Monaten gekippt, und schon heute können sich Millionen Versicherte ausschließlich online behandeln lassen. Nach Jahren des Wartens geht dabei alles ganz schnell. "Diese Maßnahmen dulden keinen Aufschub", sagt Spahn. Und macht uns alle damit zu Beta-Testern in Sachen Gesundheit. Mit fatalen Folgen: Unsere streng vertraulichen Gesundheitsdaten liegen für alle sichtbar im Netz. In diesem Vortrag zeige ich an fünf konkreten Beispielen, welche fahrlässigen Entscheidungen die Online-Plattformen und Apps der Anbieter aus dem Bereich Gesundheitsakte und Telemedizin so angreifbar machen und demonstriere, wie einfach der massenhafte Zugriff auf unsere vertraulichen Gesundheitsdaten gelang. Zur Debatte steht, was angesichts dieser neuen alten Erkenntnisse zu tun ist - und was wir besser bleiben lassen.
35c3, 27.12.2018
absurdistan  land_deutschland  itsicherheit_datensicherheit  itsicherheit_implementierung  itsicherheit_by_obscurity  itsicherheit_mobil_apps  itsicherheit_mobil_os  datenschutz_patient_gesundheitsdaten  itsicherheit_exploit_flaw  unternehmen_allg_desinformation_propaganda  unternehmen_allg_versicherung_kk  gesetz_de_ehealth  de_ministerium_bmg  itsicherheit_audit  itsicherheit_web_anwendung_framework  software_javascript  internet_cloud_datenspeicher  unternehmen_allg_inkompetenz  itsicherheit_authentisierung  itsicherheit_prüfsigel_zertifizierung  datenschutz_kontrolle_pseudo  staat_allg_inkompetenz  datenschutz_niveau_senkung  unternehmen_modzero  eid_dokument_egk  staat_politik_it_gesundheit_ega_epa  staat_politik_it_gesundheit_telemedizin 
11 weeks ago by kraven
New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols
Mobile communications are used by more than two thirds of the world population who expect security and privacy guarantees. The 3rd Generation Partnership Project (3GPP) responsible for the worldwide standardization of mobile communication has designed and mandated the use of the AKA protocol to protect the subscribers' mobile services. Even though privacy was a requirement, numerous subscriber location attacks have been demonstrated against AKA, some of which have been fixed or mitigated in the enhanced AKA protocol designed for 5G. In this paper, we reveal a new privacy attack against all variants of the AKA protocol, including 5G AKA, that breaches subscriber privacy more severely than known location privacy attacks do. Our attack exploits a new logical vulnerability we uncovered that would require dedicated fixes. We demonstrate the practical feasibility of our attack using low cost and widely available setups. Finally we conduct a security analysis of the vulnerability and discuss countermeasures to remedy our attack.
uni_de_tu_berlin  uni_ch_eth  tech_mobilfunk_lte_ngmn  tech_mobilfunk_standard  krypto_key_agreement_exchange  krypto_algo_aka  überwachung_lokalisierung_bewegung  überwachung_mobilfunk  überwachung_mobilfunk_imsi_catcher  privatsphäre  itsicherheit_by_obscurity  itsicherheit_exploit_flaw  itsicherheit_implementierung  npo_3gpp  verband_gsma  überwachung_verhalten  überwachung_itk_verkehrs_metadaten  wissenschaft_forschungsinstitut_sintef  überwachung_person_profil 
december 2018 by kraven
My name is Johann Wolfgang von Goethe – I can prove it
The German government-issued identity card (nPA) allows German citizens to not only prove their identity in person, but also against online services (by using the embedded RFID chip). SEC Consult conducted a short security test on a software component commonly used to implement this authentication mechanism. A critical security vulnerability was found during this security test, allowing an attacker to impersonate arbitrary users against affected web applications. To start an authentication, the web application sends a request to the eID client, which then initiates all further steps needed for the authentication. It requests a PIN from the user, communicates with an authentication server (eID-Server or SAML-Processor), the web application and the RFID chip and finally sends a response to the web application. This response contains the data retrieved from the id card, e.g. the name or date of birth of the citizen. To prohibit an attacker from manipulating this data, the response is digitally signed by the authentication server (which takes on the role of a trusted third party). The SEC Consult Vulnerability Lab identified a vulnerability that allows an attacker to arbitrarily manipulate the response without invalidating the signature. An attacker could therefore abuse this vulnerability e.g. to alter data coming from the id card, fool age verification or authenticate as any other citizen. We have informed the CERT-Bund about this vulnerability in July 2018. The CERT-Bund (BSI) took on further communication and coordination with the vendor. In August 2018, Governikus released a patched version ( of the Autent SDK and informed affected customers.
sec consult, 20.11.2018
land_deutschland  itsicherheit_authentisierung  eid_dokument_software  itsicherheit_exploit_flaw  unternehmen_governikus  itsicherheit_authentisierung_saml  itsicherheit_authentisierung_sso  itsicherheit_authentisierung_protokoll  itsicherheit_implementierung  internet_protokoll_http  staat_politik_it_egovernance_egovernment  eid_dokument_personalausweis 
november 2018 by kraven
Gesundheitsdaten: Krankenkassen-App Vivy hatte womöglich erhebliche Sicherheitslücken
Vor knapp sechs Wochen ist mit der Gesundheits-App Vivy diejenige gelauncht worden, die der bislang größte Kreis an Menschen in Deutschland nutzen könnte: 13,5 Millionen Menschen sind versichert bei den beteiligten gesetzlichen wie privaten Krankenversicherungen, die sie anbieten. Darunter sind die DAK, verschiedene Innungskrankenkassen, die BertelsmannBKK, Gothaer, Barmenia und Allianz. Letztere ist auch als Gesellschafter mit 70 Prozent beteiligt an der Betreiberfirma der App, der in Berlin ansässigen Vivy GmbH. Die hat am 22. September, fünf Tage nach dem Start der App, morgens um 9.45 Uhr eine Mail der schweizerisch-deutschen IT-Sicherheitsfirma modzero erhalten. Der Inhalt des Schreibens musste alarmierend sein: Die Vivy-App, verfügbar für die Smartphone-Betriebssysteme Android und iOS enthalte nach einer Analyse von modzero schwerwiegende Schwachstellen in Sachen Datensicherheit. Martin Tschirsich, ein bei modzero beschäftigter IT-Security-Analyst, hatte kurz nach dem Launch der App im September "schwere Sicherheitsmängel sowohl in der Smartphone-App als auch in der Cloud-Plattform und der Browser-Anwendung für Ärzte" gefunden – mithin also an allen nur erdenklichen Punkten, an denen Hacker ansetzen könnten. Am 25. Oktober verfasste Thorsten Schröder, Geschäftsführer von modzero, die finale Version eines 35-seitigen Berichtes, den seine Firma umgehend an die Vivy GmbH sandte. Die Mängelliste, die modzero zur Vivy-App erstellt hat, ist lang. So seien etwa Informationen darüber, wer wann mit welchem Arzt Gesundheitsdaten geteilt hatte, "ungeschützt für jede Person lesbar im Internet" gewesen. Versicherte seien identifizierbar gewesen "anhand von Namen, Foto, E-Mailadresse, Geburtsdatum und Versichertennummer", auch die Namen der von ihnen kontaktierten Medizinerinnen und Ärzte seien auslesbar gewesen. Schlimmer noch: "Unbefugte konnten über das Internet alle Dokumente, die an einen Arzt gesendet werden sollten, abfangen und entschlüsseln."
zeit, 30.10.2018
itsicherheit_datensicherheit  itsicherheit_implementierung  itsicherheit_by_obscurity  itsicherheit_mobil_apps  itsicherheit_mobil_os  datenschutz_patient_gesundheitsdaten  itsicherheit_exploit_flaw  unternehmen_vivy  unternehmen_modzero  unternehmen_allg_desinformation_propaganda  unternehmen_allg_versicherung_kk  unternehmen_allianz  itsicherheit_audit  itsicherheit_prüfsigel_zertifizierung  land_deutschland  staat_politik_it_gesundheit_ega_epa 
november 2018 by kraven
NFCdrip Attack Proves Long-Range Data Exfiltration via NFC
NFC enables two devices to communicate over distances of up to 10 cm (4 in). The system, present in most modern smartphones, is often used for making payments, sharing files, and authentication. Pedro Umbelino, senior researcher at application security firm Checkmarx has demonstrated [NB:] that NFC can actually work over much longer distances and it can be highly efficient for stealthily exfiltrating data from air-gapped devices that have other communication systems – such as Wi-Fi, Bluetooth and GSM – disabled. The attack, dubbed NFCdrip, involves changing NFC operating modes to modulate data. In the case of Android, changing NFC operating modes does not require any special permissions, making the attack even easier to launch. In his experiments, Umbelino showed how a piece of malware installed on an Android smartphone can be used to transmit a password over tens of meters to another Android phone that is connected to a simple AM radio. The researcher showed that data can be transmitted over a distance of 2.5 m (8 ft) without any errors at a rate of 10-12 bits per second. The transfer rate is maintained on a distance of 10 m (32 ft), but some errors appear, although they are corrected. As the distance increases, the signal fades and the number of errors increases, but Umbelino did manage to transfer some data over a distance of more than 60 m (nearly 200 ft). He also managed to exfiltrate data through walls over a distance of 10 m. The range can be extended significantly if an AM antenna and a software defined radio (SDR) dongle are used, the expert said. Umbelino noted that the attack may even work on some devices when airplane mode is activated, and highlighted that this is not an Android-specific issue – NFCgrip attacks can be conducted on laptops and other types of devices as well.
securityweek, 18.10.2018
tech_hw_mobilfunk_gerät  itsicherheit_verdeckterkanal_data_exfil  itsicherheit_computer_airgap  itsicherheit_malware_spyware  software_os_linux_android  software_sdr  tech_computing_mobil  video_youtube  tech_hw_chip_rfid_nfc  itsicherheit_os  itsicherheit_by_obscurity  itsicherheit_implementierung 
october 2018 by kraven
Debunking "OSINT Analysis of the TOR Foundation" and a few words about Tor's directory authorities
A friend of mine linked me an "interesting" paper (local mirror) entitled OSINT Analysis of the TOR Foundation, and was wondering how much trust to put in it. I read it, and decided that it was so hilariously bad that it deserved a blogpost. It's also a nice opportunity to explain a few things about the directory authorities (dirauth). The post is in two parts: first, a rough explanation about what the dirauth are and how resilient is the tor network with regard to them, then a complete review of the paper. The paper was written by Maxence Delong, Eric Filiol, Clément Coddet, Olivier Fatou and Clément Suhard, from the ESIEA, in Laval, more specifically, from the Operational Cryptology and Virology Laboratory. The paper was presented at the 13th International Conference on Cyber Warfare and Security (ICCWS 2018), and apparently underwent a "double-blind peer review process"
artificial truth, 04.10.2018
software_anon_tor_node_dirauth_server  software_anon_tor_node_dircache  software_anon_tor_node_bwauth_server  npo_tor_project  uni_fr_esiea  wissenschaft_allg_desinformation_propaganda  anonymisierung  itsicherheit_implementierung 
october 2018 by kraven
UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm
The authenticity of the data stored in India's controversial Aadhaar identity database, which contains the biometrics and personal information of over 1 billion Indians, has been compromised by a software patch that disables critical security features of the software used to enrol new Aadhaar users, a three month-long investigation by HuffPost India reveals. The patch—freely available for as little as Rs 2,500 (around $35)— allows unauthorised persons, based anywhere in the world, to generate Aadhaar numbers at will, and is still in widespread use. This has significant implications for national security at a time when the Indian government has sought to make Aadhaar numbers the gold standard for citizen identification, and mandatory for everything from using a mobile phone to accessing a bank account. HuffPost India is in possession of the patch, and had it analysed by three internationally reputed experts, and two Indian analysts (one of whom sought anonymity as he works at a state-funded university), to find that: The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers. The patch disables the enrolment software's in-built GPS security feature (used to identify the physical location of every enrolment centre), which means anyone anywhere in the world — say, Beijing, Karachi or Kabul — can use the software to enrol users. The patch reduces the sensitivity of the enrolment software's iris-recognition system, making it easier to spoof the software with a photograph of a registered operator, rather than requiring the operator to be present in person. The experts consulted by HuffPost India said that the vulnerability is intrinsic to a technology choice made at the inception of the Aadhaar programme, which means that fixing it and other future threats would require altering Aadhaar's fundamental structure. HuffPost India could not establish just how many enrolment centres used the patch, but even the UIDAI has admitted that the enrolment process has been marred by corruption. In 2017, the UIDAI said it had blacklisted 49,000 enrolment centres for various violations, and in February 2018, the UIDAI terminated all contracts with common service centres as well. Henceforth, only banks and government institutions like the postal service can enrol Aadhaar users. As a consequence, tens of thousands of young men, with rudimentary education but great familiarity with the Aadhaar system, were put out of work.
huffington post, 11.09.2018
datenbank_biometrie_in_aadhaar  land_indien  itsicherheit_by_obscurity  datenbank_population  itsicherheit_authentisierung_biometrie  biometrie_täuschung  itsicherheit_implementierung  itsicherheit_exploit_flaw  datenschutz_id_management  itsicherheit_datensicherheit  staat_outsourcing  in_uidai  in_nciipc  biometrie_erfassung  video_youtube  gesellschaft_armut  staat_politik_desinformation  staat_allg_inkompetenz 
september 2018 by kraven
Zertifikate für beliebige Domain: Forscher demonstrieren kritisches DNS-Problem
Die Namensauflösung via DNS ist einer der wichtigsten Bausteine des Internet. Und er ist nach wie vor haarsträubend unsicher. Das demonstrierte ein Forscher-Team des Fraunhofer SIT am Beispiel der Zertifikatsausstellung auf Basis von Domain Validation (DV). Es gelang ihnen dabei, die Kontrollen der Zertifizierungsstellen durch Manipulationen am DNS auszutricksen und sich ohne Berechtigung Zertifikate auf eine beliebige Domain ausstellen zu lassen. Man sollte deshalb annehmen, dass die CAs ihre DNS-Nutzung sehr gut absichern. Dass sie diese also insbesondere gegen bekannte Angriffe härten. Das ist aber offenbar nicht der Fall. Wie Shulman et al. in ihrem noch nicht veröffentlichten Paper dokumentieren, das heise Security vorliegt, gelang es ihnen bei mehreren großen CAs, den Cache der genutzten DNS-Server mit falschen Einträgen zu vergiften. Dadurch erfolgte die Kontrolle über einen Server der Angreifer; das Zertifikat wurde ausgestellt.
heise, 10.09.2018
internet_dienst_dns  krypto_tls_cert  krypto_pki_ca  itsicherheit_authentisierung  itsicherheit_implementierung  itsicherheit_by_obscurity  internet_protokoll_icmp  wissenschaft_forschungsinstitut_fraunhofer  sicherheitsforschung_it 
september 2018 by kraven
Worries arise about security of new WebAuthn protocol
At the end of last month, the team of security researchers at Paragon Initiative, known for their strong background in cryptography, have taken a close look at this new protocol making its way into browsers like Chrome, Edge, and Firefox. In a security audit, researchers say they identified various issues with the algorithms used to generate the attestation keys (signatures). They point out that the W3C WebAuthn specification recommends the use of outdated algorithms such as the FIDO Alliance's Elliptic Curve (EC) Direct Anonymous Attestation (DAA), or RSASSA-PKCS1-v1_5. The Paragon team detailed a long list of issues with both algorithms in a technical report, here, but in short, they are vulnerable to quite a few known cryptographic attacks. In particular, they took an issue with the use of RSASSA-PKCS1-v1_5. But the FIDO Alliance's custom ECDAA crypto algorithm is not that safe either. "If converted into a practical exploit, the ECDAA attacks discussed in the article would allow attackers to steal the key from a [server's] TPM, which would allow attackers to effectively clone the user's hardware security token remotely," Arciszewski said. "The scenarios that follow depend on how much trust was placed into the hardware security token," he added. "At minimum, I imagine it would enable 2FA bypasses and re-enable phishing attacks. However, if companies elected to use hardware security tokens to obviate passwords, it would allow direct user impersonation by attackers." In subsequent email exchanges with the Paragon team, ZDNet understands that at the heart of the issue may be the confusing WebAuthn documentation released by the FIDO Alliance team, which, for legacy purposes, categorizes both algorithms as "required" (for RSASSA-PKCS1-v1_5) and "recommended" (two ECDAA-based algorithms). This may lead to situations where implementers may believe the two algorithms may be minimal thresholds for implementation and support only these. "There are plenty of COSE algorithms to choose from," Arciszewski said.
zdnet, 09.09.2018
internet_spezifikation_w3c_webauthn  itsicherheit_by_obscurity  itsicherheit_exploit_flaw  itsicherheit_implementierung  itsicherheit_authentisierung_2fa_u2f_fido  itsicherheit_authentisierung_id_token  internet_spezifikation_cose  internet_spezifikation_jose  krypto_algo_fido_ecdaa  krypto_algo_rsassa_pkcs1v15  unternehmen_paragonie 
september 2018 by kraven
Academics Discover New Bypasses for Browser Tracking Protections and Ad Blockers
Security and user privacy protections included in browsers, ad blockers, and anti-tracking extensions are not as secure as everyone believes, a team of three academics from the Catholic University in Leuven, Belgium (KU Leuven) have revealed yesterday. Researchers looked at how browsers prevent third-party services —such as advertising companies— from tracking users via cross-site requests and persistent cookies. In addition, the research trio also looked at two types of browser extensions —ad blockers and tracking protection add-ons— both of which advertise themselves as tools to prevent advertisers from tracking users via persistent cookies. The KU Leuven team developed a custom framework that allowed them to test these cookie-based anti-tracking features in seven browsers, 31 ad blocker extensions, and 15 anti-tracking extensions. The research team says that for each tested browser or extension they found at least one technique that can bypass their defenses. The research team presented their work yesterday at the 27th Usenix Security Symposium that was held in Baltimore, USA. Their paper —entitled "Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies" won the conference's Distinguished Paper Award.
bleeping computer, 16.08.2018
uni_nl_ku_leuven  software_browser_allg  software_browser_allg_addon_webextension  überwachung_internet_tracking  überwachung_identifizierung_itk_nutzer  internet_protokoll_http_cookie  itsicherheit_implementierung  software_browser_allg_addon_adblocker 
august 2018 by kraven
The Sensors That Power Smart Cities Are a Hacker's Dream
Researchers from IBM Security and data security firm Threatcare looked at sensor hubs from three companies—Libelium, Echelon, and Battelle—that sell systems to underpin smart city schemes. Smart city spending worldwide is estimated to reach about $81 billion globally in 2018, and the three companies all have different areas of influence. Echelon, for example, is one of the top suppliers of smart street lighting deployments in the world. An accidental missile alert in January sent Hawaii's residents scrambling, while a hack set off Dallas's tornado sirens last year. In fact, those incidents and others like it inspired Daniel Crowley of IBM X-Force Red and Jennifer Savage of Threatcare to investigate these systems in the first place. What they found dismayed them. In just their initial survey, the researchers found a total of 17 new vulnerabilities in products from the three companies, including eight critical flaws. “The reason we wanted to focus on hubs was that if you control the central authority that runs the whole show then you can manipulate a lot of information that’s being passed around,” Crowley says. Simple checks on IoT crawlers like Shodan and Censys yielded thousands of vulnerable smart city products deployed in the wild. The researchers contacted officials from a major US city that they found using vulnerable devices to monitor traffic, and a European country with at-risk radiation detectors.
wired, 09.08.2018
gesellschaft_stadt_smart_city  überwachung_sensor_netzwerk  überwachung_stadt_smart_city  itsicherheit_exploit_flaw  itsicherheit_strategie  itsicherheit_netzwerk  itsicherheit_implementierung  itsicherheit_iot_m2m  internet_iot_m2m 
august 2018 by kraven
New Method Simplifies Cracking WPA/WPA2 Passwords on 802.11 Networks
A new technique has been discovered to easily retrieve the Pairwise Master Key Identifier (PMKID) from a router using WPA/WPA2 security, which can then be used to crack the wireless password of the router. While previous WPA/WPA2 cracking methods required an attacker to wait for a user to login to a wireless network and capture a full authentication handshake, this new method only requires a single frame which the attacker can request from the AP because it is a regular part of the protocol. This new method was discovered by Jens "atom" Steube, the developer of the popular Hashcat password cracking tool, when looking for new ways to crack the WPA3 wireless security protocol. According to Steube, this method will work against almost all routers utilizing 802.11i/p/q/r networks with roaming enabled. This method works by extracting the RSN IE (Robust Security Network Information Element) from a single EAPOL frame. The RSN IE is a optional field that contains the Pairwise Master Key Identifier (PMKID) generated by a router when a user tries to authenticate. The PMK is part of the normal 4-way handshake that is used to confirm that both the router and client know the Pre-Shared Key (PSK), or wireless password, of the network. While Steube's new method makes it much easier to access a hash that contains the pre-shared key that hash still needs to be cracked. This process can still take a long time depending on the complexity of the password. In order to properly protect your wireless network it is important to create your own key rather than using the one generated by the router. Furthermore this key should long and complex by consisting of numbers, lower case letters, upper case letters, and symbols (&%$!).
bleeping computer, 06.08.2018
internet_wlan  tech_wifi_wlan  itsicherheit_exploit_flaw  itsicherheit_implementierung  krypto_algo_wpa2  itsicherheit_authentisierung_passwort  itsicherheit_authentisierung_protokoll  krypto_analyse_bruteforce  krypto_passwort_hash  software_krypto_hashcat 
august 2018 by kraven
SigSpoof - Signaturen fälschen mit GnuPG
Eine Sicherheitslücke im Zusammenspiel von GnuPG und bestimmten Mailplugins erlaubt es unter bestimmten Umständen, die Signaturprüfung auszutricksen. Der Grund: Auf GnuPG aufbauende Tools und Mailplugins parsen die Ausgabe des Kommandozeilentools - und in die lassen sich unter Umständen gültig aussehende Statusnachrichten einschleusen. Entdeckt wurde die SigSpoof getaufte Lücke von Marcus Brinkmann, dem Entwickler des GnuPG-Forks NeoPG, und Kai Michaelis. Eine weitere, ähnlich gelagerte Lücke betrifft ausschließlich Enigmail. Hier lassen sich mittels User-IDs aus Public Keys Statusmessages generieren. Wenn ein Angreifer sein Opfer dazu bringen kann, einen bestimmten manipulierten Schlüssel zu importieren, kann er damit ebenso Nachrichten erzeugen, die so aussehen, als hätten sie eine gültige Signatur von einem beliebigen Schlüssel. Nutzer von GnuPG und darauf basierenden Verschlüsselungslösungen sollten entsprechende Updates schnell einspielen. Für GnuPG selbst wurde bereits letzte Woche die Version 2.2.8 veröffentlicht, welche die Ausgabe von mehrzeiligen Dateinamen verhindert. In Enigmail wurden die Bugs in Version 2.0.7 behoben, für GPGTools soll ein Update in Kürze erscheinen.
golem, 13.06.2018
software_krypto_gnupg  software_krypto_neopg  software_mua_tb_enigmail  itsicherheit_exploit_flaw  krypto_signierung  itsicherheit_implementierung 
june 2018 by kraven
efail: Outdated Crypto Standards are to blame
I have a lot of thoughts about the recently published efail vulnerability [NB:], so I thought I'd start to writeup some of them. I'd like to skip all the public outrage about the disclosure process for now, as I mainly wanted to get into the technical issues, explain what I think went wrong and how things can become more secure in the future. I read lots of wrong statements that "it's only the mail clients" and the underlying crypto standards are fine, so I'll start by explaining why I believe the OpenPGP and S/MIME standards are broken and why we still see these kinds of bugs in 2018. I plan to do a second writeup that will be titled "efail: HTML mails are to blame". Not all of the attack scenarios involve crypto, but those that do exploit a property of encryption modes that is called malleability. It means that under certain circumstances you can do controlled changes of the content of an encrypted message. Malleability of encryption is not a new thing. Already back in the nineties people figured out this may be a problem and started to add authentication to encryption. Properly using authenticated encryption modes can prevent a lot of problems. It's been a known issue in OpenPGP, but until now it wasn't pressing enough to fix it. The good news is that with minor modifications OpenPGP can still be used safely. And having a future OpenPGP standard with proper authenticated encryption is definitely possible. For S/MIME the situation is much more dire and it's probably best to just give up on it. It was never a good idea in the first place to have competing standards for e-mail encryption. For other crypto protocols there's a lesson to be learned as well: Stop using unauthenticated encryption modes. If anything efail should make that abundantly clear.
hanno böck, 22.05.2018
krypto_algo_modus_aead  krypto_algo_modus_aead_ocb  krypto_algo_modus_aead_eax  krypto_openpgp  software_krypto_gnupg  itsicherheit_exploit_flaw  software_mua_html_mail  krypto_smime  itsicherheit_implementierung  itsicherheit_verdeckterkanal_data_exfil  krypto_openpgp_mdc 
may 2018 by kraven

Copy this bookmark:

to read