Information Security

News aggregatorDELETE

Intimate Images of US Marshals From an Embedded Photographer

Wired Threat Level - 10 hours 58 min ago

The FBI may get all the love (and movies), but the US Marshals Service is America’s oldest federal law enforcement agency. Brian Finke spent nearly four years embedded with the marshals, chronicling their daily lives with intimate, revealing images that peer into an often dangerous world. “I felt like it was my own version of the […]

The post Intimate Images of US Marshals From an Embedded Photographer appeared first on WIRED.








Categories: Security News

Vuln: Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability

Linux Security - Mon, 10/20/2014 - 19:00
Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
Categories: Vulnerability Pipes

Vuln: Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability

Linux Security - Mon, 10/20/2014 - 19:00
Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
Categories: Vulnerability Pipes

Vuln: Apache HTTP Server Multiple Denial of Service Vulnerabilities

Linux Security - Mon, 10/20/2014 - 19:00
Apache HTTP Server Multiple Denial of Service Vulnerabilities
Categories: Vulnerability Pipes

Vuln: Microsoft Windows CVE-2014-4114 OLE Package Manager Remote Code Execution Vulnerability

Windows Security - Mon, 10/20/2014 - 19:00
Microsoft Windows CVE-2014-4114 OLE Package Manager Remote Code Execution Vulnerability
Categories: Vulnerability Pipes

Apple Multiple Security Updates, (Mon, Oct 20th)

Other Security - Mon, 10/20/2014 - 15:28


Apple released security update today for iOS 8 and Apple TV 7.

iOS 8.1 (APPLE-SA-2014-10-20-1 iOS 8.1) is now available for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later, to addresses the following:

Bluetooth CVE-2014-4448
House Arrest CVE-2014-4448
iCloud Data Access CVE-2014-4449
Keyboards CVE-2014-4450
Secure Transport CVE-2014-3566

Apple TV 7.0.1 (APPLE-SA-2014-10-20-2 Apple TV 7.0.1) is now available for Apple TV 3rd generation and later, to address the following:

Bluetooth CVE-2014-4428
Secure Transport CVE-2014-3566

[1] https://support.apple.com/kb/HT1222

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Teaching SEC 503 end of October in Ottawa

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Vulnerability Pipes

How to Stop Apple From Snooping on Your OS X Yosemite Searches

Wired Threat Level - Mon, 10/20/2014 - 13:26

Apple's latest operating system OS X Yosemite pushes the limits of data collection tolerance: its desktop search tool Spotlight uploads your search terms in real time to Apple's remote servers, by default. Fortunately for Apple's angry users, however, this is one privacy invasion that's easy to cut short.

The post How to Stop Apple From Snooping on Your OS X Yosemite Searches appeared first on WIRED.








Categories: Security News

Virginia Police Have Been Secretively Stockpiling Private Phone Records

Wired Threat Level - Mon, 10/20/2014 - 05:30

While revelations from Edward Snowden about the National Security Agency’s massive database of phone records have sparked a national debate about its constitutionality, another secretive database has gone largely unnoticed and without scrutiny. The database, which affects unknown numbers of people, contains phone records that at least five police agencies in southeast Virginia have been […]

The post Virginia Police Have Been Secretively Stockpiling Private Phone Records appeared first on WIRED.








Categories: Security News

Vuln: Microsoft Windows FAT32 Disk Partition Driver CVE-2014-4115 Local Privilege Escalation Vulnerability

Windows Security - Sun, 10/19/2014 - 19:00
Microsoft Windows FAT32 Disk Partition Driver CVE-2014-4115 Local Privilege Escalation Vulnerability
Categories: Vulnerability Pipes

Vuln: Microsoft .NET Framework ClickOnce CVE-2014-4073 Remote Privilege Escalation Vulnerability

Windows Security - Sun, 10/19/2014 - 19:00
Microsoft .NET Framework ClickOnce CVE-2014-4073 Remote Privilege Escalation Vulnerability
Categories: Vulnerability Pipes

Vuln: Microsoft .NET Framework CVE-2014-4122 ASLR Security Bypass Vulnerability

Windows Security - Sun, 10/19/2014 - 19:00
Microsoft .NET Framework CVE-2014-4122 ASLR Security Bypass Vulnerability
Categories: Vulnerability Pipes

Microsoft MSRT October Update, (Sun, Oct 19th)

Windows Security - Sun, 10/19/2014 - 10:50

This past week Microsoft MSRT push contains detections/removals for several widely used APT tools. The coalition (led by Novetta) that brought about the inclusions of these tools in this month MSRT, are encouraging enterprises to push/execute this month MSRT update. Some of malware included in this month MSRT update have a preliminary report posted here.

If you are using either Snort or Sourcefire, the ruleIDs to detect some of the threat/family in this month MSRT release are listed below and can be downloaded from Snort or from Sourcefire VRT subscription.

Derusbi -- 20080
Fexel -- 29459
Hikit -- 30948
DeputyDog -- 28493
Hydraq -- 16368, 21304
DarkMoon -- 7816, 7815, 7814, 7813, 12715, 12724
Zxshell -- 32180, 32181

[1] http://blogs.technet.com/b/mmpc/archive/2014/10/14/msrt-october-2014-hikiti.aspx
[2] http://www.microsoft.com/security/pc-security/malware-removal.aspx
[3] http://novetta.com/commercial/news/resources/
[4] https://www.snort.org/downloads/#rule-downloads

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Teaching SEC 503 end of October in Ottawa

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Vulnerability Pipes

Friday Squid Blogging: 1,057 Squid T-Shirts

Bruce Shneier's Blog - Fri, 10/17/2014 - 17:17
That's a lot. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Commenting has been broken for the past few days. We hope to get it fixed on Monday....
Categories: Security News

Cops Need a Warrant to Grab Your Cell Tower Data, Florida Court Rules

Wired Threat Level - Fri, 10/17/2014 - 14:31

Americans may have a Florida drug dealer to thank for expanding our right to privacy. Police departments around the country have been collecting phone metadata from telecoms and using a sophisticated spy tool to track people through their mobile phones—often without obtaining a warrant. But a new ruling out of Florida has curbed the activity […]

The post Cops Need a Warrant to Grab Your Cell Tower Data, Florida Court Rules appeared first on WIRED.








Categories: Security News

Kickstarter Freezes Anonabox Privacy Router Project for Misleading Funders

Wired Threat Level - Fri, 10/17/2014 - 14:02

On Friday afternoon Kickstarter suspended the crowdfunding campaign for Anonabox, an initiative to sell a tiny, $45 router that would run all the user's online traffic over the anonymity network Tor.

The post Kickstarter Freezes Anonabox Privacy Router Project for Misleading Funders appeared first on WIRED.








Categories: Security News

TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack

Other Security - Fri, 10/17/2014 - 11:27
Original release date: October 17, 2014 | Last revised: October 20, 2014
Systems Affected

All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.

Overview

US-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. The POODLE attack demonstrates how an attacker can exploit this vulnerability to decrypt and extract information from inside an encrypted transaction.

Description

The SSL 3.0 vulnerability stems from the way blocks of data are encrypted under a specific type of encryption algorithm within the SSL protocol. The POODLE attack takes advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then leverages this new vulnerability to decrypt select content within the SSL session. The decryption is done byte by byte and will generate a large number of connections between the client and server.

While SSL 3.0 is an old encryption standard and has generally been replaced by Transport Layer Security (TLS) (which is not vulnerable in this way), most SSL/TLS implementations remain backwards compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. Even if a client and server both support a version of TLS the SSL/TLS protocol suite allows for protocol version negotiation (being referred to as the “downgrade dance” in other reporting). The POODLE attack leverages the fact that when a secure connection attempt fails, servers will fall back to older protocols such as SSL 3.0. An attacker who can trigger a connection failure can then force the use of SSL 3.0 and attempt the new attack. [1]

Two other conditions must be met to successfully execute the POODLE attack: 1) the attacker must be able to control portions of the client side of the SSL connection (varying the length of the input) and 2) the attacker must have visibility of the resulting ciphertext. The most common way to achieve these conditions would be to act as Man-in-the-Middle (MITM), requiring a whole separate form of attack to establish that level of access.

These conditions make successful exploitation somewhat difficult. Environments that are already at above-average risk for MITM attacks (such as public WiFi) remove some of those challenges.

Impact

The POODLE attack can be used against any system or application that supports SSL 3.0 with CBC mode ciphers. This affects most current browsers and websites, but also includes any software that either references a vulnerable SSL/TLS library (e.g. OpenSSL) or implements the SSL/TLS protocol suite itself. By exploiting this vulnerability in a likely web-based scenario, an attacker can gain access to sensitive data passed within the encrypted web session, such as passwords, cookies and other authentication tokens that can then be used to gain more complete access to a website (impersonating that user, accessing database content, etc.).

Solution

There is currently no fix for the vulnerability SSL 3.0 itself, as the issue is fundamental to the protocol; however, disabling SSL 3.0 support in system/application configurations is the most viable solution currently available.

Some of the same researchers that discovered the vulnerability also developed a fix for one of the prerequisite conditions; TLS_FALLBACK_SCSV is a protocol extension that prevents MITM attackers from being able to force a protocol downgrade. OpenSSL has added support for TLS_FALLBACK_SCSV to their latest versions and recommend the following upgrades: [2]

  • OpenSSL 1.0.1 users should upgrade to 1.0.1j.
  • OpenSSL 1.0.0 users should upgrade to 1.0.0o.
  • OpenSSL 0.9.8 users should upgrade to 0.9.8zc.

Both clients and servers need to support TLS_FALLBACK_SCSV to prevent downgrade attacks.

Other SSL 3.0 implementations are most likely also affected by POODLE. Contact your vendor for details. Additional vendor information may be available in the National Vulnerability Database (NVD) entry for CVE-2014-3566 [3] or in CERT Vulnerability Note VU#577193. [4]

References Revision History
  • October 17, 2014 Initial Release
  • October 20, 2014 Added CERT Vulnerability Note VU#577193 to the Solution section

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Vulnerability Pipes

Apple Updates (not just Yosemite), (Fri, Oct 17th)

Other Security - Fri, 10/17/2014 - 07:42

Apple yesterday released the latest version of its operating system, OS X 10.10 Yosemite. As usual, the new version of the operating system does include a number of security related bug fixes, and Apple released these fixes for older versions of OS X today.

This update, Security Update 2014-005 is available for versions of OS X back to 10.8.5 (Mountain Lion).

Among the long list of fixes, here a couple of highlights:

Apple doesnt turn off SSLv3 in this release, but restricts it to non-CBC ciphers, limiting its exposure to attacks like POODLE and BEAST. The list of trusted certificate authorities has also been updates [2]

802.1x no longer supports LEAP by default due to weaknesses in this authentication method.

The bash fix, that was released as a standalone fix earlier to counter Shellshock, is included in this update.

An arbitrary code execution vulnerability in CUPS was fixed. (CVE-2014-3537)

And a quick note about OS 10.10 Yosemite:

After installing it, all security relevant settings Ichecked where untouched (good!). Among security relevant software, GPGMailwill not work with Yosemite yet, but according to the developers, a fix is in the work and may be release in a few weeks, but GPGMail may no longer be free. If you rely on software that you compiled with MacPorts: Wait for the release of XCode 6.1, as it is required to recompile the software for OS X 10.10. In general, it is adviced that you FIRST update all your software and then upgrade to Yosemite. Little Snitch, another popular piece of security software for OS X, works well with Yosemite, but I recommend you turn off the network filter during the upgrade (it works with it enabled, but you need to approve a lot of new connections from new software).

[1]http://support.apple.com/kb/HT1222
[2]http://support.apple.com/kb/HT6005

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Vulnerability Pipes

Hacking a Video Poker Machine

Bruce Shneier's Blog - Fri, 10/17/2014 - 06:35
Kevin Poulsen has written an interesting story about two people who successfully exploited a bug in a popular video poker machine....
Categories: Security News

Vuln: Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability

Linux Security - Thu, 10/16/2014 - 19:00
Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
Categories: Vulnerability Pipes

Privacy Router Anonabox Gets $600K in Crowdfunding—And Huge Backlash

Wired Threat Level - Thu, 10/16/2014 - 14:11

The Tor-enabled router project known as Anonabox successfully tapped into thousands of Internet users' desire for simpler privacy tech. Unfortunately, it wasn't ready for the scrutiny that success brought with it.

The post Privacy Router Anonabox Gets $600K in Crowdfunding—And Huge Backlash appeared first on WIRED.








Categories: Security News
Syndicate content