This past week Microsoft MSRT push contains detections/removals for several widely used APT tools. The coalition (led by Novetta) that brought about the inclusions of these tools in this month MSRT, are encouraging enterprises to push/execute this month MSRT update. Some of malware included in this month MSRT update have a preliminary report posted here.
If you are using either Snort or Sourcefire, the ruleIDs to detect some of the threat/family in this month MSRT release are listed below and can be downloaded from Snort or from Sourcefire VRT subscription.
Derusbi -- 20080
Fexel -- 29459
Hikit -- 30948
DeputyDog -- 28493
Hydraq -- 16368, 21304
DarkMoon -- 7816, 7815, 7814, 7813, 12715, 12724
Zxshell -- 32180, 32181
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Before you start: While adjusting your SSL configuration, you should also check for various other SSL related configuration options. A good outline can be found at http://bettercrypto.org as well as at http://ssllabs.com (for web servers in particular)
Here are some configuration directives to turn off SSLv3 support on servers:
Apache: Add -SSLv3 to the SSLProtocol line. It should already contain -SSLv2 unless you list specific protocols.
nginx: list specific allowed protocols in the ssl_protocols line. Make sure SSLv2
Postfix: Disable SSLv3 support in the smtpd_tls_manadatory_protocols configuration line. For example: smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
Dovecot: similar, disable SSLv2 and SSLv3 in the ssl_protocols line. For example: ssl_protocols =!SSLv2 !SSLv3
HAProxy Server: the bind configuration line should include no-sslv3 (this line also lists allowed ciphers)
puppet:seehttps://github.com/stephenrjohnson/puppetmodule/commit/1adb73f9a400cb5e91c4ece1c6166fd63004f448 for instructions
For clients, turning off SSLv3 can be a bit more tricky, or just impossible.
Google Chrome: you need to start Google Chrome with the --ssl-version-min=tls1 option.
Internet Explorer: You can turn off SSLv3 support in the advanced internet option dialog.
Firefox: check the security.tls.version.min setting in about:config and set it to 1. Oddly enough, in our testing, the default setting of 0 will allow SSLv3 connections, but refuses to connect to our SSLv3 only server.
For Microsoft Windows, you can use group policies. For details see Microsofts advisory:https://technet.microsoft.com/en-us/library/security/3009008.aspx
To detect the use of SSLv3, you can try the following filters:
tshark/wireshark display filters:ssl.handshake.version==0x0300
tcpdump filter: (1) accounting for variable TCP header length:tcp[((tcp4)*4)+9:2]=0x0300
(2) assuming TCP header length is 20:tcp[29:2]=0x0300
We will also have a special webcast at 3pm ET. For details see
the webcast will probably last 20-30 minutes and summarize the highlights of what we know so far.
Finally we got an official announcement. For all the details, jump straight to the original announcement . Below see the TL;DR; version:
The problem is limited to SSLv3. SSLv3 is often considered similar to TLSv1.0, but the two protocols are different.
SSLv3 had issues in the past. Remember the BEAST attack? It was never resolved (other then moving to TLS 1.1/2). The only alternative was to use a stream cipher like RC4, which had its own problems.
But this POODLE issue is different. With block ciphers, we have a second problem: What if the block to be encrypted is too short? In this case, padding is used to make up for the missing data. Since the padding isnt really considered part of the message, it is not covered by the MAC (message authorization code) that verified message integrity.
So what does this mean in real live? The impact is similar to the BEAST attack. An attacker may either play MitM, or may be able to decrypt parts of a message if the attacker is able to inject data into the connection just like in the BEAST attack. The attack allows one to decrypt one byte at a time, if the attacker is able to inject messages right after that byte that include only padding.
What should you do: Disable SSLv3. There is no patch for this. SSLv3 has reached the end of its useful life and should be retired.
This isnt a patch now. Give it some time, test it carefully, but get going with it. The other problem is that this is a client and a server issue. You need to disable SSLv3 on either. Start with the servers for highest impact, but then see what you can do about clients.
The other option to fix this problem is to use SSL implementations that take advantage of the TLS_FALLBACK_SCSV feature. This feature notifies the other side that you first tried the stronger cipher. This way, they can reject the downgrade attempt that may have been introduced by a MitM attack. But it isnt clear which implementations use this feature at this point, and which dont. A patch for OpenSSL 1.0.1 was released earlier today implementing TLS_FALLBACK_SCSV
To test if your server is vulnerable: Use https://ssltest.com
To test if your client is vulnerable: We setup a test page at https://sslv3.dshield.org:444/index.html . If you can connect, then your client supports SSLv3 .
So far, we tested :
Safari and Chrome on OS X
Internet Explorer 11, Chrome 37on Windows 7
Not Supporting SSLv3:
Firefox 32 on OS X.
Firefox 32 on Windows 7
To turn off SSLv3 support in Internet Explorer 11:
Setting - Internet Options - Advanced Tab - Uncheck SSLv3 under Security.
Yesterday, a number of news sites published speculative reports about a possible OpenSSLbug to be fixed today. According to these reports, the bug affects SSL 3, and is critical. Can-)
Initially, it looked like an OpenBSD patch lead to an answer, but turns out the patch was old (thx to those who wrote in and responded,in particular based on the tweet by @martijn_grooten). But instead, there are new leads now, in particular a discussion on Stackexchange . In this discussion, a comment by Thomas Pornin outlines how padding in SSLv3 can lead to MitM attacks. This would be an outright attack against the SSLv3 protocol, and less against a specificimplementation. It would affect clients as well as servers.
We will update this post as we learn more. At this point: Dont panic and wait for a patch from your respective vendor. We are not aware of any active exploitation of this problem, but please let us know if you see any evidence of that happening.
If you choose to disable SSLv3 on a server, but leave TLS 1.0 enabled, Windows XP with IE 6 will no longer be able to connect (but older versions of IE will be able to connect from Windows XP machines).
How can you test if a server supports SSLv3? Either use ssllabs.com, or using the openssl client: (if it connects, it supports SSLv3)
openssl s_client -ssl3 -connect [your web server]:443
How can I check if my browser can live without SSLv3? If you can read this, then you support TLSv1 or higher. I turned off SSLv3 support on this site for now. But pretty much all browsers support SSLv3.
You tell us not to panic, but you turned of SSLv3? Yes. I wanted to see what happens if I turn off SSLv3. So far, the only issue I found was Windows XP with IE 6, a configuration I probably dont want to support anyway.
Microsoft only published 8 instead of the promised 9 bulletins. Also, of particular interest is MS14-060 which was pre-announced by iSight Partners. iSighthas seen this vulnerability exploited in some APT style attacks against NATO/US military interests and attributes these attacks to Russia. Attacks like this have happened with many Office vulnerabilities in the past, but it is unusual for a company to announce the respective attacks and CVE numbers ahead of Microsofts bulletin release. Note that we got a total of 3 already exploited vulnerabilities in this months release. Don">MS14-059
Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass
Microsoft Developer Tools
CVE-2014-4075 KB 2990942
exploited.">MS14-060 Vulnerability in Windows OLE Could Allow Remote Code Execution(replaces">MS14-061 Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution">MS14-063 Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege">Critical: Anything that needs little to become interesting">Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or lei\ sure work. The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.
Adobe published two security bulletins today:
APSB-22 : fixes 3 vulnerabilities in Adobe Flash Player as well as in Adobe Air. The vulnerabilities are rated with a priority of 1 for Flash Playerrunning onWindows and OS X , which means they have already been exploited in targeted attacks.
APSB-23  : another 3 vulnerabilities, but this time in Cold Fusion. The priority for these updates is 2which indicates that they have not yet been exploited in the wild.