One in Three Servers Affected by New TLS Decryption Hack

new vulnerability has been discovered by security researchers that could be used to allow eavesdroppers to spy on the traffic between users and as many as one-in-three HTTPS servers. The problem arises due to the fact that many HTTP servers still support the outdated and now-insecure Secure Sockets Layer (SSL) version 2 protocol. SSLv3 succeeded SSLv2 back in 1996, however, it was only officially deprecated by 2011, which has resulted in its continued presence in servers. Even SSLv3 has since been replaced with newer, more secure Transport Layer Security (TLS) versions 1.0, 1.1 and 1.2.

While SSLv2 is totally unsuitable for encrypted communications, it wasn’t until now that security researchers have thought that its continued support in servers would pose a security threat as most modern clients such as web browsers and others capable of TLS communications no longer support it. A newly released paper has found this assumption to be false by showing that a server supporting SSLv2 can be exploited by attackers to decrypt any traffic from its clients, even those using the most up-to-date TLS protocols.

The attack, which has come to be known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption), has a number of prerequisites, but unlike some vulnerabilities, they remain practical to execute. Firstly, the server must either support SSLv2 or share its private key with another server that does, which is common in many organizations that share a key across both web and email servers. With this satisfied, the attack must then monitor several hundred encrypted communications between the victim and the server, whether by simply observing over a long period or using malicious code to force numerous connections to be repeatedly made with the sever. Even the requirement that the handshake must use the RSA key exchange algorithm is simple, as it is the most commonly used key exchange in TLS implementations.

Armed with this information, the attacker then connects to the server via SSLv2 multiple times using specially crafted handshake messages that contain modifications of the RSA ciphertext captured during the victim’s TLS connections. These connections will cause the server to leak further information regarding the secret keys used during the TLS connections despite failing. It was calculated that even in a worst-case scenario, an attacker would need to erform roughly 40,000 probe connections and 2^50 computations to decrypt one out of 900 observed TLS connections. It was estimated by the researchers that running the calculations for the attack on Amazon’s EC2 cloud computing platform would cost around $440. The attack is even significantly easier if the server is running a version of OpenSSL library that contains two known flaws.

As many as 17% of all HTTPS servers are directly vulnerable to the attack, with 25 percent of SMTP with STARTTLS servers, 20 percent of POP3S and IMAPS servers and 8 percent of SMTPS also vulnerable. Even amongst HTTPS servers that did not directly support SSLv2, those that shared their private keys with other web servers supporting SSLv2 raised the overall percentage of vulnerable servers to 33%. Thankfully, while DROWN attacks may expose critical information such as login or banking credentials, the attack would have to be executed from scratch for every user and the server’s long-term private keys are not exposed, only the keys negotiated for specific sessions.

Server administrators have been urged to ensure that SSLv2 has been disabled on their servers, including any sharing private keys. Instructions on how to do so have been provided by the researchers for the most common web servers and TLS libraries. For those unsure whether their server is vulnerable, even with SSLv2 disable, a tool has been released to determine is a server is vulnerable and affected by key reuse.

It is scary to think that some of the websites vulnerable to this issue include big names used in the everyday lives of many such as yahoo.com, weibo.com, buzzfeed.com, weather.com, flickr.com, and dailymotion.com.

OpenSSL Bug Allowed Attackers to Decrypt HTTPS Traffic

The OpenSSL cryptographic library was recently updated in response to a high severity vulnerability that was found its code. The vulnerability made it possible for attackers to get hold of the decryption key used for traffic secured by HTTPS and other transport layer security methods.

Thankfully, while the consequences of the vulnerability were high, the flaw can only be exploited when a very specific set of conditions are met. For starters, only version 1.0.2 even contains the vulnerability. The application reliant on it must then use groups based on the digital signature algorithm (DSA), which then generate ephemeral keys using the Diffie-Hellman key exchange. Server applications typically re-use the same private Diffie-Hellman exponent for the lifetime of the server process, by default. The result is that the server’s encrypted traffic then becomes vulnerable to a key-recovery attack, the same being the case in configurations that rely on a static Diffie-Hellman cipher suite.

When the requirements are met, an attacker can make a barrage of handshake requests to the vulnerable endpoint system. With enough requests, partial secret values can be obtained and combined using the Chinese Remainder Theorem to calculate the encryption key. More extensive information on the attack and vulnerability can be found on Antonio Sanso’s blog and as part of an OpenSSL security advisory.

Thankfully, the majority of mainstream OpenSSL and DSA-based Diffie-Hellman reliant applications don’t seem to meet these requirements. For example, the common Apache Web Server enables the SSL_OP_SINGLE_DH_USE option, which causes different private exponents to be used across the process’ lifespan. Meanwhile, the two main forks of OpenSSL, do not have the vulnerability present in them. Google’s BoringSSL removed the option for SSL_OP_SINGLE_DH_USE some months earlier, while in LibreSSL, it was deprecated less than a week ago. Anything that uses a static cipher suite risks continuing to be vulnerable, however.

Sanso reported the bug privately to the OpenSSL project maintainers on the 12th of January, meaning it took only two weeks for them to identify, test and roll out a fix. Curiously, at the time of the bug being reported, a fix relating to the re-use of Diffie-Hellman exponents had already been committed to the OpenSSL but was yet to be part of a release. For obvious security reasons, details of the vulnerability were not publicly released until a patch was already available so that would-be attackers would not be aware of the attack vector until it was already removed. While it may only affect edge-cases, if you’re running a server that relies on OpenSSL 1.0.2, you should be sure to update to 1.0.2f and those on 1.0.1 should install 1.0.1r although support for 1.0.1 is finishing at the end of this year.

Dells Security Affects More Than Just Your PC!

Recently Dell has received a lot of attention regarding their security, to be more precise it was due to a digital certificate. These are small pieces of code that are used to encrypt the traffic between your system and any website or online system you use, remember that little padlock in your URL bar on the browser? That means that it’s used a certificate to verify that this is a legitimate website and not a fake website.

The problems started when Dell shipped their systems with a certificate, private encryption key included, on their systems. This is like giving somebody the mold to create their own keys, or even conduct man-in-the-middle attacks, where you are able to act as a midway point for communication, and with the encryption details you could easily read the information being sent.

When Duo Security, a digital security company, continued to search they found at least 24 IP addresses which had certificates with the a different digital fingerprint but the same name, eDellRoot. Different lock, same name.

The problem with this is that some of the systems appear to be SCADA (Supervisory Control and Data Acquisition), a system seen as pretty important given it is often used in energy and manufacturing industries. While these systems are normally closed off from the internet, no access = minimal risk, the systems could have been misconfigured but still have a potential risk.

Dell has posted stating that they would post instructions on how to fix the eDellRoot problem, which can be found here.

With problems like this, public knowledge and learning from the mistake are the best ways to prevent this affecting both companies and the public in the future.

Comodo Fixes Issue Which Resulted In Banned Certificates

Have you ever noticed that padlock symbol in your address bar when you go on a website, such as eBay or your emails? These symbols actually mean something, they mean that the website has been verified by an SSL certificate, these are provided by an external company and are designed to let you know that your websites are safe and secure. So can you imagine what that means when bad certificates are issued?

Comodo is one of the companies that provide online certificates and has had to fix just that problem when they released a fix for a bug which issued several certificates after the rules for providing those certificates changed. In a post on their forum, Rob Stradling, Comodo’s senior research and development scientist, posted that eight certificates were issued but didn’t end the post there.

Stradling then went on to state that Comodo may not be the only company to have this problem,

We found non-compliant certificates issused by quite a number of other CAs, but I’ll document these in another post.

With the fix released only two hours after they discovered the bug, the hope is that the padlock can stay a symbol of security and safety online.

SSL Bug Lets People Impersonate Anyone

So you’re browsing online, through Facebook, Ebay and even your bank and you notice that padlock at the start of your address bar. You see that symbol and you think, that means I’m secure. I’m safe and I can browse and send information without a worry. Seems like that might be a mistake according to a new bug report.

SSL is the system in which websites can be verified, this means you can be certain that the website you’re sending information to is actually the website you want and not someone pretending. It also means that you have to use a standard of encryption when communicating information across the web. OpenSSL is a standard used by a variety of websites in order to offer some security and reassurance to its users, and sadly is publicly available meaning that users are free to view and edit the code as they see fit.

From the log that’s available it appears that the code responsible for the problem was added all the way back in January, however, it was only released to the publicly used version last month. With this problem, it would be possible for fake websites to change and “appear” as if they were the legitimate version and due to how the system works, fake websites would also be able to provide “certificates” for other websites.

While it was in the public version it didn’t make its way into the mainstream versions used by a lot of people, meaning that it has since been removed and the damage limited (if there is any at all). This is in contrast to the Heartbleed virus that resided in OpenSSL for almost two whole years before being discovered.

Thank you ArsTechnica for the information.

Image courtesy of the BBC.

Plex to Allow Free SSL Encryption

Plex gave its users an important security upgrade last week. The home media streaming platform announced that all its users are getting free SSL certificates, enabling them to connect to their media over an encrypted HTTPS connection. The new feature is a partnership with certificate authority DigiCert, Plex says the project is “one of the largest implementations of publicly trusted certificates, ever.”

The new Plex feature isn’t just for Plex Plus subscribers who pay $5 per month to get a host of different features. Even free users will get the added security. The certificates work whether you are accessing a Plex media server remotely or over your local network.Certificates encrypt any data being sent between you and your plex server, preventing anyone spying on your data traffic, it works (in layman’s terms) by your PC / device having the “Key” and your plex server, the “lock”. Neither can see any data on the other without the key or lock. Quite simple, but highly effective.
Anyone using Plex at home just needs  to update their Plex server to the latest version. Then make sure you’re signed into your Plex account. Afterward go to Settings > Server > Network  and ensure that ‘Secure connections’ is enabled.  Once that is  done the SSL feature should start working when you visit app.plex.tv. If it still doesn’t work try rebooting your media server.

Even though your server has an SSL certificate, it currently works to create an encrypted connection with specific Plex apps. You can get a trusted HTTPS connection on Android, Plex Home Theater, Plex Web App, Roku (preview app), Windows 8.1, and Windows Phone.Anyone using Plex apps on a gaming console, smart TV, or iOS will have to wait for updates in the coming weeks.

Thank you to PCworld for providing us with this information

Image courtesy of LifeHacker

Internet.Org, What Is It And Whats Happening?

Internet.org has been in the online news a lot recently, but what is it and why is it in the news?

Internet.org is a scheme created by Facebooks Founder Mark Zuckerberg, the aim of which is to provide free internet access to several countries, hopefully reaching at least 5 billion people who currently don’t have access to it. Currently offering free mobile internet access to people in India, Zambia, Colombia, Tanzania, Kenya, Ghana, Indonesia and the Philippines.

In order to access the free internet, however, users must use either facebook’s Android app, the Opera Mini web browser, Internet.org’s website or special Android Apps. This in conjunction with the limited number of sites that were available through the services, including Facebook, Wikipedia and BBC news, #and the Facts for Life health site run by the United Nations Children’s Fund among the initial 38 accessible websites. This limitation caused several companies to doubt the scheme and even pull out as it was seen in conflict with the concept of “Net Neutrality”, a phrase that has been used a lot in recent days to describe the concept that all internet traffic is equal and all sites are equal, so charging extra or forcing users to use certain sites would be against the concept (one which Tim Berners-Lee, regarded as one of the founders of the internet has spoke up about).

The scheme was recently opened up allowing for developers to join the Internet.org Platform and create their websites and services to be run through the Internet.org scheme. These do come with limitations though:

  • Websites must not be data heavy – this means that websites which use a lot of high-quality images, videos or real-time voice and video chat based systems are banned from the scheme.
  • Websites must be able to run on both high-end and low-end smartphones – to allow this, certain web-based products and services are banned. Javascript and Flash Files being amongst the banned content.
  • No Encrypted connections – Currently the Internet.org platform does not support HTTPS (SSL/TLS), the systems used to guarantee a secure connection with a certain connection such as Outlook or your bank’s website. This is due to the web traffic currently going through internet.org’s proxy servers, meaning that all services currently utilizing encryption are rejected from the scheme.

In regards to the last limitation, Zuckerberg has stated that they need to do some work on the service to allow HTTPS and SSL to work on all phones and browsers, so it will be available soon.

In an online video announcing the platform, Zuckerberg talked about the principle of Net Neutrality and stated that,

“Its not sustainable to offer the whole internet for free though. It costs tens of billions of dollars every year to run the internet and no operator could afford this if everything were free.

But it is sustainable to build free basic services, that are simpler, use less data and work on all low end phones. “

Zuckerberg goes on to explain that the Internet.org version of Facebook removed images and videos in order to use less data and work on low-end phones.

So what do you think? It’s good that the internet is being brought to many who would otherwise be able to afford and access it but does the concept of Net Neutrality conflict with how the scheme works? Should Net Neutrality exist and if so should there be a limit?

Information Courtesy of The Register and Hacker news.

Same Tech Used in Lenovo Superfish Software found in Twelve Other Apps

The SSL-busting technology recently discovered to be pre-installed on Lenovo laptops has been found as part of another 12 pieces of software, including Trojan malware. The HTTPS-bypassing code, developed by Israeli company Komodia, was a part of the now-infamous Superfish software found on-board Lenovo laptops.

Matt Richard, threat researcher for the Facebook security team, revealed the extent of the code’s reach in a post on Friday, writing, “What all these applications have in common is that they make people less secure through their use of an easily obtained root CA [certificate authority], they provide little information about the risks of the technology, and in some cases they are difficult to remove.”

He continued,  “Furthermore, it is likely that these intercepting SSL proxies won’t keep up with the HTTPS features in browsers (e.g., certificate pinning and forward secrecy), meaning they could potentially expose private data to network attackers. Some of these deficiencies can be detected by antivirus products as malware or adware, though from our research, detection successes are sporadic.”

Even the developer Komodia calls one of its SDKs an “SSL hijacker”, so it’s no surprise that the code has found its way into malicious software. The malware, Trojan.Nurjax, was first discovered back in December. According to Symantec, the malware “hijacks the Web browser on the compromised computer and may download additional threats.”

Lenovo has apologised for inflicting the HTTPS-breaking code upon is customers and has released a program to aid removal of the Superfish software.

Source: Ars Technica

Superfish Admits to Certificate Installation, Didn’t Realise Security Flaw

The CEO of Superfish, the company behind the software of the same name that has been central to a recent scandal surrounding Lenovo, has admitted to his company intentionally installing the root certificate authority as part of the software, but says that they did not realise the potential consequences.

Speaking to The Next WebSuperfish CEO, Adi Pinhas, said that the software had useful intentions, but that they purposely utilised the root certificate authority to “enable a search from any site.” Superfish’s intent is to scan websites for products for which it can display ads offering users alternatives they may be interested in. This means it could circumvent SSL on sites like Google so it could continue doing what it intended to do – display ads.

Now Pinhas says that the certificate was “not installed without the users opting in”, but he also said that the company did not realise the potentially devastating consequences of utilising such a certificate and that the company didn’t know about the vulnerability until everyone else did. While that’s fine, it does seem a little hard to believe that the software developers who apparently spent four years developing Superfish didn’t realise the insecure nature of the software.

Nevertheless, it’s pretty clear that Superfish isn’t something you want on your computer.

Source: The Next Web

U.S. Hospital Target of Biggest Heartbleed Bug Exploit Yet

It has been a while since the Heartbleed bug got publicly know and went trough every media type, about four months and you would expect critical systems to be patched by now. After all, pretty much every manufacturer and software developer rushed out with a fix to their system. It however seems that some government employed backwater system administrator somewhere doesn’t have access to any form of news.

Heartbleed is a major bug in OpenSSL encryption software that is widely used to secure websites and technology products including mobile phones, data centre software and telecommunications equipment. It makes systems vulnerable to data theft by hackers who can attack them without leaving a trace.

Hackers made off with personal data of about 4.5 million patients of the hospital group Community Health Systems Inc, one of the biggest groups in the US. They broke into the system using the Heartbleed bug and made away with their database without leaving a trace. This is the first publicly known large-scale cyber attack using the Heartbleed exploit.

The hackers got into the system by using the Heartbleed bug in equipment made by Juniper Networks Inc, said David Kennedy, chief executive of TrustedSec LLC, Multiple sources familiar with the investigation into the attack had confirmed that Heartbleed had given the hackers access to the system. Community Health Systems said on Monday that the attack had originated in China.

Community Health Systems, said the information stolen included patient names, addresses, birth dates, phone numbers and social security numbers of people who were referred or received services from doctors affiliated with the company over the last five years.

Thank you Reuters for providing us with this information.

Images courtesy of Businessinsider.

Heartbleed is Back, This Time Affecting WiFi Routers And Jelly Bean Android Devices

The heartbleed bug is back and this time it’s a different for of monster. The new variant of heartbleed is being dubbed “Cupid” by the security researcher who discovered it, Luis Grangeia. The “Cupid” bug can be used to launch heartbleed style attacks but this time on WiFi based routers (instead of the open web) and Android Jelly Bean devices connected to those routers. The bug allows hackers to target certain routers that are EAP based routers (e.g. require an individual logon and password, such as WiFi routers) by pulling the private security keys effectively bypassing any security measures. From this position the hackers could even view snippets of the working memory of the targeted devices potentially exposing user credentials, client certificates and private keys. The damage from this variant of heartbleed will apparently be much more contained than the first variant, however, it still isn’t known how many devices and routers are currently vulnerable to the attack. Any Android devices running 4.1.1 Jelly Bean are particularly vulnerable and if possible those users are encouraged to upgrade. Check out the technical details at the two source links.

Source: Luis Grangeia (#1 #2), Via: The Verge

Image courtesy of PCMag.com

QNAP System Update Available To Fix Heartbleed OpenSSL Vunerability

As the Heartbleed bug still stands as one of the biggest security vulnerabilities that has been seen in recent years, we are hearing continuing news of security patches and updates coming out to close the loopholes that are found in each instance of OpenSSL.

The latest update that we are hearing of comes from one of the leading NAS manufacturers, QNAP. Released today, QNAP’s security patch is targeted at system operating systems that run on QTS versions 4.0 and 4.1 – earlier releases use and earlier version of OpenSSL which appears to be unaffected.

“We strongly urge users of vulnerable Turbo NAS systems to update their firmware,” said Jason Hsu, Product Manager of QNAP. “Users are also recommended to contact their SSL providers to regenerate their SSL CSR/keys for server protection.”

Whilst QNAP are urging users with the above QTS releases to update their systems, either by running an update through the QTS control panel or by downloading the patch manually.

In addition to this I will point out that keeping your system up to date with the latest firmware and software releases is always highly recommended and even if you are running any of the earlier QTS revisions, it is still wise to update to the latest QTS 4.0.7 and 4.1.0 RC2 revisions.

Source: Press Release

Tumblr Adds SSL, Makes You Choose Between XKit and SSL

Tumblr has reportedly implemented support for SSL security on its blogging platform, but apparently missed one big thing. To activate it by defaul. Yes, the security feature exist, but you have to manually turn it on yourself.

Even so, the security feature is extremely welcomed by users, especially nowadays when malware and hackers are roaming around in just about every corner of the internet. On top of that, Tumblr is also a Yahoo-owned application, and we all know what happened to Yahoo services recently… Therefore, manually enabling it is better than nothing, eh?

Taking a look at other applications such as Tumblr, we see that Twitter also applied the same strategy when it first launched its SSL features, having users manually enabling it at firs. So we can assume that Tumblr will make the feature active by default in the near future. And this is quite helpful when on public Wi-Fi or Internet connection, such as coffee shops and airports. Nobody wants someone snooping around on their connection.

To enable the setting, Tumblr expains that users need to go in the application’s Account Settings from the Dashboard, then find the SSL feature ‘switch’ and set it to be enabled. A reason impeding Tumblr from activating the SSL from the very start is due to XKit, which offers an enhanced user experience, giving uses extra features such as enhanced notifications, a better inbox, along with several tweaks, themes, navigation tools, and so on.

Tumblr also states that if your XKit disappears after enabling the SSL feature, it is because the XKit is not compatible with SSL connections at the moment, making you choose between it and SSL connection. A fix is stated to be on its way, but until then, it’s XKit vs. SSL. Decisions, decisions…

Thank you Tech Crunch for providing us with this information

Google Is Deploying New Encryption In Data Centres To Counter NSA

Speaking with the Washington Post Google has told the public that it is bolstering and upgrading its encryption methods amid fresh revelations that the NSA is capable of breaking through common encryption methods. Google has stated that it will fast track the upgrading of its encryption ahead of schedule. The plans are to bump up its SSL certificates to 2048 bits from the current 1024 making the keys 1024 times harder to break via brute force as each extra bit added increases difficulty exponentially.

Google is also apparently one of the few companies to use different encryption keys for each user sessions. As these keys change once a day it is possible to minimise the duration of a compromise of a user account. It is of course worth noting that these new methods by Google mean that you are protected from more widespread “drag net” style surveillance methods but if Google is served a legal document to reveal details on a particular individual then it still has to comply.

However, this is pretty much what all companies want anyway – a system whereby no one is “spied on” or put under “mass surveillance” but instead a system where everyone’s privacy is respected unless they are suspected of offences and criminality in which case a legally just court order should provide a warrant to seize their information. It does seem that the only way to achieve privacy for everyone is by forcing the NSA and other government agencies out of mass data flows by encryption.

Image courtesy of Google