CKA Forums
Login 
canadian forums
bottom
 
 
Canadian Forums

Author Topic Options
Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63946
PostPosted: Wed Dec 13, 2017 9:45 am
 


Shit, this is getting tiresome. :roll:

http://www.kb.cert.org/vuls/id/144389

Quote:
Vulnerability Note VU#144389

TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding




Overview

TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks.. This attack is known as a "ROBOT attack".

Description


CWE-203: Information Exposure Through Discrepancy

Transport Layer Security (TLS) is a mechanism for a security transport over network connections, and is defined in RFC 5246. TLS may utilize RSA cryptography to secure the connection, and section 7.4.7 describes how client and server may exchange keys. Implementations that don't closely follow the descriptions in RFC 5246 may leak information to an attacker when they handle PKCS #1 v1.5 padding errors in ways that lets the attacker distinguish between valid and invalid messages. An attacker may utilize discrepancies in TLS error messages to obtain the pre-master secret key private RSA key used by TLS to decrypt sensitive data. This type of attack has become known as a Bleichenbacher attack. CERT/CC previously published CERT Advisory CA-1998-07 for this type of attack.

Some modern cryptographic implementations are vulnerable to Bleichenbacher-style attacks on TLS. While RFC 5246 Section 7.4.7.1 provides advice in order to eliminate discrepancies and defend against Bleichenbacher attacks, implementation-specific error and exception handling may nevertheless re-introduce message discrepancies that act as a cryptographic oracle for a Bleichenbacher-style attack.

More information about the research and affected vendors is available from the researcher's website.


Impact


A remote, unauthenticated attacker may be able to obtain the TLS pre-master secret (TLS session key) and decrypt TLS traffic.



Solution


Disable TLS RSA

Affected users and system administrators are encouraged to disable TLS RSA cyphers if possible. Please refer to your product's documentation or contact the vendor's customer service.

Apply an update

Some products may have software updates available to address this issue. If an update is available, affected users are encouraged to update product software or firmware. Please see the Affected Vendors list below for more information.

Note for developers

RFC 5246 contains remediation advice for Bleichenbacher-style attacks. Developers are encouraged to review the advice and ensure implementations of TLS or software that utilizes a TLS library does not introduce further message or timing discrepancies that may be used in a Bleichenbacher-style attack.


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 33975
PostPosted: Wed Dec 13, 2017 9:58 am
 


The NSA injected a flaw in the Diffie-Hellman Elliptical curve so they could break it easier and spy on everyone, and never revealed this. Curve 25519 seems like the one that isn't broken, so you can change sshd_config to use:

HostKey /etc/ssh/ssh_host_ed25519_key
Ciphers chacha20-poly1305@openssh.com
MACs hmac-sha2-512-etm@openssh.com
KexAlgorithms curve25519-sha256@libssh.org

We patched our F5 and border gateway devices a couple weeks ago against BIG_IP vulnerability. Just in time it seems!


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63946
PostPosted: Wed Dec 13, 2017 10:38 am
 


[BB] Thank you!!!


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63946
PostPosted: Wed Dec 13, 2017 10:59 am
 


Just got this email:

Quote:
DATE: December 13, 2017

SUBJECT: National Security Agency Information Assurance Advisory - (U) TLP: WHITE

(U) A recent error handling vulnerability has been discovered in two RSA (Rivest Shamir Adleman) Authentication Agent toolkits and in one Authentication Agent product. This vulnerability can result in authentication bypass and affects a limited number of applications. These toolkits and products are used to deploy RSA SecurID Token Authentication to authenticate users to workstations, web servers, and network devices. Additional details of this vulnerability and affected applications can be found in the attached advisory from the National Security Agency (NSA).

Information Assurance Advisory#: U/OO/228241


Note that (U) means unclassified.

Here's the unclassified memo:


Attachments:
File comment: nsa
nsa.PNG
nsa.PNG [ 167.55 KiB | Viewed 18 times ]
Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 33975
PostPosted: Wed Dec 13, 2017 11:18 am
 


RSA Tokens! Niiice! :roll:

I think even the Entrust soft token on my phone is vulnerable to MiM. :(


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63946
PostPosted: Wed Dec 13, 2017 11:29 am
 


The NSA more or less rootkitted fucking EVERYTHING and then they let their secrets get out.

Fuck.

Now with 128-bit and quantum computing coming I'm wondering if they'll let companies produce secure products or if they'll insist on shitting up everything with spyware. :|


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 33975
PostPosted: Wed Dec 13, 2017 11:36 am
 


BartSimpson wrote:
The NSA more or less rootkitted fucking EVERYTHING and then they let their secrets get out.

Fuck.

Now with 128-bit and quantum computing coming I'm wondering if they'll let companies produce secure products or if they'll insist on shitting up everything with spyware. :|


With how often the FBI goes to Congress and complains that they can't get into some drug dealers' phone because it's encrypted, I'm going to go with 'no'. I get the feeling from this Congress that they buy the 'terrorism' angle so that will eventually mandate a backdoor into encryption, thereby making it useless.

Like any self respecting terrorist would post his plans on any non-air gapped electronic device!


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63946
PostPosted: Wed Dec 13, 2017 12:47 pm
 


Yeah, anymore if it's secure it needs to be transmitted on a one-time pad or by courier.

Everything else should be an assumed compromise.


Offline
Forum Elite
Forum Elite
Profile
Posts: 1496
PostPosted: Wed Dec 13, 2017 3:10 pm
 


So, bottom line for dummies: how concerned should we be about the NSA and their friends?


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63946
PostPosted: Wed Dec 13, 2017 4:13 pm
 


Sunnyways wrote:
So, bottom line for dummies: how concerned should we be about the NSA and their friends?


VERY.

I say this because Homeland Security just sent a message that Apple iOS and tvOS were rootkitted.

Quote:
National Cyber Awareness System:

Apple Releases Security Updates for iOS and tvOS
12/13/2017 05:51 PM EST

Original release date: December 13, 2017

Apple has released security updates to address a HomeKit vulnerability in iOS and tvOS. A remote attacker could exploit this vulnerability to take control of affected HomeKit-connected devices.

US-CERT encourages users and administrators to review Apple security pages for iOS 11.2.1 and tvOS 11.2.1 and apply the necessary updates.


Offline
CKA Uber
CKA Uber
User avatar
Profile
Posts: 20917
PostPosted: Wed Dec 13, 2017 6:42 pm
 


the one nice thing about these backdoors being found out is they're finally getting patched (where possible).


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 33975
PostPosted: Thu Dec 14, 2017 6:36 am
 


Public_Domain wrote:
the one nice thing about these backdoors being found out is they're finally getting patched (where possible).


The main takeaway is that the NSA a) put them there and 2) didn't tell anyone about the ones they found that were there, leaving eveyone's information exposed.

Protecting the US would have also meant protecting their enemies. The NSA chose instead to spy on everyone while exploiting these deficiencies.


Post new topic  Reply to topic  [ 12 posts ] 



Who is online

Users browsing this forum: No registered users and 3 guests




 
     
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © Canadaka.net. Powered by © phpBB.