By Jake Edge
August 7, 2013
An attack against encrypted web traffic (i.e. HTTPS) that can reveal
sensitive
information to observers was presented at the
Black Hat
security conference. The vulnerability is not any kind of
actual decryption of HTTPS traffic, but can nevertheless determine whether
certain data is present in the page source. That
data might include email addresses, security tokens, account numbers, or
other potentially sensitive items.
The attack uses a modification of the CRIME
(compression ratio info-leak made easy) technique, but instead of targeting
browser
cookies, the new attack focuses on the pages served from the web server
side. Dubbed BREACH
(browser reconnaissance and exfiltration via adaptive compression of
hypertext—security researchers are nothing if not inventive with names),
the attack was demonstrated
on August 1. Both CRIME and BREACH require that the session use
compression, but CRIME needs it at the
Transport Layer Security (TLS, formerly Secure Sockets
Layer, SSL) level, while
BREACH only requires the much more common HTTP compression. In both cases,
because the data is
compressed, just comparing
message sizes can reveal important information.
In order to perform the attack, multiple probes need to be sent from a
victim's browser to the web site of interest. That requires that the
victim get infected with some kind
of browser-based malware that can perform the probes. The usual mechanisms
(e.g. email, a compromised web site, or man-in-the-middle) could be used to
install the probe. A
wireless access point and router would be one obvious place to house this
kind of attack as it has the man-in-the-middle position to see the
responses along with the ability to
insert malware into any unencrypted web page visited.
The probes are used as part of an "oracle" attack.
An oracle attack is one where the attacker can send multiple different
requests to the vulnerable software and observe the responses. It is, in
some ways, related to the "chosen plaintext" attack against a cryptography
algorithm. When trying to break a code, arranging for the "enemy" to
encrypt your message in their code can provide a wealth of details about
the algorithm. With computers, it is often the case that
an almost unlimited number of probes can be made and the results analyzed. The
only limit is typically time or bandwidth.
BREACH can only be used against sites that reflect the user input from
requests in their responses. That allows the site to, in effect, become an
oracle. Because the HTTP compression will replace
repeated strings with shorter constructs (as that is the goal of the
compression), a probe response with a (server-reflected) string that
duplicates one
that is already present in the page will elicit a shorter response than a
probe for an unrelated string. Finding that a portion of the
string is present allows the probing
tool to add an additional digit or character to the string, running through
all the possibilities checking for a match.
For data that has a fixed or nearly fixed format (e.g. email
addresses, account numbers, cross-site request forgery tokens), each probe
can try a variant (e.g. "@gmail.com" or "Account number: 1") and compare
the length of the reply to that of one without the probe. Shorter responses
correlate to correct guesses, because the duplicated string gets compressed
out of the response. Correspondingly, longer responses are for incorrect
guesses. It is
reported that 30 seconds is enough time to send enough probes to
essentially brute force
email addresses and other sensitive information.
Unlike CRIME, which can be avoided by disabling TLS
compression, BREACH will be more difficult to deal with. The researchers
behind BREACH list a number of mitigations, starting with
disabling HTTP compression. While that is a complete fix for the problem,
it is impractical for web servers to do so because of the additional
bandwidth it would require. It would also increase page load times.
Perhaps the most practical solution is to rework applications so that user
input is not reflected onto pages with sensitive information. That way,
probing will not be effective, but it does mean a potentially substantial
amount of work on the web application. Other possibilities like
randomizing or masking the sensitive data will also require application rework.
At the web server level, one could potentially add a random amount of data
to responses
(to obscure the length) or rate-limit requests, but both of those are
problematic from a performance perspective.
Over the years, various attacks against HTTPS have been found.
That is to be expected, really, since cryptographic systems always get
weaker over time. There's nothing to indicate that HTTPS is fatally
flawed, though this side-channel attack is fairly potent. With governments
actively collecting traffic—and using malware—it's not much of a
stretch to see the two being combined. Governments don't much like
encryption or anonymity, and flaws like BREACH will unfortunately be available to
help thwart both, now and in the future.
Comments (8 posted)
Brief items
The "My Satis" Android application has a hard-coded Bluetooth PIN of "0000"
[...]
As such, any person using the "My Satis" application can control any Satis
toilet. An attacker could simply download the "My Satis" application and
use it to cause the toilet to repeatedly flush, raising the water usage and
therefore utility cost to its owner.
Attackers could cause the unit to unexpectedly open/close the lid, activate
bidet or air-dry functions, causing discomfort or distress to user.
—
Trustwave advisory
— Android-controlled toilets, what could possibly go wrong?
Ellison's Law: For every keystroke or click required to use a crypto
feature, the userbase declines by half.
—
Garrett
LeSage (quoting Stef Walter from GUADEC)
Even the electronic civil lib contingent is lying to themselves. They're sore and indignant now, mostly because they weren't consulted — but if the NSA released PRISM as a 99-cent Google Android app, they'd be all over it. Because they are electronic first, and civil as a very distant second.
They'd be utterly thrilled to have the NSA's vast technical power at their own command. They'd never piously set that technical capacity aside, just because of some elderly declaration of universal human rights from 1947. If the NSA released their heaps of prying spycode as open-source code, Silicon Valley would be all over that, instantly. They'd put a kid-friendly graphic front-end on it. They'd port it right into the cloud.
—
Bruce Sterling
One day, we saw that Bruce Sterling was coming into town for a book reading, and we thought: here's our chance. Like good Nineties digital activists, we'd all read our Hacker Crackdown, and knew he might be a friend in getting some rip-roaring coverage in the heart of the beast. After horribly hijacking him from what looked a nice literary meal, we took him to heroin-chic dive bar in Soho, told him our problems, and begged him to help.
Forget defending crypto, he said. It's doomed. You're screwed.
No, the really interesting stuff, he said, is in postmodern literary theory.
—
Danny O'Brien
Comments (9 posted)
UCLA has a
report on "software obfuscation" research by computer science professor Amit Sahai. Essentially, code can be encrypted in such a way that it still operates correctly but cannot be reverse engineered. "
According to Sahai, previously developed techniques for obfuscation presented only a "speed bump," forcing an attacker to spend some effort, perhaps a few days, trying to reverse-engineer the software. The new system, he said, puts up an "iron wall," making it impossible for an adversary to reverse-engineer the software without solving mathematical problems that take hundreds of years to work out on today's computers — a game-change in the field of cryptography.
The researchers said their mathematical obfuscation mechanism can be used to protect intellectual property by preventing the theft of new algorithms and by hiding the vulnerability a software patch is designed to repair when the patch is distributed."
Comments (48 posted)
Ars technica is one of many sites with
coverage
of the Firefox exploit that was used to attack the anonymity of Tor
users. "
The attack code exploited a memory-management vulnerability,
forcing Firefox to send a unique identifier to a third-party server using a
public IP address that can be linked back to the person's ISP. The exploit
contained several hallmarks of professional malware development, including
'heap spraying' techniques to bypass Windows security protections and the
loading of executable code that prompted compromised machines to send the
identifying information to a server located in Virginia, according to an
analysis by researcher Vlad Tsrklevich."
Comments (16 posted)
Wired is
reporting that the
Open Source Digital Voting (OSDV) Foundation has finally gotten approval for its non-profit status from the US Internal Revenue Service after applying for it in February 2007. "
Then the revolution stalled. The Open Source Digital Voting Foundation spent the next four years in a kind of government-induced limbo as the Internal Revenue Service delayed processing of its application for nonprofit status. That delay cost the operation an untold amount of grant and donation dollars, and though the project has produced some software, it still hasn't begun work on important things like ballot-counting and tabulation devices and accessible voting machines." OSDV runs the
Trust the Vote project and seeks to create open source voting machine solutions.
Comments (99 posted)
New vulnerabilities
bluetile: command injection
| Package(s): | bluetile |
CVE #(s): | CVE-2013-1436
|
| Created: | August 6, 2013 |
Updated: | August 7, 2013 |
| Description: |
From the OSS security mailing list:
A remote command injection vulnerability was reported in xmonad-contrib.
The vulnerability is in the XMonad.Hooks.DynamicLog module.
As we know, web browsers usually set the window title to the current tab. A
malicious user, then, can craft a special title in order to inject commands
in the current bar. |
| Alerts: |
|
Comments (none posted)
chromium-browser: multiple vulnerabilities
| Package(s): | chromium-browser |
CVE #(s): | CVE-2013-2881
CVE-2013-2882
CVE-2013-2883
CVE-2013-2884
CVE-2013-2885
CVE-2013-2886
|
| Created: | August 5, 2013 |
Updated: | September 4, 2013 |
| Description: |
From the CVE entries:
Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. (CVE-2013-2881)
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." (CVE-2013-2882)
Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object. (CVE-2013-2883)
Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object. (CVE-2013-2884)
Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to not properly considering focus during the processing of JavaScript events in the presence of a multiple-fields input type. (CVE-2013-2885)
Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2013-2886) |
| Alerts: |
|
Comments (none posted)
evolution-data-server: encrypt email to unintended recipient
| Package(s): | evolution-data-server |
CVE #(s): | CVE-2013-4166
|
| Created: | August 1, 2013 |
Updated: | August 12, 2013 |
| Description: |
From the Ubuntu advisory:
Yves-Alexis Perez discovered that Evolution Data Server did not properly
select GPG recipients. Under certain circumstances, this could result in
Evolution encrypting email to an unintended recipient. |
| Alerts: |
|
Comments (none posted)
gksu-polkit: privilege escalation
| Package(s): | gksu-polkit |
CVE #(s): | CVE-2013-4161
|
| Created: | August 5, 2013 |
Updated: | August 7, 2013 |
| Description: |
From the Red Hat bugzilla:
It was found that the patch to correct CVE-2012-5617 (bug #883162) was improperly applied, so the vulnerability described by CVE-2012-5617 was never really fixed. |
| Alerts: |
|
Comments (none posted)
heat-jeos: improper handling of passwords
| Package(s): | heat-jeos |
CVE #(s): | CVE-2013-2069
|
| Created: | August 6, 2013 |
Updated: | September 30, 2013 |
| Description: |
From the Red Hat bugzilla:
It was discovered that when used to create images, livecd-tools gave the root user an empty password rather than leaving the password locked in situations where no 'rootpw' directive was used or when the 'rootpw --lock' directive was used within the Kickstart file, which could allow local users to gain access to the root account. |
| Alerts: |
|
Comments (none posted)
httpd: disrepects dirty flag
| Package(s): | httpd apache |
CVE #(s): | CVE-2013-2249
|
| Created: | August 6, 2013 |
Updated: | August 12, 2013 |
| Description: |
From the CVE entry:
mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors. |
| Alerts: |
|
Comments (none posted)
mozilla: multiple vulnerabilities
| Package(s): | firefox, thunderbird, seamonkey |
CVE #(s): | CVE-2013-1701
CVE-2013-1709
CVE-2013-1710
CVE-2013-1713
CVE-2013-1714
CVE-2013-1717
|
| Created: | August 7, 2013 |
Updated: | August 30, 2013 |
| Description: |
From the CVE entries:
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2013-1701)
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document. (CVE-2013-1709)
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation. (CVE-2013-1710)
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site. (CVE-2013-1713)
The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors. (CVE-2013-1714)
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. (CVE-2013-1717) |
| Alerts: |
|
Comments (none posted)
mozilla: multiple vulnerabilities
| Package(s): | firefox, seamonkey |
CVE #(s): | CVE-2013-1702
CVE-2013-1704
CVE-2013-1705
CVE-2013-1708
CVE-2013-1711
|
| Created: | August 7, 2013 |
Updated: | August 19, 2013 |
| Description: |
From the CVE entries:
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2013-1702)
Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event. (CVE-2013-1704)
Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.(CVE-2013-1705)
Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function. (CVE-2013-1708)
The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object. (CVE-2013-1711) |
| Alerts: |
|
Comments (none posted)
otrs2: sql injection
| Package(s): | otrs2 |
CVE #(s): | CVE-2013-4717
CVE-2013-2625
|
| Created: | August 5, 2013 |
Updated: | August 13, 2013 |
| Description: |
From the Debian advisory:
It was discovered that otrs2, the Open Ticket Request System, does not
properly sanitize user-supplied data that is used on SQL queries. An
attacker with a valid agent login could exploit this issue to craft SQL
queries by injecting arbitrary SQL code through manipulated URLs. |
| Alerts: |
|
Comments (none posted)
perl-Proc-ProcessTable: symlink attack
| Package(s): | perl-Proc-ProcessTable |
CVE #(s): | CVE-2011-4363
|
| Created: | August 5, 2013 |
Updated: | August 23, 2013 |
| Description: |
From the CVE entry:
ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS. |
| Alerts: |
|
Comments (none posted)
samba: denial of service
| Package(s): | samba |
CVE #(s): | CVE-2013-4124
|
| Created: | August 6, 2013 |
Updated: | September 25, 2013 |
| Description: |
From the CVE entry:
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. |
| Alerts: |
|
Comments (none posted)
subversion: denial of service
| Package(s): | subversion |
CVE #(s): | CVE-2013-4131
|
| Created: | August 1, 2013 |
Updated: | August 12, 2013 |
| Description: |
From the Subversion advisory:
Subversion's mod_dav_svn Apache HTTPD server module will trigger an assertion
on some requests made against a revision root. This can lead to a DoS.
If assertions are disabled it will trigger a read overflow which may cause a
SEGFAULT (or equivalent) or undefined behavior.
Commit access is required to exploit this. |
| Alerts: |
|
Comments (none posted)
WebCalendar: multiple vulnerabilities
| Package(s): | WebCalendar |
CVE #(s): | |
| Created: | August 5, 2013 |
Updated: | August 7, 2013 |
| Description: |
From the WebCalendar bug report:
Version 1.2.7 (22 Jan 2013)
- Security fix: Do not show the reason for a failed login (i.e. "no such user")
- Security fix: Escape HTML characters in category name.
- Security fix: Check all passed in fields (either via HTML form or via URL parameter) for certain malicious tags (script, embed, etc.) and generate fatal error if found.
|
| Alerts: |
|
Comments (none posted)
Page editor: Jake Edge
Next page: Kernel development>>
