Category Archives: FAQs

Eventually, there will be FAQs, but until then, please enjoy this selection of Glossaries.

Exhibition Glossaries

Warner Bros. Digital Cinema Glossary – (PDF)

Rex Beckett's dicineco DCinema Glossary (Online)

Council of Europe's Glossary Digitisation (DOC)

XDC's DC Glossary (PDF)

Michael Karagosian's MKPE Digital Cinema Technology FAQ

Michael Karagosian's MKPE Digital Cinema Business FAQs

Dolby's Digital Cinema Glossary (pdf)

Dolby's Digital Cinema Glossary – (Online)

Europa Distribution DC Glossary (PDF)

DCI DCinema Specs 1.1 Glossary (PDF)


Post Production/Mastering Glossaries

EDCF's Mastering Guide Glossary – (PDF)

Phil Green' s Digital Intermediate Guide (Online)

Surreal Road's Digital Intermediate Primer (Online)

Surreal Road's Digital Intermediate FAQ (Online)

Surreal Road's Digital Intermediate Glossary (Online)

Digital Rebellions' Post Production Glossary (Online)

 

3D Glossary

ev3's 3D Glossary


Production Glossaries

Moving Picture Companies Jargon Explained (Online)

Octamas Film Production DC Glossary (Online)

Pocket Lint's Glossary of 3D Terms (Online)

Kodak's Glossary of Film – (Online)

Kodak's Cinema and Television Glossary (Online)

Sony's ABCs of Digital Cinema (PDF)

 

Associated Glossaries

Christie's Technology Explained (OnLine)

Sony's Audio Glossary (PDF)

 

More SSL Flaws Found by MS

Users of Internet Information Services (IIS) < 6.0 in default mode are not affected by potential man-in-the-middle attack…kinda…must use workarounds…Microsoft advises not to use their workarounds though. In fairness to MS, this is old SSL exploit news that they are acknowledging affects all their current OSs. 

Read the ars technica report…and read a newspaper instead of using wifi at the coffeeshop, or at your clients…or on the trian.

Microsoft warns of TLS/SSL flaw in Windows

By Emil Protalinski | Last updated February 9, 2010 4:12 PM

Microsoft has issued Security Advisory (977377) to address a publicly disclosed vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The TLS and SSL protocols are implemented in several Microsoft products, both client and server. Currently Microsoft has concluded that it affects all supported versions of Windows: Windows 2000 SP4, Windows XP (32-bit and 64-bit), Windows Server 2003 (32-bit and 64-bit), Windows Vista (32-bit and 64-bit), Windows Server 2008 (32-bit and 64-bit), Windows 7 (32-bit and 64-bit), and Windows Server 2008 R2. Microsoft says it will update the advisory as the investigation progresses.

FIPS 140-2 Level 2 Certified USB Memory Stick Cracked

This is from the H-Online Article:
NIST-certified USB Flash drives with hardware encryption cracked
Yes; DCI specifies that the euqipment meets FIPs Level 3, not level 2. But 3 huge companies making the same mistake? Hmmm. Plus, this is not just a DCinema issue, this affect everyone who tries to keep their personal or work computer safe, trusting devices and technology of this type. My guess is that there was an Application Note that specified how to make a particular chipset work (which all the manufacturers used.) It was the Application Note that everyone followed and which had the implementation flaw. Just a guess.

The article continues, excepted below. There is also some fine commentary about this issue at: Schnieier on Security.

 

The USB drives in question encrypt the stored data via the practically uncrackable AES 256-bit hardware encryption system. … the SySS security experts found a rather blatant flaw that has quite obviously slipped through testers’ nets. … the program will, irrespective of the password, always send the same character string to the drive after performing various crypto operations…

Cracking the drives is therefore quite simple. The SySS experts wrote a small tool … The vulnerable devices include the Kingston DataTraveler BlackBox, the SanDisk Cruzer Enterprise FIPS Edition and the Verbatim Corporate Secure FIPS Edition.

When notified by SySS about this worst case security scenario, the respective vendors responded quite differently. Kingston started a recall of the affected products; SanDisk and Verbatim issued woolly security bulletins about a “potential vulnerability in the access control application” and provided a software update.

Flash Cookies | Your Privacy

Security and Privacy are parallel tracks. Letting someone into your computer for purposes that you are not allowed to control, or even know about, is fraught with potential points of failure down the line. Do I, or you, need to know how or why right now? Is there always someone who is trying to exploit was to find hidden files to do something nefarious? Just allowing someone, anyone, to put 100k (the standard setting, not a limit) of info on your computer without asking, without allowing you to see what it actually does or says, is wrong.

CCleaner, FlashCookiesView and Flash Cookie Cleaner get good reviews. If you are using Firefox, you can use Foxit and flashblock, but remember, these files are ubiquitous – they are shared by all browsers on your system.

Here is the link for the settings manager at Adobe — feels like fox in the henhouse, and is not easy to use…

[Update: I just used a nice program from MacHacks named Flush.app – Flash Cookie Removal Tool For OS X. Quick to download and simple to use, for Mac users it seems a nice way to go.]

 

Sure: Resort to OverSieving…RSA 768 Modulus Fail

Read ArsTechnica; 768-bit RSA cracked, 1024-bit safe (for now)—768-bit RSA cracked, 1024-bit safe (for now)

Researchers have posted a preprint that describes their method for factoring a number used for RSA 768-bit encryption. By John Timmer | Last updated January 7, 2010 5:20 PM

With the increasing computing power available to even casual users, the security-conscious have had to move on to increasingly robust encryption, lest they find their information vulnerable to brute-force attacks. The latest milestone to fall is 768-bit RSA; in a paper posted on a cryptography preprint server, academic researchers have now announced that they factored one of these keys in early December.

Most modern cryptography relies on single large numbers that are the product of two primes. If you know the numbers, it’s relatively easy to encrypt and decrypt data; if you don’t, finding the numbers by brute force is a big computational challenge. But this challenge gets easier every year as processor speed and efficiency increase, making “secure” a bit of a moving target. The paper describes how the process was done with commodity hardware, albeit lots of it. 

Their first step involved sieving, or identifying appropriate integers; that took the equivalent of 1,500 years on one core of a 2.2GHz Opteron; the results occupied about 5TB. Those were then uniqued and processed into a matrix; because of all the previous work, actually using the matrix to factor the RSA value only took a cluster less than half a day. Although most people aren’t going to have access to these sorts of clusters, they represent a trivial amount of computing power for many organizations. As a result, the authors conclude, “The overall effort is sufficiently low that even for short-term protection of data of little value, 768-bit RSA moduli can no longer be recommended.” 1024-bit values should be good for a few years still.

Given that these developments are somewhat inevitable, even the authors sound a bit bored by their report. “There is nothing new to be reported for the square root step, except for the resulting factorization of RSA-768” they write. “Nevertheless, and for the record, we present some of the details.” Still, they manage to have a little fun, in one place referencing a YouTube clip of a Tarantino film following their use of the term “bingo.”

[Another good article at: New Record in the Area of Prime Number Decomposition of Cryptographically Important Numbers – not that the article gives more, but the Related Stories are interesting.]

Nuclear Plants Cautiously Phase Out Dial-Up Modems

This story comes from Wired: Read the entire piece at:
Nuclear Plants Cautiously Phase Out Dial-Up Modems | Threat Level | Wired.com
By Kevin Poulsen

“Licensees currently use analog modulator/demodulators (modems) to establish point-to-point data connections,” the NRC wrote in a memo (.pdf) to plant operators late last month. “Although this technology was state of the art when ERDS was first implemented, it is now obsolete, and replacement equipment is no longer available.”

The NRC notes several advantages … in a crisis all the plants could report … simultaneously, without the hassle of busy signals. In addition, “The use of modems inherently introduces cyber security vulnerabilities to the systems to which they are attached.”

The ERDS ties into plant computer systems … a “near real-time” view … including reactor core and coolant conditions, and radioactivity release rates.

…operators of 19 plants had expressed interest in getting rid of their modems. One hopes the other 47 will soon follow those early adopters.

Next year…

Modem photo courtesy SecretLondon123.

Security – The Psychology of Being Scammed

1. The distraction principle. While you are distracted by what retains your interest, hustlers can do anything to you and you won’t notice.

2. The social compliance principle. Society trains people not to question authority. Hustlers exploit this “suspension of suspiciousness” to make you do what they want.

3. The herd principle. Even suspicious marks will let their guard down when everyone next to them appears to share the same risks. Safety in numbers? Not if they’re all conspiring against you.

4. The dishonesty principle. Anything illegal you do will be used against you by the fraudster, making it harder for you to seek help once you realize you’ve been had.

5. The deception principle. Thing and people are not what they seem. Hustlers know how to manipulate you to make you believe that they are.

6. The need and greed principle. Your needs and desires make you vulnerable. Once hustlers know what you really want, they can easily manipulate you.

[The post and its comments are at:
Schneier on Security: The Psychology of Being Scammed  – November 30, 2009]

It all makes for very good reading.

Two previous posts on the psychology of conning and being conned.

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Major SSL Encryption Flaw Hits Web/Tech Companies Using SSL | IT Pro

[Editor’s Note: At first glance, this story looks a lot like last September’s and last August’s stories of SSL vulnerabilities. In fact, this is far worse. It is not our purpose to make your life harder by forcing you to know how often SSL encryption is used in your life. Suffice to say, this is not going to get handled by a simple patch a week later Firefox or Apple. And now, even worse, is that it is in the open…the bad guys know where to attack.

How does it affect you as the above average user? First off: Everything that you learned about trusting the little lock on the browser window is no longer valid.

  1. Make certain that your employees are extra vigilant with all computers, and with all USB sticks. We don’t know how the BlackHats are going to exploit this yet.
  2. Don’t download anything that doesn’t come directly from someone that you know.
  3. Don’t trust any email that says that “We are helping you, just click here.”
  4. Don’t trust any email with a link where the link isn’t showing and where the section of the address immediately before any slashes isn’t .com or .org or .co.uk. For example, http://www.ebay.com.hacker.ru shouldn’t make you feel comfortable that it came from ebay.com – the end of the URL (Uniform Resourse Locator) just before the / is the controlling item.
  5. And, of course, right now —
  • a) make certaint that your back up system is working, and it makes several iterations of the back-up, and
  • b) make certain that your virus software is up to date, and
  • c) make certain that all wifi signals are using WPA2 security with a password that doesn’t have any dictionary word, and
  • d) systematically reformat the USB sticks that are being used to take keys to your Digital Cinema Servers.

My suggestion:

  • If you have a computer network in your office, hire a security expert to come and train your employees on security for an hour or two, in addition to checking our your network for vulnerabilities and un-updated software (including Flash/Shockwave, Reader, Firefox and all virus software. They’ve all been updated recently for multiple security reasons.)
  • Wait one week, then have the expert return and answer any questions that the employees now have since they learned what to look for.

For the ultra techs, here is the links for the basic research on this:
MITM attack on delayed TLS-client auth through renegotiation
Renegotiating TLS

End Editor Note]

For the original article, please read:
Major SSL encryption flaw hits the web | IT PRO

By Asavin Wattanajantra, 6 Nov 2009 at 15:53

Researchers Marsh Ray and Steve Dispensa are believed to have shown the flaw to a working group of affected vendors, which included Microsoft, Intel, Nokia, IBM, Cisco and Juniper.

In a statement, PhoneFactor said: “[We] volunteered to delay disclosure on the vulnerability until early 2010 to allow time for vendors to make the necessary patches available.”

“However, an independent researcher discovered the vulnerability and posted it to Internet Engineering Task Force (IETF) mailing list on November 4th… News of the vulnerability quickly spread through the IT security community,” it added.

PhoneFactor added that this was a protocol vulnerability rather than an implementation flaw, so the impact was far reaching.

“All SSL libraries will need to be patched, and most client and server applications will, at a minimum, need to include new copies of SSL libraries in their products,” the firm said.

“Most users will eventually need to update any software that uses SSL.”

Andrew Clarke, senior vice president for Lumension, said in a statement that the SSL flaw was likely to bring a large number of patches in the near term from vulnerable vendors.

Urgent – Adobe fixes five critical Shockwave flaws | IT PRO

See the full article at: Adobe fixes five critical Shockwave flaws | IT PRO
By Asavin Wattanajantra, 4 Nov 2009 at 15:51

Nicolas Joly of VUPEN security was credited for reporting the four issues and working with Adobe to protect customers.

The update also solves a boundary condition issue that could have lead to Denial of Service (DoS).

Shockwave Player is described as the ‘web standard for powerful multimedia playback’ by Adobe, and allows users who download it to see interactive web content such as business presentations, advertisements, entertainment and games.

The flaws can be patched by downloading the latest Shockwave update.

Upgrade Firefox 3.5.4 and Reader 9.2

The latest upgrade to Firefox, dated 27 October, in particular for the Mac 3.5.4, has 6 “Critical Vulnerabilitioes” listed sine the September 3.5.3 update – See: Security Advisories for Firefox 3.5 – This rounds out to 25 Critical fixes since the June release of 3.5

Should you update? No question. Just look at the definition of Critical – Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.

There will be confusion by those who have heard that there is a new release that is a beta. Do not be confused. A beta of 3.6 is iminent – it was expected on the 28th, but has been delayed.

=-=-=

Reader Update: 2 weeks ago Adobe Reader was upgraded to 9.2 – This release of Reader is mandatory as well. 9.1 was plagued with vulnerabilities and required many updates to stay current and secure. It is best that you and that everyone you know is upgraded.

Spread the word.

Apple Admits Existence of Data-Eating Bug

Read the full article at:

Apple admits existence of data-eating bug guardian.co.uk, Tuesday 13 October 2009 02.04 BST
Bobbie Johnson, San Francisco

(Other links at the end of this excerpt)

Reports of the problem first surfaced more than a month ago, but it was only on Monday that Apple finally responded …

“We are aware of the issue, which occurs only in extremely rare cases, …

Although some users have been able to restore their data after being hit by the bug, many others …erased…

“When logging in to my regular account, everything was gone,” said one user …

“After I had logged out of that account and back into mine my enter home directory had been wiped…

Some reported only minor data loss, however.

“I accidentally logged into the guest account and then logged out and noticed that my background picture was different, and folders that were on the desktop were gone,” said another user. “I was mad, but nothing hurt me too much.”

As well as concerns over, the episode also highlights the importance of properly backing up your data – a hot topic in recent days, given a massive failure to [sic] by Microsoft.

Apple’s admission comes just days after its rival admitted that a problem with its own backup systems had left tens of thousands of American mobile phone customers stranded without access to their data.

Customers who had subscribed to use T-Mobile’s Sidekick handset, which uses software produced by Microsoft … would not be able to recover any of their personal information – … after the company failed to properly back up user information.

… there were no adequate backups to replace the data that had been lost.

“Personal information stored on your device… that is no longer on your Sidekick almost certainly has been lost …

guardian.co.uk © Guardian News and Media Limited 2009
Apple acknowledges Snow Leopard data loss issue | Circuit Breaker – CNET News

AppleInsider | Snow Leopard guest account bug deletes user data [u]

Snow Leopard wiping home directory after guest log-in? | MacFixIt – CNET Review

This article suggests that:
If you need guest account functionality and do not trust the built-in account because of this problem, for now just create a new non-administrator account (call it “Visitor” if you need a semi-decent alternative name) for use as a guest, and customize restrictions for it with parental controls. In most instances this will work just fine, since the only real difference in behavior for guest accounts is that data and settings are reset upon logout.

Current Security Updates – 09/09

  • Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
  • High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
  • Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
  • Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have “High” impact because those are generally used to steal sensitive data intended for other sites.)

Fixed in Firefox 3.5.3
Critical: MFSA 2009-51 Chrome privilege escalation with FeedWriter
MFSA 2009-50 Location bar spoofing via tall line-height Unicode characters
Critical: MFSA 2009-49 TreeColumns dangling pointer vulnerability
Critical: MFSA 2009-47 Crashes with evidence of memory corruption (rv:1.9.1.3/1.9.0.14)

Fixed in Firefox 3.5.2
Critical: MFSA 2009-46 Chrome privilege escalation due to incorrectly cached wrapper
Critical: MFSA 2009-45 Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13)
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-38 Data corruption with SOCKS5 reply containing DNS name longer than 15 characters

Fixed in Firefox 3.5.1
Critical: MFSA 2009-41 Corrupt JIT state after deep return from native function
Critical: MFSA 2009-35 Crash and remote code execution during Flash player unloading

Fixed in Firefox 3.5
Critical: MFSA 2009-43 Heap overflow in certificate regexp parsing
Critical: MFSA 2009-42 Compromise of SSL-protected communication
MFSA 2009-40 Multiple cross origin wrapper bypasses
Critical: MFSA 2009-39 setTimeout loses XPCNativeWrappers
Critical: MFSA 2009-37 Crash and remote code execution using watch and __defineSetter__ on SVG element
Critical: MFSA 2009-36 Heap/integer overflows in font glyph rendering libraries
Critical: MFSA 2009-34 Crashes with evidence of memory corruption (rv:1.9.1/1.9.0.12)

That’s a heap of Critical – Message is: Stay on top of Firefox. Stay on top of every freakin’ piece of software you have, for certainly, the blackhats are.


Nine patches for Microsoft’s next Patch Tuesday | IT PRO By Nicole Kobie, 7 Aug 2009 at 10:26

 

Microsoft will issue nine security patches next Tuesday, as part of its monthly patching cycle.

The majority affect various versions of Windows. Five are seen as critical by Microsoft, with the other three rated important. One critical patch also affects Client for Mac, while one of the important patches is for the .NET Framework.

The last bulletin is for a flaw in Microsoft Office’s Web Components, which was reported last month. The critical patch affects Microsoft Office, Visual Studio, ISA Server and BizTalk.

Paul Henry, security and forensic analyst at Lumension, said: “After a summer of heavier-than-normal Patch Tuesdays, the last thing IT workers need next Tuesday is yet another large batch of patches from Microsoft.”

He warned that anyone using Microsoft’s ISA server should pay attention to this patch. “One of Microsoft’s security products, Internet Security and Acceleration (ISA) server, appears to have a hole that’s critical on all versions,” he said.

“Therefore, companies that are actively using this product as part of their security infrastructure will need to patch this vulnerability immediately.”

The patch will be delivered by autoupdate or be available to download on 11 August.

Microsoft issued a pair of out-of-band patches last week, to fix flaws in Internet Explorer and Visual Studio.

Apple updates Mac OS | IT PRO By Nicole Kobie, 6 Aug 2009 at 11:07

Apple has released the Mac OS X 10.5.8 update, patching a few issues in its Leopard operating system,  one month before the new 10.6 Snow is expected to be released.

Aside from general stability issues, the update fixes problems with joining AirPort networks, monitor resolution settings and Bluetooth reliability with peripheral devices like printers. The update also fixes an error which slowed startup time and another which affected imports of large movie or photo files.

The Mac OS X 10.5.8 update includes the latest version of Safari and all recent security patches.

 

GarageBand 5.1 puts lid back on cookie jar – News – The H Security: News and features 6 August 2009

Apple has released an update for its GarageBand application, addressing a security issue that could allow third parties or advertisers to track a user’s web activity. When a user opens the GarageBand application, it automatically changes Safari’s security preferences to always accept cookies, rather than the default setting of “Only from sites I visit”.

The change means that users may no longer be blocking any third-party cookies which advertisers can use to track their online activity.     [Read more data at H Security source material above.]

Naming trick opens mail servers – News – The H Security: News and features 6 August 2009

A number of Vietnamese spam sources are currently attracting attention because the spammers have equipped the relevant hosts with DNS pointer records called “localhost”. As a result, IP addresses like 123.27.3.81, 222.252.80.188 or 123.16.13.188 produce this name when a reverse look-up occurs. The problem is caused by badly configured Domain Name Systems, as “localhost” should generally translate to a single IP address – 127.0.0.1 …

Mail server operators must make sure they avoid falling victim to this trick. For example, they can make relays only available from local IP addresses and not identify clients by reverse look-up DNS names. Normal open relay tests don’t produce an alert in this case, because the test client usually isn’t called “localhost”. Several vulnerable mail servers have already been added to the iX blacklist. In addition to blacklisting, the operators of open relays potentially face having to pay damages to spam or malware recipients. [Read more data at H Security source material above.]

Firefox patches Black Hat SSL encryption vulnerability | IT PRO By Asavin Wattanajantra, 4 Aug 2009 at 11:23

Firefox has released version 3.5.2, a patch closing four critical vulnerabilities – one of which was a serious SSL encryption flaw discovered at the recent Black Hat conference in Las Vegas

The flaw is described in more detail here, but as Mozilla said in an advisory, it basically meant that attackers could have obtained certificates that could intercept and alter encrypted information between client and server, such as bank account transactions.

The other three vulnerabilities were also critical. This meant that attackers could have taken advantage by running code and installing software on a user’s computer even if they were just browsing normally.

[Story is severely edited…see the original.]

Latest Videos in Security

Video: Mobile security threats and Mac complacency Play Video: Mobile security threats and Mac complacency Play

Part two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.

Apple’s Snow Leopard downgrades Flash

Apple’s Snow Leopard, Mac OS X 10.6, downgrades the Adobe Flash Player installed on systems being upgraded with the updated operating system. The Flash Player version distributed with Snow Leopard is 10.0.23.1. Although this is a later version number than the most recently reported vulnerable version, it was being distributed at the same time as the flawed version and most probably suffers the same critical security issues. Adobe have confirmed the issue exists and recommend that Snow Leopard users update their Flash Player as soon as possible, by visiting http://get.adobe.com/flashplayer/ and installing version 10.0.32.18. Users can check what version of Flash Player they have installed by going to Adobe’s version check

page.

Read the entire article at:

Apple’s Snow Leopard downgrades Flash – News – The H Security: News and features

During the development of Snow Leopard, and as far back as early July, beta versions were shipped which included Adobe Flash Player 10.0.23.1. Towards the end of July, a critical security vulnerability was discovered in Flash Player version 10.0.22.87, the generally available Flash Player version at the time. The Flash Player was updated on the last day of July, to version 10.0.32.18, but it appears either Adobe or Apple did not ensure that this update made it onto the “gold master” of Snow Leopard which, according to reports, was sent to manufacturing in mid August. This master was used to produce the Snow Leopard DVDs, which were made available in stores on August 28th. As a result, users who had updated the Flash Player on Mac OS X 10.5.8 at the start of August, and then upgraded to Snow Leopard will find that they are back to running a version which, although there are no specific security advisories for it, is most probably vulnerable to the same flaws as Flash Player 10.0.22.87.

Another New AES Attack

But, is it merely FUD at this point? For the daily user, this info is nothing to lose sleep over. AES is not broken. Someone can’t open an AES encrypted movie at this point. But, it points out that rust and black-hats never sleep, and neither should white-hats. The library of a studio is theirs to protect for its owner for many years, if not many decades. This is pointing out that what seemed unthinkable not too many years ago is stumbling into the realm of possibility now.

In the article, Mr. Schneier makes recommendations about how to make better choises. It would be good for the powers that be to re-examine their choices and let everyone know that everything is fine. [End Editor Comment]

From Crypto-Gram: August 15, 2009 Anyone interested and capable of reading this blog should be subscribing to Crypto-Gram

Abstract. AES is the best known and most widely used block cipher. Its three versions (AES-128, AES-192, and AES-256) differ in their key sizes (128 bits, 192 bits and 256 bits) and in their number of rounds (10, 12, and 14, respectively). In the case of AES-128, there is no known attack which is faster than the 2^128 complexity of exhaustive search. However, AES-192 and AES-256 were recently shown to be breakable by attacks which require 2^176 and 2^119 time, respectively. While these complexities are much faster than exhaustive search, they are completely non-practical, and do not seem to pose any real threat to the security of AES-based systems.

In this paper we describe several attacks which can break with practical complexity variants of AES-256 whose number of rounds are comparable to that of AES-128. One of our attacks uses only two related keys and 2^39^ time to recover the complete 256-bit key of a 9-round version of AES-256 (the best previous attack on this variant required 4 related keys and 2^120 time). Another attack can break a 10 round version of AES-256 in 2^45 time, but it uses a stronger type of related subkey attack (the best previous attack on this variant required 64 related keys and 2^172 time).

They also describe an attack against 11-round AES-256 that requires 2^70 time — almost practical.

[Editor] The balance of the article is just as important as the above, explaining how critical this is and how it can be mitigated. It also includes references to the original work.

 

Read at: From Crypto-Gram: August 15, 2009

 

Linux kernel vulnerability fixes – Update 3

 

From an article in H Security: Linux kernel vulnerability fixes – Update 3 – News – The H Security: News and features
17 August 2009, 16:40

Update 18 August – There is currently no patch for Red Hat Enterprise Linux (RHEL), but the company does offer a workaround which involves blacklisting certain network protocols so that the exploit that is currently in the wild does not function. The CentOS developers are waiting on a patch to appear from Red Hat and in the interim recommend a similar procedure as a workaround. Novell has said there is no patch yet available for SUSE Linux Enterprise Server.

Update 19 August – Ubuntu have released updates for Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, Ubuntu 8.10, Ubuntu 9.04 and all corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details of the updates are given in an Ubuntu Security Notice and the updates are available through Ubuntu’s software Update Manager system.

Update 25 August Red Hat, Novell and CentOS have now published updates to address the vulnerability for RHEL 4 and 5, SUSE Linux Enterprise Server/Desktop and opensSUSE 10.3 to 11.1 and CentOS 4 and 5 respectively.

Deadly pings for Cisco routers and switches

From a story at H Security: Deadly pings for Cisco routers and switches – News – The H Security: News and features

The command show np 2 stats can be used to determine whether the problem has previously occurred. If it has the error message “ERROR: np_logger_query request for FP Stats failed” is returned. The vendor does not suggest a workaround, but has made updated versions of the FWSM software available in which the problem does not occur.

Notice in the comments:

Ok, this is just plain inaccurate.

I’m not sure who read the Cisco advisory because they did a pretty bad job at the interpretation:

1) First off, this isn’t a bug that “disables Cisco routers and switches”. This is specifically about the FIREWALL MODULE that can be installed on a 6500-switch or a 7600-series router. Just because the  module is installed on the switch/router does not mean that the entire platform is affected/disabled. Please read up on modular switches/routers to understand what that means.

2) The vendor DOES suggest a workaround (albeit not to be carried out on the FWSM itself); it may not be the most elegant, but the
workaround is to filter ICMP packets before they get to the FWSM. The
edge router would be the most suitable candidate for that and applying this filter would prevent the malicious ICMP traffic in question from reaching the vulnerable FWSM.

See also:

[Editor] And now an update: 9 September – It seems there is a problem, and now a fix:

Cisco TCP stack vulnerable to DoS attacks – News – The H Security: News and features

9 September 2009, 12:52

Cisco TCP stack vulnerable to DoS attacks

Cisco has released a software update to fix a DoS vulnerability in a number of its products. An attacker can manipulate the state of an open TCP connection so that it never times out and remains connected indefinitely. According to Cisco, such connections hang in the FINWAIT1 state.

If an attacker can achieve this with a large number of connections, they will consume sufficient resources to prevent further connections to the system being established. A reboot is required to resolve the problem. Crashes may also occur.

Cisco IOS, IOS-XE, CatOS, ASA, PIX, NX-OS and Linksys products are all affected. Precise details of which systems are affected and which are not, can be found in the vendor’s own security advisory.

The problem is not new, but has been smouldering in the TCP stacks of a number of vendors for a while and is actually a bug in the TCP protocol itself. The problem was first reported by Robert E. Lee and Jack C. Louis from Outpost24 back in October. They used a special tool to demonstrate that a low bandwidth internet connection was able to knock a broadband server off the web. Vendors have been scrabbling around for a solution ever since.

Yesterday, Microsoft too released a patch to fix this problem. Checkpoint, Juniper and other vendors have also now reacted. The Finnish CERT has now finally released details of the problem and of the Sockstress tool used, and distributed to vendors, to test the issue.