Users of Internet Information Services (IIS) < 6.0 in default mode are not affected by potential man-in-the-middle attack…kinda…must use workarounds…Microsoft advises not to use their workarounds though. In fairness to MS, this is old SSL exploit news that they are acknowledging affects all their current OSs. 

Read the ars technica report…and read a newspaper instead of using wifi at the coffeeshop, or at your clients…or on the trian.

Microsoft warns of TLS/SSL flaw in Windows

By Emil Protalinski | Last updated February 9, 2010 4:12 PM

Microsoft has issued Security Advisory (977377) to address a publicly disclosed vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The TLS and SSL protocols are implemented in several Microsoft products, both client and server. Currently Microsoft has concluded that it affects all supported versions of Windows: Windows 2000 SP4, Windows XP (32-bit and 64-bit), Windows Server 2003 (32-bit and 64-bit), Windows Vista (32-bit and 64-bit), Windows Server 2008 (32-bit and 64-bit), Windows 7 (32-bit and 64-bit), and Windows Server 2008 R2. Microsoft says it will update the advisory as the investigation progresses.

This is from the H-Online Article:
NIST-certified USB Flash drives with hardware encryption cracked
Yes; DCI specifies that the euqipment meets FIPs Level 3, not level 2. But 3 huge companies making the same mistake? Hmmm. Plus, this is not just a DCinema issue, this affect everyone who tries to keep their personal or work computer safe, trusting devices and technology of this type. My guess is that there was an Application Note that specified how to make a particular chipset work (which all the manufacturers used.) It was the Application Note that everyone followed and which had the implementation flaw. Just a guess.

The article continues, excepted below. There is also some fine commentary about this issue at: Schnieier on Security.

The USB drives in question encrypt the stored data via the practically uncrackable AES 256-bit hardware encryption system. … the SySS security experts found a rather blatant flaw that has quite obviously slipped through testers’ nets. … the program will, irrespective of the password, always send the same character string to the drive after performing various crypto operations…

Cracking the drives is therefore quite simple. The SySS experts wrote a small tool … The vulnerable devices include the Kingston DataTraveler BlackBox, the SanDisk Cruzer Enterprise FIPS Edition and the Verbatim Corporate Secure FIPS Edition.

When notified by SySS about this worst case security scenario, the respective vendors responded quite differently. Kingston started a recall of the affected products; SanDisk and Verbatim issued woolly security bulletins about a “potential vulnerability in the access control application” and provided a software update.

Security and Privacy are parallel tracks. Letting someone into your computer for purposes that you are not allowed to control, or even know about, is fraught with potential points of failure down the line. Do I, or you, need to know how or why right now? Is there always someone who is trying to exploit was to find hidden files to do something nefarious? Just allowing someone, anyone, to put 100k (the standard setting, not a limit) of info on your computer without asking, without allowing you to see what it actually does or says, is wrong.

CCleaner, FlashCookiesView and Flash Cookie Cleaner get good reviews. If you are using Firefox, you can use Foxit and flashblock, but remember, these files are ubiquitous – they are shared by all browsers on your system.

Here is the link for the settings manager at Adobe — feels like fox in the henhouse, and is not easy to use…

[Update: I just used a nice program from MacHacks named Flush.app – Flash Cookie Removal Tool For OS X. Quick to download and simple to use, for Mac users it seems a nice way to go.]

Read ArsTechnica; 768-bit RSA cracked, 1024-bit safe (for now)—768-bit RSA cracked, 1024-bit safe (for now)

Researchers have posted a preprint that describes their method for factoring a number used for RSA 768-bit encryption. By John Timmer | Last updated January 7, 2010 5:20 PM

With the increasing computing power available to even casual users, the security-conscious have had to move on to increasingly robust encryption, lest they find their information vulnerable to brute-force attacks. The latest milestone to fall is 768-bit RSA; in a paper posted on a cryptography preprint server, academic researchers have now announced that they factored one of these keys in early December.

Most modern cryptography relies on single large numbers that are the product of two primes. If you know the numbers, it’s relatively easy to encrypt and decrypt data; if you don’t, finding the numbers by brute force is a big computational challenge. But this challenge gets easier every year as processor speed and efficiency increase, making “secure” a bit of a moving target. The paper describes how the process was done with commodity hardware, albeit lots of it. 

Their first step involved sieving, or identifying appropriate integers; that took the equivalent of 1,500 years on one core of a 2.2GHz Opteron; the results occupied about 5TB. Those were then uniqued and processed into a matrix; because of all the previous work, actually using the matrix to factor the RSA value only took a cluster less than half a day. Although most people aren’t going to have access to these sorts of clusters, they represent a trivial amount of computing power for many organizations. As a result, the authors conclude, “The overall effort is sufficiently low that even for short-term protection of data of little value, 768-bit RSA moduli can no longer be recommended.” 1024-bit values should be good for a few years still.

Given that these developments are somewhat inevitable, even the authors sound a bit bored by their report. “There is nothing new to be reported for the square root step, except for the resulting factorization of RSA-768” they write. “Nevertheless, and for the record, we present some of the details.” Still, they manage to have a little fun, in one place referencing a YouTube clip of a Tarantino film following their use of the term “bingo.”

[Another good article at: New Record in the Area of Prime Number Decomposition of Cryptographically Important Numbers – not that the article gives more, but the Related Stories are interesting.]

[Editor’s Note: At first glance, this story looks a lot like last September’s and last August’s stories of SSL vulnerabilities. In fact, this is far worse. It is not our purpose to make your life harder by forcing you to know how often SSL encryption is used in your life. Suffice to say, this is not going to get handled by a simple patch a week later Firefox or Apple. And now, even worse, is that it is in the open…the bad guys know where to attack.

How does it affect you as the above average user? First off: Everything that you learned about trusting the little lock on the browser window is no longer valid.

1. Make certain that your employees are extra vigilant with all computers, and with all USB sticks. We don’t know how the BlackHats are going to exploit this yet.
2. Don’t download anything that doesn’t come directly from someone that you know.
3. Don’t trust any email that says that “We are helping you, just click here.”
4. Don’t trust any email with a link where the link isn’t showing and where the section of the address immediately before any slashes isn’t .com or .org or .co.uk. For example, http://www.ebay.com.hacker.ru shouldn’t make you feel comfortable that it came from ebay.com – the end of the URL (Uniform Resourse Locator) just before the / is the controlling item.
5. And, of course, right now —

• a) make certaint that your back up system is working, and it makes several iterations of the back-up, and
• b) make certain that your virus software is up to date, and
• c) make certain that all wifi signals are using WPA2 security with a password that doesn’t have any dictionary word, and
• d) systematically reformat the USB sticks that are being used to take keys to your Digital Cinema Servers.

My suggestion:

• If you have a computer network in your office, hire a security expert to come and train your employees on security for an hour or two, in addition to checking our your network for vulnerabilities and un-updated software (including Flash/Shockwave, Reader, Firefox and all virus software. They’ve all been updated recently for multiple security reasons.)
• Wait one week, then have the expert return and answer any questions that the employees now have since they learned what to look for.

For the ultra techs, here is the links for the basic research on this:
MITM attack on delayed TLS-client auth through renegotiation
Renegotiating TLS

End Editor Note]

For the original article, please read:
Major SSL encryption flaw hits the web | IT PRO
By Asavin Wattanajantra, 6 Nov 2009 at 15:53

Researchers Marsh Ray and Steve Dispensa are believed to have shown the flaw to a working group of affected vendors, which included Microsoft, Intel, Nokia, IBM, Cisco and Juniper.

In a statement, PhoneFactor said: “[We] volunteered to delay disclosure on the vulnerability until early 2010 to allow time for vendors to make the necessary patches available.”

“However, an independent researcher discovered the vulnerability and posted it to Internet Engineering Task Force (IETF) mailing list on November 4th… News of the vulnerability quickly spread through the IT security community,” it added.

PhoneFactor added that this was a protocol vulnerability rather than an implementation flaw, so the impact was far reaching.

“All SSL libraries will need to be patched, and most client and server applications will, at a minimum, need to include new copies of SSL libraries in their products,” the firm said.

“Most users will eventually need to update any software that uses SSL.”

Andrew Clarke, senior vice president for Lumension, said in a statement that the SSL flaw was likely to bring a large number of patches in the near term from vulnerable vendors.

See the full article at: Adobe fixes five critical Shockwave flaws | IT PRO
By Asavin Wattanajantra, 4 Nov 2009 at 15:51

Nicolas Joly of VUPEN security was credited for reporting the four issues and working with Adobe to protect customers.

The update also solves a boundary condition issue that could have lead to Denial of Service (DoS).

Shockwave Player is described as the ‘web standard for powerful multimedia playback’ by Adobe, and allows users who download it to see interactive web content such as business presentations, advertisements, entertainment and games.

The flaws can be patched by downloading the latest Shockwave update.

The latest upgrade to Firefox, dated 27 October, in particular for the Mac 3.5.4, has 6 “Critical Vulnerabilitioes” listed sine the September 3.5.3 update – See: Security Advisories for Firefox 3.5 – This rounds out to 25 Critical fixes since the June release of 3.5

Should you update? No question. Just look at the definition of Critical – Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.

There will be confusion by those who have heard that there is a new release that is a beta. Do not be confused. A beta of 3.6 is iminent – it was expected on the 28th, but has been delayed.

=-=-=

Reader Update: 2 weeks ago Adobe Reader was upgraded to 9.2 – This release of Reader is mandatory as well. 9.1 was plagued with vulnerabilities and required many updates to stay current and secure. It is best that you and that everyone you know is upgraded.

Spread the word.

Read the full article at:

Apple admits existence of data-eating bug guardian.co.uk, Tuesday 13 October 2009 02.04 BST
Bobbie Johnson, San Francisco

(Other links at the end of this excerpt)

Reports of the problem first surfaced more than a month ago, but it was only on Monday that Apple finally responded …

“We are aware of the issue, which occurs only in extremely rare cases, …

Although some users have been able to restore their data after being hit by the bug, many others …erased…

“When logging in to my regular account, everything was gone,” said one user …

“After I had logged out of that account and back into mine my enter home directory had been wiped…

Some reported only minor data loss, however.

“I accidentally logged into the guest account and then logged out and noticed that my background picture was different, and folders that were on the desktop were gone,” said another user. “I was mad, but nothing hurt me too much.”

As well as concerns over, the episode also highlights the importance of properly backing up your data – a hot topic in recent days, given a massive failure to [sic] by Microsoft.

Apple’s admission comes just days after its rival admitted that a problem with its own backup systems had left tens of thousands of American mobile phone customers stranded without access to their data.

Customers who had subscribed to use T-Mobile’s Sidekick handset, which uses software produced by Microsoft … would not be able to recover any of their personal information – … after the company failed to properly back up user information.

… there were no adequate backups to replace the data that had been lost.

“Personal information stored on your device… that is no longer on your Sidekick almost certainly has been lost …

guardian.co.uk © Guardian News and Media Limited 2009
Apple acknowledges Snow Leopard data loss issue | Circuit Breaker – CNET News

AppleInsider | Snow Leopard guest account bug deletes user data [u]

Snow Leopard wiping home directory after guest log-in? | MacFixIt – CNET Review

This article suggests that:
If you need guest account functionality and do not trust the built-in account because of this problem, for now just create a new non-administrator account (call it “Visitor” if you need a semi-decent alternative name) for use as a guest, and customize restrictions for it with parental controls. In most instances this will work just fine, since the only real difference in behavior for guest accounts is that data and settings are reset upon logout.

Apple’s Snow Leopard, Mac OS X 10.6, downgrades the Adobe Flash Player installed on systems being upgraded with the updated operating system. The Flash Player version distributed with Snow Leopard is 10.0.23.1. Although this is a later version number than the most recently reported vulnerable version, it was being distributed at the same time as the flawed version and most probably suffers the same critical security issues. Adobe have confirmed the issue exists and recommend that Snow Leopard users update their Flash Player as soon as possible, by visiting http://get.adobe.com/flashplayer/ and installing version 10.0.32.18. Users can check what version of Flash Player they have installed by going to Adobe’s version check

page.

Read the entire article at:

Apple’s Snow Leopard downgrades Flash – News – The H Security: News and features

During the development of Snow Leopard, and as far back as early July, beta versions were shipped which included Adobe Flash Player 10.0.23.1. Towards the end of July, a critical security vulnerability was discovered in Flash Player version 10.0.22.87, the generally available Flash Player version at the time. The Flash Player was updated on the last day of July, to version 10.0.32.18, but it appears either Adobe or Apple did not ensure that this update made it onto the “gold master” of Snow Leopard which, according to reports, was sent to manufacturing in mid August. This master was used to produce the Snow Leopard DVDs, which were made available in stores on August 28th. As a result, users who had updated the Flash Player on Mac OS X 10.5.8 at the start of August, and then upgraded to Snow Leopard will find that they are back to running a version which, although there are no specific security advisories for it, is most probably vulnerable to the same flaws as Flash Player 10.0.22.87.

• Flash Player Update and Snow Leopard, Adobe PSIRT advisory

But, is it merely FUD at this point? For the daily user, this info is nothing to lose sleep over. AES is not broken. Someone can’t open an AES encrypted movie at this point. But, it points out that rust and black-hats never sleep, and neither should white-hats. The library of a studio is theirs to protect for its owner for many years, if not many decades. This is pointing out that what seemed unthinkable not too many years ago is stumbling into the realm of possibility now.

In the article, Mr. Schneier makes recommendations about how to make better choises. It would be good for the powers that be to re-examine their choices and let everyone know that everything is fine. [End Editor Comment]

From Crypto-Gram: August 15, 2009 Anyone interested and capable of reading this blog should be subscribing to Crypto-Gram

Abstract. AES is the best known and most widely used block cipher. Its three versions (AES-128, AES-192, and AES-256) differ in their key sizes (128 bits, 192 bits and 256 bits) and in their number of rounds (10, 12, and 14, respectively). In the case of AES-128, there is no known attack which is faster than the 2^128 complexity of exhaustive search. However, AES-192 and AES-256 were recently shown to be breakable by attacks which require 2^176 and 2^119 time, respectively. While these complexities are much faster than exhaustive search, they are completely non-practical, and do not seem to pose any real threat to the security of AES-based systems.

In this paper we describe several attacks which can break with practical complexity variants of AES-256 whose number of rounds are comparable to that of AES-128. One of our attacks uses only two related keys and 2^39^ time to recover the complete 256-bit key of a 9-round version of AES-256 (the best previous attack on this variant required 4 related keys and 2^120 time). Another attack can break a 10 round version of AES-256 in 2^45 time, but it uses a stronger type of related subkey attack (the best previous attack on this variant required 64 related keys and 2^172 time).

They also describe an attack against 11-round AES-256 that requires 2^70 time — almost practical.

[Editor] The balance of the article is just as important as the above, explaining how critical this is and how it can be mitigated. It also includes references to the original work.

Read at: From Crypto-Gram: August 15, 2009

From an article in H Security: Linux kernel vulnerability fixes – Update 3 – News – The H Security: News and features
17 August 2009, 16:40

Update 18 August – There is currently no patch for Red Hat Enterprise Linux (RHEL), but the company does offer a workaround which involves blacklisting certain network protocols so that the exploit that is currently in the wild does not function. The CentOS developers are waiting on a patch to appear from Red Hat and in the interim recommend a similar procedure as a workaround. Novell has said there is no patch yet available for SUSE Linux Enterprise Server.

Update 19 August – Ubuntu have released updates for Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, Ubuntu 8.10, Ubuntu 9.04 and all corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details of the updates are given in an Ubuntu Security Notice and the updates are available through Ubuntu’s software Update Manager system.

Update 25 August – Red Hat, Novell and CentOS have now published updates to address the vulnerability for RHEL 4 and 5, SUSE Linux Enterprise Server/Desktop and opensSUSE 10.3 to 11.1 and CentOS 4 and 5 respectively.