Archive by Author

Plane Hacking & Crypto Logjams – WSWiR Episode 153

Are you too busy provisioning new servers and reseting your users’ Windows passwords to keep up with information security news? If so, we have a quick solution for you. Learn the most important security issues in under ten minutes with our weekly security review video.

Today’s episode talks about the latest plane hacking drama, a new cryptographic weakness, and a data breach affecting a popular “adult” online dating site. Watch the video for the details, as well as some security tips, and check the references below for more news.

(Episode Runtime: 8:50)

Direct YouTube Link: https://www.youtube.com/watch?v=nN3q6KWYKrc

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

Adult Friend Pwner – Daily Security Byte EP.87

If you date online, especially at “adult” dating sites, you may want to reconsider how much data you share with these organizations. This week, a researcher found a stolen user data dump from a very popular adult dating site. Watch the video to learn the details, and find out how to learn whether or not you are affected by this and other breaches.

 

(Episode Runtime: 2:43)

Direct YouTube Link: https://www.youtube.com/watch?v=QQGJ8fdA5Nk

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Breaks Logjam and Protects Encrypted Connections

This week, a group of university researchers disclosed a new vulnerability affecting the Diffie-Hellman key exchange. The Diffie-Hellman (DH) key exchange is a cryptographic method for two systems to establish a shared secret over a public communication channel, which they later use to encrypt their communications. Many encryption protocols, including HTTPS, SMTPS, IPSec VPN, SSH, and other TLS implementations, use it to set up shared secrets.

According to these researchers’ whitepaper, the Diffie-Hellman key exchange suffers from an implementation flaw that attackers can exploit to downgrade your shared key’s strength, making it easier to crack your encryption. To pull off the attack, a bad actor first needs to perform a man-in-the-middle (MitM) attack in order to capture and manipulate your communications with the other host. Once they intercept your communications, the attacker can force the DH key exchange to use the DHE_EXPORT cipher, which limits the shared secret to a 512-byte key.

You may remember me talking about export ciphers in our previous FREAK advisory. Back in the day (1992 – 2000), the United States of America restricted the export of strong encryption to certain countries for political reasons. That meant many encryption products had to ship with weaker “export” cipher suites, which were presumably easier for the US government to crack. The DHE_EXPORT is the weaker cipher that ships with many DH implementations. With modern increases in processing power and the discovery of new cryptographic flaws, the 512-byte keys produced by this export cipher is especially weak today, and easily cracked. In fact, the researchers who found this flaw even allege that state sponsored actors may even be able to crack 1024-bit keys today. In short, you do no want to rely on encrypted connections that use a 512-bit key.

Though this new DH flaw sounds bad, it only poses a medium to low risk. In order to exploit it, an attacker needs to be able to intercept your network traffic. While this might be relatively easy to do on public wireless networks, its more difficult to pull off on wired networks (unless you are a nation state). Nonetheless, you still want to fix the flaw as soon as you can. Here are a few mitigation tips:

  • Disable the DHE_EXPORT cipher. If you manage any products that use the Diffie-Hellman key exchange, you should remove the DHE_EXPORT cipher from their list of accepted ciphers. Many products, including web servers, email servers, VPN products, SSH servers, and more, use the Diffie-Hellman key negotiation, so you’ll likely have many products to check.  I suspect many manufacturers will release patches to disable the DHE_EXPORT cipher for you.
  • Deploy Elliptic-Curve Diffie-Hellman (ECDHE). This more modern key exchange is more resilient to known cryptanalytic attacks. See the researchers deployment guide for more details.
  • Use strong 2048-bit keys for fixed groups. You should generate 2048-bit keys or stronger for DH groups on your web servers. Again, see the deployment guide for more details.
  • Update your web browsers. At the time of this writing, Internet Explorer is the only browser that has been patched to not use the DHE_EXPORT cipher. I expect Mozilla, Google, and others to release updates soon. Be sure to update your browsers as soon as patches become available.
  • Use WatchGuard’s HTTPS ALG. If you’re a WatchGuard XTM customer, our HTTPS proxy can protect your users from this attack. See the details below.

What about my WatchGuard products?

You may be wondering if your WatchGuard products are affected. The good news is most of our products are not vulnerable to this issue, with the exception on our SSL VPN appliances. Here’s the run down:

  • XTM appliances: Not Vulnerable
  • XCS appliances: Not Vulnerable 
  • Wireless Access Points: Not Vulnerable
  • WatchGuard Dimension: Not Vulnerable
  • SSL VPN Appliances: Vulnerable.
    • Our SSL VPN Appliance supports the DHE_EXPORT cipher. By default, we don’t allow use of this cipher in the Application Portal, but we do in the Administrative Web UI. You can mitigate this vulnerability by limiting external access to the Web UI, or by proxying the Web UI through the Application portal. We’ll release an update to completely remove the DHE_EXPORT cipher in the future. 

More importantly, WatchGuard XTM appliances can actually help protect you from the Logjam vulnerability, if you use our HTTPS application layer gateway (ALG). Our HTTPS ALG temporarily decrypts HTTPS connections going through our appliance, so it can apply security services, such as antivirus and intrusion protection, to otherwise encrypted traffic. Furthermore, if you are using our HTTPS proxy with deep packet inspection enabled, it performs additional security functions including not allowing the use of the DHE_EXPORT cipher. Even if your users browse with unpatched web browsers that support the weak cipher, our HTTPS proxy will not allow them to establish connections with this weaker cipher. If you haven’t configured the HTTPS ALG on your XTM device, you may want to consider it.

If you’d like more details about this flaw, see the references below:

— Corey Nachreiner, CISSP (@SecAdept)

 

Cryptography Logjam – Daily Security Byte EP.86

Are you getting sick of SSL/TLS and other cryptography related vulnerabilities? I sure am! Nonetheless, we need to keep on top of them in order to keep our communications private. In today’s daily video I cover Logjam, a new named vulnerability having to do with the Diffie-Hellman key negotiation. Watch the video to learn which of your systems might be affected, and more importantly how WatchGuard’s XTM appliances can help.

 

(Episode Runtime: 3:39)

Direct YouTube Link: https://www.youtube.com/watch?v=9uCjioMPQUg

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Plane Hacking Hijinks – Daily Security Byte EP.85

Last month a security researcher was detained from a flight for allegedly making a silly plane hacking joke on Twitter. The latest news suggest his research was more than a just a joke. Watch today’s video to learn what he’s accused of and why I think he was irresponsible.

Quick show note: I’ll be traveling to speak at a conference this week. I’ll try to keep my daily video schedule, however, I may miss a day or two due to travel.

 

(Episode Runtime: 2:10)

Direct YouTube Link: https://www.youtube.com/watch?v=aBgLyb0Ws5c

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

VM Venom, MS Patches, & GTA V Malware – WSWiR Episode 152

Last week was full of a wide range of information security news; from the latest critical Microsoft updates, to a new virtualization system vulnerability, and finishing off with malware targeting a popular video game. If you find yourself falling behind with the latest security intelligence, you’re not alone. Don’t worry though, we’re here to pick up the slack.

Press play below to hear the highlights from last week, and subscribe to our YouTube Channel to get regular updates. If you’re hungry for more security news, also check out our References section for links to other stories.

(Episode Runtime: 8:37)

Direct YouTube Link: https://www.youtube.com/watch?v=sLIL0Yxnkn8

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

GTAV Mod Malware – Daily Security Byte EP.84

I hoped to keep today’s video fun with a video game related story, but I guess if the news means gamers might have been infected with a keylogger, it’s no fun at all. Watch the the Daily Byte video to learn what “mods” GTA V PC gamers should avoid.

 

(Episode Runtime: 1:47)

Direct YouTube Link: https://www.youtube.com/watch?v=FKf7evErl4k

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

QEMU Poisoned with VENOM – Daily Security Byte EP.83

Virtualization technology is great, but it does add new attack surface. CrowdStrike disclosed a new QEMU vulnerability that affects many popular virtualization platforms. In today’s video, I quickly summarize the issue, and share what you can do about it.

 

(Episode Runtime: 2:10)

Direct YouTube Link: https://www.youtube.com/watch?v=rNmDMq6vhyM

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

SOHO Router DDoS – Daily Security Byte EP.82

Have you ever wonder what consumer routers are doing when they sit at home and everyone is at work? Well, it turns out they may be acting as zombies in a DDoS attack. Watch the video to learn more and hear what to do to protect your SOHO networks.

 

(Episode Runtime: 1:42)

Direct YouTube Link: https://www.youtube.com/watch?v=oceIW8lY0Xw

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Microsoft Patch Day is NOT Dead Yet – Daily Security Byte EP.81

Though Microsoft announced they plan to kill off Patch Day for Windows 10, it’s still alive and kicking in May. Today’s video shares the Patch Day highlights and recommends which updates you should prioritize.

 

(Episode Runtime: 1:50)

Direct YouTube Link: https://www.youtube.com/watch?v=h9TyHbitbeM

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

Join 7,929 other followers

%d bloggers like this: