Another day, another set of cracking tools.
Cryptography specialist Moxie Marlinspike released tools at Defcon today for easily cracking passwords in wireless and virtual private networks that use a popular encryption protocol based on an algorithm from Microsoft called MS-CHAPv2, news that will no doubt worry many a network administrator.The tools crack WPA2 Wi-Fi Protected Access and VPN passwords used by corporations and organizations running networks that are protected by the PPTP Point-to-Point Tunneling Protocol, which uses MS-CHAPv2 for authentication.ChapCrack captures the MS-CHAPv2 handshakes, or SSL Secure Sockets Layer negotiation communications, and converts them to a token that can be submitted to CloudCracker.It takes less than a day for the service to return results in the form of another token that is plugged back into ChapCrack where the DES Data Encryption Standard keys are cracked. With that data, someone can see all of the information traveling across the Wi-Fi network, including sensitive corporate e-mails and passwords, and use passwords that were revealed to log in to corporate networks.The tools are designed for penetration testers and network auditors to use to check the security of their WPA2 protected networks and VPNs, but they may well be used by people who want to steal data and get unauthorized access to networks.
Yet another reason for businesses that haven’t done so yet to move beyond PPTP and Windows XP
- Stronger password hashing in .NET with Microsoft’s universal providers (troyhunt.com)
- Wireless Internet Security (techhelpertoday.wordpress.com)
Numerous flaws were addressed via patches Tuesday by Microsoft.
The company also addressed at least 15 other flaws in its software, and urged customers to quit using the desktop Sidebar and Gadget capabilities offered in Windows 7 and Windows Vista.
By far the most urgent of the updates is MS12-043, which fixes a critical vulnerability in Microsoft XML Core Services that miscreants and malware alike have been using to break into vulnerable systems. Microsoft had already warned about limited, targeted attacks using this flaw, but late last month an exploit built to attack the XML bug was added to the BlackHole Exploit Kit, an automated browser exploit tool that is very popular in the criminal underground right now.
Other critical patch bundles include a fix for a dangerous flaw in the Microsoft Data Access Components (MDAC) of Windows, and an update to address a pair of vulnerabilities in Internet Explorer.
Microsoft also released a FixIt tool to help network administrators block the use of Gadgets and the Sidebar on Windows 7 and Windows Vista systems. “We’ve discovered that some Vista and Win7 gadgets don’t adhere to secure coding practices and should be regarded as causing risk to the systems on which they’re run,” Microsoft said in a blog posting, without offering much more detail about any specific findings.
- Bad week for Microsoft as security fails and cyber threats increase (seshippingnews.typepad.com)
- Security flaws signal early death of Windows Gadgets (zdnet.com)
- Microsoft patches critical drive-by IE9 bug, Windows zero-day (techworld.com.au)
An exploit for an unpatched vulnerability in the MSXML (Microsoft XML Core Services) has been incorporated into Blackhole, one of the most widely used Web attack toolkits, according to security researchers from antivirus firm Sophos.
The security flaw is identified as CVE-2012-1889 and is what security researchers call a zero-day vulnerability — an actively exploited vulnerability for which an official patch doesn’t yet exist.
Be sure to keep that anti-virus up-to-date and also utilize the Fix-It tool Microsoft has made available.
- Hackers exploit Windows XML Core Services flaw (infoworld.com)
- Danger! Unpatched Microsoft security vulnerability being actively exploited (nakedsecurity.sophos.com)
- CVE2012-1889: MSXML use-after-free vulnerability (eset.com)
From the ISC Diary:
Microsoft has released an Important update to the Windows Update function (Windows Update Agent 7.6.7600.256) because users have been experiencing update issues. Some users experience failed installation with error code 80070057 or 8007041B. Microsoft has provided a “Fix it” tool that can be directly downloaded here for those cases that won’t automatically apply the update and the Knowledge Base article located here.
If you’ve experienced this issue let the ISC know.
The recent increase in attacks on security firms raises some important questions when it comes to protection of intellectual property.
The Internet‘s security infrastructure is under attack. Two major incidents against Comodo and RSA have raised the question of not just whether the enterprise can withstand hacker attacks but if the security firms we all count on to guard the infrastructure can protect themselves.
Earlier this week, Internet security firm Comodo revealed it had been tricked into minting nine high-value digital certificates that could allow the attackers to create fraudulent sites that fool users into thinking they are visiting Google, Yahoo, Skype or Microsoft’s Live service. The sting on Comodo follows a more serious attack on RSA, which netted the infiltrators unspecified information that could compromise the security of the company’s one-time password product SecurID.
These breaches follow other recent high-profile security events, including Anonymous’s campaign to compromise HBGary Federal and Stuxnet‘s use of stolen code-signing certificates against Iran‘s nuclear capability. Altogether, it’s undeniable that attackers now see the value in focusing on those companies and products that provide defense.
Be sure to go to the source to see what needs to change.
- Comodo hacker outs himself, claims “no relation to Iranian Cyber Army” (nakedsecurity.sophos.com)
- Hackers target Google, Skype with rogue SSL certificates (infoworld.com)
- Is SecureID broken? (kbtcomputers.wordpress.com)