Blog Archives

Easy Cracking of Microsoft Crypto

Another day, another set of cracking tools.

Cryptography specialist Moxie Marlinspike released tools at Defcon today for easily cracking passwords in wireless and virtual private networks that use a popular encryption protocol based on an algorithm from Microsoft called MS-CHAPv2, news that will no doubt worry many a network administrator.The tools crack WPA2 Wi-Fi Protected Access and VPN passwords used by corporations and organizations running networks that are protected by the PPTP Point-to-Point Tunneling Protocol, which uses MS-CHAPv2 for authentication.ChapCrack captures the MS-CHAPv2 handshakes, or SSL Secure Sockets Layer negotiation communications, and converts them to a token that can be submitted to CloudCracker.It takes less than a day for the service to return results in the form of another token that is plugged back into ChapCrack where the DES Data Encryption Standard keys are cracked. With that data, someone can see all of the information traveling across the Wi-Fi network, including sensitive corporate e-mails and passwords, and use passwords that were revealed to log in to corporate networks.The tools are designed for penetration testers and network auditors to use to check the security of their WPA2 protected networks and VPNs, but they may well be used by people who want to steal data and get unauthorized access to networks.

Source: Tools boast easy cracking of Microsoft crypto for businesses | Security & Privacy – CNET News.

Yet another reason for businesses that haven’t done so yet to move beyond PPTP and Windows XP

Flame malware incident causes Microsoft to revamp Windows encryption keys

Granted it’s reactive instead of proactive but looks like a good move by Microsoft.

Starting next month, updated Windows operating systems will reject encryption keys smaller than 1,024 bits, which could cause problems for customer applications accessing websites and email platforms that use the keys.

Image representing Windows as depicted in Crun...

Image via CrunchBase

The cryptographic policy change is part of Microsoft’s response to security weaknesses that came to light after Windows Update became an unwitting party to Flame Malware attacks, and affects Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems, according to the Windows PKI blog written by Kurt L. Hudson, a senior technical writer for the company.

“To prepare for this update, you should determine whether your organization is currently using keys less than 1,024 bits,” Hudson writes. “If it is, then you should take steps to update your cryptographic settings such that keys under 1,024 bits are not in use.”

Source: Microsoft to revamp Windows encryption keys in face of Flame malware | Microsoft Windows – InfoWorld.

Microsoft Issues Patches For Zero-Day Bug & 15 Other Flaws

Numerous flaws were addressed via patches Tuesday by Microsoft.

Image representing Microsoft as depicted in Cr...

Image via CrunchBase

The company also addressed at least 15 other flaws in its software, and urged customers to quit using the desktop Sidebar and Gadget capabilities offered in Windows 7 and Windows Vista.

By far the most urgent of the updates is MS12-043, which fixes a critical vulnerability in Microsoft XML Core Services that miscreants and malware alike have been using to break into vulnerable systems. Microsoft had already warned about limited, targeted attacks using this flaw, but late last month an exploit built to attack the XML bug was added to the BlackHole Exploit Kit, an automated browser exploit tool that is very popular in the criminal underground right now.

Other critical patch bundles include a fix for a dangerous flaw in the Microsoft Data Access Components (MDAC) of Windows, and an update to address a pair of vulnerabilities in Internet Explorer.

Microsoft also released a FixIt tool to help network administrators block the use of Gadgets and the Sidebar on Windows 7 and Windows Vista systems. “We’ve discovered that some Vista and Win7 gadgets don’t adhere to secure coding practices and should be regarded as causing risk to the systems on which they’re run,” Microsoft said in a blog posting, without offering much more detail about any specific findings.

Source: Microsoft Patches Zero-Day Bug & 15 Other Flaws — Krebs on Security.

Widely used Web attack toolkit exploits unpatched MSXML flaw

English: A candidate icon for Portal:Computer ...

(Photo credit: Wikipedia)

An exploit for an unpatched vulnerability in the MSXML (Microsoft XML Core Services) has been incorporated into Blackhole, one of the most widely used Web attack toolkits, according to security researchers from antivirus firm Sophos.

The security flaw is identified as CVE-2012-1889 and is what security researchers call a zero-day vulnerability — an actively exploited vulnerability for which an official patch doesn’t yet exist.

Source:  Widely used Web attack toolkit exploits unpatched MSXML flaw | Security – InfoWorld.

Be sure to keep that anti-virus up-to-date and also utilize the Fix-It tool Microsoft has made available.

Windows 8 Pro Upgrade: Your FAQs Answered

Looks like Microsoft is making a big push to get users to upgrade later this year.

When Windows 8 launches later this year you’ll be able to upgrade to the pro version of Microsoft’s newest desktop OS for just $40 for a limited time. The deal will apply to a broad base of current Windows users including those running Windows XP, Vista and Windows 7. Microsoft had a similar offer during the launch of Windows 7 but this one is cheaper than its predecessor. (Windows 7 upgrades ranged from $50-$100 at launch.)

Another big difference between the Windows 7 and Windows 8 upgrade deals is that you get the pro version instead of the base version of Windows 8. And if you’re a Windows Media Center fan, Microsoft’s Windows 8 upgrade deal will let you download the entertainment center program for free (more on that later).

If you plan on upgrading to Windows 8, here’s what you need to know about Microsoft’s limited-time upgrade deal.

Source: Windows 8 Pro Upgrade: Your FAQs Answered CIO.com.

Report: Full Upgrades to Windows 8 Only From Windows 7

Some beneficial information if you’re planning to upgrade to Windows 8.

Microsoft has not yet set a release date for Windows 8, but most analysts expect it to go on sale this fall, most likely in October.

The upgrade paths that Foley’s sources spelled out were the same that Microsoft revealed in February when it released Windows 8 Consumer Preview, the first public beta.

Microsoft said then that only Windows 7 PCs are eligible for a full upgrade to Windows 8, one that retains applications, data files, user accounts and Windows settings.

Windows Vista and Windows XP machines can be upgraded to Windows 8 — assuming the hardware meets the system requirements of the new OS — but cannot bring along all the bits. Vista users who upgrade will retain user accounts and files, as well as Windows settings, but not already-installed applications. XP-to-Windows 8 upgrades preserve the least amount in a move: User accounts and files only.

Read the rest:  Report: Full Upgrades to Windows 8 Only From Windows 7 CIO.com.

Why did Microsoft scrap the start button in Windows 8?

An interesting change:

Of all the confounding changes made in the latest Windows 8 consumer preview, few upset people quite as much as .

But what hasn’t been clear is why Microsoft removed the feature, which has been a central pillar of Windows for over a 15 years.

The answer might be obvious: People weren’t using it. In an interview with PCPro, Microsoft program manager Chaitanya Sareen said that as users began pinning more applications to the taskbar, start button usage took a major hit. Instead of going to Start menu to access applications, users were just clicking shortcuts. The taskbar was just too fast and convenient.

Find out what Microsoft put in it’s place:  Why did Microsoft scrap the start button in Windows 8? People weren’t using it | VentureBeat.

Windows Update Agent Issues

From the ISC Diary:

Microsoft has released an Important update to the Windows Update function (Windows Update Agent 7.6.7600.256) because users have been experiencing update issues. Some users experience failed installation with error code 80070057 or 8007041B. Microsoft has provided a “Fix it” tool that can be directly downloaded here for those cases that won’t automatically apply the update and the Knowledge Base article located here.

If you’ve experienced this issue let the ISC know.

Hackers step up attacks

The recent increase in attacks on security firms raises some important questions when it comes to protection of intellectual property.

The Internet‘s security infrastructure is under attack. Two major incidents against Comodo and RSA have raised the question of not just whether the enterprise can withstand hacker attacks but if the security firms we all count on to guard the infrastructure can protect themselves.

Earlier this week, Internet security firm Comodo revealed it had been tricked into minting nine high-value digital certificates that could allow the attackers to create fraudulent sites that fool users into thinking they are visiting Google, Yahoo, Skype or Microsoft’s Live service. The sting on Comodo follows a more serious attack on RSA, which netted the infiltrators unspecified information that could compromise the security of the company’s one-time password product SecurID.

These breaches follow other recent high-profile security events, including Anonymous’s campaign to compromise HBGary Federal and Stuxnet‘s use of stolen code-signing certificates against Iran‘s nuclear capability. Altogether, it’s undeniable that attackers now see the value in focusing on those companies and products that provide defense.

Be sure to go to  the source to see what needs to change.

Enhanced by Zemanta

 

Critical Windows bugs to be patched next week

Microsoft today announced it would release just two security updates next week to patch three vulnerabilities in Windows.

One of the two was tagged with the “critical” label, Microsoft’s highest threat ranking, while the other was marked “important.” Microsoft typically assigns a critical rating to vulnerabilities that can be exploited with little or no action on the part of a user.

Both updates will patch flaws in Windows.

What Microsoft pegged as “Bulletin 1” in the advance notification it published today will affect only Windows Vista, while “Bulletin 2” will affect all still-supported versions of the OS, with the client editions — XP, Vista and Windows 7 — labeled critical and the server software rated important.

“The Vista one is confusing,” said Andrew Storms, director of security operations at nCircle Security. “It’s either something introduced in Vista but doesn’t exist in Windows 7, or the component was rewritten for Windows 7.”

Storms speculated that the flaw might be in a part of operating system that’s little used, such as the task scheduler.

As for Bulletin 2, Microsoft’s bare bones write-up — typical of its advance warnings prior to Patch Tuesday — also doesn’t offer many clues.

“It’s critical in all the desktop clients and important in the server, and consistent in the whole stack,” said Storms, talking about Microsoft’s threat ratings. “The difference in the criticality is confusing, and Microsoft’s not giving us much to go on.”

The bug(s) patched by Bulletin 2 are most likely in an operating system DLL (dynamic-link library), said Storms, perhaps a driver or database connector, that’s crucial to the OS. (Source: ComputerWorld)

Go to the source to learn about two known vulnerabilities that will not be patched next Tuesday.

Powered by ScribeFire.

Enhanced by Zemanta

 

%d bloggers like this: