Security and Threats Update

Symbiotic Malware
(July 1, 2013)

Researchers have discovered two pieces of malware that help each other maintain a foothold on the computers they have infected. The two different strains of malware, known as Vobfus and Beebone, download updated versions of each other. The newest versions are often unknown by malware detection programs. Vobfus spreads through malicious links on websites, over network links, or on USB drives, and is normally the first of the two to infect machines. Once installed, Vobfus downloads Beebone, which recruits the infected machine to become part of a botnet.

In the case with Vobfus, even if it is detected and remediated, it could have downloaded an undetected Beebone which can in turn download an undetected variant of Vobfus.

Defeating the two viruses is tricky because Vobfus is so good at travelling via networks. Keeping software up to date we also recommend disabling the “autorun” feature on machines since Vobfus exploits this and is stalled via USB drives. In addition people should be wary of clicking links on external websites to avoid falling victim to booby-trapped URLs.

Nasty Malware Targets South Korean Government and Media Networks
(June 28, 2013)

The recent cyber attacks against South Korean government and media networks have been found to involve malware that wipes data from hard drives and makes computers unusable. The malware, called Korhigh, permanently deletes data and overwrites hard drives’ master boot records and bears similarities to malware used in attacks on South Korean websites earlier this year.

Atlassian Fixes Vulnerability in Crowd Single Sign-On Tool
(July 1, 2013)

Atlassian has fixed a critical security issue in its Crowd single sign-on and identity management tool that could have been exploited by hackers to gain access to login credentials and sensitive data. Crowd is used by 1,000 organizations, including government agencies, banks, software companies, and telecommunication companies, in 55 countries.

Security Flaws in Phone App Library
(June 30 & July 1, 2013)

Vulnerabilities in the GNU ZRTPCPP open-source security library used by some secure mobile phone apps could be exploited to allow arbitrary code execution and crash applications. The flaws include a remote heap overflow, several stack overflows, and information leakage. ZRTPCPP, an open-source library that’s used by several applications offering end-to-end encrypted phone calls, contained three vulnerabilities that could have enabled arbitrary code execution and denial-of-service attacks.

ZRTPCPP is a C++ implementation of the ZRTP cryptographic key agreement protocol for VoIP (voice over IP) communications designed by PGP creator Phil Zimmermann.

Following the recent reports about the U.S. National Security Agency’s data collection programs that appear to cover Internet audio conversations, there’s been an increased interest into encrypted communication services from end users.

The vulnerabilities in ZRTPCPP were found while evaluating the security of some of the products that offer encrypted phone call capabilities. Patches for the vulnerabilities have been added to ZRTPCPP’s code repository on Github and that Silent Circle has updated its own apps on Google Play and Apple’s App Store with fixes.

Advertisements

Storing passwords in uncrackable form – Information for Web Server Admininstrators

News about intrusions into the servers of online stores, games vendors and other internet services can now be read on an almost daily basis. Often, the intruders obtain customers’ login data including their passwords. As many people use the same password in multiple places, criminals can use the passwords to obtain unauthorized access to further services.

To prevent passwords from being extracted, web site operators usually protect their users’ passwords through such cryptographic techniques as one-way hashing. For this purpose, a character string that doesn’t allow any conclusions to be drawn about the actual password is derived from the password. The only way of finding out whether a password matches a hash is to rehash the password and compare the results. This method is used by the authentication systems of operating systems and web applications – and also by password crackers.

MD5 hashing was long considered sufficiently resilient for this purpose, because the time that is required to try out all possible combinations made it difficult for attackers to reconstruct a password from a hash. With a strong password, trying out all password combinations (brute force attack) using a cracker such as John the Ripper on conventional hardware used to take months, if not years. But times have changed.

Cloud, CUDA and multi-core computer technologies are both a blessing and a curse: they can greatly accelerate the processing of data and make even complex simulations available to end users. Unfortunately, crackers use the same high-speed computing power to reconstruct plain-text data from an encrypted password, and then they use the password to log into a system as administrators. In this context, password crackers can take advantage of the fact that the harvested hashes were probably created using the MD5 algorithm, which is optimized for fast processing.

Commercial password crackers such as those by vendor Elcomsoft, and such free tools as Hashcat and BarsWF, can try out several million hashes per second to find out whether one of them matches a specific password. This means that a password of eight characters can be cracked in four days. However, there are even faster ways. As hard disk storage is getting cheaper and cheaper, attackers often use giant tables (rainbow tables) containing billions of pre-calculated hashes to find a password. These tables potentially allow them to determine a password within minutes. The lists required for dictionary attacks are also becoming longer and longer and, with very weak passwords, often enable cracking programs to succeed within hours.

Fortunately, progress has also been made in hashing technology that hampers high-speed password cracking attempts and makes it uneconomical for attackers to pre-calculate tables – even if the actual password to be cracked is weak. From a certain password length, calculating and storing rainbow tables is no longer viable in a reasonable amount of time. Therefore, an additional, random character string – a “salt” – is added to the password a user has entered. The newly created character string is passed through a hashing algorithm, and the resulting hash is stored in a file such as /etc/shadow. However, the salt must be known if a system is to compare subsequent password entries with the hash. The salt is therefore added to the beginning of the stored hash in plain text. Storing the salt in plain text may sound contradictory at first glance, but the salt doesn’t need to be secret, it only needs to be random. Its only purpose is to inflate the potential number of combinations for each individual password in order to exponentially increase the effort required to create rainbow tables.

However, a salt has only little impact when an individual password is attacked with brute force. Conventional hashing algorithms such as those for generating digital signatures or fingerprinting files are optimized for speed. This is counterproductive when checking passwords, as the intended aim is to thwart password crackers. Brute-force attacks can be rendered unattractive by intentionally slowing down the hashing algorithm or by hashing multiple times. For users, the required speed isn’t really an issue: They won’t notice if checking a password they enter when logging into a system takes a microsecond instead of a millisecond. A password cracker, on the other hand, will become a thousand times slower – instead of 100 million passwords per second, it will only be able to try out 100,000 passwords per second, and a brute-force attack on a password called “P4ssW0r7” would take 48 years instead of 18 days.

The method of artificially slowing things down has its origins in the derivation of crypto keys from passwords. As users’ passwords tend to be too short and have too little entropy, keys need to be lengthened securely, for example when encrypting via AES and 256 bits. Cryptographers call this “key stretching”, and they achieve it by sending a password through a hashing algorithm multiple times. The method has been standardized as Password-Based Key Derivation Function 2 (PBKDF2) and is, for instance, used in wireless networks with WPA-PSK keys. Smartphones use PBKDF to encrypt backup files with a password before exporting them. The method also successfully thwarts cracking attempts in those situations.

Each time, the resulting hash value is simply resubmitted to the hash function as a parameter. More complex round functions may, for instance, add the password to each value before it gets hashed. An operating system or application only needs to perform this exercise once per password and user. A cracking program, on the other hand, must perform it for every possible character combination – and each round adds processing time, so that the overall procedure for each password is slowed down immensely.

While many operating systems already use salts and key stretching techniques to securely store user passwords, password security is still a sore topic especially in popular web applications, even though such applications run the greatest risk of being attacked in an attempt to extract user or customer passwords. Sometimes, passwords are even still stored in plain text; and if they do get hashed, it might only be via MD5. Even such popular content management systems as Typo3 use MD5 without salt or rounds as their default method for hashing user passwords.

The “saltedpasswords” Typo3 extension promises to increase security. It offers added security via bcrypt or the phpass security framework; more about that in a moment. However, the extension must first be enabled and configured, which requires installing further extensions and making system adjustments – it’s hardly surprising that many operators simply use the default installation.

WordPress and phpBB use the phpass framework by developer Solar Designer – who, incidentally, also develops the John the Ripper password cracker. By default, phpass uses bcrypt. Bcrypt is based on the Blowfish algorithm which is, strictly speaking, an encryption algorithm rather than a hashing algorithm. Bcrypt uses a complex key initialization algorithm and further encrypts the resulting ciphertext by adding alternately the salt or the password. The number of rounds is a power of 2, and the exponent that is used is added to the beginning of the created string.

If the Blowfish algorithm isn’t implemented on a system, the phpass framework will automatically default to Extended DES and, if necessary, to MD5 with salt and iterations. To prevent the framework from falling back to weak algorithms, the developer recommends using PHP 5.3.2 or later. Blowfish, SHA-256 and SHA-512 are standard PHP components from this version, which means that no further operating system APIs or added libraries are required. Alternatively, the Suhosin PHP security framework will extend the PHP interpreter to include Blowfish.

However, WordPress and phpBB use the weakest of the three possible configurations. When tested on an Ubuntu system, WordPress used the MD5 variant; the CMS deliberately forces this variant to ensure the compatibility of various web applications. WordPress can reportedly use the phpBB user database, and vice versa. The Drupal developers, on the other hand, have adapted the framework for their purposes and started hashing with SHA-512 in Drupal 7. A “Secure Password Hashes” module provides added protection for older versions of Drupal.

The default security of the Joomla CMS isn’t as good as it could be, either. While the CMS is capable of using salted SHA-512 with multiple rounds (getCryptedPassword) via the crypt() PHP function, the default setting is a salt and MD5 with one round. Manually adjusting individual CMS installations to use a more secure variant is generally unproblematic. The only caveat is that add-on modules may be incompatible with the changes.

Self-test

How your own content management system stores passwords can be determined by analyzing its source code or by looking into its database. The latter solution is easiest and can simply be achieved by establishing a connection to the database server, for example like this: mysql -u <user> -p. The “user” parameter designates the registered database user which is used for the CMS to sign into the server. The command show databases; lists all available databases. For instance, to select the typo3 database, enter use typo3; (don’t forget the semicolon at the end). All available database tables can subsequently be displayed using show tables;.

Under Typo3, the most interesting tables are be_users and fe_users. select * from be_users; displays the table contents. If the user passwords contain a simple sequence of characters such as 1ee9e0daf4a2b81fe4064aa5ae31aae4, the system is using a simple, unsalted MD5 string.

In current Drupal installations, a (user table) password hash that is stored in the database may look like $S$CbkCbEtqypgcggWPee9c6wpgwUYqKjMb0pUR9YTgdwdYkxztRmWj

The dollar signs at the beginning enclose the hash type and are followed by the salt and the actual hash. The hash type value of 2a designates bcrypt. WordPress (wp_users table) will produce entries like $P$Bz0ZwGCmWuvcurZbj4CaptBFir8gQv1 – the “P” hash type designates what is called a portable hash – in other words, the MD5 variant.

Integration

Phpass is very easy to integrate into PHP applications. It consists of a single PHP file with one class and several methods. Although in modern versions of PHP all hash algorithms can also be called directly, the advantage of using phpass is that there is no need to worry about creating a random salt or assembling the character string. The returned hash string can be stored directly in the database.

On UNIX systems, phpass creates the salt by reading /dev/urandom, and under Windows it uses the microtime() PHP function. Two lines are sufficient to generate a secure password hash: $t_hasher = new PasswordHash(8, FALSE); $hash = $t_hasher->HashPassword($password);

The FALSE parameter in the constructor tells phpass to choose the most secure algorithm first – on modern systems, this will typically be bcrypt. Submitting TRUE forces the insecure, but more compatible, MD5 implementation to be used; this is, for instance, the approach chosen by WordPress. The constructor also generates the salt. In bcrypt, the 8 parameter determines the exponent for the required number of iterations, meaning that bcrypt uses 256 rounds. The maximum exponent is 31.

The HashPassword method then generates the hash from the password and the salt. Checking an entered password is equally simple: $check = $t_hasher->CheckPassword($password, $hash);

The $check variable contains the result of the comparison, where 1 is true.

Rather than relying on their system’s default settings, administrators should implement the most secure methods – and let their users know about it. However, when visiting a forum or online store, users have no influence on whether the operator uses a secure method. Even worse, it isn’t possible to ascertain which password encryption method is being used. Therefore, the best way for users to protect themselves is by always choosing different passwords. Using identical passwords for the Typo3 CMS and for a PayPal account should be avoided. The basic rule is: length is trumps – as long as the word isn’t contained in a dictionary. Passwords for less important accounts may be a bit shorter than those used for premium services.

 

Drupal Resets Passwords After Breach

Drupal.org has reset all account passwords after discovering that intruders had gained unauthorized access to information on its servers.

The Drupal.org security team says it has discovered unauthorized access to Drupal.org and groups.drupal.org account information which has exposed user names, country, and email addresses along with hashed passwords. No credit card information was stored on the servers, but the investigation is ongoing and the team says it “may learn about other types of information compromised”. According to Drupal.org, there are over 967,000 registered users on the Drupal.org.

The security team has reset all passwords on the systems and is advising all users that, to regain access, they will need to reset their password by going to https://drupal.org/user/password, entering their username or email address there and waiting for a password reset email. The site says these emails will take up to an hour to arrive due to the “current load”. The passwords stored on Drupal.org should be hashed and salted, the administrators say, but “some older passwords on some subsites were not salted”.

According to the advisory, unspecified third-party software installed on the Drupal.org servers was compromised and the breach was not due to a vulnerability in the Drupal software. The compromise was uncovered in the course of a security audit, during which a number of files were discovered which were apparently used to expose the user account information. The Drupal team are in contact with the developer of the third-party software to ensure that the problem is fixed and disclosed.

The Drupal.org administrators are working with the OSU Open Source Lab, who host Drupal.org, and are rebuilding production, staging and development servers and installing GRSEC secure kernels on most of them. They will now be routinely scanning for other malicious and dangerous files and say that, so far, they have not found any. Finally, older Drupal.org subsites for specific events have been converted to static archives.

The exposure of salted and hashed passwords is more of an issue these days as advances in password cracking through rainbow tables, crowd sourcing or cloud-based crackers makes it more likely that passwords will, eventually, be revealed. Users should ensure their passwords are not made up of words or phrases, ensure a good mix of character types in their passwords and use different passwords on different sites so that, if one site is compromised, it doesn’t expose them on all the sites they use. Administrators should look at using stronger encryption for passwords to ensure their security.

11 Tips for protecting your data when you travel

When we relayed the FBI/IC3 warning to travelers about a threat involving hotel Internet service overseas, it produced a lot of requests for advice on how to respond to the threat. In response we’ve developed a list of data security tips for travelers. These tips will help you keep your data safe while traveling and should defeat the threat.

  1. Make sure your operating system and antivirus software are updated before you go on the road.
  2. Backup your data before you head out (and store the backup in a safe place).
  3. Consider leaving some data behind or move sensitive data from your laptop hard drive to an encrypted USB stick.
  4. Make sure you have password protection and inactivity timeout engaged on all devices including laptops, tablets, and smartphones.
  5. If possible, only use reputable hotel Internet service providers (ask the hotel who their provider is before you book).
  6. If the hotel Internet asks you to update software in order to connect, immediately disconnect and tell the front desk.
  7. If you use hotel Internet to connect to your company network use a VPN.
  8. Do not use WiFi connections that are not encrypted with WPA and avoid WEP encrypted connections which are easily hacked.
  9. Consider getting a 3G or 4G hotspot and using that instead of hotel Internet.
  10. Avoid online banking and shopping while on any hotel or public Internet connection.
  11. Disable pop-ups in your web browser

Tips for Securing Your Wi-Fi Network

Whether you’re a home user, small business or enterprise it’s important to make sure you secure your wireless network. And sadly, many people still don’t. There are plenty of resources available to help you do this and best practices you can adapt to your organization’s size. Here are some tips we recommend you consider.

1. Use strong encryption
Enable Wi-Fi protected access (WPA) and ideally WPA2. This provides much stronger encryption for securing your communications than WEP, which hackers can easily crack.

2. Create a strong password
Even WPA2 can be cracked by the bad guys if you don’t use a secure password. You can see in our video how a simple password can be cracked in a short space of time. You won’t have to type your password very often, but it could prevent criminals from watching what you do online. Remember too that cybercriminals can use cloud services to aid password cracking, so even a seemingly secure but shorter password may not be safe.

3. Consider your authentication strategy
If you are using WPA2-PSK, your employees, friends or family will all be using the same password,  and may unintentionally share it with others. Remember that any of them can see your network  traffic. If an employee leaves the company, they may retain your network key—allowing them to  later decrypt your traffic or access the network. For larger organizations, consider using a  certificate-based authentication mechanism or RADIUS so that each user has their own managed  credentials. That way they avoid accidentally sharing access to your network. There are many  strong authentication deployment modes available for you to use in a good enterprise wireless  solution.

4. Change the name of your network
It’s a little known fact that the network SSID (such as “Home” or “Free Public Wi-Fi”) is actually part of the security for encrypted networks. Using a default name can make it easy for attackers to  guess your password quickly. Try to use a unique name, but also make sure not to give too much  information away, as it may tempt attackers to target you.

5. Consider SSID hiding carefully
SSID hiding is a feature which hides your network name from the list that people in the area can  see on their computers or mobile devices. This means a user has to manually configure the network  name and password. SSID hiding reduces temptation from casual attackers, so it’s a useful feature.  However, be aware that within a few seconds any attacker with basic knowledge will reveal this  wireless network name. It is a very light defense that you shouldn’t rely on. Make sure you combine  it with strong encryption and a good password.

6. Beware of device authorization lists
MAC address filtering prevents devices that aren’t on an authorized list of allowed hardware  devices from using your network. This feature is often presumed by administrators to be a strong  defense. Unfortunately, these MAC addresses are easily forged by attackers. Having to manually  authorize these addresses within your organization can also be a significant administrative burden.  It’s a good practice to follow the principle of “defense-in-depth.” However, we recommend not using  MAC address filtering. Instead, focus your efforts on strong passwords and encryption.

7. Manage the names of networks you’ve previously used
By default, most devices will remember networks you have previously connected to. For example, if you used a hotel’s wireless connection, your device will likely remember its name and search for that network wherever you travel. Attackers’ wireless scanning tools will identify your laptop or  mobile device and see that it has previously connected to a network with this name, even if it’s not  presently in range. This may not seem like a significant issue, but wireless network names may  give away key information such as the business you work for, hotels or sites you have visited, or—in  extreme cases—your address (we’ve seen networks named after street addresses). Remember to  remove such profiles after use if they give away sensitive information.

8. Protect yourself on open networks
If you connect to an open hotspot such as those commonly provided by hotels, you need to take  additional steps to be sure your traffic isn’t visible to hackers. Make use of a strong VPN to  encrypt all of your traffic over the wireless network. You should also check the hotspot is legitimate  when providing credit card details or login information, as sometimes cybercriminals set up
fake hotspots.

9. Practice defense-in-depth
Network security is only one layer of a good security strategy. You should follow best practices  for endpoint protection, patching and web security. With the right security practices you can keep  yourself secure even if your wireless network is compromised, reducing the odds of a hacker  getting away with your data.

10. Manage visitors and restrict traffic
If you are a business that needs to provide guest or consultant access, consider offering a separate  network with restrictions on what guests can access. A hotspot registration portal can be an easy  way to restrict access without a lot of administrative effort. Wireless solutions should enable you  to easily deploy such networks, allowing visitors only access to the Internet and keeping them away  from corporate services.

11. Manage your wireless access points
Make sure that your wireless access points (particularly those of branch offices and other locations) use the correct security configuration. Many enterprises may have secure wireless at headquarters,  but then have weak access point configuration at branch offices. These can act as a back door to the enterprise, undermining your security efforts. Policy management and remote logging are therefore a priority to make sure security is consistent across your environment.

How to blunt spear phishing attacks

According to the SANS Institute, 95% of all attacks on enterprise networks are the result of successful spear phishing. In other words, somebody received an email and either clicked on a link or opened a file that they weren’t supposed to.

For example, Chinese hackers successfully broke into computers at The New York Times through spear phishing. So, what are the steps that IT execs can take to protect enterprise networks from spear phishing?

Most spear phishing attacks take one of two tacks – they either appeal to human greed or fear. In other words, either they offer money, coupons, discounts or bargains that are too good to be true. Or they announce that your checking account or eBay account has been frozen and you need to re-enter your credentials, or some other scenario in which you are required to enter personal information….or else.

While regular phishing typically involves unsophisticated mass mailings, spear phishes can appear to come from your own IT department, from your own payroll department, from a friend or colleague.

Here are some tips on how to teach employees to avoid getting spear phished.

  1. Read the return url backwards, from right to left. The url might start out with “www.bankofamerica” but when it ends with 120 characters of jibberish, you might start to get suspicious. You can also place your cursor over a link in an email and will see the actual url it will take you to – DO NOT CLICK ON IT, you just hover over it to see if it matches www.bankofamerica.com.
  2. Don’t fall for what’s being called the “double-barreled phish,” in which you respond to the email with a question, such as “Is this really my buddy Jim.” Phishers are now clever enough to wait a while, in order to show that the response is not automated, and then reply with, “Yes, it’s me, Jim.” Of course, it isn’t Jim.
  3. Never open a PDF from someone you don’t know, since spear phishers are now hiding their malicious zip files inside seemingly innocuous PDFs.
  4. Never give out your password or other personal/sensitive information in response to an unsolicited query.
  5. IT managers should consider training classes targeted specifically at spear phishing.

PhishMe is one of several companies that offer a SaaS-based program whereby IT groups can send fake spear phishing emails to employees and then measure the failure rate.

PhishMe customers are often stunned to find failure rates – in other words, the percentage of end users who click on a spear phish and enter a password – in the 80% range.

The way PhishMe works, when an end user falls for a phish, a giant flash card appears on their screen announcing that they’ve been phished and detailing what they did wrong. The company offers pre-built phishing templates and customers can also customized their spear phishing emails.

Customers receive reports on the success of the spear phishing training program down to the individual end user. He says some companies might take punitive action against an employee who repeatedly clicks on fake phishes, while other companies are using gamification to reward good behavior and to keep people on their toes.

They also noticed when companies stop the training programs, employees revert back to their old behavior, so it makes sense for companies to make anti-spear phishing programs a way of life.

 

Internet Providers Launching Copyright Alert System Today to Warn Customers About Downloading Content

Five of the United States’ largest Internet service providers are launching today what they call a new system that will “educate” customers about downloading copyrighted content by issuing warnings instead of lawsuits. The program, called the Copyright Alert System, is a creation of the Internet providers and the trade associations representing the film and music industries, and is designed to reduce the amount of content obtained via file-sharing services such as BitTorrent.

Comcast, Verizon, AT&T, Cablevision, and Time Warner are all participating in the program, meaning that the so-called “six strikes” system will apply to most U.S. households with a broadband Internet connection. The trade groups involved include the Recording Industry Association of America and the Motion Picture Association of America, along with their member corporations.

Under the system’s rules, customers found to have downloaded copyrighted content without paying will be issued a series of warnings, along with an increasing chance that their Internet service will be throttled. Customers who receive those warnings may also find themselves suddenly redirected to a website scolding them for their downloads.

Users who receive these warnings may also find themselves blocked from certain “frequently visited” websites, according to documents about the plan obtained last year by Torrent Freak, a website that reports on news about file-sharing. The Copyright Alert System was originally supposed to launch last November, but was delayed until today.

The documents also state that content owners and ISPs could pursue legal action after the fifth warning, though for the most part, the Copyright Alert System is designed to be an extrajudicial program set up by Internet and entertainment companies.

Warnings, the system’s website advises, are issued when content owners find which Internet Protocol addresses are sharing copyrighted materials, then turn those addresses over to the service providers, who in turn identify the associated customer. The warnings can be challenged via the American Arbitration Association, which charges a filing fee.