Monday, October 16, 2017

Time to burn it all down and try this again - What I am reading 10/16/2017


Two chaps claim to have discovered how to trivially circumvent Microsoft's Enhanced Mitigation Experience Toolkit (EMET) using Redmond's own compatibility tools.
...
Kemp said a definitive fix for the WoW64 flaw could be some time off, as patching the condition would be difficult.
"It appears that due to these limitations, enhancing EMET to overcome them is likely a non-trivial effort," the pair noted in their report.

This is potentially a huge deal, especially in the OT / SCADA world where applications where it seems software only gets updated on the 1st of never.

Bleeping Computer - TPM Chipsets Generate Insecure RSA Keys. Multiple Vendors Affected -

Infineon TPM chipsets that come with many modern-day motherboards generate insecure RSA encryption keys that put devices at risk of attack.
...
TPMs are typically used in business laptops, routers, embedded and IoT devices. Known affected vendors include Acer, ASUS, Fujitsu, HP, Lenovo, LG, Samsung, Toshiba, and other smaller Chromebook vendors.
...
Until motherboard vendors issue a new firmware update to include Infineon's TPM fix, the general recommendation is to move critical users and data handling operations to devices that have updated firmware or to devices not affected by this vulnerability.
Once users have received the firmware update, they should regenerate all TPM keys. This is done by changing all passwords for TPM-enabled apps.
Because it is hard to know what apps and OS features use the TPM, users can reset the TPM module by typing TPM.MSC in their Windows Search/Run field and resetting the TPM from there. More instructions are available in this Technet article.
UPDATE:  This was apparently announced last week and I missed it - I just saw it scroll thru my twitter feed this morning and the above article is dated today so....

Well that's two major security vulnerabilities to start the week.  At least it isn't three. Oh, wait...

Forbes - Update Every Device -- This KRACK Hack Kills Your Wi-Fi Privacy -

What's behind the vulnerability? It affects a core encryption protocol, Wi-Fi Protected Access 2 (WPA2), relied on by most Wi-Fi users to keep their web use hidden and secret from others. More specifically, the KRACK attack sees a hacker trick a victim into reinstalling an already-in-use key. Every key should be unique and not re-usable, but a flaw in WPA2 means a hacker can tweak and replay the "handshakes" carried out between Wi-Fi routers and devices connecting to them; during those handshakes, encryption keys made up of algorithmically-generated, one-time-use random numbers are created. It turns out that in WPA2, it's possible for an attacker to manipulate the handshakes so that the keys can be reused and messages silently intercepted.
...
 As for how widespread the issue was, it appears almost any device that uses Wi-Fi is affected. "The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others are all affected by some variant of the attacks," explained Vanhoef.
You had one job WPA2!  Seriously, this is a signifigant issue but fortunately it's scope is somewhat limited by the need for the attacker to be local.  Make sure to update all your devices - INCLUDING home routers, phones, TVs, game consoles etc.  shit maybe even your toothbrush.  And remember good data hygiene is more than just encryption.  Consider what you are saving and where and whether you need it and when connecting online give a lot of thought to where you are and what data you are passing back and forth.


No comments: