Binnacle • User • The Register Forums

RIP ROP: Intel's cunning plot to kill stack-hopping exploits at CPU level

Friday 10th June 2016 18:16 GMT Binnacle

Re: Silver Bullet

>No it will not.

>Heap overrun exploits.

WRONG

Heap-overrun exploits are written using ROP code. Heap regions are non-executable and ROP the only way to exploit "use-after-free" vulnerabilities.

This feature will close the door on the nastiest technical vector employed in attacking remote systems and may "tip" the state of overall Internet security to a much better place. Obviously people are stupid and this will not change, but various shades of code white-listing is gradually mitigating the unwashed morons who aggressively "click through any and all warnings." So far no lasting Apple-product botnets, right? 2FA and password quality enforcement has already made a significant dent in the stupid-password problem. Costly and embarrassing hacks have shamed dumb companies and their programmers into applying proper salted hashing to stored passwords.

Botnets are the single biggest factor in Internet malevolence and sending them off will end the careers of typical cyber-criminals.

1 0

Friday 10th June 2016 05:42 GMT Binnacle

Silver Bullet

A pleasure if this turns out to be the long awaited silver bullet against malware attack.

Perhaps it deserves the label "Platinum Bullet" considering the engineering effort required to make it happen. A world without botnets, a world with unemployed Russian cyber-criminals, a world where governments can't so easily barge uninvited into everyone's lives--quite a picture.

0 0

Yay! It's International Patch Your Scary OpenSSL Bugs Day!

Thursday 5th May 2016 03:21 GMT Binnacle

READ THE FINE PRINT!!!

Yo! CVE-2016-2108 was fixed in APRIL of LAST YEAR, that is 201*5*

Bunch of illiterates.

0 0

OpenSSL patch quashes rare HTTPS nasty, shores up crypto chops

Friday 29th January 2016 18:04 GMT Binnacle

Must be Joking

OpenSSL should follow the example of CVEs and provide an "impact" rating to go with the "severity" rating. This one qualifies as severity HIGH, impact ZERO.

Took 20 minutes to figure out how to invoke the vulnerable code:

openssl genpkey -genparam -algorithm DSA -out dsap.pem -pkeyopt dsa_paramgen_bits:1024 -outform dh_rfc5114

The number of folks who have employed this are counted on one hand.

0 0

Oracle plugs flaw used in attacks on NATO and the White House

Wednesday 21st October 2015 18:29 GMT Binnacle

yawn

The researcher, in typical fashion, fails to mention

that if one browses primarily with FireFox and

has "click_to_play" enabled in the browser, that

j2launcher.exe is never invoked and the exploit

will fail.

1 0

Wait, what? TrueCrypt 'decrypted' by FBI to nail doc-stealing sysadmin

Wednesday 5th August 2015 00:46 GMT Binnacle

per NSA slide (publicly disclosed)

Impact to production

MAJOR Loss/lack of insight to majority of target communications, presence

OTR, Tor, . . .TrueCrypt

one worse "CATASTROPHIC" category for when multiple techniques are used in combination

2 1

MIT boffins identify Tor hidden services with 88 per cent accuracy

Wednesday 29th July 2015 17:56 GMT Binnacle

the BIG IF -- headlines, lies and statistics

"That means that an adversary who lucked into the position of guard for a computer hosting a hidden service"

Right, so you have to become a HS's guard node and you can correlate it's traffic.

This is not news--correlation attacks are the always-known weakness of all low-latency anonymity routing systems. So it's 88% multiplied by what? 1%? 5%? 10% or maybe 0%? Good HS operators are aware of this issue and take steps to establish/protect/rotate safe entry guards.

But is is news and is interesting that they have found a way to improve the system.

2 0

OpenSSH server open to almost unlimited password-guessing bug

Thursday 23rd July 2015 07:23 GMT Binnacle

no problem for "not stupid"

For the "not stupid" crowd who disable SSH password authentication and rely on certificates, is a non-issue.

Tried the provided command and got exactly one (not 10000)

Permission denied (publickey).

5 3

Java jockeys join Flash fans in the 0-day exploit club

Monday 13th July 2015 15:26 GMT Binnacle

further ignorance

1.7 lives, and anyone with any sense runs the older more stable version

http://java.com/en/download/manual_java7.jsp

Recommended Version 7 Update 79

Release date April 14, 2015

0 0

Apple splats Safari flaw affecting a BEELLION iThings

Wednesday 15th April 2015 03:31 GMT Binnacle

where's the fix for iPhone 4 iOS 7.1.2?

So ancient 3GS phones get a fix, but no fix for merely old iPhone 4's?

0 1

Cisco FREAKs out, starts epic OpenSSL bug-splat

Friday 13th March 2015 14:18 GMT Binnacle

Most unusual. Cisco has posted three or four different "interim" version of ASA firewall 8.4 firmware with successive series of bug fixes--none regression tested. It's a case of "pick your poison". Haven't seen them hustle like this over a vulnerability before. The downgrade attack is a big worry only if one thinks GCHQ, NSA or China is on their tail, in which case the damage was probably done years ago. We'll wait a couple of days and let the dust settle.

2 0

Patch now: Design flaw in Windows security allows hackers to own corporate laptops, PCs

Wednesday 11th February 2015 02:13 GMT Binnacle

not a serious vulnerabality

For ten or more years all decent wifi APs have isolated client stations so they cannot see each other's traffic. Today one would be hard pressed to find even a consumer grade wifi router that does not have client isolation active by default.

And while we've seen a lot of stupid corporate security, I doubt even Sony fails to require encrypted VPN tunnels for remote laptop connectivity.

Also has been ten or more years since anti-ARP-spoofing became standard on corporate switches.

MITM is not so simple these days.

Unless you're the NSA, GCHQ, etc. with limitless resources for mounting multilayered attacks (e.g. hacking Cisco switches, building black boxes to circumvent wifi isolation, etc), this weakness was not of much use.

3 5

Trouble comes in threes: Yet ANOTHER Flash 0-day vuln patch looming

Monday 2nd February 2015 22:40 GMT Binnacle

Re: uninstall it -and hope chrome keeps up to date

I once ran Chrome in lieu of IE when Firefox had trouble rendering a site, but lately have not required it. For Chrome users who loath Flash despite the PepperFlash sandbox, it can be disabled in the "about:plugins" or "chrome://plugins" page.

0 0

Monday 2nd February 2015 22:27 GMT Binnacle

Re: uninstall it -and hope chrome keeps up to date

Chrome has a superior "PepperFlash" sandbox (Google strong-armed Adobe into supporting it) that has prevented the recent 0-days from breaking out of the browser process. Worst case is a temporary infection of a padded cell with no access to anything. An occasional browser restart will vanish any that might get so far.

Flash is integrated into IE 10 and IE 11 (where M$'s lame sandbox has prevented nothing). Search on "group policy disable flash" for a procedure that absolutely prevents Flash from running in IE. I prefer simply setting "Deny all add-ons unless specifically allowed. . ."

0 0

Monday 2nd February 2015 18:36 GMT Binnacle

Flash be gone!

After the last two 0-days, I read with joy that

YouTube has tipped the balance away from

Flash and to HTML5. Installed Firefox 36 beta,

*uninstalled* Flash from *every* system, and

disabled IE-bundled Flash in the group policy

for good measure.

Time for everyone to uninstall this vermin

infested corpse!

13 1

Snowden SLAMS iPhone, claims 'special software' tracks users

Thursday 22nd January 2015 05:37 GMT Binnacle

documented undocumented backdoor APIs

Snowden is correct, as security researcher Jonathan Zdziarski revealed last summer:

http://www.zdziarski.com/blog/?p=3441

http://www.zdziarski.com/blog/?m=201407

The backdoor APIs require installation of a RAT for actual exploitation, but of course the NSA and various LEAs have either their own or commercially provided tools of this nature. Physical access to the target phone or social engineering of the device's owner is presumably required to install the tools, but (esp w/r/t the NSA) you can never be certain.

Perhaps with iOS 8 the APIs have been removed or--due to comprehensive encryption--rendered ineffective. The FBI has squealed like a stuck-pig over it, so it could be the case.

14 0

EFF: VPNs will crumble Verizon's creepy supercookie stalkers

Friday 7th November 2014 08:51 GMT Binnacle

do-not-track possibly solves the issue

I've had the "do not track" setting active on my iPhone since it was introduced. Three different UIDH sites show no evidence of the header when my phone accesses them via the Verizon data network, so perhaps Verizon observes this header and suppresses their perma-cookie header. Either that or the UIDH header is not injected for 3G-only phones, which is what I have.

0 0

iMessage SPAM floods US mobile networks

Friday 24th October 2014 17:40 GMT Binnacle

ancient news

Got hit with this back in July and reported the spam via Apple's email reporting channel. Hopefully Apple has mitigated iMessage spam for the future (rarely do they acknowledge taking such actions) as the service is otherwise excellent.

2 1

Microsoft hacks out new EMET, spits out Adobe Flash

Monday 4th August 2014 21:23 GMT Binnacle

EMET 5.0 appears to work with XP

Installed it and it seems just fine. Uninstalled 4.1 beforehand.

Since XP Embedded is still under support and some customers are paying for past-EOL support on desktop XP, it would be surprising if it did not.

But don't expect MS to take the call if you encounter a problem.

0 0

Cisco patches OSPF bug that sends traffic into black holes

Monday 4th August 2014 08:40 GMT Binnacle

fixed for one year

Fixed versions of firmware starting appearing 12 or more months ago.

Most shops will already have the vulnerability patched.

0 0

32,000 motherboards spit passwords in CLEARTEXT!

Tuesday 24th June 2014 08:31 GMT Binnacle

no fix for H8DG6-F

SM has not posted a revised firmware for their H8DG6-F mainboard. Is vulnerable.

0 0

BB10's 'dated' crypto lets snoops squeeze the juice from your BlackBerry – researcher

Thursday 13th March 2014 02:57 GMT Binnacle

conservative

One must remember that RIM takes an extremely conservative approach to crypto--by design. Their primary customers are now governments that require this. For example FIPS is dated and some of the ciphers compromised, but the overall FIPS approach and framework is highly secure and that's what the customer demands.

BEAST is for the most-part mitigated on the server side by all significant web sites. The case against RC4 is far from convincing, as the very-pointy-headed folks at Google have discerned--Google continues to prefer it.

http://googleonlinesecurity.blogspot.com/2013/11/a-roster-of-tls-cipher-suites-weaknesses.html

"Better the devil you know than the one you don't" as the saying goes. No doubt the latest EC crypto is great stuff, but it's still relatively young and not enough rocks have been thrown yet for utter confidence.

1 1

HP offers $150,000 for 'exploit unicorn' in Pwn2Own hacker competition

Monday 3rd February 2014 09:53 GMT Binnacle

HP must be joking. Who in their right mind would reveal an exploit that bypasses EMET and Win8 for a lousy 150k? Should pull $500k from the NSA or GCHQ via the grey market. Possibly much more. Perfectly legal cash and enough to, after taxes, buy a decent house, provide an adequate retirement or a purchase new Ferrari to crash shortly thereafter.

1 0

Topics

Special Features

Vendor Voice

Resources

Posts by Binnacle

Re: Silver Bullet

Silver Bullet

READ THE FINE PRINT!!!

Must be Joking

yawn

per NSA slide (publicly disclosed)

the BIG IF -- headlines, lies and statistics

no problem for "not stupid"

further ignorance

where's the fix for iPhone 4 iOS 7.1.2?

not a serious vulnerabality

Re: uninstall it -and hope chrome keeps up to date

Re: uninstall it -and hope chrome keeps up to date

Flash be gone!

documented undocumented backdoor APIs

do-not-track possibly solves the issue

ancient news

EMET 5.0 appears to work with XP

fixed for one year

no fix for H8DG6-F

conservative

About Us

Our Websites

Your Privacy