Videos of IDF Nominees in "Excellence in Visual Art"

Subscribe to the RSS feed in case you are interested in updates

The Independant Games Festival is taking place right now, the Indie games [1] below have been nominated in the category "Excellence in Visual Art" :

New Paper: SSL/TLS Hardening and Compatibility report 2010

Subscribe to the RSS feed in case you are interested in updates

Copied from the post over at G-SEC:
At last. What started as an "I need an overview of best practise in SSL/TLS configuration" type of idea, ended in a 3 month code, reverse engineer and writing effort. I really hope this comes in handy for you and was worth the effort. This is the "Release candidate" version of the paper, should no errors be found it will be the final version.

This paper aims at answering the following questions :

• What SSL/TLS configuration is state of the art and considered secure (enough) for the next years?
• What SSL/TLS ciphers do modern browsers support ?
• What SSL/TLS settings do server and common SSL providers support ? 
• What are the cipher suites offering most compatibility and security ?
• Should we really disable SSLv2 ? What about legacy browsers ?
• How long does RSA still stand a chance ?
• What are the recommended hashes,ciphers for the next years to come

The paper includes two tools :

• SSL Audit (alpha) :  SSL scanner scanning remote hosts for SSL/TLS support (Video)
• Harden SSL/TLS (beta) : Windows server and client SSL/TLS hardening tool (Video)

Without further ado here is the complete package

PS: In order to know whether this type of publication is useful to some and whether I should spend time on such publications in the future, I would appreciate a heads-up if you find this to be interesting. Thierry

SSL/TLS Audit - New tool

Subscribe to the RSS feed in case you are interested in updates

Developed as part of G-SEC's investigation into the "Secure SSL/TLS configuration Report 2010" (to be published) we developed this little tool called SSL Audit. (More to follow in the next days - stay tuned).

SSL Audit scans web servers for SSL support, unlike other tools it is not limited to ciphers supported by SSL engines such as OpenSSL or NSS and can detect all known cipher suites over all SSL and TLS versions.

Apart from scanning available ciphersuites it has an interesting tidbit : The Fingerprint mode (Experimental). Included is an experimental fingerprint engine that tries to determine the SSL Engine used server side. It does so by sending normal and malformed SSL packets that can be interpreted in different ways.

SSL Audit is able to fingerprint :

· IIS7.5 (Schannel)

· IIS7.0 (Schannel)

· IIS 6.0 (Schannel)

· Apache (Openssl)

· Apache (NSS)

· Certicom

· RSA BSAFE

Download available on the product page

TLS / SSLv3 renegotiation vulnerability explained - NEW update

Subscribe to the RSS feed in case you are interested in updates

I updated the whitepaper "TLS / SSLv3 vulnerability explained" :

Updated 18.11.2009 : Added SMTP over TLS attack scenario, added s_client testcase
Updated 30.11.2009 : Added FTPS analysis, new attacks against HTTPS (injecting responses and downgrading to HTTP)  

Download : http://clicky.me/tlsvuln

New SSLv3 / TLS vulnerability - MITM attacks possible

Subscribe to the RSS feed in case you are interested in updates

In order to allow me to update in a more convenient manner, the latest updates will be added to the G-SEC blog only. Once the final revision of this blog post will be achieved I will update this blog with the latest one.

---

• Updated 17:50 GMT+1 / 05.2009 - added Mitigation / Impact 
• Updated 16:40 GMT+1 / 06.2009 - added IETF draft 
• Updated 14:35 GMT+1 / 07.2009 - added SSLTLS Test Tool 
• Updated 16:34 GMT+1 / 07.2009 - added OpenSSL patch 
• Updated 13:00 GMT+1 / 09.2009 - added GNUTLS patch 
• Updated 19:40 GMT+1 / 09.2009 - added Mikestoolbox.net testing TLS renegotiation support 
• Updated 21:29 GMT+1 / 09.2009 - added Apache patch, Mozilla Bug ID, Redhat Bug ID, Mozilla patch disabling tls renegotiation, Tomcat mitigation 
• Updated 21:00 GMT+1 / 12.2009 - added a whitepaper trying to explain the vulnerability and it's implications to a broader audience

After some in-house tests, we can confirm that the vulnerability presented at http://www.extendedsubset.com/ indeed real and should pose a significant threat to most. The vulnerability has been discovered by "Marsh Ray".

We are currently looking into possible mitigations and will update this blog post regularly with more information regarding said vulnerability - if available.

Details

• G-SEC Whitepaper (DRAFT) about the renegotiation vulnerability
  
• Protocol and attack flow graph (Author: Marsh Ray)
  
• White paper about the attack (Author: Marsh Ray)
• Network data captures (Author: Marsh Ray)
• Explanation by Ivan Ristic
• IETF Draft
• SSLTLS Test tool (Leviathan Security)
• Mikestoolbox.net - Test client implementation for TLS renegotiation extension

Patches

• OpenSSL 0.9.81 ( Attention: OpenSSL removed the TLS/SSL renegotiation feature from this package - you need to test application before/after updating to this version ) (via ISC)
• GnuTLS patch (implements a new TLS extension proposed in the IETF Draft) (via SID)
• Apache patch (patches renogtiation prefix attacks at the application layer, still need openssl fixes for other attacks)

Impacts :

Currently known to exist

• In general an attacker positioned in the middle of a connection may inject arbritary content into the beginning of an authenticated strea, it will be interesting to see what potential impact this vulnerability has within each of the applications / protocols supporting it. IMAPS, FTPSSL, POP3 etc
• For web servers - Attackers (if in the middle) can inject data into a segment that is authenticated to the web server, the web server will merge those requests and process them. (GET requests are trivially exploitable, POST are not known to be)
  

Mitigations :

• Monitor renegotiation requests
• To mitigate possible attacks against web applications - use an IPS/IDS/Application firewall to catch recurrent HTTP request that are enclosed within each other

Computer Associates multiple products - RCE

Subscribe to the RSS feed in case you are interested in updates

I released another advisory today, the affected products are from Computer Associates who I'd like to thank for the cooperation and feedback.

I published the advisory @G-SEC

Derren Brown guessed the lottery numbers - afterwards

Subscribe to the RSS feed in case you are interested in updates

Derren Brown, the NLP master and magician  "predicted" the Lotterie numbers Live on TV and promised to tell on Friday how he did it - well he didn't really. The explanations on Friday is obviously not very convincing. He claimed to have used the phenomenon called "Crowd wisdom" whereas a group of poeple, taking the average often guess correctly. Right.

Daren Brown predicting the Lottery




The "ball" that gave it away
<


Simulation of the trick



Real NLP trickery

• Sublimal advertising
• Paying with plain paper
• BMX
• More Derren Brown

You get what you pay for

Subscribe to the RSS feed in case you are interested in updates

On a more non-technical note, I stumbled across this offer from a "renowed luxemburgish recruitment agency." I am not sure what part of this job opening is the worst, that they actually publish such a bad written job opening or that the candidates will be judged by the person that wrote this opening. Apparently they are being paid to do so.

Disclaimer: The text has been shortened but not edited.

Did you get the "our aim is to keep the highest standards in terms of quality" - They sure succeeded with this job posting.

Original: http://www.iitjobs.com/candidates/ShowJobDetails.aspx?jid=137014

IIS 5&6 FTP vulnerability - information and tools (KB975191)

Subscribe to the RSS feed in case you are interested in updates

I wrote a small summary and facts about the recent IIS5&6 FTP 0day, note that te vulnerable part of the code can be reached without writing to a directory on IIS6 but that Stackcookies make exploitation impossible/unlikely.

More information :
http://blog.g-sec.lu/2009/09/iis-5-iis-6-ftp-vulnerability.html

New advances in Office malware analysis

Subscribe to the RSS feed in case you are interested in updates

http://blog.g-sec.lu/2009/07/new-advances-in-officeexcelpowerpoint.html

Dear Anti virus vendors,
Your clients are getting compromised this very minute, instead of spending your time to please gamers (??) how about you spend 0,001% of your budget to implement generic methods of detection, especially for gateways.