Information Security all in one place!

Exploit

Cisco Security Advisory: Cisco Small Business SRP 500 Series


Cisco Releases Security Advisory for Cisco Small Business SRP 500 Series

Cisco Small Business (SRP 500) Series Services Ready Platforms contain the following three vulnerabilities:

* Cisco SRP 500 Series Web Interface Command Injection
Vulnerability
* Cisco SRP 500 Series Unauthenticated Configuration Upload
Vulnerability
* Cisco SRP 500 Series Directory Traversal Vulnerability

These vulnerabilities can be exploited using sessions to the Services Ready Platform Configuration Utility web interface. These vulnerabilities could be exploited from the local LAN side of the SRP
device by default configuration and the WAN side of the SRP device if remote management is enabled.  Remote management is disabled by default.

Cisco has released free software updates that address these vulnerabilities.

Workarounds that mitigate these vulnerabilities are available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500

The following Cisco SRP 520 Series models are affected if running firmware prior to version 1.1.26:

 * Cisco SRP 521W
 * Cisco SRP 526W
 * Cisco SRP 527W

The following Cisco SRP 520W-U Series models are affected if running firmware prior to version 1.2.4:

 * Cisco SRP 521W-U
 * Cisco SRP 526W-U
 * Cisco SRP 527W-U

The following Cisco SRP 540 Series models are affected if running firmware prior to version 1.2.4:

 * Cisco SRP 541W
 * Cisco SRP 546W
 * Cisco SRP 547W

To view the firmware version on a device, log in to the Services Ready Platform Configuration Utility and navigate to the Status > Router page to view information about the Cisco SRP Series device and its firmware status.  The Firmware Version field indicates the current running version of firmware on the Cisco SRP 500 Series device.

More information regarding these vulnerabilities:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

The latest Cisco SRP 500 Series Services Ready Platforms firmware can

be downloaded at:
http://www.cisco.com/cisco/software/navigator.html?mdfid=282736194&i=rm

Advertisements

Updated: RSA Keys – Lack Randomness


RSA responds to recent key analysis:

A first-rate encryption algorithm is much like the tools and personnel found in the kitchen of a tony restaurant. Regardless of the skills of the chef and staff and the quality of the cookware found in the kitchen, patrons won’t savor a gourmet feast if unsavory ingredients are used. The same is true with public-key cryptography.

That’s the gist of the argument from security maker RSA to research revealed earlier this week that suggests a flaw exists in the RSA algorithm used for public-key cryptography [see When 99.8% Security May Not Be Sufficient].

Read more here: RSA fires Back

—————————————————————————————————————————————————-

Original Post:

A team of cryptographic experts has analysed more than 10 million public keys and discovered serious problems in some of the X509 certificates it collected. This is because some keys were far less random than they should have been – more than 12,000 were easily crackable.

Of the 6,185,372 X.509 certificates analysed, the researchers found 266,729 public keys in which moduli were reused. The modulus is the core component of a public key – if it is the same, then the secret key matches. In one extreme case, the same modulus was found 16,489 times. This means that each of the owners of the 16,489 certificates could spoof or spy on each of the other 16,488. The researchers note that it is not unusual to recycle keys when, for example, extending a certificate, but a significant number of these keys belong to entirely independent owners.

The researchers then went one step further and determined the greatest common divisor (GCD) of the moduli collected using the Euclidian algorithm. This is a lot of work, as it requires each modulus to be combined with each of the other moduli, but possible, and if two moduli with a GCD greater than one are found, they are both effectively cracked, since the prime number factoring problem which underlies RSA encryptionis then essentially solved. The researchers were able to find such GCDs with 12,720 of their (1024-bit) RSA keys. Where possible, the researchers have notified the owners of the affected keys.

English: An RSA SecurID SID800 token with USB ...

Image via Wikipedia

Interestingly, this problem was not found when the team analysed 5 million OpenPGP keys. Marcus Brinkmann of g10 Code (the company behind GnuPG) has told The H’s associates at heise Security that the few redundant OpenPGP keys appear to be being deliberately recycled. Alternative cryptographic algorithms based on the Diffie-Hellman protocol, such as (EC)DSA and ElGamal, are not affected by this issue – hence the paper’s title Ron was wrong, Whit is rightPDF. This refers to Ron Rivest, the R in RSA, which displaced the key exchange protocol developed by Whitfield Diffie and Martin Hellman.

Both the moduli and the prime factors used during key generation should be randomly selected so that they are not duplicated. If this is occurring with this level of frequency, it indicates that there is a problem in the way the random numbers are being generated, as explained in The H Security article on the OpenSSL fiasco at Debian, “Good numbers, bad numbers“.

According to Nadia Heninger, who has been carrying out similar research, the poor quality prime factors are probably being generated by routers, VPN gateways and other embedded devices which use OpenSSL without having an adequate source of random numbers for key generation. This means that the risk posed by these redundant keys is significantly less than it might otherwise be, with Heninger reassuring her readers that “the key for your bank’s web site is probably safe”. Nonetheless, the significance of this research should not be underestimated. “This paper makes a significant contribution to quality control of actual security of cryptographic implementations,” suggests GPG developer Brinkmann. The researchers’ work would, for example, have detected the Debian OpenSSL problem.

Related articles

Android: Malware Magnet


In the last seven months of 2011, malware targeting the Android platform jumped 3,325 percent!

According to Juniper Networks‘ Mobile Threat Report, malware targeting the Android OS grew by 3,325 percent in the last seven months of 2011.

“Android malware accounted for about 46.7 percent of unique malware samples that targeted mobile platforms, followed by 41 percent for Java Mobile Edition,” writes eWeek’s Fahmida Y. Rashid.

Android System architecture

Android System Architecture

“The explosion in Android malware is a direct result of the platform’s diverse and open marketplace where developers are free to post their apps as well as growing market share, according to Juniper,” Rashid writes. “Google‘s market share in the mobile space, at 46.9 percent, is statistically the same as the proportion of Android malware detected by Juniper.”

 

Read More: 2011 Android Report: Malware

 

 

 


RSA Keys – Lack Randomness


A team of cryptographic experts has analysed more than 10 million public keys and discovered serious problems in some of the X509 certificates it collected. This is because some keys were far less random than they should have been – more than 12,000 were easily crackable.

Of the 6,185,372 X.509 certificates analysed, the researchers found 266,729 public keys in which moduli were reused. The modulus is the core component of a public key – if it is the same, then the secret key matches. In one extreme case, the same modulus was found 16,489 times. This means that each of the owners of the 16,489 certificates could spoof or spy on each of the other 16,488. The researchers note that it is not unusual to recycle keys when, for example, extending a certificate, but a significant number of these keys belong to entirely independent owners.

The researchers then went one step further and determined the greatest common divisor (GCD) of the moduli collected using the Euclidian algorithm. This is a lot of work, as it requires each modulus to be combined with each of the other moduli, but possible, and if two moduli with a GCD greater than one are found, they are both effectively cracked, since the prime number factoring problem which underlies RSA encryptionis then essentially solved. The researchers were able to find such GCDs with 12,720 of their (1024-bit) RSA keys. Where possible, the researchers have notified the owners of the affected keys.

English: An RSA SecurID SID800 token with USB ...

Image via Wikipedia

Interestingly, this problem was not found when the team analysed 5 million OpenPGP keys. Marcus Brinkmann of g10 Code (the company behind GnuPG) has told The H’s associates at heise Security that the few redundant OpenPGP keys appear to be being deliberately recycled. Alternative cryptographic algorithms based on the Diffie-Hellman protocol, such as (EC)DSA and ElGamal, are not affected by this issue – hence the paper’s title Ron was wrong, Whit is rightPDF. This refers to Ron Rivest, the R in RSA, which displaced the key exchange protocol developed by Whitfield Diffie and Martin Hellman.

Both the moduli and the prime factors used during key generation should be randomly selected so that they are not duplicated. If this is occurring with this level of frequency, it indicates that there is a problem in the way the random numbers are being generated, as explained in The H Security article on the OpenSSL fiasco at Debian, “Good numbers, bad numbers“.

According to Nadia Heninger, who has been carrying out similar research, the poor quality prime factors are probably being generated by routers, VPN gateways and other embedded devices which use OpenSSL without having an adequate source of random numbers for key generation. This means that the risk posed by these redundant keys is significantly less than it might otherwise be, with Heninger reassuring her readers that “the key for your bank’s web site is probably safe”. Nonetheless, the significance of this research should not be underestimated. “This paper makes a significant contribution to quality control of actual security of cryptographic implementations,” suggests GPG developer Brinkmann. The researchers’ work would, for example, have detected the Debian OpenSSL problem.

Related articles

5 Steps for analyzing your WLAN


Assessing Your Wireless Network Security

Wireless network penetration testing—using tools and processes to scan the network environment for vulnerabilities—helps refine an enterprise’s security policy, identify vulnerabilities, and ensure that the security implementation actually provides the protection that the enterprise requires and expects. Regularly performing penetration tests helps enterprises uncover WLAN network security weaknesses that can lead to data or equipment being compromised or
destroyed by exploits (attacks on a network, usually by “exploiting” a vulnerability of the system),Trojans (viruses), denial of service attacks, and other intrusions.

Here is a great article I was reading on Cisco blogs and found it useful to post. Enjoy!

5 Steps for Assessing Your Wireless Network Security

Sampa Choudhuri – Network security is a never-ending task; it requires ongoing vigilance. Securing your wireless network can be particularly tricky because unauthorized users can quietly sneak onto your network, unseen and possibly undetected. To keep your WLAN secure, it’s important to stay on top of new wireless vulnerabilities. By regularly performing a vulnerability assessment on your wireless network, you can identify and close any security holes before a hacker can slip through them.

With a WLAN vulnerability assessment, you’re figuring out what your wireless network looks like to the outside world on the Internet. Is there an easy way in to your network? Can unauthorized devices attach themselves to your network? A WLAN vulnerability assessment can answer these questions—and more.

Teaser:

1. Discover wireless devices on your network. You need to know everything about each wireless device that accesses your network, including wireless routers and wireless access points(WAPs) as well as laptops and other mobile devices. The scanner will look for active traffic in both the 2.4GHz and 5GHz bands of your 802.11n wireless network. Then, document all the data you collect from the scanner about the wireless devices on your network, including each device’s location and owner.

English: A Linksys wireless-G router.

2. Hunt down rogue devices. Rogue devices are wireless devices, such as an access point, that should not be on your network. They should be considered dangerous to your network security and dealt with right away. Take your list of devices from the previous step and compare it to your known inventory of devices. Any equipment you don’t recognize should be blocked from network access immediately. Use the vulnerability scanner to also check for activity on any wireless bands or channels you don’t usually use.

Read the 5 Steps here:

http://blogs.cisco.com/smallbusiness/5-steps-for-assessing-your-wireless-network-security/


Cisco Security Advisory: Cisco NX-OS


Cisco Releases Security Advisory for Cisco NX-OS

Release date: February 15, 2012  

Cisco has released a security advisory to address a vulnerability in the following Cisco NX-OS Software Series:

  •  Cisco Nexus 1000v Series Switches
    Cisco Systems Logo
  •  Cisco Nexus 5000 Series Switches
  •  Cisco Nexus 7000 Series Switches

 Exploitation of this vulnerability may allow an attacker to cause a denial-of-service condition.

Administrators are encouraged to review Cisco Security Advisory cisco-sa-20120215 and apply any necessary updates or workarounds to help mitigate the risk.

More Info can be found here:
<http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
sa-20120215-nxos
>



Researchers Warn:Trojan evolving through ‘open source’ development


Trojan malware evolving swiftly as hackers customise code according to their needs

 

Source: http://www.computerworld.com/s/article/9224112/Citadel_banking_malware_is_evolving_and_spreading_rapidly_researchers_warn

 Citadel banking Trojan evolving through ‘open source’ development

Citadel, a computer Trojan that targets online banking users, is evolving and spreading rapidly because its creators have adopted an “open source” development model, according to researchers from cyberthreat management firm Seculert. The new piece of malware is based on ZeuS, one of the oldest and most popular online banking Trojans. ZeuS was abandoned by its creator in late 2010 and its source codeleaked online a few months later.

English: I constructed this image using :image...

“Seculert’s Research Lab discovered the first indication of a Citadel botnet on December 17th, 2011,” the security company claimed. “The level of adoption and development of Citadel is rapidly growing.”

Seculert has identified over 20 botnets that use different versions of this Trojan. “Each version added new modules and features, some of which were submitted by the Citadel customers themselves,” the company said.

The most interesting aspect of Citadel is its development process, which is similar to the ones behind community-supported open source projects. “Similar to legitimate software companies, the Citadel authors provide their customers with a User Manual, Release Notes and a License Agreement,” Seculert said.