Category: Warnings

The paper described how two separate documents could be manipulated to deliver the same SHA-1 hash with a computation of lower complexity level than previously believed possible.

It is a key technical underpinning of Secure Sockets Layer, a private-key technology used broadly to send secure information such as credit card numbers over the Internet. In addition, a handful of chipmakers—including Atmel, Infineon, National Semiconductor and STMicroelectronics– use SHA-1 as the basis for so-called Trusted Platform Modules (TPMs) at the heart of an industry effort to provide a hardware root of trust in PCs and other devices.

Shamir and others said they believe the work of the Chinese trio will probably be proven to be correct based on their academic reputations, although details of the paper are still under review.

It’s extremely important to develop new kinds of hashing algorithms,” said Shamir in the panel session at RSA. “This break of SHA-1 is stunning,” said Ronald Rivest, a professor at MIT who co-developed the RSA algorithm with Shamir.

“This is another reminder that conservatism is needed in the choice of an algorithm,” added Rivest at the panel session.

“They are going to go nuts,” said a technical advisor to the American Bar Association, trying to assess the legal implications of the news.

http://www.eetimes.com/article/printableArticle.jhtml;jsessionid=KXLBKKQ2JSDYIQSNDBCSKHSCJUMEKJVN?articleID=60401254&url_prefix=&sub_taxonomyID=4217

The researchers Tuesday discussed the growing threat posed by kernel rootkits at a session at the RSA Security Conference in San Francisco.

The malicious snooping programs are becoming more common and could soon be used to create a new generation of mass-distributed spyware and worms.

With names like “Hacker Defender,” “FU” and “Vanquish,” the programs are the latest generation of remote system monitoring software that has been around for years, according to Mike Danseglio and Kurt Dillard, both of Microsoft’s Security Solutions Group.

The programs are used by malicious hackers to control, attack or ferret information from systems on which the software has been installed and are typically installed on a machine without the owner’s knowledge, either by a virus or following a successful hack of the computer’s defenses, they said.

Once installed, many rootkits simply run quietly in the background but can easily be spotted by looking for memory processes that are running on the infected system, monitoring outbound communications from the machine, or checking for newly installed programs.

Rootkit authors are also making huge strides in their ability to hide their creations, said Danseglio. The result is that typical signs that a program is running, such as an executable file name, a named process that uses some of the computer’s memory, or configuration settings in the operating system’s registry, are invisible to administrators and to detection tools, said Danseglio.

One rootkit, called Hacker Defender, which was released about one year ago, even uses encryption to protect outbound communications and can piggyback on commonly used ports such as Transmission Control Protocol (TCP) port 135 to communicate with the outside world without interrupting other applications that communicate on that port, he said.

The kernel rootkits are invisible to many detection tools, including anti-virus, host and network intrusion detection sensors (IDS) and anti-spyware products, the researchers said.

One strategy to spot kernel rootkits is to use Windows PE, a stripped-down version of the Windows XP operating system that can be run from a CD-ROM, to boot a computer, then comparing the profile of the clean operating system to the infected system, according to Dillard and Danseglio.

http://www.nwfusion.com/news/2005/0217rsa-mic.html

According to the study of about 200 small- and medium-sized business IT managers, 50 percent of those businesses don’t have a formal procedure in place for backing up enterprise data stored on laptops, Imation said in a statement.

“As the workforce becomes increasingly mobile, more and more ‘mission-critical’ information, such as customer records, sales presentations and company financials, is being stored on laptops putting data at potential risk of loss,” Brent Ashton, Imation’s marketing manager for small and mid-sized businesses said in a statement.

About 40 percent of the companies in the survey have what the vendor called an extensive network of laptop computers, but only half of those companies had formalized backup procedures for those laptops, the survey found.

http://www.mobilepipeline.com/showArticle.jhtml?articleID=57703148

Once logged onto an Evil Twin, sensitive data can be intercepted.

“Users need to be wary of using their wi-fi enabled laptops or other portable devices in order to conduct financial transactions or anything that is of a sensitive or personal nature,” said Professor Brian Collins, head of information systems at Cranfield University. “Users can also protect themselves by ensuring that their wi-fi device has its security measures activated,” he added.

BT Openzone, which operates a vast proportion of public hotspots in the UK, told the BBC News website that it made every effort to make its wi-fi secure.

“This means that users’ personal information and data, logon usernames and passwords are protected and secure,” said Mr Clark.

In the vast majority of cases, base stations straight out of the box from the manufacturers are automatically set up with the least secure mode possible, said Dr Nobles.

Cybercriminals who try to glean personal information using the scam, jam connections to a legitimate base station by sending a stronger signal near to the wireless client. “Cybercriminals don’t have to be that clever to carry out such an attack,” said Dr Phil Nobles, a wireless net and cybercrime expert at Cranfield. “Because wireless networks are based on radio signals they can be easily detected by unauthorised users tuning into the same frequency.”

Although wi-fi is increasing in popularity as more people want to use high-speed net on the move, there have been fears over how secure it is.

http://news.bbc.co.uk/2/hi/technology/4190607.stm

The problem arises because Microsoft programmers did not implement the encryption correctly in its Office applications, Hongjun Wu, a cryptographer at the Institute of Infocomm Research in Singapore, wrote in a paper on the topic.

“A lot of information could be retrieved from those encrypted files,” Wu said in the paper. “If anyone has used the encryption in Microsoft Office…then it is time for him/her to assess the damage that has been caused.”

Microsoft said that it has begun investigating the flaw. “Our early investigation indicates that this issue poses a very low threat for customers,” Microsoft said in a statement sent to CNET News.com. “In some cases, an attacker may be able to read the contents of an encrypted file, if multiple versions of that file are available to the attacker. The attacker would need to have access to two distinct files with the same name that are protected by the same password in order to attempt to exploit the vulnerability.”

In the world of cryptographers, encryption schemes that encode more than one message using the same key are seen as flawed. That’s because a comparison of the information in the encrypted messages can significantly shorten the search for the correct key to unlock the messages.

The Microsoft Office flaw is the latest issue that Microsoft has had with implementing encryption in its products. Security researchers have taken the company to task repeatedly in the past for the weak passwords in previous versions of the Windows operating system. Moreover, the company was at the center of a debate in 1999 on whether the code keys central to Windows NT security were actually secure.

The current issue is almost identical to the weak system key issue in 1999, said Bruce Schneier, chief technology officer of Counterpane Internet Security and author of “Applied Cryptography.” “This is a kindergarten crypto mistake,” Schneier said. “And to make it twice is worse.” Schneier, who wrote about the issue on his blog earlier this week, hammered at Microsoft for not learning from past mistakes. The software maker said that it had not uncovered the newly reported vulnerability in its code reviews, but noted that the flaw appeared similar to a previous flaw.

Microsoft also said it would review the cryptographic code in Office. “Upon completion of this investigation, Microsoft will take the appropriate actions to protect customers, which may include providing a security update through our monthly release process,” the company said.

http://news.com.com/Flaw+found+in+Office+encryption/2100-1002_3-5543940.html?part=rss&tag=5543940&subj=news.1002.5

Of course we now know that the prevalence of computers that would fail because of this error was greatly exaggerated by the media.

Most programs use Coordinated Universal Time (UTC) to work out their dates.

At this time, a machine prone to this bug will show the time Fri Dec 13 20:45:52 1901, hence it is possible that the media will call this The Friday 13th Bug.

http://www.2038bug.com/