Rss

    Archives for : rogue

    SSLv3 / TLS Man in the Middle vulnerability

    Recently I have been looking into the vulnerabilities in the TLS negotiation process discovered late last year.

    There are a range of experts debating the exploit methods, tools and how it may be fixed (server or client site or both). From what I have seen so far this may prompt a change to the TLS standard to introduce an extension to the protocol to validate sessions (session hand off and certificate validity).

    www.ietf.org

    isc.sans.org

    www.win.tue.nl/hashclash/rogue-ca/

    www.sslshopper.com/article-ssl-and-tls-renegotiation-vulnerability-discovered.html

    I’m also trying to find some tools which may assist in testing for this. It looks like the exploit relies on an ARP poison or similar and then inserting plain text into the negotiation process.

    Could be something that can be fixed over time as servers and clients are patched.

    DNS Hack Needs Patching – Serious Problem

    This has been kept under wraps by the Operating System and Hardware vendors for the last few weeks and now patches have finally been released for many Operating Systems, DNS software applications and Hardware devices.
    If you provide or rely on DNZ services (external and Internal) you should consider quickly patching your servers/devices.

    Although Internal DNS servers may not be exposed to an Internet attack, we see many more internal attacks within larger organisations which involve rogue server or services being established within the firewalled trusted network. As a result, this lifts the threat level of internal systems/services and therefore the need for effective timely patching.

    Also consider asking the question of your hosting facility, upstream ISP or DNS provider to see if they have patched their DNS servers and forwarders.

    http://www.doxpara.com/?p=1162 This link also has a DNS checker.
    http://afp.google.com/article/ALeqM5hwFqcnWAuDWlcqfvfyHu5PGG9RMQ
    http://www.kb.cert.org/vuls/id/800113

    This is a full list of vendor patch links
    http://www.betanews.com/article/Major_fix_to_DNS_vulnerability_impacts_Windows_Debian/1215551008

    Good Luck