HDCP Master Key Leaked

The High-Bandwidth Digital Content Protection (HDCP) key was leaked onto the Internet. This master key can be used to decode encrypted traffic between certified / licensed devices. No encryption means that the content (mostly movies) can be copied, and/or played on non-licensed devices.
A while back, another copy-protection key was leaked. That key was for BluRay (BR+) titles. This HDCP key is the, so-called, mother-load.

Posted on September 20, 2010 by Willem and filed under DRM, Security and tagged Crypto HDCP.

Adobe Coldfusion 8 and 9 Vulnerable to Hijacking

Adobe released a security bulletin regarding the Coldfusion web engine. Upgrade / patch your Coldfusion server if you like to stay in control of your webserver. The patch has been classified as important.

An important vulnerability has been identified in ColdFusion 8.0, 8.0.1, 9.0, 9.0.1 for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure (CVE-2010-2861). Adobe has provided a solution to the reported vulnerability. It is recommended that users update their product installation using the instructions provided above.

The patch/update get be downloaded here.

Posted on August 19, 2010 by Willem and filed under Security, Software and tagged Adobe Coldfusion Patch.

Microsoft Cryptographic Store and Passwords

We've been experimenting with with the use of user certificates for VPN access to the lab. Issuing, and using them isn't the problem. The problem is that there's no way of enforcing a password on the use of the private key. You can use private key protection on the certificate template, but that still doesn't enforce a password requirement. The user still has the option to choosing for the notification instead of a password.

Certificate Template - Request Handling OptionsThere's an option to enforce a password, but that's system wide for the Microsoft Cryptographic Service Provider, and we don't want to enforce passwords for ALL certificates. We just want to enforce passwords for this specific template.

Posted on August 12, 2010 by Willem and filed under Annoying, Microsoft, Security and tagged CSP certificates.

Splunk> Making Sense of Logfiles

My area of expertise in the professional world is Network Security. This includes protecting network from intrusions, but also delivering reports about the network status. For the latter we use SIEM(like) environments like the Cisco CS-MARS and the Juniper STRM.
The 'problem' with these devices is that they are great in reporting incidents and creating awesome reports about everything, but they lack the functionality to do some serious investigating.

I have several customers with a SIEM, and most of them still use (Linux) commandline tools like awk, grep, etc. these tools work, but you need to scrape everything together yourself, and building queries can be quite challenging. This is where Splunk> comes in.

Posted on July 13, 2010 by Willem and filed under Security, Software, Tips'n Tricks and tagged SIEM Splunk logfiles.

SafeSign and Apple OSX Snow Leopard

Last week I got an e-mail from one of the product managers @ AET Europe regarding the availability of SafeSign / Tokenlounge for OSX Snow Leopard.

The content of the e-mail wasn't very encouraging.... It seems that the Snow Leopard of SafeSign / Tokenlounge release is delayed by a bug in the Apple Keychain;

---------
We use systemkeychain -T to create a login keychain (for a new FV user) associated with our token. When trying to unlock this newly created keychain during login with the smartcard, we get prompted with the "unable to unlock login keychain" panel - as you have observed -.
This is basically our main concern, as this was perfectly running under 10.5. Any idea why the system wants to update the login keychain password, prompting the user with that panel???

What we have discovered beside, is that when you click Create New Keychain on that panel, the keychain gets encrypted with the PIN of the smartcard instead of the RSA key, which is a major security issue (Same behavior if you click Update Keychain Password)...
You can easily verify this last issue by removing your smartcard, launching Keychain Access and entering your PIN code to unlock the keychain...

Once again, we didn't have this kind of problems with Leopard.

As long as this issue isn't resolved, there will be no version for Snow Leopard. The (security) risk is just too big.
-------------

So, we need to be patient, and wait till Apple solves this. In the mean time, when you need the SafeSign software for your every day work, you shouldn't upgrade to Snow Leopard.

Check the follow-up on the original SafeSign post for the availability on the Leopard version of SafeSign / Tokenlounge.

Posted on April 22, 2010 by Willem and filed under Annoying, Apple, Security, Software and tagged AET Europe OSX SafeSign Snow Leopard Tokenlounge bug.

Microsoft Haunted by 17-year old 'feature'

It looks like that every Windows version is susceptible to a 17-year old 'feature' that could give hackers access to your computer. The 'feature' exist since Windows v3.51, which dates from the last century (this way it looks even older :-) )

The person (Tavis Ormandy) who discovered this feature did a full disclosere which can be found here. So you'd better start watching your 3.51 Operating Systems (and above).

Posted on January 22, 2010 by Willem and filed under Microsoft, Operating Systems, Security and tagged 17 years Escalation Windows bug fail.

Mobile Phone Communication Codes Cracked

The German scientist Karsten Nohl published his findings this week on the CCC (Chaos Communications Congress) in Berlin. The CCC is an annual hacking convention, which is being held in Berlin, Germany.

Normally, the GSM communication switches frequency regularly, and therefor it's hard to listen in, but if you can crack the frequency switching algorithm..... Which is exactly what Karsten Nohl and his team did.
They cracked the so-called stream-cipher A5/1 which protects the voice conversations, and published details off it on the CCC in Berlin.

Posted on December 29, 2009 by Willem and filed under News, Security and tagged CCC GSM GSMA PGPfone cracked illegal.

Management Through SSH

SSH (Secure Shell) is a secure alternative to the ancient Telnet program/protocol. Telnet (and SSH) allows a user to connect to a remote server, and enables the users to use a command line interface to execute commands (manage the server).

Where Telnet is relatively limited in its functionality, SSH has a bunch of features which enables the user to do much more. The SSH protocol has the possibility to tunnel traffic through an SSH connection (read: tunnel). The big advantage is that everything going through the tunnel is heavily encrypted (which is good).

The tool best known to use SSH is SFTP (FTP over SSH). A secure alternative of the 'old' (in plaintext communicating) File Transfer protocol.

Posted on October 12, 2009 by Willem and filed under Security, Tips'n Tricks and tagged Management OSX bitvise meerkat putty remote secure shell securecrt ssh vandyke.

Apple Favors Own Products, or FileVaults Screws Up

Apple FileVaultSomething everyone would do I guess (the favoring part at least :) ). But Apple is doing this in a very peculiar way. When you run OSX with a ton of third-party applications you won't notice things, since everything runs as it should. But when you're going to use FileVault, things change. A lot....

FileVault is the way Apple secures your data. When turned on the OS creates a sparse iage of your userdata. So everything stored within your user directory is encrypted using AES-128.

The use of FileVault screws up certain system files. One of those is (or several for that matter) is used to store the default applications. Like FireFox for Internet instead of Safari. Every time you reboot your system the default application settings are read.
This weekend I also found out that at least one handy program also disagrees with FileVault. Little Snitch won't properly save it's registration info when you're using FileVault.

You know what the worst thing is? This BUG is present since Panther (OSX 10.3). I wonder if this is going to be fixed in Snow Leopard. To be honest, I doubt it. If they can't figure it out in 4 years, they probably never will.

As a security savvy nerd I want to use FileVault on my MacBook, but the problems with FileVault made me decide to uninstall this feature. Too bad that there are no other real alternatives. Truecrypt (or PGP) is nice, but it can't encrypt your hard disk (from which you boot) or even your user directory. Check Point seems to have software, but there's no way of buying it easily. So it seems that's it's mainly reserved for corporate environments.

UPDATE: w00t... They solved this annoying 'feature' Apple OS X 10.6 a.k.a. Snow Leopard. Way to go Apple. Although it being several OS releases/years too late!!!!

Posted on July 27, 2009 by Willem and filed under Annoying, Apple, Security, Software and tagged Check Point Encryption FileVault Little Snitch PGP Snow Leopard TrueCrypt default.

Juniper NSMXpress 'Fun'

Today was one of those days. First the two NSMXpress appliances failed yesterday (version 2008.2r2). No way of connecting the client gui. The webinterface and SSH connections worked fine though. Picked one up for examination, and since I had some *cough*good*cough* experiences a while back I assumed the latest software had some undocumented bug.

A back to factory defaults (version 2007.3r1) worked fine, but due to certain hardware the 2008 version was needed. So I upgraded the appliance (again) and found (while waiting) that the security certificate, used between the NSM server and the client gui, had expired on Juli 20th, 2009....... So someone forgot to update the certificates in the 2008.2r2 software.
After fixing that, the client gui worked like a charm.

Posted on July 21, 2009 by Willem and filed under Annoying, Hardware, Personal, Security and tagged PKI certificate nsm nsmxpress Juniper.