Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2014-03-04 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Triple Handshake Cookie Cutter

Published: 2014-03-04
Last Updated: 2014-03-04 20:42:44 UTC
by Daniel Wesemann (Version: 1)
2 comment(s)

Researches have released a paper describing several vulnerabilities in TLS (Transport Layer Security). Some of the attacks have been known for a while, but the paper combines and explains them nicely, and also adds a couple of really clever new ideas. The tricks rely on cutting sessions off and re-starting them in a way that client and server end up with a different (security) state. The full research is available here https://secure-resumption.com/. The good news is that (a) the main impact is apparently limited to connections that use client-side certificates, which is rare, and (b) the researchers have informed the browser vendors early on, and some browsers and TLS libraries are already patched.

Keywords: Renegotiation TLS
2 comment(s)
ISC StormCast for Tuesday, March 4th 2014 http://isc.sans.edu/podcastdetail.html?id=3875

XPired!

Published: 2014-03-04
Last Updated: 2014-03-04 01:08:10 UTC
by Daniel Wesemann (Version: 1)
9 comment(s)

Yes, Windows XP is about to Xpire. This sunset has been a while in the making, and has even been paused so that the world could admire it a while longer. But now, it really is upon us, on April 8, the earth rotation will stop for a second or three, and then move on.

If you don't know whether you are running Windows XP, you are probably not reading SANS ISC, but for the off chance that you are, Microsoft now have a cute site http://AmIRunningXP.com to tell you. I wonder how many Mac users connect to that site, just to make sure :).

If you are still running XP anywhere, the current MSFT Blog states that users of XP who have "auto-update" turned on will see a *Warning* come March 8. So ... expect grandma to call and ask about the weird pop-up. It was anyway overdue that you talked to her. Kudos to Microsoft for keeping us connected with our family!

Long story short: If you are still on XP, get off it. The mentioned blog is now even offering migration tools, though that "free" offer is somewhat of a trojan: If you want to move applications in addition to your data, it comes with a 23$ price tag. But why anyone would opt to "migrate" applications rather than go for a clean re-install is anyway beyond me .. as is using a "migration tool" black-box without knowing what is actually being migrated.

Here's my XP migration 101:

  1. Determine if your box can run Windows 7 (enough muscle and memory). Yes, I wrote Windows 7. Who wants Windows 8, anyway?
  2. If no, buy a new computer. Not necessarily a PC. Then go to step 8.
  3. If yes, get yourself a new Hard Drive that fits, and a USB drive enclosure for the disk that is currently in the box.
  4. You'll need to buy a new OS. It doesn't come for free. You might find out that you have to buy Windows 8 after all, because Windows 7 supply is artificially shortened. Well, you had it coming. Life punishes he who is late. What were you waiting for? If the price tag of disk+enclosure+OS turns out bigger than buying a new computer, go to step 2.
  5. Install the new HD, and the new OS onto it.
  6. Boot the new OS. It probably won't bluescreen. Reinstall only the ~five applications that you remember using in the past two weeks or so.
  7. Attach the old HD via USB
  8. Manually copy whatever you still need of your data over. Be skimpy, you can always go back to the original disk if something vital is missing.
  9. Enjoy, sort of.

 

9 comment(s)
Diary Archives