Nicely timed to drop on the final day of Windows 7 support, Windows 10 received a fix to an extremely serious flaw in crypt32.dll
. This flaw was reported by the good guys at the NSA. (We know it was the good guys, because they reported it rather than used it to spy on us.) It’s really bad. If you’re running Windows 10, go grab the update now. OK, you’re updated? Good, let’s talk about it now.
CVE-2020-0601 pic.twitter.com/8tJsJqvnHj
— Saleem Rashid (@saleemrash1d) January 15, 2020
The flaw applies to X.509 keys that use elliptic curve cryptography. We’ve discussed ECC in the past, but let’s review. Public key encryption is based on the idea that some calculations are very easy to perform and verify, but extremely difficult to calculate the reverse operation.
The historic calculation is multiplying large primes, as it’s unreasonably difficult to factorize that result by a conventional computer. A true quantum computer with enough qubits will theoretically be able to factorize those numbers much quicker than a classical computer, so the crypto community has been searching for a replacement for years. The elliptic curve is the solution that has become the most popular. An agreed-upon curve and initial vector are all that is needed to perform the ECC calculation.
There are potential weaknesses in ECC. One such weakness is that not all curves are created equal. A well constructed curve results in good cryptography, but there are weak curves that result in breakable encryption.
With that foundation laid, the flaw itself is relatively easy to understand. An X.509 certificate can define its own curve. The Windows 10 implementation doesn’t properly check the curve that is specified. A malicious curve is specified that is similar to the expected curve — similar enough that the checks in crypt32
don’t catch it.
Paypal Password Bug
Imagine this scenario. You get an email, click a link, and immediately realize that this isn’t the page you thought it was. Close that tab, and all is well, right? You didn’t actually fall for the fishing scam. Well, [Alex Birsan] has bad news, in the form of a clever attack based off a Cross-Site Script Inclusion (XSSI) vulnerability in the Paypal login flow.
XSSI is similar to its other cross-site scripting brethren, but rather than running malicious code on a target web page, it runs a script from another web service on a malicious web page. It’s pretty common to include a JavaScript script from a different domain. The difference here is that not all JS scripts are intended to be included in other pages. Paypal had such a script. Visiting a malicious web page could load that script in your browser, and if you’ve ever logged in to Paypal, it would contain a set of valid session keys. The attacker could make a few password attempts using those credentials, which triggered a CAPTCHA request.
That CAPTCHA request is important. When the CAPTCHA form is filled, it launched a self-submitting form that contained the plain text username and password. Yikes! Once a user logged back in to Paypal, that CAPTCHA page could be run again, with the stolen session key, and the username and password easily recovered by the attacker. Thankfully, [Alex] disclosed the vulnerability to Paypal, who fixed it and paid him a nice tidy sum for his work.
Intel GPU Vulnerability
Brought to us by Phoronix, Intel is in the process of mitigating a problem in their integrated GPU cores. Even in Intel’s disclosure, there isn’t a whole lot of detail, but it seems to be another information leak in the same vein as Meltdown and Spectre.
The solution, at least in the Linux kernel, is to reset the iGPU between context switches. On 7th generation processors in particular, the performance hit to GPU is pretty severe. Considering the less than stellar video performance of those chips, losing 50% performance to this mitigation is quite the blow.
Cablehaunt
Use a cable modem? There’s a decent chance it has a Broadcom chip in it, and is vulnerable to Cablehaunt. A group of researchers found a way to download the current modem settings, which started a hunt for vulnerabilities. They found a spectrum analyzer page that responds to JSON requests. Naturally, the JSON parser isn’t written defensively. A long enough value in a request overflows the buffer, and the processor and microkernel that system runs doesn’t have any modern mitigation. Getting from access to the open port to malicious modification is a nearly trivial task. Check out the page for more details, as well as instructions for how to test your modem.
Cisco Again
At this point, if you have any Cisco equipment you can put your hands on, unplug it now before the long weekend of patching that you have ahead of you. [Steven Seeley] did an audit of the Cisco Data Center Network Manager. While he found multiple security problems, the glaring issue is a hardcoded authentication key. Yes, another Cisco product had a backdoor left in a production unit. There are deserialization bugs, SQL injection vulnerabilities, and plenty more to wade through, so go check it out if you want the gritty details.
They reported it because they know they don’t have a monopoly on the exploit.
Putting it in the public domain not only pushes it to be fixed but it also makes it clear to other organisations they also have that ability. It’s effectively the cyber warfare version of mutually assured destruction. It’s the transparent hardware backdoors you’ve got to worry about.
Huh. Your right that’s probably why they released that exploit.
The NSA is a two-headed beast: one part is responsible for securing the US’s cybers, and the other half aims to cyber the rest of the world, and Americans when “necessary”.
The problem, of course, is that they can’t be trusted on the former because of the latter, which is a great disservice to the folks in the NSA working on the “good” side, IMO. But reporting vulnerabilities like this _is_ their job.
It should have been split in two in the 1990s when this conflict became apparent. No president has yet had the will to do something like that, though.
I feel at this rate that Cisco is becoming the Adobe Flash of the networking hardware world.
This is why I NEVER click on a link in my email. If I have to go to PayPal or anywhere else I delete the email & close the email ap and get there in my usual manner.
I do not believe a word of anything you just typed. It would take you hours to do anything these days. Even then you still wouldn’t be protected if you rtfa. These days even virtual machines in a so called sandboxed environment can be tunneled to host machine. I use this to hose the Windows Error Support spoofers in Asia.
The article confuses elliptic-curve cryptography with post-quantum cryptography. Elliptic-curve cryptography would be vulnerable if a working quantum computer ever existed, because of Shor’s algorithm, which has sparked lots of current “post quantum” crypto schemes that do not rely on the discrete logarithm problem (e.g. for elliptic curves).
Shor’s Algorithm allows a quantum computer to factorize a large number into prime factors very quickly. Elliptic curve cryptography does not rely on multiplication of large primes. Elliptic curve cryptography *is* the post quantum crypto scheme.
The story here is that Microsoft’s implementation included a dumb mistake, that allows an attacker to spoof a certificate to any site, and Windows 10 thinks it’s legit.
> Elliptic curve cryptography *is* the post quantum crypto scheme.
A quick read of the Wikipedia entry suggests otherwise:
https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks
IIUC, elliptic curve crypto _can_ be quantum-resistant, but is not necessarily so.
On closer read, the quantum resistance only applies to a particular form of elliptic curve Diffie-Hellman (https://en.wikipedia.org/wiki/Supersingular_isogeny_key_exchange).
Normal EC cryptography appears _more_ vulnerable to quantum attacks than RSA, requiring fewer qubits to crack.
does anyone know if cablehaunt effects pace and the cable modems you rent from the cable co?
does the crypt32.dll flaw only effect the ssl used by https on web browsers so the connections that are made by the other programs is safe?
The crypt32 flaw from what I have seen would also allow someone that controls your internet connection routing to fake being Window’s Update servers and deliver fake updates if your computer requested them while your connection was rerouted. Really anything that is using Window’s libraries (lots of things) is going to be vulnerable.
As for cable modems, the ones you rent are generally not any different that what is available for rent, and broadcom seems to be one of the more popular chipsets, so I would say there is a good chance.
Whew! Good thing Windows 7 is no longer being updated. Thanks Microsoft.
Windows 7 doesn’t support ECC, so it wasn’t broken by this particular bug.
“…flaw was reported by the good guys at the NSA.”
What, both of them? Are you sure?
Probably went like: Crypt-analyst: “Hah, seems China finally stumbled on that old crypt32 trick.” CO: “Write a report up in 5th grade English then so even Bills boys know how to patch it.”
Hehehe, that’s probably exactly how it went.
For the past month or so, I’ve been using an old laptop to play Internet radio.
Yesterday, I discovered that it is running Vistta.