Juliano Rizzo and Thai Duong presented a new attack on Transport Layer Security (TLS) at the Ekoparty security conference in Buenos Aires, Argentina. This presentation has received a lot of media attention and also has caused a lot of confusion, especially since all the details were unknown. The researchers named their proof-of-concept tool “Browser Exploit Against SSL/TLS” (BEAST) and are suggesting that it can decrypt secure cookies in minutes. The protocol deficiency they are highlighting is a problem that is due to the way that block ciphers are used in SSL/TLS.
I was disheartened to read about the 22 September arrest of alleged LulzSec/Anonymous member Cody Kretsinger (known by the handle ‘recursion’) by the FBI as a suspect in the SQL injection attacks on multiple Sony websites. Note that I was not sad to see the good guys bust a cybercriminal, but I was sad to see a nice guy I had met and talked to briefly at BlackHat Las Vegas 2011 turn out to be a suspect wanted by the FBI.
One of the things we at Cisco try to do is reach out to those studying infosec and wanting to make a career in security. At BlackHat Cisco had a contest where the winner got a Pwnie Express PWN Phone, effectively a modified Nokia N900 with some pentesting software loaded. A group of guys, volunteers with the show from an IT school, were fascinated by the PWN Phone – possibly because in their circle a couple of them had Nokia N900s, a device relatively unknown in North America but somewhat popular in certain hacking circles due to the fact that its OS is Linux-based and thus can be made to run things like metasploit (like the PWN Phone does).
When talking about vulnerabilities, the Cisco PSIRT has probably seen it all. Vulnerabilities that can be exploited over the network, vulnerabilities that need local access, and vulnerabilities that need physical access. Vulnerabilities that affect integrity, confidentiality, and availability. Vulnerabilities at the operating system level, at the application level, or at the protocol level. Hands down, the most time consuming and complex to handle are those involving a protocol -- we need to investigate each and every Cisco product that implements the affected protocol. And if the vulnerability is in, say, IPv4… the investigation will require significant time and resources.
But there is one kind of report that makes the heart of any PSIRT Incident Manager sink -- an email from a customer asking “How do I fix these vulnerabilities?”. And attached to the email -- a report from a vulnerability scanner.
Simple Network Management Protocol (SNMP) is part of IETF’s Internet Protocol Suite that consists of four abstraction layers and defines a set of protocols used on the Internet. SNMP is mainly used for management and monitoring of networked devices. It can inform about the health of a network device or other reflections of its state (interfaces, IP addresses, traffic and more). SNMP is defined as part of IETF RFC 1157. For its function, it leverages Management Information Bases (MIBs), which define the structure of device information maintained. They represent a hierarchical namespace containing object identifiers (OIDs). Each OID identifies an object that holds the information of interest and can be polled or set via SNMP.
The web, which for many people is more like the internet than a service that runs over the internet, has brought profound changes. While opening a great number of doors and creating opportunities that otherwise might not exist), the web also creates exposure and opportunities for those who would do bad things.
One of the challenges that IT and security professionals constantly face is finding the right balace between access and flexibility on one side and security on the other. The perfectly locked down, 100% airgapped network may be secure, but such an island would be less than useful for most organizations.