Cisco Blogs

Cisco Blog > Security

Warning: Data Will Self-Destruct

This week’s Cyber Risk Report (CRR) discussed the newly available Vanish software that allows users to exchange messages whose contents are available for a limited period of time, and rendered unreadable afterward. Researchers from the University of Washington developed Vanish to protect against the recovery of the message data at a later time. The software leverages distributed hash tables (DHT), part of the infrastructure of torrent networks, to store keys to an encrypted message known as a Vanish data object (VDO). The keys are then publicly available for a period of time, allowing anyone in possession of the VDO to read it by retrieving the key from the DHT. Once the time expires, the keys are removed from the DHT and no longer available to decrypt the data.As a result, users can be reasonably sure that messages will no longer be able to be decrypted after a certain period of time. No matter where the data ends up, stored within the cloud, e-mail server backups, or ISP logs, the data is unrecoverable — aside from attacks against the encryption itself, such as brute force attacks. Even under threat of physical or legal compulsion, a user could not recover the key and decrypt the VDO after the specified time period passes, making the scheme best in a certain set of circumstances. Read More »

Twitter Account Intrusions Highlight Password Recovery Weaknesses

As mentioned in this week’s Cyber Risk Report (CRR), a hacker, known by the handle Croll, was able to gain access to private accounts owned by employees of the Twitter micro-blogging website. The hacker successfully guessed password “secret question” recovery queries by gathering info from employee public profiles, and intercepted password reset messages after gaining access to an employee’s public e-mail account. As a result, the hacker gathered further account information, including the users’ passwords, and gained additional account access to other sites, using stolen details to access other accounts, including online financial, e-mail, and e-commerce sites. The attacker was able to steal confidential business documents from these accounts and publish the information, including Twitter employee lists, along with credit card numbers and food preferences and confidential customer data, making this information publicly available on the Internet.The emergence of social networking means that more information about us is available online than ever before, even volunteered as part of our online profiles. However, because site password recovery tools consider these very same details to be private, there exists a dangerous disconnect between what users believe to be private and the mechanisms to discern legitimate users from pretenders who are gaming the password recovery system. Relying on secret question password recovery schemes opens up an easy avenue of exploitation for hackers who know some personal details, as Croll demonstrated. The hack follows other high profile intrusions also leveraging the use of password recovery mechanisms. Read More »

Cisco SensorBase Confirms Microsoft Video ActiveX Vulnerability Exploited In The Wild

On July 14th, 2009 Microsoft released Microsoft Security Bulletin MS09-032 to address a remote code execution vulnerability in the Microsoft Video ActiveX Control (msvidctl.dll). Microsoft initially announced this vulnerability via Microsoft Security Advisory 972890. Cisco Security Intelligence Operations (SIO) released IPS Signature Updates S411 and S414 which contain signatures that detect attempts to exploit this vulnerability. Additional information about this and other vulnerabilities in Microsoft’s Security Bulletin for July 2009 is available in the corresponding Cisco Event Response.

Analysis of IPS Network Participation data in the Cisco SensorBase Network confirms that this vulnerability is being exploited.

Read More »

Déjà Vu

Leading Websites under Attack — Several major Web sites have reported attacks over the past few days that rendered their sites largely inaccessible.” — CNETA major wave of denial of service attacks against commercial and government organizations recently made headline news. This activity highlights how vulnerable networks can be to new attacks and how the modern cybercriminal is an increasingly sophisticated adversary. What’s interesting is that the above headline is from February 2000, when a major distributed denial of service (DDoS) attack took down Yahoo! in addition to other major websites. It was the most significant denial of service attack we had ever seen. Fast-forward nine and a half years to July 2009 when a recent New York Times headline reads “Cyberattacks Jam Government and Commercial Web Sites in U.S. and South Korea.” Read More »

Cisco IOS Queue Wedges Explained

An interface queue wedge is a class of vulnerability in which certain packets are received and queued by a Cisco IOS router or switch, but due to a processing error, are never removed from the queue. This is a problem as there are a finite number of packets that may be queued on an individual interface. Should the queue become full, the device will be unable to receive new traffic via that interface.

Although this type of problem could affect any networked device, queue wedges are a classic security problem for Cisco IOS. There have been several instances of queue wedges on Cisco IOS that resulted in Cisco Security Advisories. Here are some examples:

In order to gain a better understanding of why these vulnerabilities exist and are considered severe, we need to examine things in a bit more detail.

Read More »

Tags: , ,