Enno Rey – Page 6 – Insinuator.net

Misc

September 10, 2015 by Enno Rey

Sending Mixed Signals – What Can Happen in the Course of Vulnerability Disclosure

Update:

Given there’s quite some speculation and, as we think, misinformation going around we think it’s helpful to add/clarify the following information:

we fully comply with the injunction and we have no intentions to violate it. we do not plan to publish any technical information besides the report (agreed upon with FireEye themselves) and the slides (based on the former) anyway. No 3rd parties except for the ones involved (FireEye, lawyers) have received any additional technical information from our side, let alone an earlier version of the report.
the injunction covers accompanying details mostly within the architecture space, but not the core vulnerabilities themselves. Those are not part of the injunction.
we stand by the timeline as provided below. In particular, the following two points:
– FireEye received a draft version of the report which had the objectionable material (as identified by the cease and desist letter) fully removed on August 11th.
– according to the cease and desist letter FireEye’s lawyer sent us, they were informed – from our side – about the planned talk at 44CON on Jul 23rd.
there’s an injunction, but not a lawsuit. I used the term “sue” after consulting Merriam-Webster which states: “sue: to seek justice or right from (a person) by legal process”, but this might have been misinterpreted by some readers. As stated, there’s a pending injunction, but not a lawsuit.

Please note that we won’t share legal documents with 3rd parties or publish them as we consider this inappropriate.
Please note further that, during the whole process, our goal was to perform a responsible disclosure procedure with its inherent objectives (namely vulnerability remediation by vendor and education of various stakeholders involved, see also here or here). We consider this disclosure process as concluded. We don’t see a need to add technical details from our side as we feel that the objectives of responsible disclosure are met (not least as patches are released since quite some time and both vendor & finder have released reports).

===

We’ve just released an ERNW Newsletter titled “Playing With Fire: Attacking the FireEye MPS” which describes several (meanwhile patched) vulnerabilities in FireEye‘s “Malware Protection System” (webMPS) version 7.5.1. Right now Felix gives a talk at 44CON in London on the topic, including some demos. He will release the slides after the talk => to catch the respective announcement you might follow him on Twitter (which is probably a good idea anyway if you’re interested in vulnerability research).

Continue reading “Sending Mixed Signals – What Can Happen in the Course of Vulnerability Disclosure”

Events

August 7, 2015 by Enno Rey

Black Hat Talks & Papers related to Windows/Active Directory Security

This year’s Black Hat US saw a number of quite interesting talks in the context of Windows or Active Directory Security. For those of you too lazy to search for themselves 😉 and for our own Windows/AD Sec team (who couldn’t send anyone to Vegas due to heavy project load) I’ve compiled a little list of those.

Continue reading “Black Hat Talks & Papers related to Windows/Active Directory Security”

Events

July 29, 2015 by Enno Rey

IPv6 Hackers Meeting @ IETF 93 in Prague

After the first “IPv6 Hackers Meeting” held two years ago in Berlin, Fernando Gont kindly organized a similar event in Prague last week.

Continue reading “IPv6 Hackers Meeting @ IETF 93 in Prague”

Misc

July 14, 2015 by Enno Rey

Reflections on Vulnerability Disclosure

In this post I’ll discuss some aspects of vulnerability disclosure. I don’t want to delve into an abstract & general discussion of vulnerability disclosure (for those interested here’s some discussion in the context of Google’s Project Zero, this is the well-known CERT/CC approach, this a paper from WEIS 2006 laying out some variants, and finally some statement by Bruce Schneier back in 2007). Instead I will lay out which approach we followed in the past (and why we did so) and which developments make us consider it necessary to re-think our way of handling. The post is not meant to provide definitive answers; it was also written not least to provide clarity for ourselves (“write down a problem in order to better penetrate it”) and, maybe, to serve as a starting point for a discussion which will help the community (and us) to find a position on some of the inherent challenges.

Continue reading “Reflections on Vulnerability Disclosure”

Breaking

July 8, 2015 by Enno Rey

Evasion of Cisco ACLs by (Ab)Using IPv6 – Part 2

When we wrote our initial blogpost regarding the evasion of Cisco ACLs by (Ab)Using IPv6, where we described (known to Cisco) cases of Access Control Lists (ACL) circumvention, we also suggested some mitigation techniques including the blocking of some (if not all) IPv6 Extension Headers.
Almost a month later, we got a comment from Matej Gregr that, even if the ACLs of certain Cisco Switches are configured to block IPv6 Extension headers like Hop-by-Hop or Destination Options headers, this does not actually happen/work as expected. Of course this made us re-visit the lab in the interim ;-).

Continue reading “Evasion of Cisco ACLs by (Ab)Using IPv6 – Part 2”

Building

June 16, 2015 by Enno Rey

IPv6 Adress Planning / Some Notes

In the course of a customer project I recently documented some thoughts and general objectives of IPv6 address planning, expanding on stuff I wrote a while ago in the series on “Address Plan Considerations”. An excerpt of that (newer) document can be found here. Due to the context it originates from it’s in German, still I hope it’s useful for some readers.
If you’re interested in the topic it might be a good idea to listen to Tom Coffeen‘s talk at the upcoming IPv6 Business Conference, too.

Everybody have a great day

Enno

Building

June 8, 2015 by Enno Rey

Is IPv6 more Secure than IPv4? Or Less?

Scott Hogg recently (in his post “Holding IPv6 Neighbor Discovery to a Higher Standard of Security“) gave the following answer:

“The security of IPv4 is roughly equivalent to IPv6. So why do we expect more from IPv6?”

While I highly value Scott’s IPv6 expertise – not least because I learned a lot about IPv6 security from the book on the topic he wrote together with Eric Vyncke – I strongly disagree with his statement, mainly with the first part. In this post I will lay out why I think that IPv6 is actually less secure than IPv4.

Continue reading “Is IPv6 more Secure than IPv4? Or Less?”

Building

May 27, 2015 by Enno Rey

IPv6 & Complexity

IPv6 is often called a “complex protocol”, not least by myself (for example in my keynote to the IPv6 Security Summit 2014). In this post I want to have a quick look at three questions:

– Can IPv6 be considered a “complex protocol”?
– Is it “more complex” than IPv4?
– Can we expect IPv6 networks to be “complex networks”?

Continue reading “IPv6 & Complexity”

Events

May 24, 2015 by Enno Rey

RIPE70 in Amsterdam

Two weeks ago Christopher and I joined the RIPE70 meeting in Amsterdam. Being part of the group was fun as always and we had quite some interesting conversations with peers from the IPv6 community.

Continue reading “RIPE70 in Amsterdam”

Building

April 30, 2015 by Enno Rey

OS IPv6 Behavior in Conflicting Environments

I was invited by the Swiss IPv6 Council to give a talk on this topic yesterday. We had good conversations after the talk – thanks for the invitation!

For those interested the slides can be found here. I will happily discuss the intricacies of DHCPv6 and how to deploy it in complex environments at the upcoming IPv6 Business Conference in Zurich and in my “IPv6 in Enterprise Networks” training in Berlin.

Have a great day everybody

Enno