Misc – Page 11 – Insinuator.net

Misc

September 10, 2016 by Enno Rey

To Control Something

Some years ago I discussed the meaning of the term “control” in this post, but at the time I was mainly referring to the noun “control”. Given I’ll extensively use the term “control” as a verb in the next parts of “the DMZ series” and some upcoming talks I reflected a bit on its meaning (as a verb). In the following I’ll lay out the definition/understanding to be employed at those occasions.

Continue reading “To Control Something”

Misc

January 7, 2016 by Niki Vonderwell

Another Perspective in Vulnerability Disclosure

As you know we (as in ERNW) are quite involved when it comes to vulnerability disclosure and we’ve tried to contribute to a discussion at several occasions, such as Reflections on Vulnerability Disclosure and ERNW Newsletter 50 Vulnerability Disclosure Reflections Case Study.

In this post I want to add (yet) another perspective, motivated by a disclosure procedure which just happened recently. Continue reading “Another Perspective in Vulnerability Disclosure”

Misc

September 10, 2015 by Enno Rey

Sending Mixed Signals – What Can Happen in the Course of Vulnerability Disclosure

Update:

Given there’s quite some speculation and, as we think, misinformation going around we think it’s helpful to add/clarify the following information:

we fully comply with the injunction and we have no intentions to violate it. we do not plan to publish any technical information besides the report (agreed upon with FireEye themselves) and the slides (based on the former) anyway. No 3rd parties except for the ones involved (FireEye, lawyers) have received any additional technical information from our side, let alone an earlier version of the report.
the injunction covers accompanying details mostly within the architecture space, but not the core vulnerabilities themselves. Those are not part of the injunction.
we stand by the timeline as provided below. In particular, the following two points:
– FireEye received a draft version of the report which had the objectionable material (as identified by the cease and desist letter) fully removed on August 11th.
– according to the cease and desist letter FireEye’s lawyer sent us, they were informed – from our side – about the planned talk at 44CON on Jul 23rd.
there’s an injunction, but not a lawsuit. I used the term “sue” after consulting Merriam-Webster which states: “sue: to seek justice or right from (a person) by legal process”, but this might have been misinterpreted by some readers. As stated, there’s a pending injunction, but not a lawsuit.

Please note that we won’t share legal documents with 3rd parties or publish them as we consider this inappropriate.
Please note further that, during the whole process, our goal was to perform a responsible disclosure procedure with its inherent objectives (namely vulnerability remediation by vendor and education of various stakeholders involved, see also here or here). We consider this disclosure process as concluded. We don’t see a need to add technical details from our side as we feel that the objectives of responsible disclosure are met (not least as patches are released since quite some time and both vendor & finder have released reports).

===

We’ve just released an ERNW Newsletter titled “Playing With Fire: Attacking the FireEye MPS” which describes several (meanwhile patched) vulnerabilities in FireEye‘s “Malware Protection System” (webMPS) version 7.5.1. Right now Felix gives a talk at 44CON in London on the topic, including some demos. He will release the slides after the talk => to catch the respective announcement you might follow him on Twitter (which is probably a good idea anyway if you’re interested in vulnerability research).

Continue reading “Sending Mixed Signals – What Can Happen in the Course of Vulnerability Disclosure”

Misc

July 15, 2015 by Benjamin Schwendemann

Solving sound issues when using WebEx with Linux and Firefox

Hello everybody,

Some of you might use WebEx in their daily life. And some of you might use Linux (as I and many of us do). However, this combination often results in issues with your PC’s sound or microphone use in a WebEx session.

The problem here is that WebEx won’t run as intended with Firefox and JRE x64. But the solution is quite easy! Use the x86-versions of each.

Probably you don’t want to replace your x64 versions of either of them — and neither do I. So I wrote a little script which helps you to quickly switch to the x86 versions, while you still have the x64 versions installed. And here is how to do it:

Continue reading “Solving sound issues when using WebEx with Linux and Firefox”

Misc

July 14, 2015 by Enno Rey

Reflections on Vulnerability Disclosure

In this post I’ll discuss some aspects of vulnerability disclosure. I don’t want to delve into an abstract & general discussion of vulnerability disclosure (for those interested here’s some discussion in the context of Google’s Project Zero, this is the well-known CERT/CC approach, this a paper from WEIS 2006 laying out some variants, and finally some statement by Bruce Schneier back in 2007). Instead I will lay out which approach we followed in the past (and why we did so) and which developments make us consider it necessary to re-think our way of handling. The post is not meant to provide definitive answers; it was also written not least to provide clarity for ourselves (“write down a problem in order to better penetrate it”) and, maybe, to serve as a starting point for a discussion which will help the community (and us) to find a position on some of the inherent challenges.

Continue reading “Reflections on Vulnerability Disclosure”

Misc

January 17, 2015 by Enno Rey

Main IPv6 Related Mailing Lists

We’re sometimes approached with the question “Which IPv6 mailing lists do you guys read/subscribe to?” – here’s a quick overview of the main ones guys like Christopher, Patrick, Rafael, Antonios and myself are periodically lurking at, to discuss IPv6 (network|security) related stuff with other practitioners and to learn from them:

Continue reading “Main IPv6 Related Mailing Lists”

Misc

January 15, 2015 by Friedwart Kuhn

Skeleton Key – a Nasty Piece of Malware. Some Remarks.

Just recently, Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers published details (see http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/ ) on a especially nasty piece of malware that bypasses authentication on Active Directory (AD) systems which implement single-factor (password only) authentication. Once deployed the malware stays quite noiseless in the Domain Controller´s (DC) RAM, and the DC´s replication issues caused by it weren´t interpreted – in this case – during months as a hint for system compromise. Probably the malware´s modification on the LSASS process reduced the DC´s ability to perform DC-to-DC authentication, but this is only speculation and not where we would like to go today.

So, what to do? The relevant mitigations, pointed out by Dell´s CTU, as event log monitoring and scanning processes on suspicious systems with the published YARA signature should be applied.
Still, let’s discuss for a second which long-term, preventative measures could come into play as well. Continue reading “Skeleton Key – a Nasty Piece of Malware. Some Remarks.”

Misc

September 20, 2014 by Enno Rey

Security Implications of Disruptive Technologies

Yesterday I gave a talk with the above title in a private setting. Given it might be of interest for some of you, the slides can be found here.

Have a great weekend everybody

Enno

Misc

May 8, 2014 by Benedikt Troester

ASCII Protocol Scheme Generator

As we historically have a strong connection to network technologies (not surprising, given the “NW” in “ERNW” stands for “Networks”), I developed a small script to create RFC-style ASCII representations of protocol schemes. The following listing shows an example created for a fictitious protocol:

 0                   1                   2                   3  
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------------------------------------------------------+
|             type              |              id               |
+---------------------------------------------------------------+
|     flags     |                   reserved                    |
+---------------------------------------------------------------+
|                            payload                            |
+---------------------------------------------------------------+

The command line to create this output is

./ascii_header.py 16-type 16-id 8-flags 24-reserved 32-payload

and of course the script also provides a help message which explains the parameters in detail.

Download: https://www.ernw.de/download/ascii_protocol_scheme_generator.zip

Enjoy and feel free to leave feedback and comments,

Benedikt 🙂

Misc

October 23, 2013 by Enno Rey

The Impact of Pervasive Monitoring on Corporate InfoSec

A few weeks ago I gave a presentation with the above title at some corporate infosec event. Given I’ve been asked for the slides many times now, I’ve converted them to a PDF which can be found here.

We hope to contribute to the necessary debate thereby…

Have a good one,

Enno