Defcon Wi-Fi Hack Called No Threat to Enterprise WLANs

Enterprise Wi-Fi networks can keep using WPA2 security safely, despite a recent Defcon exploit that has been widely, but wrongly, interpreted as rendering it useless.

The exploit successfully compromised a legacy authentication protocol, MS-CHAPv2, which was created by Microsoft years ago. But the vulnerabilities of this protocol (and other similar ones) are well known, and Wi-Fi Protected Access 2 makes use of additional mechanisms to protect them. That protection is still in force, according to both the Wi-Fi Alliance and a wireless architect, who blogged in depth on this issue after the Defcon exploit was reported.

In the wake of the Defcon demonstration, enterprises were being urged by some to abandon MS-CHAP, the Protected Extensible Authentication Protocol (PEAP), WPA2 or all of the above. None of that is necessary. The Wi-Fi Alliance has reviewed the chapcrack tool and cloudcracker service announced last week at Defcon 20 and these tools do not present an exploitable vulnerability in Wi-Fi CERTIFIED products, according to statement issued by the Wi-Fi Alliance, via Kelly Davis-Felner, the WFA marketing director. These tools exploit previously-documented weaknesses in the use of Microsoft CHAP (MS-CHAP). All uses of MS-CHAP in WPA2 are protected by the Transport Layer Security (TLS) protocol. TLS is the same strong cryptographic technology that protects all online e-commerce transactions. TLS prevents interception of the MS-CHAP messages used in WPA2 Enterprise and effectively protects against attacks using chapcrack or cloudcracker.

https://www.pcworld.com/article/260410/defcon_wifi_hack_called_no_threat_to_enterprise_wlans.html#tk.rss_news

Posted in Internet, Networking, Privacy, Security | No Comments

Hacker can unscramble coded Web traffic for $200

A hacking expert has launched a $200 password-cracking tool that makes it easy to decipher Internet traffic sent through a widely used method for securing businesses communications. Moxie Marlinspike, one of the world’s top encryption experts, unveiled the tool on Saturday during a presentation at the Def Con hacking conference in Las Vegas. Marlinspike said he developed the service, CloudCracker.com, by taking advantage of a vulnerability he discovered in a widely used virtual private network technology known as point-to-point tunneling protocol. Virtual private networks, or VPNs, scramble traffic as it travels between a PC and its final destination so that the data is useless to hackers if they eavesdrop on those communications. But Marlinspike provides clients with a tool that analyzes captured data streams and creates a data file that they upload to his website. He then runs that through code-cracking computer programs that figure out a password that will unscramble the protected communications. He delivers that to clients within 24 hours.

Source:
http://www.msnbc.msn.com/id/48384431/ns/technology_and_science-tech_and_gadgets/#.UBXI6ESDjiQ

Posted in Internet, Privacy, Security | No Comments

Yahoo logins hacked and leaked

A hacker group called D33D is claiming to have accessed more than 453,000 logins from Yahoo. The group says it used a union-based SQL injection to access an unidientified Yahoo service to retrieve the data, which it says was unencrypted, and has posted it online. “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” says D33D in a statement. “There have been many security holes exploited in Web servers belonging to Yahoo that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

Source:
http://www.tgdaily.com/security-features/64627-yahoo-logins-hacked-and-leaked

Posted in Internet, Privacy, Security | No Comments

Malware-as-a-service allows victim management

A big amount of the malware out there are RAT (Remote administration tool) samples. This is software created by people specialized on it, people that develop, improve and sell their tools. It has capabilities that let the attacker spy on the victims with actions like screen capturing, keylogging, password stealing, command execution and remote access and controlling. Clients of these services usually pay to gain access to the tools and additional services like support, zero or low antivirus detection. Below is a description of such a service that AlienVault have been observing: Clients pay for the service and then they gain access to a web portal where they can generate personalized Trojans, manage the infected victims via the web browser and host the malware on their “cloud”. Creators promote itself as a service to remote control computers and “recover passwords”. This means that clients don’t have to mess with almost any technical issues, and they don’t need special skills or knowledge. The providers supply the tools, the hosting, and the Command and Control server. When the client logins to their personal account they can see the main menu, tutorials and shortcuts.

Source:
http://www.net-security.org/malware_news.php?id=2155

Posted in Internet, Security | No Comments

Unpatched Microsoft security vulnerability being actively exploited

An unpatched critical security vulnerability in Microsoft’s software, which means that users’ computers can become infected simply by visiting a website with Internet Explorer, is being actively exploited by cybercriminals. Alongside last week’s regular Patch Tuesday announcement (including a remote code execution vulnerability that is being exploited by attackers in the wild), Microsoft also issued an out-of-bounds security advisory about an as-yet unpatched security hole (known as CVE-2012-1889).

Source:
http://nakedsecurity.sophos.com/2012/06/19/unpatched-microsoft-security-vulnerability-exploited/

Posted in Internet, Security, Software, Windows | No Comments