October 20, 2017 at 23:53Security Week 42: KRACKed WiFi, a hole in Intel processors, 250 Oracle patches
This week's news and contender for the title of Attack of the Year is KRACK (Key Reinstallation Attack). This is PoC, designed by Belgian researcher Matthew Vanhuf, to demonstrate how vulnerable the WPA2 authentication protocol is. The attack is based on the features of the 802.11i standard. Thanks to manipulations with the handshake packages, the attacker is potentially able to decrypt the transmitted data and inject their own into them. Of course, SSL encryption can protect traffic, but sometimes there is an option to roll back the protocol to a more vulnerable one (remember the good old poodle ), and besides, there are a lot of sites on the Internet that allow working via HTTP.
In general, all reputation-conscious vendors should already be preparing patches. But here, one does not have to be clairvoyant in order to understand that at best only those devices that are still sold will receive patches. At the same time, if patches come automatically to phones, then the routers, cameras, and other connected swag owners will have to patch manually. And obsolete and outdated models will remain in flight altogether.
An attack on Intel
News processors has been developed . Research . If you remember, an interesting way was announced in the summer.concealment from the operating system of any actions on the computer through Intel's Processor Trace function. Researchers took it to Microsoft, where they shrugged it off - they say it’s not a vulnerability, since it requires admin rights.
But the researchers continued to develop the topic, and now managed to achieve the same effect, but already exploiting the flaw in the MPX (Memory Protection Extensions) extension, which is present in Intel Skylake processors and later versions. The new attack is called BoundHook and uses the BOUND instruction from the MPX set, which, ironically, just serves to protect against certain types of attacks.
The result, however, is very similar to GhostHook. Armed with an exploit, malicious software can frolic in memory, remaining undetected. However, in order to take advantage of GhostHook, attackers must already have kernel level access. Therefore, Microsoft is not going to take operational action, promising, however, to consider this problem in one of the next versions of the system.
Oracle fixed 250 bugs in the quarterly patch set
News . Say what you like, and Oracle works on a grand scale. Another company, because of one vulnerability, arranges the whole event, and here 250 pieces, and what! And among them there are very critical ones.
So 38
Java Standard Edition received 22 patches, 20 of which can be operated remotely and without authentication, and are relevant for the Java Advanced Management Console, Java SE, Java SE Embedded and JRockit. Six holes were also closed in the Oracle Database server, more precisely, in its components Spatial (Apache Groovy), WLM (Apache Tomcat), Java VM, RDBMS Security, Core RDBMS and XML Database.
Such a volume of vulnerabilities, of course, is frightening, but here it is necessary to take into account both the number of company products and their tricks - the more functions and modules, the more weaknesses. And here, alas, only one scenario is possible: to search and patch, to search and patch. And so on ad infinitum.
Antiquities
"Hacked Ping-Pong"
Almost completely repeats Ping-Pong. Difference: instead of launching the jumping ball, the 13h interrupt is installed on the destruction routine of the first eight sectors of the floppy disk. Quote from the book "Computer viruses in MS-DOS" by Eugene Kaspersky. 1992 year. Page 96.
Disclaimer: This column reflects only the private opinion of its author. It may coincide with the position of Kaspersky Lab, or it may not coincide. That's how lucky.