Authenticated encryption (AE) is used in a wide variety of applications, potentially in settings for which it was not originally designed. Recent research tries to understand what happens when AE is not used as prescribed by its designers. A question given relatively little attention is whether an AE scheme guarantees “key commitment’’: ciphertext should decrypt to a valid plaintext only under the key that was used to generate the ciphertext. As key commitment is not part of AE’s design goal, AE schemes in general do not satisfy it. Nevertheless, one would not expect this seemingly obscure property to have much impact on the security of actual products. In reality, however, products do rely on key commitment. We discuss three recent applications where missing key commitment is exploitable in practice. We provide proof-of-concept attacks via a tool that constructs AES-GCM ciphertext which can be decrypted to two plaintexts valid under a wide variety of file formats, such as PDF, Windows executables, and DICOM. Finally we discuss two solutions to add key commitment to AE schemes which have not been analyzed in the literature: one is a generic approach that adds an explicit key commitment scheme to the AE scheme, and the other is a simple fix which works for AE schemes like AES-GCM and ChaCha20Poly1305, but requires separate analysis for each scheme.

source: white

Every time there is another JWS/JWT vulnerability involving “alg“:“none” (like today, lolsob), people focus on the “none” part. But the real problem is the “alg” part.

source: white

But data breach notifications have become an all-too-regular exercise in crisis communications. These notices increasingly try to deflect blame, obfuscate important details and omit important facts. After all, it’s in a company’s best interest to keep the stock markets happy, investors satisfied and regulators off their backs. Why would it want to say anything to the contrary?

source: white

The goal of this talk is to broaden the awareness of the how and why container escapes work, starting from a brief intro to what makes a process a container, and then spanning the gamut of escape techniques, covering exposed orchestrators, access to the Docker socket, exposed mount points, /proc, all the way down to overwriting/exploiting the kernel structures to leave the confines of the container.

source: white

Takes a lot of scrolling to get to the bottom.

source: white

On this episode of On the Metal, we interview Ron Minnich. Ron has had a fascinating career working on the interface between software and hardware. Join us as ~we install Gentoo and compile GCC~ to hear a mesmerizing conversation about Unix, Plan9, LinuxBIOS, Chromebooks, RISC-V, of course some Gentoo jokes, flip flop programming toys, and more!

Didn’t actually listen, but there’s a pile of links here anyway.

source: white

We are pleased to announce AddressSanitizer (ASan) support for the MSVC toolset. ASan is a fast memory error detector that can find runtime memory issues such as use-after-free and perform out of bounds checks. Support for sanitizers has been one of our more popular suggestions on Developer Community, and we can now say that we have an experience for ASan on Windows, in addition to our existing support for Linux projects.

MSVC support for ASan is available in our second Preview release of Visual Studio 2019 version 16.4.

source: white

checkm8 exploits the Boot ROM to allow anyone with physical control of a phone to run arbitrary code. The Boot ROM, also called the Secure ROM, is the first code that executes when an iPhone is powered on and cannot be changed, because it’s “burned in” to the iPhone’s hardware. The Boot ROM initializes the system and eventually passes control to the kernel. It’s the root of trust for the trusted boot chain of iOS and verifies the integrity of the next stage of the boot process before passing execution control.

Detailed writeup: https://habr.com/en/company/dsec/blog/472762/

source: white

This is a major case that will be of interest to a lot of people and a lot of companies. But it’s also pretty complicated and easy to misunderstand. This post will go through it carefully, trying to explain what it says and what it doesn’t say.

source: white

Cisco has agreed to pay $8.6 million to settle a claim it sold video surveillance software it knew was vulnerable to hackers to hospitals, airports, schools, state governments and federal agencies. The tech giant continued to sell the software and didn’t fix the massive security weakness for about four years after a whistleblower first alerted the company about it in 2008, according to a settlement unsealed Wednesday with the Justice Department and 15 states as well as the District.

This is a new wrinkle in the disclosure debate. Refuse to patch, pay out later. But 10 years seems like a very long timeline.

source: white

Original is 53(!) tweets: https://twitter.com/Foone/status/1156392702725902336

And then after VGA we get more serial buses, and USB, and all sorts of stuff.

source: white

Host Molly Wood spoke with Moxie Marlinspike, founder and CEO of the private chat app Signal Messenger, about what a ban on encryption — or giving law enforcement a back door to messages — might mean. The following is an edited transcript of their conversation.

source: white

Our investigation uncovered an online service selling the collected browsing activity data to its subscription members in near real-time. In this report, we delineate the sensitive data source types relevant to the security of individuals and businesses across the globe. We observed two extensions employing dilatory tactics — an effective maneuver for eluding detection — to collect the data. We identified the collection of sensitive data from the internal network environments of Fortune 500 companies.

source: white

How did all this start? I’m a web guy. I’m not a farmer.

source: white

So, what is Amazon? It started as an unbound Walmart, an algorithm for running an unbound search for global optima in the world of physical products. It became a platform for adapting that algorithm to any opportunity for customer-centric value creation that it encountered. If it devises a way to keep its incentive structures intact as it exposes itself through its ever-expanding external interfaces, it – or its various split-off subsidiaries – will dominate the economy for a generation. And if not, it’ll be just another company that seemed unstoppable until it wasn’t.

source: white

An attacker can take over any WordPress site that has comments enabled by tricking an administrator of a target blog to visit a website set up by the attacker. As soon as the victim administrator visits the malicious website, a cross-site request forgery (CSRF) exploit is run against the target WordPress blog in the background, without the victim noticing. The CSRF exploit abuses multiple logic flaws and sanitization errors that when combined lead to Remote Code Execution and a full site takeover.

source: white

The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call. Apple says the issue will be addressed in a software update “later this week”.

I never understand how bugs like this happen. How does the microphone get opened before the user presses ok? Why does that codepath even exist?

source: white

The recently released exposure draft of the Assistance and Access Bill 2018 [1] redefines the future of government interception of electronic communication. Left unchanged it will have far reaching consequences for the security and privacy of Australian’s. The legislation is both long and complicated; it raises a number of questions and concerns, which so far have not been adequately addressed.

Passed: https://www.zdnet.com/article/australia-now-has-encryption-busting-laws-as-labor-capitulates/

source: white