Tag: tls
-
VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel
Trickbot, first reported a year ago by Malwarebytes researcher Jérôme Segura as the successor of Dyre/Dyreza, has become perhaps the most important banking trojan of 2017. It is known for its regular updates, with its use of SMB for lateral movement particularly noteworthy. Symantec ‘s Director of Threat Research Andrew Brandt is one of many…
-
VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel
Trickbot, first reported a year ago by Malwarebytes researcher Jérôme Segura as the successor of Dyre/Dyreza, has become perhaps the most important banking trojan of 2017. It is known for its regular updates, with its use of SMB for lateral movement particularly noteworthy. Symantec ‘s Director of Threat Research Andrew Brandt is one of many…
-
Patching is important even when it only shows the maturity of your security process
Sometimes a Tweet says more than a 50-minute conference presentation: Bad TLS as an externally measurable metric for whether an organisation has a mature security process, sure. But it aint getting ya no shell. — Metlstorm (@Metlstorm) September 4, 2017 This Tweet by Adam Boileau (best known outside New Zealand as the co-host of the…
-
Patching is important even when it only shows the maturity of your security process
Sometimes a Tweet says more than a 50-minute conference presentation: Bad TLS as an externally measurable metric for whether an organisation has a mature security process, sure. But it aint getting ya no shell. — Metlstorm (@Metlstorm) September 4, 2017 This Tweet by Adam Boileau (best known outside New Zealand as the co-host of the…
-
Research paper shows it may be possible to distinguish malware traffic using TLS
Researchers at Cisco have published a paper ( PDF ) describing how it may be possible to use machine learning to distinguish malware command-and-control (C&C) traffic using TLS from regular enterprise traffic, and to classify malware families based on their encrypted C&C traffic. The need for malware to communicate with its operators, so that it…
-
Research paper shows it may be possible to distinguish malware traffic using TLS
Researchers at Cisco have published a paper ( PDF ) describing how it may be possible to use machine learning to distinguish malware command-and-control (C&C) traffic using TLS from regular enterprise traffic, and to classify malware families based on their encrypted C&C traffic. The need for malware to communicate with its operators, so that it…
-
Weak keys and prime reuse make Diffie-Hellman implementations vulnerable
‘Logjam’ attack possibly used by the NSA to decrypt VPN traffic. A group of researchers have discovered a number of vulnerabilities in the way the Diffie-Hellman key exchange protocol is deployed and have demonstrated an attack (dubbed ‘ Logjam ‘) that exploits these vulnerabilities. Diffie-Hellman is used by two entities (typically referred to as Alice…
-
POODLE is the brown M&Ms of security
Just because it won’t be exploited, doesn’t mean you shouldn’t patch it. There is a famous story about the rock band Van Halen whose lists of requirements when performing a show included some M&Ms — but “absolutely no brown ones”. The story is true and has little to do with childish rock star behaviour. The…
-
FREAK attack takes HTTPS connections back to 1990s security
Golden keys from the (first) crypto wars have come back to haunt us. When a web client makes a secure connection to a web server (using HTTPS), it starts by sending a ‘Hello’ message in which it announces which cipher suites it supports. The web server then chooses one, presumably the one that offers the…
-
Book review: Bulletproof SSL and TLS
Must-read for anyone working with one of the Internet’s most important protocols. I was reading Ivan Ristić’s book Bulletproof SSL and TLS when rumours started to appear about an attack against SSL 3.0, which would soon become commonly known as the ‘ POODLE ‘ attack. Thanks to the book, I was quickly able to read…