New version of John the Ripper targets slow hashes with GPUs

• The new version focuses on adding GPU support, both CUDA (for nVidia) and OpenCL (for AMD and other cards)
• Other interesting new additions:
• Non-hash cracking support for:
  • Mac OS X keychains
  • KeePass 1.x files
  • ODF and MS Office 2007/2010 files
  • Mozilla Firefox/Thunderbird/etc master password files
  • RAR -p and -hp encryption modes
  • WPA-PSK
  • VNC Challenge/response auth
  • SIP challenge/response auth
  • HMAC-SHA1/224/256/384/512
• New hashes supported:
• sha256crypt (CPU or CUDA)
• sha512crypt (CPU/CUDA/OpenCL)
• DragonFly BSD SHA256/512
• Drupal 7 custom PHP SHA–256 hashes
• Raw-SHA1-LinkedIn
• Interestingly, bcrypt (OpenBSDs implementation of blowfish as a password hashing algorithm), even on an AMD 7970, is slower on a GPU than a CPU due to the nature of the algorithm
• Full Release Announcement

Unpatched Microsoft XML exploit added to Blackhole toolkit

• An exploit for the unpatched vulnerability is now included in recent versions of the blackhole exploit kit, sold to cyber criminals and installed on infected and compromised websites across the internet
• Numerous attack vectors have been used to exploit this flaw in the Microsoft XML engine, including MS Office documents, Flash, and Internet Explorer it self
• The flaw is present in versions 3, 4 and 6 of MS XML Core Services, and exploitable on all supported versions of windows (XP/Vista/7, 2003/2008/R2 Server)
• Microsoft published the advisory about the flaw on June 12th, after it was already actively being exploited in the wild
• At this time, there is still not a fix for ‘Microsoft XML Core Services’, however Microsoft offers a ‘Fix-It’ that is supposed to mitigate the flaw, but suggests that this may cause application compatibility issues
• The Microsoft EMET Toolkit may prevent the exploitation of this vulnerability, but as discussed previously, is incompatible with AMD Video Drivers
• CVE–2012–1889
• Official Microsoft Announcement

New version of trojan used in highly targetted attack

• The Sykipot trojan is not new, however the latest version is being used more successfully than before
• Phishing emails and targeted web advertisements are being used to drive users to sites where they are infected by drive-by-downloading of the trojan using the MS XML exploit
• This requires zero user interaction in order to become infected
• Previous versions of Sykipot have relied on file format exploits (MS Office files, PDFs)
• The latest attack seems to be targeting attendees to the IEEE’s Aerospace Conference (the International Conference for Aerospace Experts, Academics, Military Personnel, and Industry Leaders)
• Researchers have found a Sykipot variant that was programmed to steal credentials from systems using ‘ActivIdentity’s ActivClient’, the smart card application used by the U.S. Department of Defense’s Common Access Card (CAC)
• This could result in the compromise of such smart cards, allowing the attack to gain access to highly sensitive materials

A third of top UK Univerisities use weak SSL configurations

• TechWeek Europe used the SSL Labs tool to test the SSL implementations used at the top Univertisities in the UK
• Many of the schools received grades of C or D instead of the expected A
• Such weakness in the implementation of SSL could allow an attacker to inject data into encrypted packets, in order to exploit the user’s machine while they are visiting a trusted site, or to hijack the session or compromise other private data
• Many of the schools responded quickly with configuration changes to upgrade their scores, while others were hesitant to make configuration changes for fear of affecting accessibility for users
• SSL Best Practices Guide
• ScaleEngine.com ‘s Results

Feedback:

• Aviad asks How to Scale VMs Fast
• Dale asks If the password is in clear text, is everything?
• Beep’s comment on Token Security

Round Up:

• Cisco Pushing ‘Cloud Connect’ Router Firmware, Allows Web History Tracking
• Cisco appears to be pulling back from its previous attempts to ammend the privacy policy on some of its routers to allow it to collect web history
• Europe declares independence from Hollywood with ACTA vote
• Microsoft silently kills silent, automatic Skype install via Updates
• Microsoft engineer discovers Android spam botnet
• Apple App Store distributing corrupted binaries, breaking app updates
  • Rewrite Bingo
• Remote flaw in KeePass, hard to exploit but serious
• Air raid sirens in Illinois go off unexpectedly, claims they may have been hacked
• Don’t take pictures of your Credit/Debit card, ever