VPN – Page 5 – Gea-Suan Lin's BLOG

WPA2 安全漏洞

話說 WPA2 也撐了十三年了：

WPA2 became available in 2004 and is a common shorthand for the full IEEE 802.11i (or IEEE 802.11i-2004) standard.

這次的漏洞可以參考「Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping」這邊。

PoC 稱作 KRACK (Key Reinstallation Attacks)，漏洞將會在十一月正式發表，從會議的標題名稱大概可以知道方向，是對 Nonce 下手：「Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2」。另外站台 www.krackattacks.com 已經放好，等後續的發表更新了。

對於無線網路的各種漏洞，老方法還是目前最有效的方法，也是這次的 workaround 之一：上強度足夠的 VPN。

Update：補上論文「Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2」。

VPN 保留連線記錄幫助 FBI 抓犯人

這應該是這幾天鬧得蠻大的事情：「PureVPN Logs Helped FBI Net Alleged Cyberstalker」。

起因在於 PureVPN 的廣告寫著他們不會記錄：

但在證詞裡卻提到 PureVPN 有記錄：

“Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time,” the agent’s affidavit reads.

然後回頭看 PureVPN 的 Privacy 條款發現他們在條款裡面寫著他們會記錄連線資訊：

Our servers automatically record the time at which you connect to any of our servers. From here on forward, we do not keep any records of anything that could associate any specific activity to a specific user. The time when a successful connection is made with our servers is counted as a ‘connection’ and the total bandwidth used during this connection is called ‘bandwidth’. Connection and bandwidth are kept in record to maintain the quality of our service. This helps us understand the flow of traffic to specific servers so we could optimize them better.

然後被告 Ryan S. Lin 就幹剿了：

“There is no such thing as a VPN that doesn’t keep logs,” Lin said. “If they can limit your connections or track bandwidth usage, they keep logs.”

以後挑 VPN 還得仔細看條款裡面留 log 的部份啊...

VPN 的評價

文章的作者試了很多家 VPN 服務，然後文章的標題有點長，有種輕小說的感覺...：「I tested the most recommended VPN providers using my credit card to find the best ones — and which ones you should avoid.」。

不過這種文章有很多東西很主觀，大家心裡有個底就是了...

作者比較滿意的是 TunnelBear 與 OVPN 這兩家，也許等手上 PIA 到期的時候再試看看要怎麼選好了，畢竟 PIA 還是目前最便宜的方案。

在飯店裡攻擊企業的高階主管

算是為什麼企業要提供 Full Routing VPN 的一個攻擊管道的說明...

這篇介紹了在飯店裡透過 WiFi 攻擊企業的高階主管，想辦法塞木馬取得資訊，或是滲透進企業內部的網路：「Hackers are using hotel Wi-Fi to spy on guests, steal data」。

Those behind the campaign have continually evolved their tactics and malware payloads, blending phishing and social engineering with a complex Trojan, in order to conduct espionage on corporate research and development personnel, CEOs, and other high-ranking corporate officials.

有點介於 APT 與一般性的攻擊中間...

最近 OpenVPN 的安全性漏洞...

看到「The OpenVPN post-audit bug bonanza」這個只有苦笑啊...

作者在 OpenVPN 經過一連串的安全加強後 (包括 harden 計畫與兩個外部單位的程式碼稽核找到不少問題)，決定出手挖看看：

After a hardening of the OpenVPN code (as commissioned by the Dutch intelligence service AIVD) and two recent audits 1 2, I thought it was now time for some real action ;).

然後就挖出不少問題了...

可以看到作者透過 fuzzing 打出一卡車，包含了不少 crash XDDD：(然後有一個是 stack buffer corruption，不知道有沒有機會變成 RCE)

Remote server crashes/double-free/memory leaks in certificate processing (CVE-2017-7521)
Remote (including MITM) client crash, data leak (CVE-2017-7520)
Remote (including MITM) client stack buffer corruption
Remote server crash (forced assertion failure) (CVE-2017-7508)
Crash mbed TLS/PolarSSL-based server (CVE-2017-7522)
Stack buffer overflow if long –tls-cipher is given

Facebook 推薦好友機制的演算法讓更多的隱私問題浮現...

在「Facebook recommended that this psychiatrist’s patients friend each other」這邊報導了 Facebook 推薦好友機制的演算法意外的拉出了奇怪的東西：

[...], such as this story from Lisa*, a psychiatrist who is an infrequent Facebook user, mostly signing in to RSVP for events. Last summer, she noticed that the social network had started recommending her patients as friends—and she had no idea why.

“I haven’t shared my email or phone contacts with Facebook,” she told me over the phone.

精神科醫師被 Facebook 推薦他的病人... 而更慘的是病人也收到的推薦包括了其他的病人：

Another one of her female patients had a friend recommendation pop up for a fellow patient she recognized from the office’s elevator. Suddenly, she knew the other patient’s full name along with all their Facebook profile information.

“It’s a massive privacy fail,” said Lisa. “I have patients with HIV, people that have attempted suicide and women in coercive and violent relationships.”

而且因為職業的關係，他也對此很小心防範：

Lisa lives in a relatively small town and was alarmed that Facebook was inadvertently outing people with health and psychiatric issues to her network. She’s a tech-savvy person, familiar with VPNs, Tor and computer security practices recommended by the Electronic Frontier Foundation–but she had no idea what was causing it.

這聽起來不是什麼好演算法 :o

SWEET32：攻 Blowfish 與 3DES

最新的攻擊算是實戰類的攻擊，理論基礎以前都已經知道了，只是沒有人實際「完成」。算是近期少數直接對演算法的攻擊，而這些演算法剛好還是被用在 TLS 與 OpenVPN 上，所以嚴重性比較高：「SWEET32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN」。

攻擊的條件是 block cipher 的 block size，而非 key length，所以就算是 256 bits 的 Blowfish 也一樣也受到影響。

這次順利打下 Blowfish 與 3DES。這兩個 cipher 的 block size 都是 64 bits，所以對於 birthday attack 來說只要 2³² 就可以搞定：

This problem is well-known by cryptographers, who always require keys to be changed well before 2^n/2 blocks. However it is often minimized by practitioners because the attacks require known plaintext, and reveal only little information. Indeed, standard bodies only recommend to change the key just before 2^n/2 blocks, and many implementations don't enforce any limit on the use of a key.

在 OpenVPN 打 Blowfish 的部份 (Blowfish 是 OpenVPN 預設的 cipher)：

In our demo, it took 18.6 hours and 705 GB, and we successfully recovered the 16-byte authentication token.

以及 HTTPS 打 3DES 的部份 (為了相容性問題)：

Experimentally, we have recovered a two-block cookie from an HTTPS trace of only 610 GB, captured in 30.5 hours.

都是有可能的等級。也該來拔掉對 IE8 的支援了... orz

Cisco 與 Fortinet 防火牆的 RCE 漏洞

NSA 使用這些漏洞來大量監聽企業的流量：「Leaked Exploits are Legit and Belong to NSA: Cisco, Fortinet and Snowden Docs Confirm」。

Cisco 已經確認這個安全性漏洞了，全系列包括已經停產的 Cisco PIX、上個世代的 Cisco ASA 5500 (但還有些型號還在賣)，以及目前主力的 Cisco ASA 5500-X，另外還包括了安全模組系列也中獎：「Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability」。

Cisco ASA 5500 Series Adaptive Security Appliances
Cisco ASA 5500-X Series Next-Generation Firewalls
Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
Cisco ASA 1000V Cloud Firewall
Cisco Adaptive Security Virtual Appliance (ASAv)
Cisco Firepower 4100 Series
Cisco Firepower 9300 ASA Security Module
Cisco Firepower Threat Defense Software
Cisco Firewall Services Module (FWSM)*
Cisco Industrial Security Appliance 3000
Cisco PIX Firewalls*

標星號的是目前已經沒有在維護的產品，這次只確認受到影響，但不會更新：

Cisco Firewall Service Modules and Cisco PIX Firewalls have passed the last day of software support milestone as stated in the published End of Life (EoL) documents. Further investigations into these devices will not be performed, and fixed software will not be made available.

這次 Cisco 的安全性問題是 SNMP 的洞造成的：

Administrators are advised to allow only trusted users to have SNMP access and to monitor affected systems using the snmp-server host command.

這個洞被 NSA 用來寫 exploit 植入系統：

This flaw was included inside two NSA exploits, dubbed EPICBANANA as well as JETPLOW, which is an enhanced version of EPICBANANA, but with better persistence capabilities, Cisco's Omar Santos said in a blog post.

在 NSA 洩漏出來的文件裡可以看到 ace02468bdf13579 這個特殊辨識字串，而在受感染的樣本上也找到了這個痕跡：

而且不只是 Cisco，其他幾家也中獎了，可以參考「The NSA Leak Is Real, Snowden Documents Confirm」這邊更多的資訊 @_@

Ubuntu 桌機的 Split DNS

Split DNS 指的是某個 DNS domain 使用另外一組 DNS servers，常用在 Partial Route 的 VPN 上，讓內部網域的 DNS domain 正確的被解出來。一般商業的 VPN Software 都會處理掉這塊，不過有時候還是希望可以自己設定...

Ubuntu 桌機上的 Split DNS 可以透過 Dnsmasq 做到，在我的機器上因為透過 ps awx | grep dnsmasq 可以看到 --conf-dir=/etc/NetworkManager/dnsmasq.d，表示設定的目錄在 /etc/NetworkManager/dnsmasq.d 下，所以我把檔案 mysplit 放到 /etc/NetworkManager/dnsmasq.d 下：

#
server=/mysplit.com/10.1.2.3

然後在 dnsmasq 的 manpage 裡面有提到，SIGUSR{1,2} 是拿來分析用的，而 SIGHUP 不是拿來給你重新讀設定檔用的 XDDD

SIGHUP does NOT re-read the configuration file.

所以就砍掉他，隨便對 NetworkManager 做個動作，就會重新把 dnsmasq 帶起來了，或者重開機也可以... 再跑 dig 查的時候就可以查到資訊了。

最近三十天透過 Tor 上 Facebook 的人超過一百萬

Facebook 提供了透過 Tor 連上 Facebook 的人數：「1 Million People use Facebook over Tor」：

In June 2015, over a typical 30 day period, about 525,000 people would access Facebook over Tor e.g.: by using Tor Browser to access www.facebook.com or the Facebook Onion site, or by using Orbot on Android. This number has grown – roughly linearly – and this month, for the first time, we saw this “30 day” figure exceed 1 million people.

去年六月的時候大約是 52 萬人，而現在則超過一百萬了。