繞過 Screensaver Lock 的有趣話題...

Hacker News Daily 上看到「Screensaver lock by-pass via the virtual keyboard」這篇,裡面這邊題到了 screensaver lock 的有趣話題。

先講嚴肅一點的,這個 bug 被編號為 CVE-2020-25712,問題出在 xorg-x11-server 上:

A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

比較有趣的事情是,這個 bug 是小朋友在亂玩時拉出 virtual keyboard 觸發的:

A few weeks ago, my kids wanted to hack my linux desktop, so they typed and clicked everywhere, while I was standing behind them looking at them play... when the screensaver core dumped and they actually hacked their way in! wow, those little hackers...

然後他說他自己搞不出來:

I tried to recreate the crash on my own with no success, maybe because it required more than 4 little hands typing and using the mouse on the virtual keyboard.

另外一個人也說他家小朋友也弄出 segfault 了:

My kids came upon a similar cinnamon-screensaver segfault! I've emailed details of how to reproduce the problem to root@linuxmint.com.

小朋友超強 XDDD

Zoom 預設開啟密碼原因

最早的時候用 Zoom 只需要知道 meeting room 的編號就可以連進去,產生連結時也只需要提供號碼就能進去,後來 (不知道什麼時候開始的) 產生出來的連結會包括一組 token,而預設加入房間也需要密碼了。

現在知道原因了,因為被安全通報了:「Zoom Fixes Flaw Opening Meetings to Hackers」。

除了上面講到的問題以外,另外一個漏洞是本來的連結網頁就有資訊可以辨別是否為合法的 meeting room,可以讓攻擊者很快速的判斷哪些 meeting room 可以連進去。這次的修改變成不檢查,直接帶到 Zoom 的應用程式裡面,增加一些難度,但攻擊者還是可以透過 API 掃出來。

這主要是當初設計上的安全問題,當初沒有設計那麼長,應該就是考慮太長的號碼會讓使用者不太容易手動輸入...

Intel CEO 做的真不錯 XDDD

在發生爆發前一個月把自家 Intel 的股票賣到最低限度 XDDD:「Intel was aware of the chip vulnerability when its CEO sold off $24 million in company stock」,引用的新聞是「Intel's CEO Just Sold a Lot of Stock」:

On Nov. 29, Brian Krzanich, the CEO of chip giant Intel (NASDAQ:INTC), reported several transactions in Intel stock in a Form 4 filing with the SEC.

所以十一月底的時候賣掉... 只保留 CEO 最低限額 250 張:

Those two transactions left Krzanich with exactly 250,000 shares -- the bare minimum that he's required to hold as CEO.

來看看獲利會不會被追回 XDDD

WPA2 安全漏洞

話說 WPA2 也撐了十三年了:

WPA2 became available in 2004 and is a common shorthand for the full IEEE 802.11i (or IEEE 802.11i-2004) standard.

這次的漏洞可以參考「Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping」這邊。

PoC 稱作 KRACK (Key Reinstallation Attacks),漏洞將會在十一月正式發表,從會議的標題名稱大概可以知道方向,是對 Nonce 下手:「Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2」。另外站台 www.krackattacks.com 已經放好,等後續的發表更新了。

對於無線網路的各種漏洞,老方法還是目前最有效的方法,也是這次的 workaround 之一:上強度足夠的 VPN。

Update:補上論文「Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2」。

關於 Juniper ScreenOS 防火牆被放後門的研究

一樣是從 Bruce Schneier 那邊看到的:「Details about Juniper's Firewall Backdoor」,原始的研究連結在「Cryptology ePrint Archive: Report 2016/376」這邊。

ScreenOS 被放了兩個後門,一個是 SSH 的後門:

Reverse engineering of ScreenOS binaries revealed that the first of these vulnerabilities was a conventional back door in the SSH password checker.

另外一個是「Dual EC 的 Q 值」被放了後門,而「NIST 所制定的 Dual EC 的 Q 值」本身就是個後門,所以有人把這個後門又給換掉了:

The second is far more intriguing: a change to the Q parameter used by the Dual EC pseudorandom number generator. It is widely known that Dual EC has the unfortunate property that an attacker with the ability to choose Q can, from a small sample of the generator's output, predict all future outputs. In a 2013 public statement, Juniper noted the use of Dual EC but claimed that ScreenOS included countermeasures that neutralized this form of attack.

第二個後門更發現嚴重的問題,Juniper 所宣稱的反制措施根本沒被執行到:

In this work, we report the results of a thorough independent analysis of the ScreenOS randomness subsystem, as well as its interaction with the IKE VPN key establishment protocol. Due to apparent flaws in the code, Juniper's countermeasures against a Dual EC attack are never executed.

也因此團隊確認選定 Q 值的人可以輕易的成功攻擊 IPSec 流量:

Moreover, by comparing sequential versions of ScreenOS, we identify a cluster of additional changes that were introduced concurrently with the inclusion of Dual EC in a single 2008 release. Taken as a whole, these changes render the ScreenOS system vulnerable to passive exploitation by an attacker who selects Q. We demonstrate this by installing our own parameters, and showing that it is possible to passively decrypt a single IKE handshake and its associated VPN traffic in isolation without observing any other network traffic.