As part of my work I was installing a Microsoft PKi infrastructure with two tiers. A root CA and an issuing CA.

Since the root CA is in another domain then the issuing CA, it took some fiddling and tweaking around with my CDP and AIA extensions, but that is another blogpost all together.

I knew I was in for some fun when when the following happened:

• I installed my Issuing CA and generated the certificate request
• I issued the request to my Root CA and generated the Issuing CA certificate
• I tried to install the Issuing CA certificate and got the following error:

Cannot verify certificate chain. Do you whish to ignore the error and continue? The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2168885613)

My first reaction was to call one of the network guest and notify him that I needed http access to the Issuing CA to the CDP location. But whil on the phone, I decided to try and to my surprise I was actually able to manually pull down the crl.

Intregued, I decided to check a few things:

• I could download the CRL from both CDP locations with Internet Exporer
• I could open the downloaded CRLs
• I could telnet to port 80 of the both webservers
• I could telnet to port 80 manually issue the GET /crl/CRLname.crl HTTP/1.0 command and get data back

O.K. what is going on here… Lets open PKI view, which is now included in Windows 2008 and Vista and can be downloaded for Windows 2000 and 2003.

It seemed that PKI view as in agreement, it too could not download the CRL from the CDP location

PKI view shows "Unable To Download" for both CDP locations

This did sent me on a wild goose chase:

• Microsoft own documentation, clearly blames it on unavailability of the CDP location, something I, by now, had triplle checked four times and refused to believe
• This “Network Builders” forum and many others, simply suggest to turn off revocation checking, but that is clearly not a worthy solution either.
• Apparently there is also an issue with serving delta CRLs threw IIS because the + sign at the end of the basename of a delta CRL file leads to so called “double escaping”. I could rule this out by looking at the IIS logs.
• In the end this technet forum post, about OCSP reponders Brian Komar points out:

But, as stated, I would use certutil to get the “best” answer on how is my configuration.
Certutil -verify -urlfetch “certfile.cer” will check *every* CDP and AIA URL (including OCSP) and tell you how they are all doing *at that specific instance in time” since it goes to the URLs immediately.
Brian

I exported the Issuing CA certificate from the certificate database of the Root CA and ran the command against is and this is what I found

E:\>certutil -verify -urlfetch <certfile>.cer
Issuer:
CN=Root CA
Subject:
CN=Issuing CA
Cert Serial Number: 115d5f6400020000000b
<snip>

—————-  Certificate AIA  —————-
Verified “Certificate (0)” Time: 0
[0.0] http://IIS1.domain1local/crl/Root-CA.crt

Verified “Certificate (0)” Time: 0
[1.0] http://IIS2.domain1.local/crl/Root-CA.crt

—————-  Certificate CDP  —————-
Wrong Issuer “Base CRL (13)” Time: 0
[0.0] http://IIS1.domain1.local/crl/Root-CA.crl

Wrong Issuer “Base CRL (13)” Time: 0
[1.0] http://IIS2.domain1.local/crl/Root-CA.crl

<snip>
E:\>

So while PKI view and the other error messages I was getting all pointed to the most common cause, it actually turned out that the CRl did get downloaded, but was not cryptographically relevant to what the system believes is the Root CA certificate.

Root cause

Inspection of the CRLs generated and the Root certificates installed showed what had caused the problem. In order to test the CDP extensions I had reissued the Root CA certificate, causing the Root CA to have three active certificates. Each with a different key.

This CA has three CA certificates

When validating the Issuing CA certificate, validation would end at the last certificate issued, however the CA still signs its CRLs with the key pair of the first certificate.

I guess for me there is nothing left but to reinstall the entire chain.

Subtitle: Why we should be fully-updated on this topic: InfoSec players, Finance world, citizens

Raoul is a member of UNICRI (http://www.unicri.it/), a United Nations crime and justice research institute.

Unicri research technology as well, because if normal people use technology, the bad guys use it as well.

“Every new technology opens the door to new criminal approaches”

In the 70s the first wave of hackers where searching for knowledge. In the early 80s the second wave of hackers was driven by curiosity. The third wave of hackers in the 90s where eager to hack and started to exchange information. The first communities where created. The current fourth wave is now driven by anger and money. Hacking has met politics (hacktivism) and money (cybercrime).

Why is cybercrime on the rise?
1)    There are more and more targets, thanks to broadband
2)    A need to make money, think economical crisis
3)    Hacking got easier, 0-day attacks and skimmers can be easily bought online.
4)    Fall guys are easy to recruit, e.g. for money laundering
5)    The criminals think they cannot be caught
6)    There is no violence, no need to face your victims

Read more…

The Tor project is a non-profit organization that has a full documented network that provides anonymity and privacy by design and is fully documented. Tor is funded by both the US DoD, EFF, Voice of America, Human Rights Watch, Google, NLnet, and you?

Tor is really a community of developers and volunteers and is still looking for developers and volunteers to enhance themselves.

Top countries in the world in bandwidth:
•    Germany
•    USA
•    Netherlands
•    France
•    Sweden

Anonymity means different things to different people:
•    Private citizens – Privacy
•    Government – Traffic analysis resistance
•    Human rights activists – Reachability
•    Businesses – Network Security

Read more…

Subtitle of the talk: Making sense of new critical infrastructure threats

The talk is about the “Smart Grid”. The key components are and advanced metering infrastructure, Transmission and distribution and generation of electricity.

Advanced Metering Infrastructure enables two way communication between the meters in your home and the power company. It offers the following features:
•    Load control works like this: Some power offer a discount in return for control over the thermostat of your AC or by allowing them to turn off your clothes dryer during peak hours. The main reason for this is officially to prevent black outs, but it can be used to prevent penalties as well.
•    Demand response: It allows for dynamic rates to be loaded to your meter.

Why move to a smart gird?
•    Energy conservation
•    Cost reduction
•    Improved Reliability of Delivery

Smart Grid security is significant because it has national security implications, because there are millions of entry points into the grid.

Read more…

Today I presented about the TLS regenotiation vulnerability I blogged about earlier.

You can download the slides below:

• TLS renegotiation authentication GAP v1.1 pdf
• TLS renegotiation authentication GAP v1.1 pptx

Special thanks to Marsh Ray for his suggestions and corrections.

Here are the slides of my presentation.

Slide deck “Seccubus Confidence 2009.02 v0.1″

Since it became apparent that the next version of AutoNessus was going to outgrow the reference to Nessus, Tennable’s Network Security Scanner, due to the inclusion of other scanners such as OpenVAS, NMAP and Nikto, the author of the program, Frank Breedijk, decided to start a contest for a new name.

On the 19th of November Frank Breedijk announced that Jason Mansfield, who runs the website http:/clinicallyawasome.com, has won the contest by sending in the name Seccubus. A bottle of Vueve Clinquot champaing will be sent to him shortly.

The author has provided the following explanation of the name Seccubus:
Read more…

Unlike the last time I was actually on time for Felix’ talk. Due to last nights activity I was surprised that he was on time himself. Again his slides included the Blackhat-O-Meter.

The first part of his presentation explained why routers are interesting targets (they are in the core), but also why routers are not actually exploited that much. One of the reasons is that the attack surface of router is quite small because routers don’t expose that much services to a truly remote attacker and are rarely used as clients.

The exception to the rule is “cisco-sa-20070124-crafted-ip-option” which is a remotely exploitable bug that causes a stack overflow on the router. Since “nobody ever updates router software” this vulnerability is still very much alive.

But routers need to support more and more, like IPv6, VoIP, XML configuration interface, luckily most services off.

Writing exploits for Cisco IOS is hard because it is not a real OS, but a single ELF binary. It is not based on a real OS we know hoe to exploit. Its only option to recover from a critical fault is a full reboot.

Another thing that makes exploitation hard is the memory layout. It is different from each single IOS version that it out there, and there are quite a few, currently there are over 270,000 different IOS images known by Cisco and you cannot get the version number remotely.

Read more…

Eddie started with a good overview of why feeds are available from D-Shield to Bluetack and U.S Department of Treasury and the properties of them, good/bad and why.

The he showed us how you can normalize the feeds and integrate them into NetWitness.

By tying infosec intelligence feeds and combining them with things like traffic statistics events on the network start making more sense. In stead of a random dynamic dns call you now all of a sudden you can tie that to a botnet infection on your network.

Three days ago on the 3rd of November Marsh Ray and Steven Dispensa of PhoneFactor released a whitepaper that describes a man in the middle attack against TLS and SSL v3 by using the “renegotiation” feature of the protocol. Let there be no mistake, this is a limited, but still serious attack.

This new attack adds to the issues published by Moxie Marlinspike, Dan Kaminski and Mike Zusman I blogged about earlier.

So what does this new attack do?

The attack described by Marsh Ray et al. exploits a feature of the TLS protocol called renegotiation. Renegotiation allows the TLS client or server to initiate a renegotiation of the encryption of the connection in order to refresh keys, increase authentication, increase the strength of the cipher suite or any other reason. This renegotiation can be performed by the server or the client by sending a server or client hello message.

Read more…