Archive for the ‘General’ Category

View All General

M86 Security Labs now part of Trustwave’s SpiderLabs

By Phil Hay  •  April 1st, 2012  •   General

Many of you are probably already aware of the acquisition of M86 Security by Trustwave. As part of the acquisition, we are pleased to announce that M86 Security Labs is combining with Trustwave’s SpiderLabs. We are excited by the move, as we become part of a larger and more diverse team of security professionals that focus on penetration testing, incident response, application security and security research. The combined team will be stronger, with enhanced threat intelligence and resources which can only help our customers going forward.

So this then is the final post in the M86 Security Labs blog. But we are not going away. We will be continuing the research that underpins the security updates to all our products. We will also be contributing to ‘Anterior’, the official blog of SpiderLabs. We encourage all our readers to visit Anterior and sign up to the RSS feed here. Existing blogs on this site will remain for now, but will be moved over to Anterior in the near future.

Tags:    |  

View All General

The Beauty and the BEAST

By Avri Schneider  •  September 28th, 2011  •   General

Transport Layer Security – (TLS) is a protocol often used during HTTPS connections to secure web sites. For almost a decade, it has been known that TLS 1.0 was insecure and vulnerable to attack – primarily due to its usage of the Cipher Block Chaining (CBC) mode of operation.  TLS version 1.1 and then TLS version 1.2 have been designed to cope with this and other weaknesses.

The theoretical attack published by Gregory V. Bard back in April 2006 has been exploited (although not in the wild) and a proof-of-concept has been recently developed. Just a little over a week ago, researchers Thai Duong and Juliano Rizzo demonstrated their proof-of-concept called BEAST – Acronym for Browser Exploit Against SSL/TLS and a few days ago, published a blog post describing the attack in detail.

Even though Microsoft, Google, Mozilla and Opera have  already released information or fixes for this issue, it is surprising that Internet Explorer, Chrome, Firefox and Opera, all recent web browsers, had this vulnerability unpatched for this long – leaving many users vulnerable to the particular type of attack SSL was designed to protect against.

OpenSSL has implemented a workaround for this vulnerability since version 0.9.6d which was released in May 2002, however some browsers use the Network Security Services (NSS) library, which remained vulnerable to this attack.

The beauty is that the M86 Secure Web Gateway appliance in its default configuration provides zero-day protection against  this (and other) types of attack.

The complexity, time and cost of keeping all browsers in an organization patched against all the latest security threats highlights the importance of not relying solely on client-side security solutions.

Regardless of whether browsers behind the Secure Web Gateway get patched and how quickly that happens, they are protected behind M86 Security Secure Web Gateway.

Tags:  

View All General

DigiNotar Certificates Revoked Following Theft

By Anat Davidi  •  September 13th, 2011  •   General

Last year as we considered possible future threats, one of our predictions for 2011 thoughts turned to the use of stolen digital certificates becoming increasingly more common.  We envisioned malicious websites and applications being signed using stolen digital certificates and validated by products and applications that fail to keep up to date with these events. It appears that our predictions are becoming a reality as we begin to see more and more cases of stolen certificates.

Recently, certificates belonging to a Certification Authority by the name of DigiNotar were stolen.  These were used to issue hundreds of certificates, amongst them, a certificate for the domain *.google.com which was used to execute Man-in-the-Middle attacks against users of encrypted Google services.

Following this incident, companies such as Microsoft, Google and Mozilla have all taken action to protect their respective products.

M86 Security has issued a Security Update for our Secure Web Gateway product, moving the five stolen root certificates to the untrusted list:

 

  • DigiNotar Root CA
  • DigiNotar Root CA G2
  • DigiNotar PKIoverheid CA Overheid
  • DigiNotar PKIoverheid CA Organisatie – G2
  • DigiNotar PKIoverheid CA Overheid en Bedrijven

 

 

Given that some of these certificates are already being used in active attacks, customers are highly advised to install this update (M86 Security Update 120).

 

With the update installed, Secure Web Gateway clients will be protected against malicious files signed with certificates issued by this Certification Authority in an attempt to appear legit, as well as Man-in-the-Middle attacks against users of various encrypted services. These will be blocked for a digital certificate violation.

 

To verify that the update has been installed and to observe the changes to Secure Web Gateway’s digital certificates, customers may inspect the product’s web administration interface under Administration > System Settings > Digital Certificates.  Here customers will see the certificates removed from the “M86 Security Trusted Root CA”, which can now be found under “M86 Security Untrusted Publishers”.

 

Secure Web Gateway Digital Certificates - "M86 Security Untrusted Publishers" list contains the five DigiNotar certificates

 

M86 Security will continue to keep track of the situation and take actions as necessary to keep our customers safe.

Tags:    |