Wednesday, 29 July 2015

Was I just overcharged for a free copy of Windows 10 ???

Everyone is talking about Windows 10, and articles pop out left and right informing people about the new and technically the "last version of" Windows you will ever need! Well, to rephrase that, Microsoft is presenting Windows 10 as "the last version of Windows" you’ll ever need to get. After that, you will receive regular feature updates and product improvements.

Monday, 27 July 2015

shell: command in Windows - Did you know?

I recently discovered that not many people are aware of the shell: command in Windows. Windows Explorer (not the Internet Explorer) recognises the command shell: allowing you to open specific system folders. (you can also use: shellnew: instead of shell:)

For example, type the command shell:startup in the address bar and hit Enter.

This action will open the StartUp folder which under Windows 8.1, it is located here:
C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Thursday, 23 July 2015

Burp Suite - Error handshake alert: unrecognized_name

This is the first time I had to deal with this error in Burp and I was trying to figure out what was the problem. It seems there is a problem with Java which causes Burp to fail when accessing some specific websites. This is the screen you get when this particular error occurs. 
Figure 1 - Burp Error handshake alert: unrecognized_name

If you ever stumble upon this problem the solution is easy once you know what to do. As a start, make sure you have the latest version of Java installed. 

Tuesday, 21 July 2015

What is the process to verify a particular certification?

I recently had people coming to me asking me what is the process to verify a particular certification and if I knew of a centralised way for doing this. 

Unfortunately (or fortunately as some may say) there isn't a centralised way where you could query for a particular certification. 

For example, the PCI Security Standards Council (PCI SSC) maintain a list of all certified companies and Qualified Security Assessors which is constantly up-to-date. If you want to verify a consultant's certification the only thing you need to do is to visit this link

Anyhow, this blog post is intended as a reference guide to the various webpages where you can verify a particular certification. If you do know of any other or you found that the list needs to be be updated just send me a message on Twitter and I will update it as soon as possible.

Below, the certifications are listed Alphabetically according to the respective company which have issued each certificate. 

Thursday, 16 July 2015

Critical Patch by Microsoft - MS15-078

Vulnerability in Microsoft font driver could allow remote code execution. This vulnerability requires immediate remediation (16 July 2015). 

Microsoft patch MS 15-078 addresses a serious security flaw found in the way Windows products read certain types of fonts. 
An attacker can send you an office document or ask you to visit a specific web page with a specific font being used. The attack is straight forward and simple to execute, and for that reason it is highly important to patch immediately. 

The attack is possible because it focuses on the Windows Adobe Type Manager Library and the way it deals with OpenType fonts, allowing Remote Code Execution. 

Please note that this vulnerability affects all modern versions of Windows. Also, if you install a language pack after you install this update, you must reinstall this update. Therefore, install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Tuesday, 14 July 2015

Adobe Flash Player - Keep it up-to-date

There is a big debate about uninstalling Adobe Flash Player completely from your systems or not. Unfortunately, Adobe Flash Player has been found to suffer by a number of vulnerabilities and new ones surface each other week. 
If you still want to keep flash player on your system, I suggest you change your browser* settings and make sure any flash content runs after you have authorised it by clicking on it and not automatically when you visit a web page. 

I also suggest you make sure you have the latest version of Adobe Flash Player which YOU MUST ONLY download from the Adobe website and not through any random popups or third party links. 

This is the official URL where you can download the latest version of Adobe Flash Player for your system and the browser you are using is https://get.adobe.com/flashplayer/. Please note that you need to run Windows Update in order to download automatically the latest Adobe Flash Player update for Internet Explorer. I suggest restarting your system before you run Windows Update and after you have completed patching your OS through Windows Update. 

By visiting the following link you can check if you are running the latest version of Adobe Flash Player: http://www.adobe.com/uk/software/flash/about/

* Make sure you have updated your browser (Firefox, Chrome, Opera, etc.) to its latest version before updating the flash player. In order to check if you have the latest version, run your browser, hit the Alt key from the keyboard, go to the Help menu and select the "About" option. Your browser will inform you if it is at its latest version or it will start downloading the latest version for you. 

Thursday, 9 July 2015

OpenSSL vulnerability, Severity: High, CVE-2015-1793

On June 11, an updated version of OpenSSL was released. It was disclosed earlier today that it contained a serious certificate validation error (CVE-2015-1793). Luckily, the vulnerability was discovered quickly enough (two weeks ago) and once made it was made public today a patch was also made available.
During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate.

This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. 

This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p

Please note that support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade their OpenSSL implementations to the latest version. 

It is strongly suggested to update OpenSSL implementations to the latest version.

If you would like to run a quick check on your network for SSL implementations you can do that by using nmap: 
nmap -sV -Pn --script ssl-enum-ciphers --version-intensity 2 [IP/CIDR]

Are you using Nessus? If you do, make sure you update to the latest version (6.4.1) and update your plugins: nessuscli.exe update --plugins-only
Use Plugin IDs 84636/7 for testing.

Maybe it is time for you to look into into the s2n, which is a new open source TLS implementation. This implementation avoids the rarely used options and extensions of the TLS implementation. Consequently, it consists of approximately 6000 lines of code and makes it a lot easier to review. As it stands at the moment, s2n has passed three external security evaluations and penetration tests.

Saturday, 4 July 2015

SteelCon 2015 - Can you really hack an airplane? (myths & truths)

I was very excited to hear my talk that was sent to SteelCon 2015 (http://www.steelcon.info) was accepted. This time I am talking about something different than usual, which has to do about hacking airplanes.
A lot of noise, many discussions and many articles have been written lately due to the recent so claimed airplane hack. It is indeed very difficult, up to impossible, to find information about the security of an airplane's systems if you are not actually the person responsible for designing and building such systems. Of course, it is understandable that these details regarding these systems will never become available to the general public for security reasons.

Wednesday, 1 July 2015

Steps you need to take for the upcoming Windows Server 2003 End of Support (EOS)

The End of Support (EOS) for Windows Server 2003 is only a few days away. It is very important for CISOs and CyberSecurity decision makers in general to plan the next day once the support for this product has ended. Microsoft will stop issuing security patches next week and the risk of running a critical system in production will start to increase rapidly. 
As a reminder, the date for your calendar as the last day a security patch will be issued is the 14 July 2015. As it happened with Windows XP, after its end of support, attacks against the Operating System increased in an attempt to exploit it.