Daily Archives: May 20, 2015

The Logjam Attack: What You Need To Know

A new attack against the Diffie Hellman protocol has been made public. This weakness allows an attacker (a man in the middle (MITM)) to downgrade the key exchange protocol Diffie Hellman to 512-bit export-grade cryptography. When the TLS (Transport Layer Security) connection is secured using this few bits, it becomes vulnerable to being broken (i.e. obtaining the session key) meaning that the connection can then be eavesdropped upon.

Why is this important?
The Diffie Hellman protocol is used to secure many everyday websites using HTTPS (this makes the lock icon appear or for your browser address bar to display green). Samples of what Extended Validation certificates look like within your web browser are shown on this page. EV certificates are less common than standard single domain name certificates but these images should assist in conveying how widely used HTTPS really is. More information on TLS/SSL is available in this podcast.

Diffie Hellman is also frequently used when accessing servers remotely using SSH and within VPNs (including IPSec VPNs). VPNs are commonly used to access servers in your workplace from outside of your workplace or when using a public internet connection e.g. a coffee shop’s free WiFi.

As detailed in a technical report on this attack (see Page 3: Table 1) since a large number of devices use the same prime number (upon which the most efficient algorithm namely number field sieve for breaking a Diffie Hellman secured connection is based) this means that the time needed to break the connection is significantly reduced. Using this attack (see Page 7: Table 2), the times for breaking common Diffie Hellman secured connections are shown below:

512 bit: Linear Algebra Stage: 7.7 years; Descent Time: 10 minutes

768 bit: Linear Algebra Stage: 28,500 years; Descent Time: 2 days (within reach of academic researchers)

1024 bit: Linear Algebra Stage: 35 million years; Descent Time: 30 days (within reach of a nation state)

Source: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Excellent articles on the impact of this attack and other background information can be found in this blog post and this post.

Recommended Actions:
I refer you to the section titled “What should I do?” within this page for advice on next steps.

Today I tested Mozilla Firefox (v38.0.1), Google Chrome (v43.0.2357.73, 64 bit, Beta Channel) and Internet Explorer (v11.0.19) to check if they were vulnerable to this attack.

You can check your browser by the visiting this page (also mentioned above). The result will be shown at the top of the page for you.

Both Firefox and Chrome at the time of writing were vulnerable, this is likely to be resolved very soon by both browser vendors.

IE 11 was not vulnerable to this attack (most likely since Microsoft issued MS15-055 as part of its May security updates). However since Microsoft Research is credited as a contributor along with many other computer scientists of the above mentioned report its plausible that this gave them advance notice of the issue to resolve it sooner.

If you use WinSCP, you should ensure you have the latest version installed so that you are no longer vulnerable to Logjam and other more recent OpenSSL vulnerabilities.

Update: 20th May 2015: A ComputerWorld blog post provides a table showing which browsers are currently patched against this flaw.

Update: 2nd June 2015: VideoLAN, the creators of VLC have created a ticket within their bug tracker concerning proposed changes to VLC in response to the Logjam flaw.

Update: 7th February 2016:
VideoLAN have updated their VLC media player to version 2.2.2 which addresses the Logjam security issues within their product. Further details are available in a more recent blog post.

Update: 21st May 2015: OpenSSL has published a blog post with a discussion of the Logjam attack, upcoming changes in OpenSSL in response to this attack and provides a means to check if your OpenSSL server installation is vulnerable.

Update: 31st January 2016: To further protect against the Logjam attack the OpenSSL project have now increased the length of the Diffie-Hellman handshake parameters to 1024 bits. Further details are available in this security advisory.

Update: 11th June 2015:
OpenSSL released a security advisory today to resolve 7 CVEs one of which was a workaround for the Logjam security flaw. The change made to resolve this flaw was to reject Diffie-Hellman handshake requests for parameters shorter than 768 bits. A later release of OpenSSL will extend this to 1024 bits. I would advice updating your OpenSSL installations as soon as possible to mitigate these vulnerabilities (usually by using your Linux package manager to install the applicable updates).

Update: 2nd July 2015: On the 30th of June, Apple released fixes for OS X and iOS to address the Logjam flaw within those products.

Update: 3rd July 2015: Today Mozilla released Firefox 39 and Firefox ESR (Extended Support Release) 38.1 and ESR 31.8 to address the Logjam flaw within those products.

Update: 10th July 2015: I have verified that the Opera web browser is not vulnerable to Logjam since version 30.0.1835.52 released on the 9th of June 2015.

In addition, at the time of writing (10th July 2015), Google Chrome v43.0.2357.132 (Stable, 64 bit) and Google Chrome v44.0.2403.81 (Beta, 64 bit) remain vulnerable to Logjam.

Update: 24th July 2015: At the time of writing (24th July 2015), Google Chrome v44.0.2403.107 (Stable, 64 bit) and Google Chrome v44.0.2403.89 (Beta, 64 bit) remain vulnerable to Logjam.

Update: 28th July 2015: Google Chrome v44.0.2403.125 (Stable, 64 bit) remains vulnerable to Logjam. However Google Chrome v45.0.2454.15 (Beta, 64 bit) includes a fix for Logjam. I have verified it is no longer vulnerable.

Update: 12th August 2015: Google Chrome v44.0.2403.155 (Stable, 64 bit) remains vulnerable to Logjam.

Update: 13th August 2015: OpenSSH has released v7.0 which addresses the Logjam issue within it’s implementation.

Update: 25th August 2015: VideoLAN, the creators of VLC have closed the ticket that I mentioned above (see update: 2nd June 2015) since they have resolved the Logjam issue within their code for the upcoming version 2.2.2 of VLC. A related ticket involving a regression (an unintentional introduced software bug/error) caused by the changes they made was also resolved.

Update: 3rd September 2015: Google Chrome v45.0.2454.85 (Stable, 64 bit) is no longer vulnerable to the Logjam issue since it includes the fix mentioned in the 28th of July entry (above).

I hope that the above advice assists you in securing your servers and computer systems from this new attack. I will update this article when more information concerning updates for web browsers becomes available.

Thank you.

Defending Against Ransomware

What is Ransomware?

Ransomware is malware that stops you using your computer in some way. This can be either by showing a lock out screen (not allowing you to login) or by encrypting your personal data. For each of these possibilities a ransom is demanded in order to use your computer or recover your (now) lost data.

Ransomware has been around for many years becoming most prevalent from late 2011 onwards with Reveton being one of the most well-known variants from approximately 3 years ago. Despite this category of malware being several years old, newer variants such as CryptoLocker, TeslaCrypt and most recently Los Pollos Hermanos continue to cause disruption, stress and cause financial loss to their victims. Further information on ransomware is provided in this blog post and explained further in this podcast.

Should you pay the ransom?

Since paying the ransom convinces the malware authors that their scheme is working and funds a black market economy, you should not pay the ransom. I realize that if the ransomware has encrypted irreplaceable data that is not backed up you may have no choice to pay it, but there is no guarantee that you will get your data back. The human impact of ransomware is detailed in this analysis by FireEye. One possible outcome is that the ransom is paid but the files cannot be decrypted.

How To Remove an Existing Ransomware Infection?

If you have an existing ransomware infection I would suggest following the advice from this short Sophos blog post. That blog post also references an explanatory YouTube video. The Sophos Bootable Antivirus CD mentioned in the above blog post can be created using the steps in this knowledge base article.

An alternative approach is detailed by Mark Russinovich of Microsoft in this blog post (see the section titled “The Hunt”). He provides further easy to follow steps to remove the malware should scans with Microsoft Security Essentials or Windows Defender Offline fail.

If the above advice is not successful in removing the ransomware infection, please consider using one of the 3rd malware removal services mentioned in this Symantec forum post. Please note this forum post does not list services that Symantec wishes to promote or advertise, these services are provided by trusted and highly successful 3rd parties independent of Symantec.

Preventing A Ransomware Infection:

In order to prevent a ransomware infection I would recommend the following steps:

  1. Keep your operating system and web browser up to date. I detail how within this page.
  2. Install and use anti-malware software (ensure that it offers real time protection (continuous monitoring)).
  3. Don’t open attachments from an untrusted source or attachments you weren’t expecting from someone you do trust (their email account could have been hijacked).
  4. Backup up your data regularly. At least one such backup should not be connected to your computer (if it’s connected at the time the malware infects your computer, your backup could also be encrypted). In addition, test that you can restore any data that you wish from your backup before such a malware infection occurs.
  5. Further advice is also provided by FireEye in the blog post that I mentioned above (please see the final section titled “Individuals and Small Businesses Should Consider Basic Steps to Protect Themselves”).
  • Note: Please ensure that if you use cloud storage e.g. Google Drive, Dropbox etc. to not have the cloud drive accessible (in the same way as a standard folder) on your computer when you are not actively using it. If you get a ransomware infection it could also encrypt the backup cloud drive (since it works just like another folder on your computer) and this makes restoring your data more difficult.

Update: 29th May 2015:
If you are using an edition of Windows (compatible editions listed here) that incorporates AppLocker (for Windows 8.0 and later only corporate versions of Windows incorporate AppLocker), please enable it to Enforce executable rules to prevent ransomware and other malware from running on your PC.

Update: 10th November 2015:
This detailed post from Susan Bradley provides easy to understand further advice on defending against ransomware.

Update: 10th January 2016:
In addition to the information/advice in this blog post; a more recent blog post also discusses a new type of ransomware threat and how to protect yourself against it.

Update: 31st January 2016:
This Computerworld article provides further defensive tips e.g. restricting mapped network drives and knowing the users of your devices.

Since AppLocker is another name for application white listing only executable files that you pre-approve (i.e. files that run code, usually applications) will be allowed to run. AppLocker can also prevent unauthorized Windows Installer files (*.msi and *.msp) and scripts e.g. PowerShell and batch files (among others, more details provided here) from running without prior approval. Further resources for configuring AppLocker are provided in this article and this series of articles.

Update: 6th March 2016:
For advice on preventing a ransomware attack from affecting your business, please see this more recent blog post. This post also provides a resource to defend against the “Locky” variant of ransomware and provides an excellent explanation of your options/what to do when ransomware has already infected your computing device (complimenting the existing information in this post) and how to defend against the Locky variant of ransomware being spread via spam messages.

Update: 17th March 2016:
In February 2016 very large numbers of websites powered by WordPress (a blogging tool/content management system) were compromised and used to spread ransomware to those who visited the websites. This threat and recommendations to remove/prevent it are also available in a previous blog post.

In early March 2016, Apple Mac OS X systems that had the Transmission BitTorrent client version 2.90 installed were at risk from a ransomware infection. Further discussion and recommendations are provided in a more recent blog post.

Update: 26th March 2016:
This more recent blog post provides further advice on preventing ransomware (not previously documented within this blog). Please review it to further defend yourself against this increasingly prevalent threat.

Thank you.