Twitter | Pretraživanje | |
Kenn White 14. sij
“The NSA discovered an error in the Microsoft code that verifies those signatures, potentially enabling a hacker to forge the signature”
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
Filippo Valsorda 14. sij
Odgovor korisniku/ci @kennwhite @taviso
So just an Authenticode bypass? Meh. As said, nothing like an RCE in PE parsing, not even sure what the NSA would do with this. It might be a fun crypto vuln though!
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Kenn White 14. sij
Odgovor korisniku/ci @FiloSottile @taviso
if it requires privileged network active intercept and DNS spoofing for updates, it would be overblown. But as the Zen master said, We'll see...
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Filippo Valsorda 14. sij
Odgovor korisniku/ci @kennwhite @taviso
Oh is Authenticode literally the only thing standing between the network and installing updates? Surely they connect via TLS to Microsoft or private network to corporate servers?
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Will Dormann 14. sij
Odgovor korisniku/ci @FiloSottile @kennwhite @taviso
Connected via TLS that is validated how exactly?
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Filippo Valsorda 14. sij
Odgovor korisniku/ci @wdormann @kennwhite @taviso
Are you saying this affects X.509 validation?
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Will Dormann
Indeed I am.
10:02 - 14. sij 2020.
Reply Retweet Označi sa "sviđa mi se" More
Filippo Valsorda 14. sij
Odgovor korisniku/ci @wdormann @kennwhite @taviso
Oooh, now, that's fun.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Aaron Grattafiori 14. sij
Odgovor korisniku/ci @FiloSottile @wdormann i 2 ostali
Client cert or similar auth could make this very bad(tm) too....
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Nick Neumann 15. sij
Odgovor korisniku/ci @wdormann @FiloSottile i 2 ostali
A big thing I've not found in any writeup is a list of which major browsers use the affected windows crypto libraries and are therefore also vulnerable to MITM attacks until you update windows. Firefox uses NSS - does that mean it is not susceptible? What about Chrome, Edge, etc?
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Will Dormann 15. sij
Odgovor korisniku/ci @aggieNick02 @FiloSottile i 2 ostali
Chrome uses the affected library. As do Edge and IE. To be honest, Firefox is the only Windows browser I'm aware of at the moment that rolls their own crypto.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Simon Waters 16. sij
Odgovor korisniku/ci @wdormann @FiloSottile i 2 ostali
Microsoft's documentation also says TLS; everyone reads these, right?
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Enigma Bridge 15. sij
Odgovor korisniku/ci @wdormann @FiloSottile i 2 ostali
Could this be close to truth?
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"