Skip to content

Home 特別報告
Special Alerts


EFAIL 攻擊: OpenPGP 及 S/MIME 漏洞導致加密電子郵件的明文洩漏
週三, 16 五月 2018 15:00

漏洞及攻擊描述:
OpenPGP (Pretty Good Privacy) 及 S/MIME (Secure/Multipurpose Internet Mail Extensions) 皆為用來進行電子郵件數位簽章、加密及解密的標準。EFAIL 攻擊係利用 OpenPGP 及 S/MIME 標準之電子郵件客戶端存在的漏洞獲取加密電子郵件的明文。當電子郵件客戶端設定為自動解密收到的電子郵件內容及自動載入外部資料,攻擊者可利用此機制,藉由寄送修改的相同加密電子郵件內容給受害者來竊取明文信息。


CVE編號:
CVE-2017-17688: OpenPGP CFB 攻擊
CVE-2017-17689: S/MIME CBC 攻擊

受影響系統:
支援 OpenPGP 或 S/MIME 標準的電子郵件客戶端都可能受到 EFAIL 攻擊。詳細漏洞解析及受影響的電子郵件客戶端可參考以下論文(https://efail.de/efail-attack-paper.pdf)。

防範措施:
使用者建議依照以下方式降低受到 EFAIL 攻擊的風險:
‧使用電子郵件客戶端以外的應用程序解密 S/MIME 或 PGP 加密的電子郵件
‧停用 HTML 算繪 (HTML rendering)
‧停用遠程內容載入(Remote Content Loading)
‧安裝電子郵件客戶端供應商所提供的補丁

參考資料:
https://efail.de/
https://efail.de/efail-attack-paper.pdf
https://www.kb.cert.org/vuls/id/122919

 
Meltdown 與 Spectre 攻擊
週日, 07 一月 2018 00:00

漏洞及攻擊描述:
"Meltdown" 與 "Spectre" 攻擊是針對目前處理器存在的硬體漏洞來進行利用。 "Meltdown" 允許攻擊者讀取目標系統中任意內核內存空間或任意實體記憶體空間 。"Spectre" 則允許攻擊者利用任一程序泄漏儲存於記憶體中的敏感信息。

CVE編號:
CVE-2017-5753/CVE-2017-5715/CVE-2017-5754

受影響系統:
系統配置的處理器若允許亂序執行指令,或系統所使用的作業系統未進行更新都可能受到 Meltdown 攻擊。此系統可能是桌上型電腦,筆電,及雲端電腦等。系統配置的處理器若在分支預測中採用推測執行則可能受到 Spectre 攻擊。此系統可能是桌上型電腦,筆電,及雲端服務器及智慧型手機等。

防範措施:
使用者應進快讓所有受影響的裝置安裝可用的更新。

  • Windows: Microsoft 於一月份已發佈可用的安全更新及相關更新指引
  • MacOS: Apple 上個月發佈的 macOS High Sierra 10.13.2 更新中已修正部分問題, 並將在 MacOS 10.13.3 中提升或完善其解決方案。
  • Linux: 多數 Linux 開發者都已經發佈更新,利用內核頁表隔離 (KPTI)技術,將內核空間與用戶空間完全隔離以解決信息泄露的問題。
  • Android: Google 已在 Android 一月份安全補丁中發佈 Pixel/Nexus 的安全更新。其他 Android 使用者須等候其所屬的裝置製造商發佈可用的更新。
  • Firefox 瀏覽器: Mozilla 發佈的 Firefox 57.0.4 已可防止 Meltdown 與 Spectre 的時序攻擊。建議使用者盡快更新至該版本。
  • Google Chrome 瀏覽器: Google 已計畫於一月二十三日發佈 Chrome 64 來保護桌上型電腦及行動裝置安裝的 Chrome 瀏覽器免於受到 Meltdown 與 Spectre 的攻擊。
  • VMware: VMware 已發佈受影響的產品清單及 ESXi, Workstation 與 Fusion 等產品對於避免受到 Meltdown 攻擊的安全更新

參考資料:
https://meltdownattack.com/
https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
https://thehackernews.com/2018/01/meltdown-spectre-patches.html
https://www.kb.cert.org/vuls/id/584653

 
WPA2 密鑰重裝漏洞

Description:
Key reinstallation attacks or "KRACK" attacks were reported in the WPA2 Wi-Fi protocol. An attacker within range of an affected AP and client may be able to conduct attacks including arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.

CVE Number:
CVE-2017-13077: Reinstallation of the pairwise key in the Four-way handshake
CVE-2017-13078: Reinstallation of the group key in the Four-way handshake
CVE-2017-13079: Reinstallation of the integrity group key in the Four-way handshake
CVE-2017-13080: Reinstallation of the group key in the Group Key handshake
CVE-2017-13081: Reinstallation of the integrity group key in the Group Key handshake
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake
CVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
CVE-2017-13087: Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
CVE-2017-13088: Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame


Systems Affected:
The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any Wi-Fi device that uses WPA2 is likely affected.

Mitigation:
1. Users are advised to install updates to affected devices as they are available or contact your vendors directly for update information.

Reference:
https://www.krackattacks.com/
http://www.kb.cert.org/vuls/id/228519

 
藍芽漏洞 - "BlueBorne"
週三, 13 九月 2017 21:19

Description:
Eight Bluetooth vulnerabilities, dubbed Blueborne, affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux, impacting almost all Bluetooth device types, including smartphones,laptops,IoT devices, and smart cars.
Three of these eight security flaws are rated critical and according to researchers at Armis, the IoT security company that discovered BlueBorne, these vulnerabilities allow attackers to take over devices and execute malicious code, or perform Man-in-the-Middle attacks and intercept Bluetooth communications. Blueborne doesn’t require devices to be paired with the malicious device, or even be set in discoverable mode

CVE Number:
CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, and CVE-2017-0785 for Android devices;
CVE-2017-1000251 and CVE-2017-1000250 for Linux;
CVE-2017-14315 for iOS, and
CVE-2017-8628 on Windows.

Systems Affected:
Windows versions since Windows Vista are all affected. Windows Phone was not vulnerable to BlueBorne. Microsoft has released patches in July for CVE-2017-8628, the details about the fixed vulnerability has been provided in September's Patch Tuesday.

All Linux devices running BlueZ are affected by an information leak, while all Linux devices from version 3.3-rc1 (released in October 2011) are affected by a remote code execution flaw that can be exploited via Bluetooth. Samsung's Tizen OS, based on Linux, is also affected.

All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected, but the issue was patched in iOS 10.

Prevention:
1. Disable Bluetooth immediately. After applying the patch or update on your device, you should be able to turn Bluetooth on.
2. Users of Android devices can determine if their device is vulnerable by downloading the BlueBorne Android App on the Google Play Store and use it to run a simple and quick check.

Reference:
https://www.bleepingcomputer.com/news/security/blueborne-vulnerabilities-impact-over-5-billion-bluetooth-enabled-devices/
https://arstechnica.com/information-technology/2017/09/bluetooth-bugs-open-billions-of-devices-to-attacks-no-clicking-required/

最近更新在 週一, 30 十月 2017 12:22
 
NotPetya/SortaPetya/Petya 勒索軟體
週三, 28 六月 2017 10:00

漏洞及攻擊描述:
近日公佈的 NotPetya/SortaPetya/Petya 勒索軟體,利用與 WannaCry 勒索軟體相同的微軟 SMBv1 協議中的漏洞(MS17-010),攻擊全球受影響的微軟作業系統,此勒索軟體除了與 WannaCry 一樣都利用了 NSA Eternalblue 這個漏洞利用程式,還透過 WMIC 與 PsExec 在內部網路進行傳播。

CVE編號:
CVE-2017-0143 ~ CVE-2017-0148, CVE-2017-0199。

受影響系統:
Windows 作業系統XP/Vista/7/8/8.1/10(1507,1511,1607), 服務器 2008/2008 R2/2012/2012 R2, 及 Windows RT。(有無補丁都可能受到感染)

防範措施:
1. 於任何來路不明的電子郵件中,勿點擊連結、開啟或儲存附加的檔案。
2. 安裝微軟 SMBv1 協議漏洞(MS17-010)的安全更新。
3. 停止使用 SMBv1 檔案分享協議。
4. 停止未使用的 WMIC ,並阻擋 WMIC 與 PsExec 遠端連線。
5. 定期備份重要資料至離線裝置。
6. 更新防毒軟體病毒碼。

感染處置:
1.此勒索軟體會在電腦重新啟動後加密系統,若系統已經受感染並出現重新啟動電腦的信息,務必直接關機,切勿重新啟動以防止檔案被加密。
2.使用 LiveCD 及其他裝置進行檔案復原。

 
第1頁,共3頁
[YOUR IP : 34.207.152.62: 60558] ...   [YOUR BROWSER: CCBot/2.0 (https://commoncrawl.org/faq/)] ...