In an abrupt reversal, U.S. District Judge William Sessions in Vermont ruled that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, does not have a Fifth Amendment right to keep the files encrypted.

Src: Cnet

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference’s organizer.

They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack

Security experts had known that TKIP could be cracked using what’s known as a dictionary attack. Using massive computational resources, the attacker essentially cracks the encryption by making an extremely large number of educated guesses as to what key is being used to secure the wireless data.

The work of Tews and Beck does not involve a dictionary attack, however.

To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a “mathematical breakthrough,” that lets them crack WPA much more quickly than any previous attempt, Ruiu said.

Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck’s Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.

WPA is widely used on today’s Wi-Fi networks and is considered a better alternative to the original WEP (Wired Equivalent Privacy) standard, which was developed in the late 1990s. Soon after the development of WEP, however, hackers found a way to break its encryption and it is now considered insecure by most security professionals. Store chain T.J. Maxx was in the process of upgrading from WEP to WPA encryption when it experienced one of the most widely publicized data breaches in U.S. history, in which hundreds of millions of credit card numbers were stolen over a two-year period.

A new wireless standard known as WPA2 is considered safe from the attack developed by Tews and Beck, but many WPA2 routers also support WPA.

“Everybody has been saying, ‘Go to WPA because WEP is broken,’” Ruiu said. “This is a break in WPA.”

If WPA is significantly compromised, it would be a big blow for enterprise customers who have been increasingly adopting it, said Sri Sundaralingam, vice president of product management with wireless network security vendor AirTight Networks. Although customers can adopt Wi-Fi technology such as WPA2 or virtual private network software that will protect them from this attack, there are still may devices that connect to the network using WPA, or even the thoroughly cracked WEP standard, he said.

Ruiu expects a lot more WPA research to follow this work. “Its just the starting point,” he said. “Erik and Martin have just opened the box on a whole new hacker playground.”

Yahoo has since corrected the flaw and released the following statement to netcraft:

The team was made aware of this particular Cross-Site Scripting issue yesterday morning (Sunday, Oct. 26) and a fix was deployed within a matter of hours. Yahoo! appreciates Netcraft’s assistance in identifying this issue.

As a safety precaution, we recommend users change their passwords, should they still be concerned. Users should always verify via their Sign-in Seal that they are giving their passwords to Yahoo.com.

How it happened:

The attacker managed to find a flaw at hotjobs.yahoo.com that allows visitors to inject obfuscated JavaScript into the page. The script can be configured to steal authentication cookies. The authentication cookie can then be used to allow the attacker to pose as the user.  This type of attack, and loyal netleets readers already know, is called cross-site scripting. Earlier in the year netcraft found a similar flaw at ychat.help.yahoo.com.

This attack was probably executed using the CookieMonster tool that has recently affected netflix.com and bankofamerica. CookieMonster is a cookie stealing toolkit that works with both http and https sites. It siphons authentication cookies from vulnerable sites. These cookies can be used to hijack a users account.

Theregister.co.uk best describes CookieMonster as follows:

The vulnerability stems from website developers’ failure to designate authentication cookies as secure. That means web browsers are free to send them over the insecure http channel, and that’s exactly what CookieMonster causes them to do. It does this by caching all DNS responses and then monitoring hostnames that use port 443 to connect to one of the domain names stored there. CookieMonster then injects images from insecure (non-https) portions of the protected website, and – voila! – the browser sends the authentication cookie.

A CookieMonster blog listed several popular sites that were allegedly vulnerable back in September. Those sites include southwest.com, expedia.com, usairways.com, register.com, newegg.com, ebay.com, any many many more.

What can be done:

In addition to the steps outlined in this XSS tutorial, sites that contain cookies for authentication must not allow cookie values to be translated on the client side. In the early days of cookie based authentication, many sites simply stored authentication information in the cookie, which can be read in any text editor. Today, cookies merely act as a reference point for server side authentication, however if the cookie can be used from any client, it defeats the purpose of even hiding the true value.

Perhaps the easiest thing that could have been done on Yahoo’s part would have been to configure their site to use http-only or https-only cookies. If only http is allowed, malicious javascript cannot be injected.

Via: netleets.com

The greatest thing is: Once you’ve reached the end of the video and the list of related videos is offered to you, you can simply navigate these videos and watch them in the popup-window without having to navigate to the VerifyAge-page again. So: Open ONE restricted video – Then watch them ALL!
https://addons.mozilla.org/en-US/firefox/addon/9128