Microsoft to revamp Windows encryption keys in face of Flame malware
Starting next month, updated Windows operating systems will reject encryption keys smaller than 1,024 bits, which could cause problems for customer applications accessing websites and email platforms that use the keys.
The cryptographic policy change is part of Microsoft's response to security weaknesses that came to light after Windows Update became an unwitting party to Flame Malware attacks, and affects Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems, according to the Windows PKI blog written by Kurt L. Hudson, a senior technical writer for the company.
"To prepare for this update, you should determine whether your organization is currently using keys less than 1,024 bits," Hudson writes. "If it is, then you should take steps to update your cryptographic settings such that keys under 1,024 bits are not in use." Read more...
Flame part of U.S.-Israeli cyber attack campaign against Iran
The highly sophisticated Flame malware was jointly developed by the U.S. and Israeli governments in preparation for a cyber sabotage campaign to disrupt Iran's nuclear fuel enrichment efforts, according to a media report.
Citing unnamed Western officials with knowledge of the operation, the Washington Post reported on Tuesday that Flame's goal was to collect intelligence about Iran's computer networks that would facilitate future cyber attacks.
On June 1, The New York Times reported that Stuxnet, a sophisticated piece of malware that is believed to have caused the destruction of up to 1,000 gas centrifuges at Iran's Natanz uranium enrichment facility, was created by the U.S. and Israel governments as part of a joint operation code-named Olympic Games. Read more...
Honeynet Project tackles USB-carried malware like Flame
A nonprofit security research group is building technology to trap malware spread from PC to PC via USB storage drives, the method used to infect computers with the Flame cyber-espionage malware.
The Honeynet Project launched the effort Thursday, saying it was necessary to combat increasing use of portable drives in spreading malicious programs. Malcontents or criminals within an organization often use such methods to compromise closed networks that are not accessible through the Internet.
In the case of Flame, the malware created a folder that could not be seen by a Windows PC, hiding the application and its payload of stolen documents from the user, experts say. This opened up the possibility that people unknowingly carried Flame from PC to PC.
Discovered in May by Moscow-based Kaspersky Lab, Flame, a so-called super Trojan aimed at Middle Eastern governments, is believed to be the most sophisticated malware to date Read more...
Flame crypto attack very hard to pull off, researcher says
The MD5 collision attack used by the creators of the Flame malware was significantly more difficult to pull off than an earlier attack that resulted in the creation of a rogue CA certificate, says security researcher Alexander Sotirov.
In December 2008, at the Chaos Communication Congress (CCC) in Berlin, an international team of security researchers that included Sotirov presented a practical MD5 collision attack that allowed them to obtain a rogue CA certificate signed by VeriSign-owned RapidSSL.
The attack was significant because it showed for the first time that at least one of the known theoretical MD5 collision techniques could be used in practice to defeat the security of the HTTPS (HTTP Secure) protocol. To pull off the attack, the researchers used computing power generated by a cluster of 200 PlayStation 3s. Read more...
Microsoft’s reaction to Flame shows seriousness of ‘Holy Grail’ hack
The exploit of Microsoft's Windows Update system by the sophisticated Flame cyber espionage malware was a "significant" event in the history of Windows hacking, experts said today.
And by its response, Microsoft appears to agree: It not only issued an immediate fix just days after the malware's public unveiling with one of its increasingly-rare "out-of-band" updates, but it has turned its certificate-generation process upside down and will revamp how it secures Windows updates.
"It was a very significant," said Wolfgang Kandek, chief technology officer with Qualys, in an interview today. "It's the Holy Grail of exploits, and until now it had only been done in research." Read more...