Security Alerts & News
by Tymoteusz A. Góral

History
#1293 Nonce-disrespecting adversaries: practical forgery attacks on GCM in TLS (PDF)
We investigate nonce reuse issues with the GCM block cipher mode as used in TLS and focus in particular on AES-GCM, the most widely deployed variant. With an Internet-wide scan we identified 184 HTTPS servers repeating nonces, which fully breaks the authenticity of the connections. Affected servers include large corporations, financial institutions, and a credit card company. We present a proof of concept of our attack allowing to violate the authenticity of affected HTTPS connections which in turn can be utilized to inject seemingly valid content into encrypted sessions. Furthermore we discovered over 70,000 HTTPS servers using random nonces, which puts them at risk of nonce reuse if a large amount of data is sent over the same connection.
Read more
#1296 Undocumented SNMP string exposes Rockwell PLCs to remote attacks
#1295 IT threat evolution in Q2 2016, overview (PDF)
#1294 Can IoT be the new frontier for cyber extortion?
#1293 Nonce-disrespecting adversaries: practical forgery attacks on GCM in TLS (PDF)
#1292 Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12