Warning: Creating default object from empty value in /home/ict-forward/www-apps/wp-svn/wp-includes/ms-load.php on line 138
November « 2010 « The FORWARD project blog

Archive for November, 2010

Zero-day flaw bypasses Windows UAC

Sunday, November 28th, 2010

A new vulnerability in the Windows kernel was disclosed this Wednesday(11-24-2010) that could allow malware to attain administrative privileges by bypassing User Account Control (UAC).

A zero-day exploit in Microsoft Windows enables non-administrator accounts to execute code as if they were an administrator. The flaw appears to affect all versions of Windows back to at least Windows XP, including the latest Windows 2008 R2 and Windows 7 systems.

A bug in win32k.sys, which is part of the Windows kernel, seems to be responsible for this exploit. The flaw is related to the way in which a certain registry key is interpreted and enables an attacker to impersonate the system account, which has nearly unlimited access to all components of the Windows system. The registry key in question is under the full control of non-privileged users.

This exploit does not allow remote code execution (RCE). Thus, malicious code that uses the exploit needs to be introduced. So your anti-virus system should be able to block those payloads and keep you safe.


HDCP Cracked !(?)

Sunday, November 28th, 2010

HDCP is a content protection scheme designed to eliminate the possibility of intercepting encrypted high definition digital data midstream between the source and the display, developed by Intel Corp. It prevents copying of digital audio and video content as it travels across the DisplayPort, DVI, HDMI, GVIF or UDI etc. connections. HDCP uses a three-stage protection process:

  • Device Authentication and Key Exchange
  • Encryption of Content
  • Key-revocation procedures

In 2001, before the HDCP deployed in any commercial product, a paper revealing cryptanalysis flaws published. According to this paper the linear key exchange is a fundamental weakness and the key swap can break with conspiracy attack (obtaining keys of 39 devices and reconstructing the secret master matrix).

On September 14th 2010, hackers posted in pastebin a HDCP Master Key! The key that protects million of devices and media contents, such as Blu-ray, against redistribution. After 2 days, Intel confirms the authenticity of the key and a few days later a programming group releases an open-source C implementation of the HDCP encryption/decryption algorithm, not very efficient as HDCP designed for hardware, which works and verifies that the leaked key is correct.

But,is this the end of HDCP ?

What we can really do with this master key is to derive keys for devices that do work with the keys produced by Intel’s security technology. Also, theoretically, a nefarious user can capture,decrypt and reproduce media travelling across HDMI cables from one device to another. But the most realistic scenario is to build ‘fake’ devices without Intel’s fees and standards. For example a China’s manufactory can produce Blu-Ray players or repeaters-recorders, capable of connecting in genuine HD-TVs , using the leaked master key, without any aprovement from Intel. Intel on the other hand, declares that need a lot of experience and money to accomplish that and in combination with legal threats against possible frauds HDCP remains and effective component for protecting digital entertainment.

Analysis of Android Froyo uncovers 88 flaws exposing users’ data

Sunday, November 28th, 2010

A study by Coverity unveils 88 flaws exposing users’ data. The study examined the publicly disclosed version of the Android kernel. Among the discovered defects in Android there where memory corruptions, memory illegal accesses and resource leaks. All mentioned defects are considered high-risk.
Coverity said it won’t release details until January. This way it allows Google and handset vendors to issue fixes.
While Android is the OS of about 26% of the smart-phones worldwide[2] and  companies are supplying their employees with smart-phones for mixed business and personal use, malicious software could be deployed to extract informations from companies.

[1] http://www.coverity.com/library/pdf/coverity-scan-2010-open-source-integrity-report.pdf

[2] http://en.wikipedia.org/wiki/Usage_share_of_operating_systems#Mobile_devices