I have spent the past week or so attempting to address a very significant attack vector which is currently used by cybercriminals in an attempt to compromise a number of web servers. The method used to attack the security of these servers is a variant of the “SonicWall” exploit which is being used to obtain a very significant set of credentials. These are the credentials which are being used to secure the servers against network security manager (NSM) attacks. In order to exploit the vulnerability, an attempt is made to modify the server’s SSL (Secure Socket Layer) certificate. This will allow access to the server and will allow NSM to exploit the SSL vulnerabilities. This method of exploiting the vulnerability is so sophisticated that it has likely led to the failure of previous efforts to compromise servers using the same exploit. Therefore as a part of a research project I have published an updated vulnerability detection analysis covering the updated vulnerability and it’s variants. I have also created a detection method which is able to detect all of the variants presented above. Please note that the information in this new research is based upon only a small sample of the variants. I will be looking after the analysis for at least several weeks to hopefully create a more accurate detection method and to improve the detection quality of the vulnerability. Once the detection has been created I will be releasing the full version of the analysis which will include information about the successful exploitation of the vulnerability. I should also be able to provide an “Appendix” with the detection method which details the attack as well as some additional information about the vulnerabilities with their possible mitigation and fixes. I currently plan to provide the vulnerability detection analysis to the public as soon as I have completed my research. At this time the entire research has been published to the public which is why the analysis has not been released to the public yet.
SonicWall fixes a critical remote code execution bug.
SonicWall is a fast, easy, and versatile Web browser for the Windows family of operating systems. It has a fast and secure interface and provides the features commonly found in a modern Microsoft-based, Windows Phone-based mobile browser. It lets you take great pictures with no complicated settings and no need to install a separate photo editor and photo browser. It provides access to all of your favorite online photo sharing sites (Flickr, Picasa, Foti, Google Images, etc. ) and offers a range of image and video editing applications as well as a video editor.
SonicWall automatically protects against malicious sites and application code executing remotely and in a way that is difficult to block. SonicWall can automatically block third party Web sites or remote application code or even third party browser plug-ins. It can automatically block access to malicious content, such as malicious websites or application code that could compromise your system, and protect your system against known malicious attacks.
By default SonicWall blocks all remote code execution. This is the most important feature of SonicWall to protect your system against known malicious attacks. When an attacker can exploit a vulnerability of SonicWall, SonicWall will protect your system against the attack. This feature is referred to as “automatic remote code execution protection” (“RCP”).
The RCP feature is enabled by default and can be changed by choosing a custom HTTP port. It also allows you to disable the RCP feature by choosing a custom HTTP port.
SonicWall can automatically block access to remote application code or to third-party Web sites. To block access to third-party Web sites, set the HTTP_PORT environment variable to a desired port number. Third-party Web sites can be blocked by setting the HTTP_HOST environment variable to either a host name or IP address.
On Linux and Mac, you can disable SonicWall’s automatic RCP feature by setting the HTTP_HOST environment variable. When you want to block remote code execution on your local system, you must open your firewall to access the SonicWall web browser interface. This is not a standard feature of SonicWall (see later on for more information on the standard functionality of SonicWall).
A comment on the SonicWall glitch in the HTTP/HTTPS service
* * This article discusses a vulnerability in the HTTP/HTTPS service of the Google Search API. It is reported that after an exploit, a random Google query was executed. It is recommended that users use HTTPS connections more often. * * * A Google webmaster team has confirmed that the flaw is present and that there have been no new exploits since 2010. As with every vulnerability that affects Google Search API, there is a work-around in case the vulnerability is exploited. * * * The vulnerability could have been exploited if the vulnerable Google service was used to execute arbitrary commands from a web browser. However, the actual exploit is difficult, since it requires exploiting a bug in an applet that Google uses to provide a web app interface to its services. A second, simpler, and safer approach is to use the SSL certificate used by Google in the Google Search API to perform the attack. In the case that the browser is an older version that doesn’t support HTTPS, the SSL certificate is vulnerable. * * * Google is working with its service providers to provide additional security for their clients. Google Search API still uses client certificates to enable secure transactions. It is recommended that users with any applet code use the following workaround: First, replace all URLs in your applet with a path that uses the Google Search API. This is a temporary workaround for a temporary vulnerability. Second, use the SSL certificate (if any) in the Google Search API to perform an SSL-aware application. This requires only adding HTTP/HTTPS support to the applet and the SSL certificate is not required. This workaround is more secure for users, as it does not bypass Google’s security. Since this is not an issue, users can use this workaround. Third, users with older web browsers can use an older version of Chrome or Safari that does support HTTP/HTTPS (version 16 or earlier). This workaround requires the URL that was used to enter commands over HTTP/HTTPS to be changed and requires the certificate that was used in the Google Search API to be updated to use an SSL certificate that supports HTTPS. This workaround is not recommended if you have older web browsers. Instead, use the SSL certificate (if any) in the Google Search API to perform an SSL-aware application. This is much more secure than the workaround given above.
SonicWall security alerts and other bugs
When I first saw the marketing video on SonicWall’s new security platform, I almost jumped out of my chair. The video showed two SonicWall executives discussing the company’s new security platform, including its user interface and the fact that it was designed for consumers, not IT pros. The company also showed an engineer demonstrating how to use it, along with a user who told the executives that it was a “killer app” for security professionals. It gave me the feeling that I was watching a tech demo, something that would actually give consumers and IT pros a more comprehensive look at the new platform.
The video was directed at me. It was about my lack of technical knowledge. I had no technical background, and I am now embarrassed about this. I am embarrassed that I have been a SonicWall security professional from 2002 until yesterday, with several roles in various levels of the company. I did not know what to think about this video.
When I heard the word “security” in the video, I immediately thought of cyberattacks, so I knew there would probably be a lot of security features in this video, which was all about security for consumers. I was shocked to see that the CEO of one security company in the video had no technical background, and the people whose jobs were in the background did not seem to be any better-prepared than the people who were in the foreground. The video also showed the fact that there are other security systems for IT pros, which makes it all the more important to be able to use these systems in a proper manner.
In all the technical discussions about the video, there was a single person who was the one who seemed to have the most technical knowledge about the various aspects of the SonicWall security platform and the various products associated with it. I will use this as my example of how technical knowledge about the product could actually hinder security professionals’ efforts to protect against cyberattacks.
I was not that interested in the technical aspects of the video. I was just interested in how this video was created and the fact that they had security professionals behind the screen. I was interested in the fact that the IT professional was not a security expert, but the security pros were not so technical. They seemed like people who have just watched a movie and not thought about what they had just watched.
Spread the loveI have spent the past week or so attempting to address a very significant attack vector which is currently used by cybercriminals in an attempt to compromise a number of web servers. The method used to attack the security of these servers is a variant of the “SonicWall” exploit which is being used…
