Yearly Archives: 2023

News

Rising AI-Fueled Phishing Drives Demand for Password Alternatives

Read Time:7 Second

FIDO Alliance’s third Online Authentication Barometer showed that AI-powered phishing is slowly prompting users to switch passwords for multi-factor authentication methods

Read More

Advisories

USN-6425-3: Samba vulnerabilities

Read Time:53 Second

USN-6425-1 fixed vulnerabilities in Samba. This update provides the
corresponding updates for Ubuntu 23.10.

Original advisory details:

Sri Nagasubramanian discovered that the Samba acl_xattr VFS module
incorrectly handled read-only files. When Samba is configured to ignore
system ACLs, a remote attacker could possibly use this issue to truncate
read-only files. (CVE-2023-4091)

Andrew Bartlett discovered that Samba incorrectly handled the DirSync
control. A remote attacker with an RODC DC account could possibly use this
issue to obtain all domain secrets. (CVE-2023-4154)

Andrew Bartlett discovered that Samba incorrectly handled the rpcecho
development server. A remote attacker could possibly use this issue to
cause Samba to stop responding, resulting in a denial of service.
(CVE-2023-42669)

Kirin van der Veer discovered that Samba incorrectly handled certain RPC
service listeners. A remote attacker could possibly use this issue to cause
Samba to start multiple incompatible RPC listeners, resulting in a denial
of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-42670)

Read More

Advisories

USN-6423-2: CUE vulnerability

Read Time:14 Second

USN-6423-1 fixed a vulnerability in CUE. This update provides the
corresponding updates for Ubuntu 23.10.

Original advisory details:

It was discovered that CUE incorrectly handled certain files.
An attacker could possibly use this issue to expose sensitive
information or execute arbitrary code.

Read More

Advisories

USN-6394-2: Python 2.7 vulnerability

Read Time:17 Second

USN-6394-1 fixed a vulnerability in Python. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that Python incorrectly handled certain scripts.
An attacker could possibly use this issue to execute arbitrary code
or cause a crash.

Read More

Advisories

USN-6429-3: curl vulnerabilities

Read Time:31 Second

USN-6429-1 fixed vulnerabilities in curl. This update provides the
corresponding updates for Ubuntu 23.10.

Original advisory details:

Jay Satiro discovered that curl incorrectly handled hostnames when using a
SOCKS5 proxy. In environments where curl is configured to use a SOCKS5
proxy, a remote attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-38545)

It was discovered that curl incorrectly handled cookies when an application
duplicated certain handles. A local attacker could possibly create a cookie
file and inject arbitrary cookies into subsequent connections.
(CVE-2023-38546)

Read More

News

Security Vulnerability of Switzerland’s E-Voting System

Read Time:2 Minute, 8 Second

Online voting is insecure, period. This doesn’t stop organizations and governments from using it. (And for low-stakes elections, it’s probably fine.) Switzerland—not low stakes—uses online voting for national elections. Ed Appel explains why it’s a bad idea:

Last year, I published a 5-part series about Switzerland’s e-voting system. Like any internet voting system, it has inherent security vulnerabilities: if there are malicious insiders, they can corrupt the vote count; and if thousands of voters’ computers are hacked by malware, the malware can change votes as they are transmitted. Switzerland “solves” the problem of malicious insiders in their printing office by officially declaring that they won’t consider that threat model in their cybersecurity assessment.

But it also has an interesting new vulnerability:

The Swiss Post e-voting system aims to protect your vote against vote manipulation and interference. The goal is to achieve this even if your own computer is infected by undetected malware that manipulates a user vote. This protection is implemented by special return codes (Prüfcode), printed on the sheet of paper you receive by physical mail. Your computer doesn’t know these codes, so even if it’s infected by malware, it can’t successfully cheat you as long as, you follow the protocol.

Unfortunately, the protocol isn’t explained to you on the piece of paper you get by mail. It’s only explained to you online, when you visit the e-voting website. And of course, that’s part of the problem! If your computer is infected by malware, then it can already present to you a bogus website that instructs you to follow a different protocol, one that is cheatable. To demonstrate this, I built a proof-of-concept demonstration.

Appel again:

Kuster’s fake protocol is not exactly what I imagined; it’s better. He explains it all in his blog post. Basically, in his malware-manipulated website, instead of displaying the verification codes for the voter to compare with what’s on the paper, the website asks the voter to enter the verification codes into a web form. Since the website doesn’t know what’s on the paper, that web-form entry is just for show. Of course, Kuster did not employ a botnet virus to distribute his malware to real voters! He keeps it contained on his own system and demonstrates it in a video.

Again, the solution is paper. (Here I am saying that in 2004.) And, no, blockchain does not help—it makes security worse.

Read More

Advisories

USN-6432-1: Quagga vulnerabilities

Read Time:21 Second

It was discovered that the Quagga BGP daemon did not properly check the
attribute length in NRLI. A remote attacker could possibly use this issue
to cause a denial of service. (CVE-2023-41358)

It was discovered that the Quagga BGP daemon did not properly manage memory
when reading initial bytes of ORF header. A remote attacker could possibly
use this issue to cause a denial of service. (CVE-2023-41360)

Read More