Tag Archive for: Git

This Week In Security: OpenSSH, Git, And Sort-of NGINX 0-day

/in


OpenSSH has minted their 9.0 release, and it includes a pair of security changes. Unlike most of the releases we cover here, this one has security hardening to prevent issues, not emergency fixes for current ones. First up, the venerable scp/rcp protocol has been removed. Your scp commands will now use SFTP under the hood. The more interesting security change is the new default key exchange, the NTRU algorithm. NTRU is thought to be quantum-hard.

So quick primer: Modern encryption depends on trapdoor functions — calculations that are easy to perform in one direction, but very difficult to reverse. The first such scheme was the Diffie-Hellman key exchange, which uses large prime numbers multiplied together. The multiplication is easy, but factoring the result is a very hard problem. If a shortcut were ever found to make factoring easier, the security of Diffie-Hellman would suffer. Such a shortcut has theoretically been found in Shor’s Algorithm. (Similar shortucts have theoretically been found in other schemes, including elliptic curve.)

Shor’s Algorithm is actually quite clever. The video above explains it much better than I can, but the key is that it depends on a feature that can be built into quantum computers, so that many possible solutions can be processed at once, and the incorrect ones cancel out, leaving only a likely-to-be-correct output. The problem is that cutting-edge quantum computers have managed to factor 21 into its prime factors. Not a 21 digit number, mind you, but 21.

We’re a very long ways from the quantum computing crypto-apocalypse we’ve been promised. So why are projects implementing quantum-resistant protocols? The “capture now, decrypt later” scenario. Because it’s the key exchange protocol that will be potentially vulnerable, an entire SSH session can be captured now, and once a quantum computer exists that breaks the handshake, the entire session can be decrypted offline. It’s still anyone’s guess how long till a corporation or nation-state has a practical quantum computer. Even if it takes another 20 years, some data will still be sensitive and subject to…

Source…

Metasploit Framework Github Setup on Kali Linux – Metasploit Minute [Cyber Security Education]

/in



PHP Team Averted a Supply Chain Attack After Hackers Compromised Their Self-Hosted Git Server and Inserted a Backdoor

/in


The PHP programming language maintainers averted a software supply chain attack when unknown threat actors compromised the self-managed Git server and inserted a backdoor.

The malicious commits were made on May 28, 2021 to a Git repository of a still-in-development version of PHP.

However, PHP contributors Markus Staab, Jake Birchallf, and Michael Voříšek noticed the changes during the post-commit code review.

Supply chain attack targeted Zlib library, turned PHP into a remote web shell

The supply chain attack targeted any server that uses PHP ZLib compression when sending data. Most servers use this functionality on almost all content except images and archives that are already size optimized.

The supply chain attack would have turned PHP into a remote web shell through which the attackers could execute any command without authentication. This is because the malicious attackers would have the same privileges as the web server running PHP.

The backdoor is triggered at the start of a request by checking if the request contains the word “zerodium.” If this condition was met, PHP executes the code in the “User-Agentt” request header.

The header closely resembles the PHP “User-Agent” request for checking for browser properties.

The rest of the request would thus be treated as a command that could be executed on a PHP server using the server’s privileges. This would allow the hackers to run any arbitrary command without the need for further privileges.

Zerodium, the company mentioned in the hack, is a vulnerability broker that buys zero-day vulnerabilities and sells them to government agencies. However, it denied any involvement in the PHP Git server compromise.

Zerodium CEO Chaouki Bekrar accused the researchers of introducing the backdoor and trying to sell it, only to disclose the vulnerability after failing to secure buyers. However, the accusation is preposterous given the lifetime of the backdoor.

The malicious commits were pushed using Rasmus Lerdorf, the PHP project author, and Nikita Popov, a major PHP contributor working at JetBrains names. The attackers described the commits as intended to fix typo on…

Source…