Cipher Suite Update for Windows Server 2003

This update adds support for the following Advanced Encryption Standard (AES) cipher suites in the Schannel.dll module for Windows Server 2003:

• TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
• TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA

Note: These cipher suites are based on the RC4 algorithm.

 

Source:

KB948963 – An update is available to adds support for the TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA and the TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA AES cipher suites in Windows Server 2003

Microsoft Forefront Server Security Management Console Release Candidate

Forefront Server Security Management Console allows administrators to easily manage Forefront Security for Exchange Server, Forefront Security for SharePoint and Microsoft Antigen, providing a web-based console to centralize configuration and operation, automate the download and distribution of signature and scan engine updates, and generate comprehensive reports. Forefront Server Security Management Console also allows administrators to rapidly respond to outbreaks and update protection across enterprise deployments, improving organizational agility in responding to new threats. Through integration with Windows Server 2003 and Microsoft SQL Server, Forefront Server Security Management Console helps maintain reliability and performance of messaging and collaboration protection.

Download it here.

‘Hack’ the hackers…

What happens if you try to capture with hidden camera hackers admitting to crimes? What happens if you try this at DefCon? Nothing good I guess… Here is a video of Michelle Medigan from NBC News attempted to use a hidden camera at DefCon.

Here and here is complete story… 🙂

ASLR (Address Space Layout Randomization) in Windows Vista Beta 2

Today I spent some time playing arround Windows Vista Beta 2. There is one interesting thing that i found out. It has ASLR (Address Space Layout Randomization) and it is turned on by default. It is a great against defense against buffer overrrun exploits called address space layout randomization. This defense is of course not a replacement for insecure code but it is indeed a usefull in Mult-Llayered defense. So remote exploitation of overflows has just got a lot harder.

So what is ASLR?

Address space layout randomization (ASLR) is a computer security feature which involves arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, randomly in a process’ address space. This hinders some types of security attack by preventing an attacker being able to easily predict target addresses, for example attackers trying to execute return-to-libc attacks may find it harder to locate the code to be executed. Several security systems implement ASLR, notably OpenBSD and the PaX and Exec Shield patches for Linux.

ASLR relies on the low chance of an attacker guessing where randomly placed areas are located: the odds are 1 / 2b, where b is the number of bits of entropy used to determine the position of the data area. In many systems, 2b can be in the thousands or millions; on modern 64-bit systems, these numbers typically reach the millions at least. Some systems implement Library Load Order Randomization, a form of ASLR where the order in which libraries are loaded is randomised. This leaves libraries at unpredictable positions: the chances of an attacker correctly guessing the location of a library is 1 / n, where n is the number of libraries loaded.