Black Friday malware vs Lucky 13 – Keep away from anything labeled thirteen

We are living on earth. The human being ancestor went through different generations of reforms. As a result modern civilization today. The foundation of civilization build by different elements and objects. A major element named logic, it structure cause and effect. Above definition involve successful factor of result. However some sort of things happen on earth looks mystery. Quote an example, Friday the 13th is considered an unlucky day in Western superstition. From scientific view point, such superstition it doesn’t make sense and no background factor support. By coincidence when you go to cosmopolitan city like Chicago or New York. You couldn’t found 13th Floor on escalator? Even though without scientific factor support this superstition whereas No.13th or Black Friday bring us psychological impact. We continue this discussion but our focus will go to cyber security. Up to this point, you might have question to ask? Why do we spend time on preface mention superstition topic?

Do you remember Jerusalem virus?

A virus first detected in Jerusalem, in 13th October 1987 (Black Friday). This virus hook itself on MS DOS services and capable run malware function. But internet communicate services not available at 80’s. How does it work? The virus program contains one destructive payload that is set to go off on black Friday (Friday the 13th). This is the 1st time let IT guru know a cyber attack schedule Friday the 13th Jan 2016. Below is the source code highlight for reference:

mov ah,02Ah             ; Get system data
int 021h
mov byte cs:[zap],00H
cmp cx,07C3h            ; CX->Year, 7C4h=1987
jz done                 ; Do nothing if1987
cmp al,05h              ; AL->Day,05h=Friday
jnz otherpload          ; No zap if not Fri
cmp dl,00h              ; DL->Date, 00h=13
jnz otherpload          ; No zap if not 13th
inc byte cs:[zap]       ; Else turn on ZapFlag
jmp done
nop

Attack concept and idea – take advantage of the computer instruction set design limitation. For more details, please see below:

  1. If the interrupt flag (IF) is set (=1) then external hardware can initiate an interrupt via the INTR input of the microprocessor.
  2. If IF flag is clear (=) then the external device cannot initiate an interrupt.

Jerusalem code itself hooks into interrupt processing and other low level DOS services. This type of infection technique looks similar of the privileges escalation method run by malware today!

Keep away from anything labeled thirteen

Unfortunately, cyber incident occurs in 2013, coincidence that magic number thirteen was involved in the naming convention scheme. It is a crypto TLS vulnerability. Before we discuss what is lucky 13. Let’s do a quick review of TLS & SSL/TLS protocol architecture in below info graphic diagram.

Overview of TLS & SSL/TLS protocol architecture

 

As we know, there are total 4 types of SSL attack recently.

  • Beast attack
  • Crime attack
  • Lucky 13 attack
  • RC4 attack

To be honest, lucky 13 not equivalent to the meaning of his name. It is a cryptographic timing attack against implementations of the Transport Layer Security (TLS) protocol originally.

What is timing attack? (see below)

The attack allows a man-in-the-middle attacker to recover plaintext from a TLS/DTLS connection when CBC-mode (cipher-block chaining) encryption is used. Man-in-the-middle timing attack against TLS that exploits the interaction between how the protocol implements AES in CBC mode for encryption, and HMAC-SHA1 for authentication.

CVE-2013-0169 – The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets.

Predict more security bug in future, it is a fundamental design limitation so called MAC then encrypt

Encryption algorithm tried to apply it to TCP/IP but the model does not match well TCP/IP. Some things don’t fit in the layers, and SSL/TLS is one of them.

D(TLS) encryption process (see below):

  • SSL/TLS uses an underlying transport medium that provides a bidirectional stream of bytes. That would put it somewhere above layer 4.
  • SSL/TLS organizes data as records, that may contain, in particular, handshake messages. Handshake messages look like layer 5. This would put SSL/TLS at layer 6 or 7.
  • However, what SSL/TLS conveys is “application data”, which is, in fact, a bidirectional stream of bytes. Applications that use SSL/TLS really use it as a transport protocol. They then use their own data representation and messages and semantics within that “application data”. Therefore, SSL/TLS cannot be, in the OSI model, beyond layer 4.

The Lucky13 attack triggered a series of TLS technical concerns . Yet another Padding Oracle vulnerability found in May 2016 (see below)

Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
======================================================

Severity: High

A MITM attacker can use a padding oracle attack todecrypt traffic
when the connection uses an AES CBC cipher and the server support
AES-NI.

This issue was introduced as part of the fix for Lucky 13 padding
attack (CVE-2013-0169). The padding check was rewritten to be inconstanttimeby making sure that always the same bytesarereadand
compared against either the MAC or padding bytes. But it no longer
checked that there was enough datato have both the MAC and padding
bytes.

OpenSSL 1.0.2users should upgradeto1.0.2h
OpenSSL 1.0.1users should upgradeto1.0.1t

This issue was reported to OpenSSL on13th of April 2016by Juraj
Somorovsky using TLS-Attacker. The fix was developed by Kurt Roeckx
of the OpenSSL development team.

Interim summary:

A good practise on web server to mitigate the risk:

Control requirement on web server

  • Do not configure wild card certificates
  • Certificate to be signed by trusted certificate authority (CA)
  • Ensure session cookies have “secure=true” flag set
  • Ensure HSTS header is set for domain and sub domain

81 thoughts on “Black Friday malware vs Lucky 13 – Keep away from anything labeled thirteen”

  1. Hiya, I am really glad I have found this info. Today bloggers publish just about gossip and web stuff and this is really frustrating. A good blog with exciting content, that is what I need. Thanks for making this web site, and I will be visiting again. Do you do newsletters by email?

  2. Awesome post. I am a normal visitor of your web site and appreciate you taking the time to maintain the nice site. I’ll be a frequent visitor for a long time.

  3. Awesome post. I’m a normal visitor of your site and appreciate you taking the time to maintain the nice site. I will be a frequent visitor for a really long time.

  4. I’m so happy to read this. This is the type of manual that needs to be given and not the accidental misinformation that is at the other blogs. Appreciate your sharing this best doc.

  5. Awesome write-up. I am a regular visitor of your website and appreciate you taking the time to maintain the nice site. I’ll be a frequent visitor for a long time.

  6. Hey there. I discovered your site via Google even as looking for a related topic, your web site came up. It appears to be great. I have bookmarked it in my google bookmarks to visit then.

  7. Hello there. I discovered your web site by the use of Google at the same time as searching for a comparable subject, your website got here up. It seems to be good. I have bookmarked it in my google bookmarks to visit then.

  8. Awesome post. I’m a normal visitor of your blog and appreciate you taking the time to maintain the nice site. I will be a regular visitor for a long time.

  9. Awesome write-up. I’m a normal visitor of your website and appreciate you taking the time to maintain the nice site. I will be a regular visitor for a long time.

  10. Awesome post. I am a regular visitor of your site and appreciate you taking the time to maintain the excellent site. I will be a regular visitor for a long time.

  11. Hiya, I’m really glad I’ve found this info. Nowadays bloggers publish only about gossip and internet stuff and this is really irritating. A good website with exciting content, that’s what I need. Thanks for making this web site, and I’ll be visiting again. Do you do newsletters by email?

  12. Hiya, I am really glad I’ve found this info. Nowadays bloggers publish only about gossip and internet stuff and this is really frustrating. A good web site with exciting content, that’s what I need. Thanks for making this web site, and I will be visiting again. Do you do newsletters by email?

  13. I think this is one of the most important information for me. And i am glad reading your article. But want to remark on some general things, The web site style is ideal, the articles is really great : D. Good job, cheers

  14. Hiya, I am really glad I have found this information. Today bloggers publish just about gossip and net stuff and this is really irritating. A good web site with interesting content, this is what I need. Thank you for making this website, and I’ll be visiting again. Do you do newsletters by email?

  15. Awesome write-up. I am a regular visitor of your site and appreciate you taking the time to maintain the nice site. I’ll be a frequent visitor for a long time.

  16. Awesome write-up. I’m a normal visitor of your site and appreciate you taking the time to maintain the excellent site. I will be a regular visitor for a really long time.

  17. Awesome post. I am a regular visitor of your website and appreciate you taking the time to maintain the excellent site. I’ll be a regular visitor for a really long time.

  18. Awesome post. I am a regular visitor of your blog and appreciate you taking the time to maintain the nice site. I will be a regular visitor for a really long time.

  19. Hi there. I discovered your website via Google while searching for a similar topic, your website came up. It looks good. I’ve bookmarked it in my google bookmarks to visit then.

  20. Hey there. I discovered your blog by the use of Google even as looking for a similar matter, your website came up. It looks great. I’ve bookmarked it in my google bookmarks to visit then.

  21. Hey there. I found your blog by means of Google while searching for a similar subject, your web site got here up. It appears to be great. I’ve bookmarked it in my google bookmarks to visit then.

  22. Hello there. I discovered your blog by the use of Google while searching for a related topic, your site got here up. It appears to be great. I’ve bookmarked it in my google bookmarks to visit then.

  23. Awesome write-up. I’m a regular visitor of your site and appreciate you taking the time to maintain the excellent site. I will be a regular visitor for a long time.

  24. Awesome post. I am a regular visitor of your website and appreciate you taking the time to maintain the excellent site. I’ll be a regular visitor for a long time.

  25. I’m really impressed with your writing skills as well as with the layout on your weblog. Is this a paid theme or did you modify it yourself? Either way keep up the nice quality writing, it’s rare to see a nice blog like this one today..

  26. Hi there. I found your web site by the use of Google at the same time as looking for a related subject, your web site got here up. It seems to be great. I’ve bookmarked it in my google bookmarks to visit then.

  27. Hello there. I found your website via Google at the same time as searching for a comparable subject, your web site came up. It seems to be good. I have bookmarked it in my google bookmarks to come back then.

  28. Hiya, I’m really glad I have found this info. Today bloggers publish only about gossip and net stuff and this is really irritating. A good blog with exciting content, this is what I need. Thanks for making this web-site, and I will be visiting again. Do you do newsletters by email?

  29. Hiya, I am really glad I have found this information. Nowadays bloggers publish just about gossip and net stuff and this is really annoying. A good site with exciting content, that is what I need. Thanks for making this web site, and I’ll be visiting again. Do you do newsletters by email?

  30. Hiya, I’m really glad I’ve found this info. Today bloggers publish only about gossip and net stuff and this is really irritating. A good site with interesting content, that is what I need. Thank you for making this web site, and I will be visiting again. Do you do newsletters by email?

  31. Hiya, I am really glad I have found this info. Nowadays bloggers publish just about gossip and net stuff and this is actually frustrating. A good website with interesting content, that is what I need. Thanks for making this web site, and I’ll be visiting again. Do you do newsletters by email?

  32. Hey there. I discovered your website by way of Google at the same time as searching for a similar matter, your website came up. It seems good. I have bookmarked it in my google bookmarks to come back then.

  33. Hiya, I am really glad I have found this information. Nowadays bloggers publish only about gossip and net stuff and this is really annoying. A good website with interesting content, that’s what I need. Thank you for making this website, and I’ll be visiting again. Do you do newsletters by email?

  34. I have to get across my passion for your kind-heartedness for those people that should have assistance with this one subject matter. Your personal dedication to getting the solution all-around turned out to be extraordinarily advantageous and has all the time permitted women just like me to realize their pursuits. Your insightful advice signifies much to me and substantially more to my colleagues. Thanks a lot; from everyone of us.

  35. Heya i’m for the first time here. I came across this board and I find It truly useful & it helped me out much. I hope to give something back and aid others like you aided me.

  36. You truly did more than visitors’ expectations. Thank you for rendering these helpful, trusted, edifying and also cool thoughts on the topic to Kate.

  37. Awesome post. I am a normal visitor of your website and appreciate you taking the time to maintain the nice site. I’ll be a regular visitor for a long time.

  38. Hiya, I’m really glad I have found this information. Nowadays bloggers publish only about gossip and web stuff and this is actually annoying. A good website with exciting content, that’s what I need. Thanks for making this site, and I’ll be visiting again. Do you do newsletters by email?

  39. Hello there. I discovered your blog via Google at the same time as searching for a similar topic, your site came up. It appears good. I’ve bookmarked it in my google bookmarks to come back then.

  40. Awesome write-up. I’m a regular visitor of your website and appreciate you taking the time to maintain the nice site. I’ll be a regular visitor for a really long time.

  41. Hi there. I discovered your website via Google whilst searching for a related matter, your website came up. It appears great. I have bookmarked it in my google bookmarks to visit then.

  42. I loved as much as you will receive carried out right here. The sketch is tasteful, your authored subject matter stylish. nonetheless, you command get got an nervousness over that you wish be delivering the following. unwell unquestionably come further formerly again since exactly the same nearly a lot often inside case you shield this hike.

  43. I was recommended this blog by my cousin. I’m not sure whether this post is written by him as no one else know such detailed about my difficulty. You’re incredible! Thanks!

  44. Hiya, I’m really glad I’ve found this information. Today bloggers publish just about gossip and web stuff and this is really annoying. A good site with interesting content, this is what I need. Thanks for making this web-site, and I will be visiting again. Do you do newsletters by email?

  45. Hey there. I found your web site via Google whilst looking for a comparable topic, your website came up. It looks good. I’ve bookmarked it in my google bookmarks to visit then.

  46. Hiya, I’m really glad I have found this info. Today bloggers publish only about gossip and internet stuff and this is actually irritating. A good site with exciting content, this is what I need. Thank you for making this web-site, and I’ll be visiting again. Do you do newsletters by email?

  47. Awesome post. I’m a normal visitor of your site and appreciate you taking the time to maintain the nice site. I will be a regular visitor for a long time.

  48. Hey there. I found your blog by way of Google while searching for a similar topic, your web site came up. It appears to be good. I’ve bookmarked it in my google bookmarks to visit then.

  49. Hello there. I found your site by means of Google while searching for a related subject, your web site came up. It seems to be great. I have bookmarked it in my google bookmarks to visit then.

  50. Hello there. I discovered your blog by means of Google whilst searching for a comparable topic, your website got here up. It appears great. I’ve bookmarked it in my google bookmarks to come back then.

  51. Nice blog here! Also your site loads up very fast! What host are you using? Can I get your affiliate link to your host? I wish my web site loaded up as quickly as yours lol

  52. We stumbled over here different page and thought I may as well check things out. I like what I see so i am just following you. Look forward to checking out your web page yet again.

  53. Hiya, I am really glad I’ve found this information. Today bloggers publish just about gossips and web and this is really irritating. A good web site with interesting content, that is what I need. Thank you for keeping this website, I’ll be visiting it. Do you do newsletters? Cant find it.

  54. Thank you for the auspicious writeup. It in fact was a amusement account it. Look advanced to more added agreeable from you! However, how could we communicate?

  55. Hello there, just became alert to your blog through Google, and found that it is really informative. I’m going to watch out for brussels. I’ll be grateful if you continue this in future. Lots of people will be benefited from your writing. Cheers!

  56. I would like to thnkx for the efforts you’ve put in writing this website. I’m hoping the same high-grade website post from you in the upcoming also. Actually your creative writing abilities has encouraged me to get my own web site now. Really the blogging is spreading its wings quickly. Your write up is a good example of it.

  57. Needed to compose you a very little word to thank you yet again regarding the nice suggestions you’ve contributed here.

  58. Thank you a lot for providing individuals with a very spectacular possibility to read critical reviews from this site.

  59. I just want to say I am just new to blogs and seriously liked you’re website. Very likely I’m likely to bookmark your blog . You actually have fabulous article content. With thanks for revealing your web page.

  60. HelloHiHello thereHi thereHowdyGood day! I could have sworn I’ve been tovisited this blogthis web sitethis websitethis siteyour blog before but after browsing throughgoing throughlooking at some of thea few of themany of the postsarticles I realized it’s new to me. AnywaysAnyhowNonethelessRegardless, I’m definitelycertainly happypleaseddelighted I foundI discoveredI came acrossI stumbled upon it and I’ll be bookmarkingbook-marking it and checking back frequentlyregularlyoften!

  61. HiWhat’s upHi thereHello everyone, it’s my first visitgo to seepay a visitpay a quick visit at this websiteweb sitesiteweb page, and articlepostpiece of writingparagraph is reallyactuallyin facttrulygenuinely fruitful fordesigned forin favor ofin support of me, keep up posting suchthesethese types of articlespostsarticles or reviewscontent.

  62. Of course, what a fantastic blog and illuminating posts, I definitely will bookmark your website.All the Best!

  63. But wanna comment that you have a very decent web site , I enjoy the design it really stands out.

  64. Normally I do not read article on blogs, but I wish to say that this write-up very forced me to try and do so! Your writing style has been amazed me. Thank you, very nice article.

  65. This is a great inspiring article.I am pretty much pleased with your good work.You put really very helpful information..

  66. Your blog provided us with valuable information to work with. Each & every tips of your post are awesome. Thanks a lot for sharing.

  67. This is a smart blog. I mean it. You have so much knowledge about this issue, and so much passion. You also know how to make people rally behind it, obviously from the responses.

  68. GreatExcellentGood blogweb sitesite you haveyou’ve gotyou have got here.. It’s hard to finddifficult to find qualityhigh qualitygood qualityhigh-qualityexcellent writing like yours these daysnowadays. I reallyI trulyI seriouslyI honestly appreciate people like youindividuals like you! Take care!!

  69. Quality articlespostsarticles or reviewscontent is the keysecretimportantmaincrucial to attractbe a focus forinviteinterest the userspeopleviewersvisitors to visitgo to seepay a visitpay a quick visit the websiteweb sitesiteweb page, that’s what this websiteweb sitesiteweb page is providing.

  70. That I ‘d mention that nearly all of us people are endowed to exist in a fabulous place with quite many terrific individuals with quite helpful things.

  71. I truly love the theme/design of your website. Do you ever run into any browser compatibility issues? A small number of my website audience have complained about my website not functioning correctly in Explorer but looks great in Safari. Do you have any suggestions to help fix this issue?

  72. Existing without the answers to the issues you’ve sorted out through this guide is a critical case, as well as the kind that could have badly affected my whole career if I hadn’t discovered your website.

  73. Wow, that’s what I was exploring for, what a stuff! present here at this website, thanks admin of this web page.|

  74. I enjoyI likeI loveI quite likeI really like readingreading throughlooking through a postan article that will makethat can make peoplemen and women think. Also, thanks forthank you formany thanks for allowingallowing forpermitting me to comment!

Comments are closed.