Hardware

Security news roundup: February 24

Here's a collection of recent security vulnerabilities and alerts, which covers Opera releasing an update that patches three security vulnerabilities, multiple flaws found and fixed in EMC RepliStor, Symantec patching Veritas Storage Foundation, the presence of design weaknesses in wireless LAN VoIP handsets, and hard disk enclosures that fails to encrypt data as advertised.

Here's a collection of recent security vulnerabilities and alerts, which covers Opera releasing an update that patches three security vulnerabilities, multiple flaws found and fixed in EMC RepliStor, Symantec patching Veritas Storage Foundation, the presence of design weaknesses in wireless LAN VoIP handsets, and hard disk enclosures that fails to encrypt data as advertised.

  • Opera update patches three vulnerabilities

Opera has released a new version of its browser for Windows, which among some fixes for stability, also addresses some a trio of security vulnerabilities.

One of them allows attackers to manipulate file input dialogue box to trick users into uploading arbitrary files. When users enter a file name, attackers are able to surpress certain input - resulting in users who upload a file they were not expecting. In addition, a cross-site scripting attack was also closed, as is the ability to execute arbitrary scripts via image properties.

You can check out the Security section under the Opera 9.26 release note, or just download the latest version of Opera.

  • Multiple vulnerabilities in EMC RepliStor

Security research site iDefense has a report on flaws in EMC's enterprise RepliStor product which could result in a remote exploit. An attacker simply need to connect to the target server on either TCP port 7144 or 7145, without needing to authenticate. A successful exploit will result in the execution of arbitrary code with SYSTEM-level privileges.

The problem appears to be multiple vulnerabilities exist within the code that is responsible for compression. Data is being decompressed without consideration for the size of the destination buffer, resulting in an exploitable heap overflow.

EMC RepliStor version 6.2 SP2 has been confirmed to be vulnerable, though previous versions may also be affected. There is currently no workaround for this issue other than installing the update announced by EMC.

EMC customers can view more details aby searching for support solution emc179808 at http://powerlink.emc.com/.

  • Symantec patches holes in Veritas Storage Foundation

Symantec has released patches to close two security holes that has been discovered in its Veritas Storage Foundation storage service. Both the holes are related to handling of network communications. The flaws can be exploited to crash the service without the need to first authenticate, as well as a potential arbitrary execution of code by feeding it through the Administrator service monitoring port.

The first flaw is likely to be exploitable only on the local network and involve TCP port 4888 and the Veritas Scheduler service (VxSchedService.exe). The second flaw affects TCP port 3207 of the Administrator service monitor (vxsvc.exe).

Veritas Storage Foundation for Windows 5.0 for Windows 2000 and Windows Server 2003 are affected as well as Veritas Storage Foundation for Unix 5.0 for Solaris, HP-UX, Linux and AIX.

You can read the vulnerability report from Symantec for the above vulnerabilities here and here.

  • Design flaw in wireless VoIP handsets endanger the enterprise

If your organization employs wireless LAN VoIP handsets that implement 802.1x/EAP security, then you are at risk of improper implementations from the manufacturers of the said devices. And the manufacturers of these VoIP handsets are no less than the likes of Cisco and Vocera.

In his article, George Ou brings our attention to Vocera's own PDF documentation, where it admitted on page 55:

PEAP is a two-part protocol. In the first part, an authentication server and a client set up an encrypted Transport Level Security (TLS) tunnel. The badge accepts a certificate from the authentication server, but does not validate it because of the processing overhead required.

Goerge has this to say:

From a security standpoint, this is a reckless design decision that undermines the whole purpose of using strong EAP authentication with asymmetric cryptography in the first place... What this means is that a client (the wireless VoIP phone in this case) will assume that the wireless access point and its backend authentication infrastructure is authentic and not check its certificate for authenticity due to processing overhead.

The lesson here, together with the following story about the bogus encryption afforded by certain cheap hard disk enclosures show that manufacturers - even reputable ones, will try to go the easy route of not properly implementing security if they think they can get away with it.

  • Hard disk enclosures featuring hardware encryption fails to stand up to scrutiny

Christiane Rütten over at c't magazines has written an article that raised warning flags about portable hard disk solutions that purports to employ strong encryption. The one examined in her article is the Easy Nova Data Box PRO-25UE RFID hard disk case.

The idea behind this gadget is quiet cool actually - a compact RFID chip swapped along the built-in crypto controller unlocks it as a USB 2.0 mass storage compatible device to the attached computer. Because this works on the hardware layer, it is not platform dependent and works for both Windows or Linux.

The article walks through a simple cryptographic analysis which ultimately showed that the advertised "128-bit AES encryption" is really nothing more than a XOR encryption. In fact, the 512-byte encryption cipher that used in this instance was ultimately recovered.

When confronted with the evidence, the manufacturer admitted that the IN7206 chip used merely applied AES encryption on the RFID chip's ID in the controller's flash memory. Actual data encryption used on the hard disk was based on a 'proprietary algorithm'. The defense was that the IM7206 is only meant for "general purpose users" and that an IM8202 controller still in development will offer "true 128-bit AES encryption"

My personal thoughts? Did you really believe that such a low-end product is capable of robust encryption? Try out the USB-based IronKey instead.

About Paul Mah

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

Editor's Picks

Free Newsletters, In your Inbox