Security

Security news roundup: The security risks of SSDs

This week's security events include news that servers belonging to Fedora and Red Hat have been broken into, the release of Opera 9.52, a vulnerability in Tomcat which could result in arbitrary file access, and the security risks of SSDs.

Fedora and Red Hat servers broken into

Several of the servers used by the Fedora project were broken into, including one used for the signing of packages for automatic updates of end users' systems. Fortunately, it appears that attempts by the intruder to break the key phrase used for signing has not been successful, which would have allowed the attackers to introduce malicious software via the update process. As a precautionary measure though, the Fedora team have started signing all packages with a new key.

Red Hat also suffered a smaller scale intrusion into its servers, where the intruder managed to sign a small number of OpenSSH packages for RedHat Enterprise Server. Update packages have now been provided, as well as a script for users to test if they were affected. The Fedora Project manages both the development and distribution of Red Hat's free version of the Linux operating system.

As corporations grow increasingly comfortable with the use of open source in the enterprise, it is inevitable that core infrastructure used for maintaining these systems will come under increasing attacks. Enterprises should factor in potential security breaches on such fronts as part of their security risk evaluation.

You can read more about the security breach here.

Opera 9.52 update fixes number of security holes

The latest revision to the Opera Web browser - version 9.52, fixes a number of security holes. At least two of them could be exploited for malicious purpose.

Excerpt from heise Security:

This includes an issue on Windows when Opera is registered as a protocol handler for an unspecified protocol, Opera would crash allowing for code injection, and an issue where external applications started from custom short cuts or menus, could have start-up parameters written into uninitialised memory. The latter issue requires significant user interaction to execute an attack, but worked on Windows, Linux, FreeBSD and Solaris.

A number of other security issues were also addressed, as well as fixes to increase the stability of the browser. Users are recommended to install this update, available for all platforms.

You can read the Windows Changelog of Opera 9.52. here.

Vulnerability reported in Tomcat

A directory traversal vulnerability has been discovered in Apache Tomcat which could be exploited for directory traversal by a remote attacker. The result is that access to arbitrary files on the server could be gained. Tomcat is a Web server designed to implement Java Servlets and Java Server Pages (JSP).

According to US-CERT, this vulnerability affects versions 4.1.0-4.1.37, 5.5.0-5.5.26, and 6.0.0-6.0.16. Patches that addresses the vulnerability can be found in Apache Tomcat 4.1.38, 5.5.27, and 6.0.18

Administrators are encouraged to patch as exploit code for this vulnerability has been spotted in the wild.

You can read the US-CERT vulnerability note here.

The security risks of SSDs

Network World has a report where security experts warn that Solid State Drives, or SSDs, are not as secure as commonly believed to be. The reason has to do with the fact that SSDs, like traditional hard disks, do not completely erase data.

Indeed, wear-levelling algorithms designed to prolong the usable life of SSDs directly contributes as multiple copies of data could end up scattered over the SSD as modifications are made to files. The risk is heightened by mistaken notions on the security of various authentication mechanisms. However, it is relatively trivial to disassemble an SSD or storage device to directly access the NAND memory chips.

Jim Handy, director of a semiconductor research and consulting firm noted in Network World that:

A hacker could easily unsolder NAND chips from an SSD and read the data using a flash chip programmer. Once the data is read, the files could be reassembled using data recovery software, Handy said. "There's really nothing sophisticated about this process," he said.

To enhance te security of SSDs, one solution would be to integrate encryption keys inside the SSD controller device at the hardware level. Data stored in the NAND would be encrypted, rendering them more immune to physical attacks.

Feel free to to discuss the various security events here.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

12 comments
Jaqui
Jaqui

the same risk for security, when physical access is included in the equation. Why is this news? We have all said frequently that physical access is full control, anyone who thinks there is no risk with ANY technology is showing their own lack of thought.

paulmah
paulmah

This week?s security events includes news that servers belonging to Fedora and Red Hat have been broken into, the release of Opera 9.52, a vulnerability in Tomcat which could result in arbitrary file access, and the security risks of SSDs.

paulmah
paulmah

I think the report is a somber reminder that just like a normal hard disk drive, a "locked" or damaged SSDs aren't automatically mean the data is lost. In fact, by forcibly removing the individual memory chips, it is actually easier to read out the data using standard equipment than with a normal hard disk that has been physically damaged for example. Regards, Paul Mah.

techrepublic@
techrepublic@

How cares about weak physical security or data surviving delete on SSDs/HDDs?! Today I received a set of passwords for a server through unencrypted email. The username was root and the password was equal to the domain name!!!! How about one letter passwords?! Or "test123"?! Or "password"?! Or username and password being the same?! Or being a dictionary work?!!! I have worked on many servers, most of the times to increase security, do some maintenance work or installing some script. I have yet to find a single server that a quick dictionary attack can't break in! So ... what where you saying about security?!

Jaqui
Jaqui

since you can copy the data to another drive and by some "magic" combine the data blocks from each chip into a disk image, which can then be mounted and accessed. even encrypted filesystems can be mounted, so encrypting the disk isn't a significant hindrance if you can create a usable disk image of the contents.

paulmah
paulmah

We have to work on the assumption that IT professionals who bother to read this blog already practice the basic security stuffs. :) Regards, Paul Mah.

techrepublic@
techrepublic@

I interpreted your "mount" as file system mounting and that requires decrypting the data. Accessing the encrypted data is not difficult and should not be break security.

Jaqui
Jaqui

the decrypting is then just a brute force task. keep trying keys until you get it opened. :D hmm, abc co uses this type of encryption, with keys that fit this pattern, so those are the criteria for the keygen to decrypt the contents. anything that has been encrypted can be decrypted, given the time needed.

Neon Samurai
Neon Samurai

I'd say an encrypted disk platter is the same as an encrypted file. Both can be mounted but as you point out; the key will be required to make that data usable. I could see a harddrive that did hardware encryption being a bit different as that could encapsolate the partition table also. No key for the hardware to authenticate and decrypt with; no usable data. I don't see the mounting as a real problem, just the decrypting part.

techrepublic@
techrepublic@

"even encrypted filesystems can be mounted, so encrypting the disk isn't a significant hindrance if you can create a usable disk image of the contents." I'm very curious to know you that can be done. How can an encrypted drive be mounted or just take any information out of it (assuming you don't have the key)?

Neon Samurai
Neon Samurai

"Here, remember one nice long passphrase then learn to use this nifty program (keepass for my preferences)." hehe.. makes a world of difference.. heck, I need it with all my passwords going to 20 random characters where possible. Still, it relies on good habbits and the chair/keyboard interface will always be the weakest point in security.

techrepublic@
techrepublic@

... but how many of those IT professionals have had their system's security undermined by lazy (or weak memory) users?