Java Runtime Environment 1.6 Update 29

October 23, 2011 1 comment

Version 1.6 of the Java platform has been updated to version 29. If you’re not prompted to update automatically, visit Java.com and click the download button.
It patches 20 vulnerabilities including protection against BEAST.

“BEAST” (Browser Exploit Against SSL/TLS) can potentially provide a malicious hacker the ability to bypass SSL/TLS encryption and ultimately decrypt potentially sensitive web traffic.  This exploit was recently demonstrated at a security conference.  The vulnerability related to this exploit is CVE-2011-3389.

http://blogs.oracle.com/security/entry/october_2011_critical_patch_updates

You might have read my previous article, Java 7 released, but it’s still not out of RC.

Java 6 SE - Update 29

Download

You can directly download the whole install package for both 32 and 64 bit windows versions from FileHippo, or visit the Java website directly to be offered an installation suitable for your OS and language.

Norton Fucking Ghost

October 19, 2011 Leave a comment

I was working on a machine a few weeks back that suffered a hardware failure – I ended up having to rebuild all the components I could save into a new box – and it got me thinking that this would be a real good time to practice-what-you-preach, and do a backup.

Two birds with one stone and all that, I thought this might be the right time to do an upgrade on the boot drive too.

In my setup right now is a 32Gb SLC Intel SSD and I’m upgrading to a 64Gb Patriot drive, both have roughly the the same 250MB/sec throughput, but the inferno is larger in size. Windows 7 used only a fraction of the original 32 gig, but the patriot supports trim and I can move the static page file onto it too.

So I get Norton Symantec Ghost 15 up and running, set about making an clone of my Win 7 boot drive, turn off the PC when it’s done and exchange the Intel for the Patriot on the original SATA cable.

I turn on the computer, and it doesn’t boot. I take the case apart again, checking I didn’t accidentally cause a disconnect when I put the case back together, I checked the boot order in BIOS, nothing wrong. Maybe it’s faulty? I put the original drive back in, and it doesn’t boot.

Norton Fucking  Ghost

So I do a search on the internet through my Android phone and it’s apparent this is a known bug.

Source and destination drives do not start after I perform Copy My Hard Drive operation in Norton Ghost 15.0 on Windows 7 or Vista

https://www-secure.symantec.com/norton-support/1.6/jsp/help-solutions.jsp?docid=kb20100119144100EN_EndUserProfile_en_us

It destroys the Boot Configuration Data, or BCD, that Windows needs to locate and boot the OS. The solution? Boot off your Windows installation disk and do a repair. Or DOS.

Ghost SRD

I was able to boot off the Ghost 15 System Recovery Disk, and get the BCD re-built using the following DOS commands.

To create a new bootloader, type the following commands one at a time.
Press Enter after you type each line:

del c:\boot\bcd
bcdedit /createstore c:\boot\bcd.temp
bcdedit /store c:\boot\bcd.temp /create {bootmgr} /d "Windows Boot Manager"
bcdedit /import c:\boot\bcd.temp
bcdedit /set {bootmgr} device partition=C:
bcdedit /timeout 10
del c:\boot\bcd.temp

That completes the steps required to rebuild the bootloader, and now we need to add our OS to it.

bcdedit /create /d "Windows 7" /application osloader

bcdedit should return a message with a unique GUID for the newly-created entry, something like this,

The entry {c0dfc4fa-cb21-11dc-81bf-005056c00008} was successfully created.

You’ll need to use the UNIQUE value that bcdedit returned for you below, instead of {your-guid}, along with the drive letter for the drive that Windows is installed on.

bcdedit /set {your-guid} device partition=C:
bcdedit /set {your-guid} osdevice partition=C:
bcdedit /set {your-guid} path \Windows\system32\winload.exe
bcdedit /set {your-guid} systemroot \Windows

And, last of all, tell the Windows bootloader to boot the new entry by default:

bcdedit /displayorder {your-guid}
bcdedit /default {your-guid}

Now the BCD has been completely rebuilt from scratch. Some of the details included here taken from Symantec and also NeoSmart. The NeoSmart article gives you more options and screen shots, including details on the repair of the bootloader using the Windows installation disk and how to attempt automatic repair with /rebuildbcd.

Firefox 7.01 on Release Channel

October 1, 2011 1 comment

So a new version of Firefox has landed on the Release channel, and already we see the first dot release,  to 7.0.1 – to resolve a bug with Add-On visibility.

We’ve identified an issue in which some users may have one or more of their add-ons hidden after upgrading to the latest Firefox version, affecting both desktop and mobile. These add-ons and their data are still intact and haven’t actually been removed.

blog.mozilla.com/addons

If you’ve had this problem, the upgrade should resolve it. The Add-Ons blog has a link to a tool to resolve the issue if the upgrade doesn’t.

Beta, Aurora, Nightly

So Beta Channel is now at 8.b1, Alpha Aurora Channel is offering 9.0a2 and strange versioning continues over at Firefox Nightly, offering up 9.0a1 – a depreciated build?

Read the official Release Notes for yourself here.

Adobe Flash Player 10.3 Advisory

September 18, 2011 Leave a comment

Flash Player by Adobe, consistently plagued with vulnerabilities, has under gone yet another minor version upgrade on the Release channel – to 10.3.183.7 10.3.183.10

Adobe recommends users of Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.183.5.
Users of Adobe Flash Player for Android 10.3.185.25 and earlier versions should update to Adobe Flash Player for Android 10.3.186.3.

http://www.adobe.com/support/security/bulletins/apsb11-21.html

Google Security

A Google Security researcher who fuzzed over 400 bugs in Flash Player was denied attribution by Adobe, because of the way CVE numbers are allocated.
He blogged about it in this post, and Adobe responded with their own snark..

So, what’s the right number of CVEs to allocate? In this particular case, some of the code changes we made were closely related within a single component, which would argue for consolidating them with a single CVE, while others were clearly distinct. At this point, we’d rather invest our time in continuing the hardening work that will make Flash Player more robust against attack than reviewing change logs. We’ve updated the security bulletin to include CVE-2011-2424 to describe this batch of bugs.

http://blogs.adobe.com/asset/2011/08/how-did-you-get-to-that-number.html

And the updated text of the advisory now attributes the CVE to the Google team.

This update resolves multiple memory corruption vulnerabilities that could lead to code execution (CVE-2011-2424).

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
Tavis Ormandy of the Google Security Team (CVE-2011-2424)

http://www.adobe.com/support/security/bulletins/apsb11-21.html

Downloads

Android users can get the latest release version from the market here, Internet Explorer users can direct download from FileHippo.com and those running Firefox can grab it from FileHippo.com too..

Those looking for the official Adobe Flash Player download site can click here.

Aurora – The Future of Firefox

September 17, 2011 Leave a comment

Firefox - Aurora

Mozilla now offer 4 versions of their popular web browser software, with increasing levels of sophisticated new technology, interface design and developer tools, but at the expense of stability and compatibility.

Nightly, Aurora, Beta, Release

So the available builds are categorised according to their suitability for general release – the current Nightly is untested and raw, and in time becomes Aurora; and so the current Aurora becomes the next Beta and the current Beta becomes the Release version, available to everyone as Firefox – stable, patched. Software fit for a production environment.

Mozilla aim to do this every 6 weeks.

Every 6 Weeks

So from Aurora to Beta to Release is 12 weeks, or about 3 months. Currently, the Nightly build is at version 9.0, Aurora is at version 8.0, the Beta is 7.0 and Release is 6.0.2

Aurora

Let me just quickly say, if you’re still a bit confused with the Firefox releases, and don’t know which version you should run, then my advice would be to head on over to Firefox.com and download the version offered to you. This is the Release version – the most stable, most tested and most recent.

The other builds –  Nightly, Aurora, Beta – they’re for geeks, for those who like their internet cutting-edge. Want Nightly, Aurora or Beta for your Android device? Check out system requirements, compatible handsets and find downloads here.

Add-Ons Manager

A new interface and new way of handling Add-Ons is introduced. When an add-on is installed from outside of Firefox, the add-on is disabled by default, and requires explicit authorisation from the user to activate.

they can slow down Firefox start-up and page loading time, they clutter the interface with toolbars that often go unused, they lag behind on compatibility and security updates, and most importantly, they take the user out of control of their add-ons.

http://blog.mozilla.com/addons/2011/08/11/strengthening-user-control-of-add-ons

MemShrink

The MemShrink side project aims to reduce the memory usage of Firefox. Lower memory usage means a faster experience, as the overheads for paging and caching are reduced.

One nice thing about this feature is that it gives technically-oriented users a way to tell which web sites are causing high memory usage.  This may help with perception, too;  people might think “geez, Facebook is using a lot of memory” instead of “geez, Firefox is using a lot of memory”.

http://blog.mozilla.com/nnethercote/2011/07/06/memshrink-progress-week-3/

Developer Tools

Including Telemetry, Web timing spec, Azure Direct2D for Canvas and increased HTML5 and CSS3 support, including media elements and custom right click menus. Want to know more about the new developer tools?

Current HTML 5 Support

I’m already impressed with the HTML 5 support in the Release version of Firefox, when the rest of the web catches up, sites will be dynamic and media rich beyond our wildest imaginations.

Insecure Data Request/Response from Quidco RPC

September 13, 2011 Leave a comment

I recently reported some Data Protection and Privacy issues with the Quidco app for Android, and wanted to have an in-depth look at the Client/Server data sent by the app.

Packet Capture

With the newly installed tcpdump facility, I was able to capture the network traffic from my handset and watch the Quidco app for Android send a request to the remote server and receive data back. This happens when you log-in, when you check-in, when the app wants to load your personal details and display your cash-back history.

Pretty standard stuff, nothing out of the ordinary, nothing unexpected.

The problem is not what’s being sent, but how. The communication between the server and the handset is not secured – the data is sent by the server over the internet as plain-text, and includes your email, postcode, real name, date of birth and IMEI.

JSON-RPC

JSON or JavaScript Object Notation, is a lightweight text-based open standard designed for human-readable data interchange.
The JSON format is often used for serializing and transmitting structured data over a network connection. It is used primarily to transmit data between a server and web application.

http://en.wikipedia.org/wiki/JSON

JSON allows the Quidco app to makes requests to the remote server in a defined way, through procedure calls. Such procedures observed in the analysis of the packet capture include getNearbyDeals and getUserDetails.

Wireshark Analysis

The capture file is loaded into Wireshark where it can be displayed and reconstructed.
One function has the ability to reorder and display in ASCII the request and response of a specific TCP stream.

Reconstruct A TCP Stream

Reconstruct A TCP stream with Wireshark

getNearbyDeals

getNearbyDeals

The function takes several arguments, including the users latitude and longitude, and returns data on the deals close-by.

getUserDetails

getUserDetails

Evil Twin Attack

Being a mobile app, designed to be used out and about, it’s a possibility the end user will connect to a WIFI hotspot, for example Openzone, when they want to check-in at a store or search for near-by deals.

An ‘Evil Twin’ is a hotspot with the same name as a legitimate one, but which is set-up by criminal entities to harvest personal data, log-in or banking details. The Guardian ran a story about it. It’s all to do with the way your handset will automatically connect to a WIFI network based on it’s SSID or name.

Firesheep was a proof of concept plug-in for the Firefox browser, which allowed trivial Facebook session hijacking on insecure networks. Now there is a native Android app, FaceNiff which claims to do a similar job.

Disclosure

The developers of the app were contacted regarding the insecure client/server communication and now the app has been updated to v1.0.4 to address this issue.

Wireshark analysis of traffic captured for version 1.0.4 shows all request/response traffic is made over https.

The main idea of HTTPS is to create a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks

http://en.wikipedia.org/wiki/HTTP_Secure

Wireshark Analysis

v1.0.4 Application Traffic Secured with HTTPS

Firefox 9 64-bit Released on Nightly..

September 12, 2011 Leave a comment

So the main Firefox build, currently v6.0.2, is still only available as a 32-bit exe on Windows.

But feel like treading the alpha infested waters of Nightly, and version 9 in full 64-bit form can be downloaded.
Version numbers for Nightly builds are not always accurate.

Nightly Build

So the Nightly build is the most recent code, the alpha stages of the next Firefox; the basis of the next RC. Nightly’s are released without any testing.

It very clearly states on the site that the binaries are for testing purposes only, but I’ve not had a problem with Plug-In or Add-On incompatibility, and no crashes yet.
If you do important work, you know not to install it on your main Dev machine..

And it looks the same as v6, and v5. To be honest, since they went crazy with the naming, I haven’t actually noticed anything new over the v4 release.. But v9 will one day have a brand new User Experience.

About Nightly 9.01a

x86-64

So, if like me, you have a 64-bit version of windows, and you want to run 64-bit versions of your software, at the risk of instability, go ahead and download and install a Nightly build.
If you have a 32-bit system, I say stick to the stable Firefox releases, or the slightly less stable betas.

v9 doesn’t really provide anything over v5 or v6, but it’s native.

Follow

Get every new post delivered to your Inbox.