The year 2014 discovered three major vulnerabilities – Heartbleed, Shell Shock Hash bug and the Poodle bug. These major vulnerabilities have shaken the edifice of security havens. The Heart bleed bug made it possible for attackers to steal data from a server including the keys to decode any encrypted contents.

Shellshock a more serious bug made it possible for hackers to take control of millions of machines around the world quietly without notice. Another new breed of bug, Poodle, was found in a 15-year-old web encryption technology called SSL 3.0. SSL, which stands for Secure Sockets Layer, a technology that encrypts a user’s browsing session, making it difficult for anyone using the public Wi-Fi to eavesdrop. The Poodle bug makes it possible for hackers to hijack their victim’s browsing session and do things like take over their email, online banking, or social networking account.

This GHOST vulnerability affects almost all major Linux distributions, except a few such as Ubuntu 14.04. Millions of servers on the Internet contain this vulnerability.

As a buffer overflow bug, GHOST affects certain function calls in the Glibc library. The vulnerability allows a remote attacker to execute arbitrary code using these function calls that are used for DNS resolving, a common event. In exploiting this vulnerability, an attacker may trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution. To eliminate the possibility of an exploit, the specific function calls, ‘glibc’ and ‘mscd’ is to be updated on the system using packages released by Linux updates.

Researchers at Veracode discovered that nearly 41% of enterprise applications using GNU C Library employ the Ghost-ridden ‘gethostbyname’ function[1]. Veracode rates this vulnerability as highly ‘Critical’, as 80% of applications like financial transaction applications or application that access sensitive databases uses ‘glibc’ library and which could be victim of GHOST vulnerability. According to Veracode, the code that initiate network connection, log processing and mail or spam filtering can be vulnerable to GHOST as it uses gethostbyname( ); function.initiate network connection, log processing and mail or spam filtering can be vulnerable to GHOST as it uses gethostbyname( ) function.

Veracode found that 72% of applications which is written in C or C++ are potentially vulnerable to GHOST; applications written in Java, .NET, and PHP are also vulnerable to GHOST.

The easiest way to check for this vulnerability is to run the Aegify scanner on Linux hosted servers within the organization and in its external IT infrastructure. Patches are now available for resolving this vulnerability.

Aegify suite of tools – security, compliance and risk management provide a rich set of solutions for identifying vulnerabilities that continuously emerge and threaten businesses and individuals ensuring that such risks are properly identified and addressed, and all the while remaining compliant to various regulatory requirements.

Aegify Security Posture Management, an innovative and completely cloud-based automated and integrated security monitoring and compliance assessment tool helps enterprises to take away the complexity of maintaining a secure posture and ensuring compliance. This tool simplifies the protection of their physical and virtual environment and IT infrastructure from security breaches by cyber attackers while also meeting regulatory requirements. Equipped with distinct features such as continuous security monitoring, vulnerability management engine, physical and virtual network scans, interoperability, re-mediation and multi-layered vulnerability analysis, Aegify’s security solutions provides a complete end-to-end and comprehensive solution to identify security gaps and help enterprises apply related patches or use virtual patching.

The post The new GHOST Vulnerability that could affect security of Linux based servers across the globe appeared first on Aegify.

The heart bleed bug made it possible for attackers to steal data from a server including the keys to decode any encrypted contents. Shellshock a more serious bug made it possible for hackers to take control of millions of mahcines around the world queitly without notice. And now this new breed of bug, poodle, was found in a 15-year-old web encryption technology called SSL 3.0. SSL, which stands for Secure Sockets Layer, a technology that encrypts a user’s browsing session, making it difficult for anyone using the public Wi-Fi to eavesdrop. The Poodle bug makes it possible for hackers to hijack their victim’s browsing session and do things like take over their email, online banking, or social networking account.

Major players Microsoft, Google and Mozilla recommend disabling SSL 3.0. Security researchs feel that the Poodle bug is more innocuous than heartbleed or Sheelshock, as SSL 3.0 has been largely superceded by a newer encryption protocol called TLS (Transport Layer Security), and also in pulling off a poodle attack the victim has to be actively online and physically close to the attacker, say using the same public Wi-Fi.

Many TLS implementations provide backwards compatibility with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. The protocol handshake provides for authenticated version negotiation; normally the latest protocol version common to the client and the server will be used. However, even if a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade to work around serverside interoperability bugs. Attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0. The POODLE attack will allow them, for example, to steal “secure” HTTP cookies (or other bearer tokens such as HTTP Authorization header contents).

Read more technical details at https://www.openssl.org/~bodo/ssl-poodle.pdf.

Aegify suite of tools – security, compliance and risk management provide a rich set of solutions for identifying vulnerabilities that continuously emerge and threaten businesses and indidividuals ensuring that such risks are properly identified and addressed, and all the while remaining compliant to various regulatory requirements.

Aegify Security Posture Management, an innovative and completely cloud-based automated and integrated security monitoring and compliance assessment tool helps enterprises to take away the complexity of maintining a secure posture and ensuring compliance. This tool simplifies the protection of their physical and virtual environment and IT infrastructure from security breaches by cyber attackers while also meeting regulatory requirements. Equipped with distinct features such as continuous security monitoring, vulnerability management engine, physical and virtual network scans, interoperability, re-mediation and multi-layered vulnerability analysis, Aegify’s security solutions provides a complete end-to-end and comprehensive solution to identify security gaps and help enterprises apply related patches or use virtual patching.

The post Heartbleed and shell-shocked don’t be bitten by the Poodle Bug now! appeared first on Aegify.

Unlike the previous attacks seen recently, “Heart-bleed” doesn’t actually require any interesting cryptographic software. As the attacks leave no evidence in server logs, there is in reality no way of knowing if the bug has been actively exploited – thus making the effects more devastating than ever.  Regardless of whether you realize it, there is a lot of the security infrastructure you rely on that is dependent in some way on OpenSSL, and unfortunately the reliance on OpenSSL is only increasing. The risk with the OpenSSL Heart bleed vulnerability is bizarre, as there are a large number of private keys exposed on the Internet, leading to potential memory leaks in server-client interactions.

Detecting and Mitigating this Vulnerability

The new and improved Aegify Scanner from eGestalt, is the best answer to prevent a serious “Heart-bleed”. The heart-bleed bug is not a problem with OpenSSL’s innate design, but a result of a programming error. The updated Aegify Scanner from eGestalt, a leading provider of Cloud-based software-as-a-service (SaaS) solutions for business IT security monitoring, vulnerability analysis, asset and risk management, penetration testing and compliance management, helps in detecting the bug. The latest updated Aegify Scanner helps in detecting the bug, regardless of whether it has been set on a manual update or a 64-bit system. Whatever may be the method, by following a few simple steps, the scanner will be able to detect the OpenSSL Heart-bleed vulnerability in the next scheduled scan. The latest heart-bleed vulnerability scan feature is also available the free Aegify Freemium Scanner. Put an end to all “Heart-bleed” issues once in for all – Get the latest Aegify Scanner from eGestalt today!

The post Avert Open SSL Heart-bleed Vulnerability with eGestalt’s Aegify Scanner appeared first on Aegify.