Security Basics mailing list archives
Re: Operative System Updates
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 14 Jun 2012 17:55:23 -0400
On Thu, Jun 14, 2012 at 2:41 PM, Dave Kleiman <dave () davekleiman com> wrote:
haZ, For the files changed portion of your question, you could use something like Log Parser to gather lists of MD5s of files and compare them after. Like if you wanted EXEs in the sys32. logparser "SELECT Path, HASHMD5_FILE(Path) INTO EXE_MD5s.csv FROM C:\Windows\System32\*.exe" -i:FS -recurse:0 -o:csv
No, not MD5. In 2008, researchers set up a rogue CA. They were able to engineer collisions. "MD5 considered harmful today," http://www.win.tue.nl/hashclash/rogue-ca/. CAs responded with, "Past certificates are OK, its only future certificates we need to worry about." So a bunch of certs signed with MD5 continued to live. Mozilla told us (in 2008) they were working with CAs about those certificates: "MD5 Weaknesses Could Lead to Certificate Forgery," http://blog.mozilla.org/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/. But the damn things are still around in 2012: "By default, stop accepting MD5 as a hash algorithm in certificate signatures," https://bugzilla.mozilla.org/show_bug.cgi?id=590364. In 2012, bad guys were able to engineer collisions, too. But in a way that no researcher (that I am aware) took to proof of concept. The chosen prefix collision attacks are one of the reasons why Flame malware stayed under the radar for so long. "Microsoft Sub-CA used in malware signing," http://lists.randombit.net/pipermail/cryptography/2012-June/002961.html. Now that MD5 is more broken (???) - as if just "broken" was not enough - such that an attacker could potentially create a second binary file with an expected hash due to chosen prefix collisions and empty space in binaries, do you really think its suitable as a tripwire? Jeff
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of haZard0us Sent: Thursday, June 14, 2012 13:45 To: security-basics () securityfocus com Subject: Operative System Updates Hi all, I need to create a script that gathers information of the OS before and after the updates in order to detect changes and which updates/service packs were used. To be honest, I really don't know where to start. So, my question is which information should i gather in order to detect correctly which files were changed and which updates were used. Thanks in advance. --haZ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Operative System Updates haZard0us (Jun 14)
- Re: Operative System Updates Littlefield, Tyler (Jun 14)
- RE: Operative System Updates Dave Kleiman (Jun 14)
- Re: Operative System Updates Andrew Cummings (Jun 14)
- Re: Operative System Updates Jeffrey Walton (Jun 14)
- RE: Operative System Updates Ken Schaefer (Jun 15)
- Fwd: Operative System Updates Michael Rawson (Jun 14)
- RE: Operative System Updates Morey, Adam (Jun 15)