Nicely timed to drop on the final day of Windows 7 support, Windows 10 received a fix to an extremely serious flaw in crypt32.dll . This flaw was reported by the good guys at the NSA. (We know it was the good guys, because they reported it rather than used it to spy on us.) It’s really bad. If you’re running Windows 10, go grab the update now. OK, you’re updated? Good, let’s talk about it now.

The flaw applies to X.509 keys that use elliptic curve cryptography. We’ve discussed ECC in the past, but let’s review. Public key encryption is based on the idea that some calculations are very easy to perform and verify, but extremely difficult to calculate the reverse operation.

The historic calculation is multiplying large primes, as it’s unreasonably difficult to factorize that result by a conventional computer. A true quantum computer with enough qubits will theoretically be able to factorize those numbers much quicker than a classical computer, so the crypto community has been searching for a replacement for years. The elliptic curve is the solution that has become the most popular. An agreed-upon curve and initial vector are all that is needed to perform the ECC calculation.

There are potential weaknesses in ECC. One such weakness is that not all curves are created equal. A well constructed curve results in good cryptography, but there are weak curves that result in breakable encryption.

With that foundation laid, the flaw itself is relatively easy to understand. An X.509 certificate can define its own curve. The Windows 10 implementation doesn’t properly check the curve that is specified. A malicious curve is specified that is similar to the expected curve — similar enough that the checks in crypt32 don’t catch it.

Paypal Password Bug

Imagine this scenario. You get an email, click a link, and immediately realize that this isn’t the page you thought it was. Close that tab, and all is well, right? You didn’t actually fall for the fishing scam. Well, [Alex Birsan] has bad news, in the form of a clever attack based off a Cross-Site Script Inclusion (XSSI) vulnerability in the Paypal login flow.

XSSI is similar to its other cross-site scripting brethren, but rather than running malicious code on a target web page, it runs a script from another web service on a malicious web page. It’s pretty common to include a JavaScript script from a different domain. The difference here is that not all JS scripts are intended to be included in other pages. Paypal had such a script. Visiting a malicious web page could load that script in your browser, and if you’ve ever logged in to Paypal, it would contain a set of valid session keys. The attacker could make a few password attempts using those credentials, which triggered a CAPTCHA request.

That CAPTCHA request is important. When the CAPTCHA form is filled, it launched a self-submitting form that contained the plain text username and password. Yikes! Once a user logged back in to Paypal, that CAPTCHA page could be run again, with the stolen session key, and the username and password easily recovered by the attacker. Thankfully, [Alex] disclosed the vulnerability to Paypal, who fixed it and paid him a nice tidy sum for his work.

Intel GPU Vulnerability

Brought to us by Phoronix, Intel is in the process of mitigating a problem in their integrated GPU cores. Even in Intel’s disclosure, there isn’t a whole lot of detail, but it seems to be another information leak in the same vein as Meltdown and Spectre.

The solution, at least in the Linux kernel, is to reset the iGPU between context switches. On 7th generation processors in particular, the performance hit to GPU is pretty severe. Considering the less than stellar video performance of those chips, losing 50% performance to this mitigation is quite the blow.

Cablehaunt

Use a cable modem? There’s a decent chance it has a Broadcom chip in it, and is vulnerable to Cablehaunt. A group of researchers found a way to download the current modem settings, which started a hunt for vulnerabilities. They found a spectrum analyzer page that responds to JSON requests. Naturally, the JSON parser isn’t written defensively. A long enough value in a request overflows the buffer, and the processor and microkernel that system runs doesn’t have any modern mitigation. Getting from access to the open port to malicious modification is a nearly trivial task. Check out the page for more details, as well as instructions for how to test your modem.

Cisco Again

At this point, if you have any Cisco equipment you can put your hands on, unplug it now before the long weekend of patching that you have ahead of you. [Steven Seeley] did an audit of the Cisco Data Center Network Manager. While he found multiple security problems, the glaring issue is a hardcoded authentication key. Yes, another Cisco product had a backdoor left in a production unit. There are deserialization bugs, SQL injection vulnerabilities, and plenty more to wade through, so go check it out if you want the gritty details.