Evaluate Websense products by watching demos and installing evaluation software.
Learn More >
Learn how Websense solutions help keep our customer safe, secure and productive.
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
SSL, widely adopted and living on borrowed time, has clearly had a rough year. After Heartbleed, Poodle, and many other high-profile vulnerabilities comes FREAK (Factoring attack on RSA-EXPORT Keys), which at the time of publication of this blog breaks approximately 36% of all sites trusted by browsers as per this link including websites belonging to the NSA and FBI. About 12% of high ranked Alexa websites are also believed to be vulnerable to the flaw at this time, thereby placing visitors to these sites at high risk.
The vulnerability, discovered by Karthikeyan Bhargavan at INRIA in Paris and the mitLS team allows an active attacker to perform a man-in-the-middle attack by downgrading the encrypted connection between a vulnerable client and a server that accepts export-grade RSA keys to 512-bits. The captured key can then be factored using the public cloud in a matter of hours and further be used for decryption of communication between the client and the server. Once the key has been compromised, all personal information including passwords, financial data, etc. is at risk.
As mentioned in the post, “Happy Nucl(y)ear - Evolution of an Exploit Kit”, we were planning to discuss the Angler exploit kit in detail in an upcoming post. However, the exploitation of a critical Adobe Flash 0-day vulnerability (CVE-2015-0311, patched) via the Angler exploit kit has fast-tracked our efforts and in this blog, we present the strategy adopted by the exploit kit to evade detection of the 0-day by security scanners. 0-days are valuable commodities and the longer they remain undiscovered, the more value they appropriate for the attacker(s).
Just as defense-in-depth is used as a strategy in the protection scenario, layered obfuscation is its equivalent in the evasion scenario. The attacker is interested in adopting a defense-in-depth approach to protect his / her investment and get the most ROI from exploits. A parallel in the physical world is a medieval castle which was protected by multiple wall system, so even when the external wall had taken down by catapults the so called inner castle was still standing strong.
Follow us on SpiceWorks
We want to hear from you!