Leaderboard

Enhanced Mitigation Experience Toolkit (EMET) - EMET 3.0. [h=3]Introducing EMET v3[/h] swiat 15 May 2012 11:00 AM We are pleased to announce the release of a new version of our Enhanced Mitigation Experience Toolkit (EMET) - EMET 3.0. EMET it is a free utility that helps prevent vulnerabilities in software from being successfully exploited for code execution. It does so by opt-ing in software to the latest security mitigation technologies. The result is that a wide variety of software is made significantly more resistant to exploitation – even against zero day vulnerabilities and vulnerabilities for which an update has not yet been applied. Download it here: Download: EMET - Microsoft Download Center - Download Details This new version of the tool being released today addresses top feedback themes we have heard from users: EMET needs more enterprise configuration, deployment and reporting options. We have seen growing interest in adoption from enterprise and large scale networks and this new version includes enhancements for that segment. Here are some of the highlights of and new features in EMET 3.0. Making configuration easy Enterprise deployment via Group Policy and SCCM Reporting capability via the new EMET Notifier feature Configuration EMET 3.0 comes with three default "Protection Profiles". Protection Profiles are XML files that contain pre-configured EMET settings for common Microsoft and third-party applications. Under EMET’s installation directory, these files are in the Deployment\Protection Profiles folder. You can enable them as-is, modify them, or create new protection profiles based on them. The three profiles that ship with EMET 3.0 are: Internet Explorer.xml: Enables mitigations for supported versions of Microsoft Internet Explorer. Office Software.xml: Enables mitigations for supported versions of Microsoft Internet Explorer, applications that are part of the Microsoft Office suite, Adobe Acrobat 8-10 and Adobe Acrobat Reader 8-10. All.xml: Enables mitigations for common home and enterprise applications, including Microsoft Internet Explorer and Microsoft Office. Looking inside a profile, we see a list of programs with EMET mitigations. The example below shows all EMET mitigations enabled for Windows Media Player, with the exception of Mandatory ASLR: <Product Name="Windows Media player"> <Version Path="*\Windows Media Player\wmplayer.exe"> <Mitigation Enabled="false" Name="MandatoryASLR"/> </Version> </Product> Notice the “*” in the Path attribute above? In EMET 3.0, we also expanded the EMET grammar rules. Existing rules that you might have continue to work as-is and it is possible now to also use wildcards in EMET rules. This means that you no longer have to use the full path of an application in EMET rules. You can use the “*” character or simply use the image name, such as “iexplore.exe” in your rules. EMET will protect them regardless of where these applications may be installed. This has been one of the most requested features. Deployment EMET also comes with built-in support for enterprise deployment and configuration technologies. This enables administrators to use Group Policy or System Center Configuration Manager to deploy, configure and monitor EMET installations across the enterprise environment. For Group Policy: EMET includes an ADMX file that contains the three protection profiles mentioned above as policies that can be enabled/disabled through group policy. There is also a policy that demonstrates how to add custom EMET settings. For System Center Configuration Manager: The SCCM team blog post this morning provides a package and instructions for integration with various SCCM features. Read that blog post here: Welcome to Windows Live Reporting With EMET 3.0, we have included an additional new reporting capability that we call "EMET Notifier". When you install EMET 3.0, this lightweight component is set to automatically start with Windows. It will show up in the notification area of your taskbar with an EMET 3.0 icon. EMET Notifier has two duties: Write events out to the Windows Event Log Show important events via a tooltip in the taskbar notification area EMET events are logged via the event source called EMET. These logs can be found in the Application log. There are three levels: Information, Warning and Error. Information messages are used for logging usual operation such as the EMET Notifier starting. Warning messages are used when EMET settings change. Error messages are used for logging cases where EMET stopped an application with one of its mitigations, which means an active attack has been blocked. An example entry can be seen below. In addition to the error messages written to the Windows Event Log, when an EMET mitigation stops (crashes) an application by blocking an exploit, a message is displayed for the user. A toast style taskbar notification states which application is being stopped and which mitigation is causing EMET to stop it. You can see an example below. Other EMET v3 developments In addition to these features, EMET 3.0 comes with a number of other improvements and bug fixes. More details and a FAQ can be found in the User Guide that comes with the install. However, we would like to specifically highlight a couple of things here. First, we have tested EMET 3.0 on the Windows 8 Consumer Preview and it works great - we encountered no problems at all so we encourage you to use EMET on all versions of Windows. Second, EMET 3.0 can be installed just fine on a system where EMET 2.1 (the previous release) was already installed. An upgrade or a new installation is no different. Your existing rules built for EMET 2.1 will continue to work just fine with EMET 3.0. Third, we would like to point out that EMET is an officially-supported Microsoft tool. That is a question we get a lot from enterprise customers. Microsoft's Customer Service & Support team offers forums-based support via Enhanced Mitigation Experience Toolkit (EMET) Support Forum. We in MSRC Engineering are also very eager to promote EMET and help you use it so we are quick to respond to feedback, ideas, suggestions, or questions via switech -at- microsoft -dot- com. Please do not hesitate to reach out to us. Acknowledgements I would like to thank Chengyun Chu, Elias Bachaalany, Elia Florio, Jinwook Shin, Neil Sikka, and Nitin Kumar Goel for their various contributions to this release. Also a big thank you to Jason Githens and Hema Rajalakshmi from the System Center Configuration Manager team for their help and support. - Suha Can, MSRC Engineering (EMET 3.0 release owner) Sursa: Introducing EMET v3 - Security Research & Defense - Site Home - TechNet Blogs

The National Institute of Standards and Technology (NIST) today announced the winner of its five-year competition to select a new cryptographic hash algorithm, one of the fundamental tools of modern information security. The winning algorithm, Keccak (pronounced “catch-ack”), was created by Guido Bertoni, Joan Daemen and Gilles Van Assche of STMicroelectronics and Michaël Peeters of NXP Semiconductors. The team’s entry beat out 63 other submissions that NIST received after its open call for candidate algorithms in 2007, when it was thought that SHA-2, the standard secure hash algorithm, might be threatened. Keccak will now become NIST’s SHA-3 hash algorithm. Hash algorithms are used widely for cryptographic applications that ensure the authenticity of digital documents, such as digital signatures and message authentication codes. These algorithms take an electronic file and generate a short "digest," a sort of digital fingerprint of the content. A good hash algorithm has a few vital characteristics. Any change in the original message, however small, must cause a change in the digest, and for any given file and digest, it must be infeasible for a forger to create a different file with the same digest. The NIST team praised the Keccak algorithm for its many admirable qualities, including its elegant design and its ability to run well on many different computing devices. The clarity of Keccak’s construction lends itself to easy analysis (during the competition all submitted algorithms were made available for public examination and criticism), and Keccak has higher performance in hardware implementations than SHA-2 or any of the other finalists. “Keccak has the added advantage of not being vulnerable in the same ways SHA-2 might be,” says NIST computer security expert Tim Polk. “An attack that could work on SHA-2 most likely would not work on Keccak because the two algorithms are designed so differently.” Polk says that the two algorithms will offer security designers more flexibility. Despite the attacks that broke other somewhat similar but simpler hash algorithms in 2005 and 2006, SHA-2 has held up well and NIST considers SHA-2 to be secure and suitable for general use. What then will SHA-3 be good for? While Polk says it may take years to identify all the possibilities for Keccak, it immediately provides an essential insurance policy in case SHA-2 is ever broken. He also speculates that the relatively compact nature of Keccak may make it useful for so-called “embedded” or smart devices that connect to electronic networks but are not themselves full-fledged computers. Examples include sensors in a building-wide security system and home appliances that can be controlled remotely. “The Internet as we know it is expanding to link devices that many people do not ordinarily think of as being part of a network,” Polk says. “SHA-3 provides a new security tool for system and protocol designers, and that may create opportunities for security in networks that did not exist before.” sursa: NIST Selects Winner of Secure Hash Algorithm (SHA-3) Competition

Amal Graafstra snaps on a pair of black rubber gloves. “Do you want to talk about pain management techniques?” he asks. The bearded systems administrator across the table, who requested I call him “Andrew,” has paid Grafstra $30 to have a radio-frequency identification (RFID) chip injected into the space between his thumb and pointer finger, and as Graafstra describes Lamaze-type breathing methods, Andrew looks remarkably untroubled, in spite of the intimidatingly high-gauge syringe sitting on the table between them. Graafstra finishes his pain talk, fishes a tiny cylindrical two-millimeter diameter EM4012 RFID chip out of a tin of isopropyl alcohol, and drops it into the syringe’s end, replacing the RFID tag intended for pets that came with the injection kit. He swabs Andrew’s hand with iodine, carefully pinches and pulls up a fold of skin on the top of his hand to create a tent of flesh, and with the other hand slides the syringe into the subcutaneous layer known as the fascia, just below the surface. Then he plunges the plastic handle and withdraws the needle. A small crowd of onlookers applauds. The first subject of the day has been successfully chipped. Here’s a video of the procedure. Over the course of the weekend, Andrew would be one of eight people to undergo the RFID implantation among the 500 or so attendees of Toorcamp, a hacker conference and retreat near the northwest corner of Washington State. Graafstra’s “implantation station” was set up in the open air: Any camper willing to spend $30 and sign a liability waiver could have the implantation performed, and after the excitement of Andrew’s injection, a small line formed to be next. And why volunteer to be injected with a chip that responds to radio signals with a unique identifier, a procedure typically reserved for tracking pets and livestock? “I thought it would be cool,” says Andrew, when we speak at a picnic table a few minutes after his injection. (The pain, he tells me, was only a short pinch, followed by a “weird feeling of a foreign body sliding into my hand.”) Graafstra's glass-encased RFID chips, ready for implantation. The practical appeal of an RFID implant, in theory, is quick authentication that’s faster, cheaper and more reliable than other biometrics like thumbprints or facial scans. When the chip is hit with a radio frequency signal, it emits a unique identifier number that functions like a long, unguessable password. Implantees like Andrew imagine the ability to unclutter their pockets of keys and keycards and instead access their cars, computers, and homes with with a mere wave of the hand. Andrew says he initially hoped to use his RFID implant instead of the HID identity card his office uses for entry, but wasn’t deterred from the injection when Graafstra told him that HID uses a proprietary system whose chips Graafstra couldn’t implant. “I don’t have anything specific in mind, now, but I didn’t know when I’d have another opportunity to do it,” says Andrew. “And it’s a good excuse to start learning more about RFID.” Another young hacker who underwent the procedure at Toorcamp said he hopes to install an RFID access system at the door of his local hackerspace. A young woman with a small collection of rings and studs in her ears compared her new implant to aesthetic body modifications like piercings and tattoos, or even the fringier culture of erotic “needleplay.” “I guess I have an interest in my body’s response to pain and modification,” she says. “There’s a certain thrill of the new.” For Graafstra himself, the chips are more than a novelty or a hacker hobby. Graafstra uses them to access his home near Seattle, to turn on his motorcycle, to open a safe in his house, even to authenticate into his phone, a Samsung Galaxy Nexus that’s capable of near-field communications. He had his first chip installed in 2005 by a doctor client of his IT services firm, and has since become one of a few vocal RFID body implant evangelists, chronicling his experiences with the chip on his website and in a book, RFID Toys. The enthusiasm of hackers like those at Toorcamp for RFID implants may seem a bit surprising–privacy advocates have long warned that the chips could allow individuals to be tracked by governments and corporations, even when they’re merely housed in passports or clothing, not to mention injected subcutaneously. But Graafstra says that the chips he’s implanting are difficult to read from more than a few inches away. And he argues the idea of some trying to read his chip in order to spoof its signal and access his house or other property is far less of a threat than other potential privacy invasions. “If someone manages to read this, it’s just as if they found a piece of paper with a number on the ground,” he says. “For any kind of attack, they would have to also know me and where I live and wants to gain access to the things I’ve enabled. There are easier ways to do that, like breaking into my window.” That hasn’t stopped privacy advocates and religious types from attacking Graafstra as a harbinger of evil–Some link his hand chip with the Bible’s “mark of the beast,” a number stamped by the Devil on hands and heads in the Book of Revelations. Graafstra ignores their emails or responds politely. “Some people view the body as a sacred temple,” he says. “Some view it as a sports utility vehicle they can upgrade. I’m definitely in the second category.” Even so, he says his Toorcamp implantation station was a one-off. Outside of the camp’s community of hacking and experimentation, he worries that the risk of unhappy customers would be too high. “I trust that the people here have put a little thought into it and know what they’re getting into,” he says. “For everyone else, I recommend you contact your local piercing artist.” Implementation Guide: http://amal.net/wp-content/uploads/2012/09/DIY-Implantation-Guide.pdf Sources: Want An RFID Chip Implanted Into Your Hand? Here's What The DIY Surgery Looks Like (Video) - Forbes The first ever MakerFaire - Amal Graafstra - Technologist, Author & Double RFID Implantee