Test Performance

Performance Testing News UK
RSS

Archive for the ‘Security Testing’ Category

A short description of NTLM

Posted by performance tester on November 25th, 2009 No Comments

NTLM is a security protocol used in Microsoft Networks. It is the main approach used by Microsoft to implement single sign-on. It is also used for HTTP authentication and also in Exchange, as well as CIFS/SMB, Telnet and SIP.

NTLM uses a challenge response authentication mechanism, in which users are able to establish their identity without the use of a password. This is generally handled by a certificate that the user already had in their poccession. It includes three exchanges, in general known as Type1 (negotiation), Type2 (challenge) and Type3 (authentication). The exchanges work on the following basis.
The client generates and sends a Type 1 communication to the server. This contains a feature supported by the client and requested of from the server.
The server responds with a Type 2 communication. This contains the features decided to be supported by the server. More notably however, it contains a challenge generated by the server.
The client responds to the challenge with a Type 3 communication. This contains a number of pieces of data about the client, including the domain and users name of the client user along with the secret key. This secret key that has been sent should match the secret key that is held by the server.

Finally Digital signatures can be managed. This means that the signed message has not been intercepted and means the sender is privy to the shared secret. This could be a Radius client interating along with Active Directory whereby the shared secret is manually set within each configuration by the administrator. The keys used in signing and sealing are established as a by-product of the NTLM authentication process. Signing functionality is performed by the addition of a Message Authentication Code (MAC) to any message. This is checked by the server who can now be certain that the message integrity is safe. The signature is generated using the secret key, known by both the sender and receiver. The MAC can only be checked by any party holding the key.

Sealing is carried out by a different function, which adds encryption to a message to put a stop to it from being viewed by another party in transit. There are several encryption protocols used throughout signing and sealing, plus more are appearing frequently. As well as providing message integrity, communication discretion is ensured by the use of sealing. Under SSPI (Security Support Provider Interface) sealing (and signing) is at all times performed in combination with the same key. This encryption allows that a message cannot be intercepted or tampered with whatsoever. (Unless of course you are employed for the FBI).

NTLM is a popular authentication protocol. While there are other authentication protocols that are used, the straightforwardness of use and it’s integration with Microsoft leaves it as nearly all administrators number 1 choice.

Posted in Network Testing, Non Functional Testing, Security Testing, Software Testing

Hackers Find Adobe Flash Player Flaw Found

Posted by performance tester on November 19th, 2009 No Comments

From crn:

The U.S Computer Emergency Readiness Team (US CERT) has suggested that users turn off Flash because of vulnerabilities in Flash Player and Adobe Reader, as hackers have started to launch attacks.
Adobe issued a security advisory warning users of a zero-day flaw, found in versions 9 and 10 of Adobe Flash Player, that is triggered by bugs in Adobe Reader and Adobe Acrobat 9.1.2.

This enables attackers to install a malicious Flash Player file
is embedded into PDF documents, which might be used to bring down a user’s system or allow them to steal data.

The assault is started when a user is enticed to visit a malicious web-site—typically through some social engineering scheme—or by sending an contaminated PDF file by way of email. The PDF when opened will cause the trojan (Pidief.G) to install automatically.
Adobe researchers say that they have already started to see what they call “limited targeted attacks” launched on Adobe Reader version 9 for Windows, which caused the company to rank the weakness as “critical.” However, security experts anticipate additional attacks will follow.
Symantec Security researcher Patrick Fitzgerald said in a blog post that this Flash Player assault was predominantly hazardous due to the ubiquitous nature of Flash. Usually vulnerabilities are restricted to a specific browser or operating system, in this case, Flash can affect many platforms, causing issues across a range of platforms.

“Flash is used in a good number browsers and is also available in PDF documents. It is largely operating-system-independent; therefore the threat posed by this issue is not to be taken lightly,” Fitzgerald said. “The big user base of Flash presents attackers with a huge target audience Meanwhile, researchers at the
“NoScript a Firefox extension that allows JavaScript to be executed only by trusted Web sites] is your best help here, of course,” said SANS researcher Gearld FitzPatrick, in a blog post.

FitzPatrick said that the vulnerability has now paved the way for a low number of “drive-by” attacks, in that attackers infuse a legitimate Web site with malicious code or lure users to a malicious Web site of their own creation. Attacks have been launched on Internet Explorer and Firefox Web browsers, FitzPatrick said.

Adobe said it has been in touch with security and antivirus vendors and
The U.S. CERT recommends that users avoid the security bug by disabling Flash in Adobe Reader 9 on Windows and either disabling Flash Player or selectively enabling Flash content.

Security experts propose that users don’t open PDF attachments from unfamiliar or untrusted sources, and keeping antivirus software up to date.

Posted in Security Testing

Powered by WordPress | Log in | Entries (RSS) | Comments (RSS) | ilookgood! theme by iwritealot!