6 C
London
Sunday, November 19, 2017
Home Tags Certificate

Tag: Certificate

In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. The certificate includes information about the key, information about its owner’s identity, and the digital signature of an entity that has verified the certificate’s contents are correct. If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to communicate with its owner.

In a typical public-key infrastructure (PKI) scheme, the signer is a certificate authority (CA), usually a company that charges customers to issue certificates for them. In a web of trust scheme, the signer is either the key’s owner (a self-signed certificate) or other users (“endorsements”) whom the person examining the certificate might know and trust.

Certificates are an important component of Transport Layer Security (TLS, sometimes called by its older name SSL, Secure Sockets Layer), where they prevent an attacker from impersonating a secure website or other server. They are also used in other important applications, such as email encryption and code signing.

Symantec wants to see the encrypted Web grow and will offer free basic SSL/TLS certificates to domain owners through Web hosting companies that join its new Encryption Everywhere program. The company has already signed partnerships with more than ten hosting providers, including InterNetX, CertCenter, Hostpoint and Zoned in Europe, and is close to finalizing deals with ten others.

The customers of those companies will receive a basic website encryption package that includes a standard TLS certificate valid for one year. Depending on their needs, customers will also be able to opt for paid premium packages that include extended validation (EV) certificates or wildcard certificates that are valid for multiple websites hosted on different subdomains. According to Symantec, which now operates one of the world's largest certificate authorities (CAs) after acquiring Verisign's certificate business in 2010, only around 3 percent of all Internet websites are currently using SSL/TLS encryption. From a business perspective, Symantec is, for the first time, adopting the freemium pricing model, where a product with basic functionality is offered for free on the premise that a percentage of users will later decide to pay for more advanced features. "The need for privacy for legitimate individuals and companies is growing and it's that need that we are responding too," said Roxane Divol, general manager for the Website Security division at Symantec. "This in turn generates a need for good governance and a swift mechanism for when certificates need to be revoked, and that is also something that we pay a lot of attention to." In recent years, security and privacy experts have called for widespread encryption of Internet communications following the revelations of bulk Internet surveillance by intelligence agencies like the U.S. National Security Agency or the U.K.'s Government Communications Headquarters. Cryptography and security expert Bruce Schneier, who had access to the cache of secret documents leaked by former NSA contractor Edward Snowden, believes that ubiquitous encryption would make eavesdropping expensive and could force intelligence agencies to abandon the wholesale collection of data in favor of targeted collection. Symantec is not the first CA to offer free certificates in an attempt to encourage website owners to encrypt their users' traffic. Let's Encrypt, a certificate authority run by the ISRG (Internet Security Research Group) and backed by Mozilla, Cisco, Akamai, Facebook and others, has already issued over a million free certificates in three months since it launched. According to Divol, Symantec has been working on its Encryption Everywhere program for a long time, but focused on the seamless integration with the management platforms used by hosting providers. Unlike Let's Encrypt, which requires users to have some know-how about certificate deployment and management, Encryption Everywhere's integration with hosting panels makes it easy for people without such technical knowledge to obtain and use certificates.

Therefore, the two projects address slightly different audiences. The problem with making it easy for website owners to deploy encryption is that it also lowers the entry bar for cybercriminals.

Buying TLS certificates to encrypt malicious traffic didn't make much business sense for criminals, because they typically switch domain names at a fast pace to evade detection by security companies.

But now that certificates can be acquired for free and in an automated manner, security solutions will likely have to deal with an increase in malicious encrypted traffic. However this will play out in the long term, the general thinking is that improving everyone's security and privacy by widespread use of encryption on the Web outweighs any potential risk of attacks becoming harder to detect.
Let's Encrypt, an organization set up to encourage broader use of encryption on the Web, has distributed 1 million free digital certificates in just three months. The digital certificates cover 2.5 million domains, most of which had never implemented SSL/TLS (Secure Sockets Layer/Transport Layer Security), which encrypts content exchanged between a system and a user.

An encrypted connection is signified in most browsers by "https" and a padlock appearing in the URL bar. "Much more work remains to be done before the Internet is free from insecure protocols, but this is substantial and rapid progress," according to a blog post by the Electronic Frontier Foundation, one of Let's Encrypt's supporters. The organization is run by the ISRG (Internet Security Research Group) and is backed by Mozilla, Cisco, Akamai, Facebook and others. There's been a push in recent years to encourage websites to implement SSL/TLS, driven in part by a rise in cybercrime, data breaches and government surveillance. Google, Yahoo, and Facebook have all taken steps to secure their services. SSL/TLS certificates are sold by major players such as Verisign and Comodo, with certain types of certificates costing hundreds of dollars and needing periodic renewal.

Critics contend the cost puts off some website operators, which is in part why Let's Encrypt launched a free project. "It is clear that the cost and bureaucracy of obtaining certificates was forcing many websites to continue with the insecure HTTP protocol, long after we've known that HTTPS needs to be the default," the EFF wrote.
Updated nss packages that fix one security issue are now available forRed Hat Enterprise Linux 5.Red Hat Product Security has rated this update as having Critical securityimpact.

A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section. Network Security Services (NSS) is a set of libraries designed to supportthe cross-platform development of security-enabled client and serverapplications.A heap-based buffer overflow flaw was found in the way NSS parsed certainASN.1 structures.

An attacker could use this flaw to create a speciallycrafted certificate which, when parsed by NSS, could cause it to crash, orexecute arbitrary code, using the permissions of the user running anapplication compiled against the NSS library. (CVE-2016-1950)Red Hat would like to thank the Mozilla project for reporting this issue.Upstream acknowledges Francis Gabriel as the original reporter.All nss users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue.

For the update to takeeffect, all applications linked to the nss library must be restarted, orthe system rebooted. Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258RHEL Desktop Workstation (v. 5 client) SRPMS: nss-3.19.1-4.el5_11.src.rpm     MD5: 544778df37f1d2d9ce9e11098bc3b210SHA-256: e2ed10921358fe438dc597b79575e0288375277682c1f794f616d118703cec72   IA-32: nss-debuginfo-3.19.1-4.el5_11.i386.rpm     MD5: d8f4b1ead7c0738185923b7485a9f4f1SHA-256: e1dca4fae0064ec73069503185f570703b50abe5d1186e83465d84fbc0ad01dd nss-devel-3.19.1-4.el5_11.i386.rpm     MD5: e9ac998fc83624b5e42b8ef508c70db4SHA-256: 7d77d7819b16fc71965ed86ca7e10f6be48c5997a13512fb8d77f56d3bf13b74 nss-pkcs11-devel-3.19.1-4.el5_11.i386.rpm     MD5: 472d167a003745770ca3d0b7c7109ed4SHA-256: 333a39e4714a367ac8f46a26c3adb6981b8e54b09b4a241c43a84c0a2a8195fd   x86_64: nss-debuginfo-3.19.1-4.el5_11.i386.rpm     MD5: d8f4b1ead7c0738185923b7485a9f4f1SHA-256: e1dca4fae0064ec73069503185f570703b50abe5d1186e83465d84fbc0ad01dd nss-debuginfo-3.19.1-4.el5_11.x86_64.rpm     MD5: 45061cba17fae1dfe581a415d44773bfSHA-256: 72a6d9440442e9e6765d9f22877b72a83bfa00dcfe9a704b50e565f69795d1d3 nss-devel-3.19.1-4.el5_11.i386.rpm     MD5: e9ac998fc83624b5e42b8ef508c70db4SHA-256: 7d77d7819b16fc71965ed86ca7e10f6be48c5997a13512fb8d77f56d3bf13b74 nss-devel-3.19.1-4.el5_11.x86_64.rpm     MD5: 4d831042af7dfa6e80ad6bf9579cd4efSHA-256: 65ddd0935783f0ac00c61fd3e13d7fb6509f01d3afa423c7dbfdb4c3aabc4281 nss-pkcs11-devel-3.19.1-4.el5_11.i386.rpm     MD5: 472d167a003745770ca3d0b7c7109ed4SHA-256: 333a39e4714a367ac8f46a26c3adb6981b8e54b09b4a241c43a84c0a2a8195fd nss-pkcs11-devel-3.19.1-4.el5_11.x86_64.rpm     MD5: c1a2ac387761f45260de137e35545280SHA-256: fb02c20684a651c675e5b81fcba40487e1c8e6cfdcb90d261888347980b9bef9   Red Hat Enterprise Linux (v. 5 server) SRPMS: nss-3.19.1-4.el5_11.src.rpm     MD5: 544778df37f1d2d9ce9e11098bc3b210SHA-256: e2ed10921358fe438dc597b79575e0288375277682c1f794f616d118703cec72   IA-32: nss-3.19.1-4.el5_11.i386.rpm     MD5: 83ca14029531b9d549bb8df9f5aac525SHA-256: 450dd70148a25759d516bb7f9ee6864a8038221cd23cffa78dd4c97a6fcaf5b2 nss-debuginfo-3.19.1-4.el5_11.i386.rpm     MD5: d8f4b1ead7c0738185923b7485a9f4f1SHA-256: e1dca4fae0064ec73069503185f570703b50abe5d1186e83465d84fbc0ad01dd nss-devel-3.19.1-4.el5_11.i386.rpm     MD5: e9ac998fc83624b5e42b8ef508c70db4SHA-256: 7d77d7819b16fc71965ed86ca7e10f6be48c5997a13512fb8d77f56d3bf13b74 nss-pkcs11-devel-3.19.1-4.el5_11.i386.rpm     MD5: 472d167a003745770ca3d0b7c7109ed4SHA-256: 333a39e4714a367ac8f46a26c3adb6981b8e54b09b4a241c43a84c0a2a8195fd nss-tools-3.19.1-4.el5_11.i386.rpm     MD5: 4dc8eec54f5690c46382ff359057ab2aSHA-256: 8fe0677dc573438c67b08a066581839480190c417fd42f45b426bf9a35a27693   IA-64: nss-3.19.1-4.el5_11.i386.rpm     MD5: 83ca14029531b9d549bb8df9f5aac525SHA-256: 450dd70148a25759d516bb7f9ee6864a8038221cd23cffa78dd4c97a6fcaf5b2 nss-3.19.1-4.el5_11.ia64.rpm     MD5: a35672e89acaa20191c2a1d75da4cf71SHA-256: 27ea8e9c557bd3ec8ee5c1f44c9c73a44e55887d83216f6b529c6cb78c95fdd7 nss-debuginfo-3.19.1-4.el5_11.i386.rpm     MD5: d8f4b1ead7c0738185923b7485a9f4f1SHA-256: e1dca4fae0064ec73069503185f570703b50abe5d1186e83465d84fbc0ad01dd nss-debuginfo-3.19.1-4.el5_11.ia64.rpm     MD5: ac3a0adacec8c1952bc40e06d3435bdfSHA-256: 192132ea5cc4e1ba95fdd88208fbf20b0f9b55bbbfe86e749f060a9c30b83c3f nss-devel-3.19.1-4.el5_11.ia64.rpm     MD5: b002cc06061fe42fa347d0c058ea4811SHA-256: 6a9a2d5772f1ed63cbd4c26a5614ece8fe687840ca3da17d1fb114864085852c nss-pkcs11-devel-3.19.1-4.el5_11.ia64.rpm     MD5: 2a10e4e1437184cd437d1a43b5501d0cSHA-256: 47c9c10468f87486ecda09fde342a1a5279d2fddc83d20fb090ac8bfa73c82a6 nss-tools-3.19.1-4.el5_11.ia64.rpm     MD5: 12b8332fe8ac7dc222bb58d44e3708cdSHA-256: 501dba43ca3c730875eb36dfaadebed45504d76fd1a7ca08b7f8a52127d2c097   PPC: nss-3.19.1-4.el5_11.ppc.rpm     MD5: 5f7cba235a6dfda6d50ca13db34ce18dSHA-256: b25d4537c0b393d46ec963030f6fc920e062f70a38dc63ff575a7fc875dd03cf nss-3.19.1-4.el5_11.ppc64.rpm     MD5: f4e685a10dfcf8347dad8d1a2a644933SHA-256: d037cd5df70a5548f0f6fb385e0cdfaa45c1a08ba0c3377c0e39461925b08d68 nss-debuginfo-3.19.1-4.el5_11.ppc.rpm     MD5: 63f5dcca54604214dc325f4b611ab278SHA-256: 3232b8e8c0ca0442031caf6ee5cfc59b164ddbae71ea0647877d8e000a20dc93 nss-debuginfo-3.19.1-4.el5_11.ppc64.rpm     MD5: 202e7f031d0f9c208146a3122d6e2254SHA-256: a935fa28c0fe4abd58ee34124089aa04c36f83032b86ca2425b03773b0e412e0 nss-devel-3.19.1-4.el5_11.ppc.rpm     MD5: baf4fc80ff841213fd3a7c3a67960cdcSHA-256: f34e24e14ba59f3d4c6cfe02155fe10bbb4ad62a8d41e356477a22ef35f84238 nss-devel-3.19.1-4.el5_11.ppc64.rpm     MD5: 914d98205a78f05982fc15b82f5eaf73SHA-256: f25ab7119e9df59585263f5fabc8ca336d592d16ef2e742ad0cbcf9b83a4ae6f nss-pkcs11-devel-3.19.1-4.el5_11.ppc.rpm     MD5: 818fad2e71a84adfc38100213c7a45dcSHA-256: 8e0c8f779047f96ed7511e28b159e4dfc4aa2fbd6e3aaf6f6529d7c30afe0b74 nss-pkcs11-devel-3.19.1-4.el5_11.ppc64.rpm     MD5: 5bc98dee078cc79717e2f213d0bfc727SHA-256: 55fe6615b778c780abf646158796a8e4d659205dc2f3bb55b5d58dddedf51450 nss-tools-3.19.1-4.el5_11.ppc.rpm     MD5: 18b786adc652500b133554e106a5d1eaSHA-256: 160ef3d5462c29caaaba55dafdaea301158c696a3671f9195a0683f858b76200   s390x: nss-3.19.1-4.el5_11.s390.rpm     MD5: 6952cec820827c2a220c5dd037bceb68SHA-256: 0c6e38e62e89941560c23c04f2a6bbc1015a484f8859719d323680f1de3574c1 nss-3.19.1-4.el5_11.s390x.rpm     MD5: 791a8d37c6cba0c5a1dfed5b2d05f984SHA-256: 203c91421553c236aa4510142607ad9faa771e3ede0b4ea1f189e21d447feb46 nss-debuginfo-3.19.1-4.el5_11.s390.rpm     MD5: 5a3c7b1fb3d3cd3ca8715ecf68c57c27SHA-256: c72d63adf72c06f88911d929276e94f8e178629a66b01ca12eddfa25df7da77c nss-debuginfo-3.19.1-4.el5_11.s390x.rpm     MD5: bb2633f65366110d759fe4a52c048ae5SHA-256: efd7c0a5246413c2b753a562948d24ca4c30746925281295ef4fbc34cf749f41 nss-devel-3.19.1-4.el5_11.s390.rpm     MD5: 9624cff8b5026550f9d649ea5a64e56fSHA-256: e954423ebfc1da59eaf7323b08824d8eac9757e8944dd6dcbd1546eedd98392a nss-devel-3.19.1-4.el5_11.s390x.rpm     MD5: ee26742a2127da92358babfd40a579e6SHA-256: e6969d38708320399711a4d97829d92643899420cfd11608eafe12437435474e nss-pkcs11-devel-3.19.1-4.el5_11.s390.rpm     MD5: c19938f16265b38c90a1180a6a06d044SHA-256: 73506eaa4e80c3bd63fc77724d5861a7d2c8288d1042057629e5630b6f0f7612 nss-pkcs11-devel-3.19.1-4.el5_11.s390x.rpm     MD5: de2245af4b71574cbaef743c42af6c5fSHA-256: ed427c79215cfc23771c775776ea90e4d10601f069f65e41806f6dabda2caade nss-tools-3.19.1-4.el5_11.s390x.rpm     MD5: 8f3644756fef8157ab0459a4829562b2SHA-256: 7a9873d6f863882a8456341af4ac51c03b4f88586872accb5143c2865f0b2f8a   x86_64: nss-3.19.1-4.el5_11.i386.rpm     MD5: 83ca14029531b9d549bb8df9f5aac525SHA-256: 450dd70148a25759d516bb7f9ee6864a8038221cd23cffa78dd4c97a6fcaf5b2 nss-3.19.1-4.el5_11.x86_64.rpm     MD5: 4976117843e939b48d8944c3d863c2b3SHA-256: 943076eece09883a2319211f72064bb9cbd3ca45ee8f0d754a58e0a91e38ea8b nss-debuginfo-3.19.1-4.el5_11.i386.rpm     MD5: d8f4b1ead7c0738185923b7485a9f4f1SHA-256: e1dca4fae0064ec73069503185f570703b50abe5d1186e83465d84fbc0ad01dd nss-debuginfo-3.19.1-4.el5_11.x86_64.rpm     MD5: 45061cba17fae1dfe581a415d44773bfSHA-256: 72a6d9440442e9e6765d9f22877b72a83bfa00dcfe9a704b50e565f69795d1d3 nss-devel-3.19.1-4.el5_11.i386.rpm     MD5: e9ac998fc83624b5e42b8ef508c70db4SHA-256: 7d77d7819b16fc71965ed86ca7e10f6be48c5997a13512fb8d77f56d3bf13b74 nss-devel-3.19.1-4.el5_11.x86_64.rpm     MD5: 4d831042af7dfa6e80ad6bf9579cd4efSHA-256: 65ddd0935783f0ac00c61fd3e13d7fb6509f01d3afa423c7dbfdb4c3aabc4281 nss-pkcs11-devel-3.19.1-4.el5_11.i386.rpm     MD5: 472d167a003745770ca3d0b7c7109ed4SHA-256: 333a39e4714a367ac8f46a26c3adb6981b8e54b09b4a241c43a84c0a2a8195fd nss-pkcs11-devel-3.19.1-4.el5_11.x86_64.rpm     MD5: c1a2ac387761f45260de137e35545280SHA-256: fb02c20684a651c675e5b81fcba40487e1c8e6cfdcb90d261888347980b9bef9 nss-tools-3.19.1-4.el5_11.x86_64.rpm     MD5: e6937b5083bac59f1f9a23eeeb650f43SHA-256: 8076efffecd7eb91da1bb1115921bfd4b250e599597c1daeb920a9e620fa7550   Red Hat Enterprise Linux Desktop (v. 5 client) SRPMS: nss-3.19.1-4.el5_11.src.rpm     MD5: 544778df37f1d2d9ce9e11098bc3b210SHA-256: e2ed10921358fe438dc597b79575e0288375277682c1f794f616d118703cec72   IA-32: nss-3.19.1-4.el5_11.i386.rpm     MD5: 83ca14029531b9d549bb8df9f5aac525SHA-256: 450dd70148a25759d516bb7f9ee6864a8038221cd23cffa78dd4c97a6fcaf5b2 nss-debuginfo-3.19.1-4.el5_11.i386.rpm     MD5: d8f4b1ead7c0738185923b7485a9f4f1SHA-256: e1dca4fae0064ec73069503185f570703b50abe5d1186e83465d84fbc0ad01dd nss-tools-3.19.1-4.el5_11.i386.rpm     MD5: 4dc8eec54f5690c46382ff359057ab2aSHA-256: 8fe0677dc573438c67b08a066581839480190c417fd42f45b426bf9a35a27693   x86_64: nss-3.19.1-4.el5_11.i386.rpm     MD5: 83ca14029531b9d549bb8df9f5aac525SHA-256: 450dd70148a25759d516bb7f9ee6864a8038221cd23cffa78dd4c97a6fcaf5b2 nss-3.19.1-4.el5_11.x86_64.rpm     MD5: 4976117843e939b48d8944c3d863c2b3SHA-256: 943076eece09883a2319211f72064bb9cbd3ca45ee8f0d754a58e0a91e38ea8b nss-debuginfo-3.19.1-4.el5_11.i386.rpm     MD5: d8f4b1ead7c0738185923b7485a9f4f1SHA-256: e1dca4fae0064ec73069503185f570703b50abe5d1186e83465d84fbc0ad01dd nss-debuginfo-3.19.1-4.el5_11.x86_64.rpm     MD5: 45061cba17fae1dfe581a415d44773bfSHA-256: 72a6d9440442e9e6765d9f22877b72a83bfa00dcfe9a704b50e565f69795d1d3 nss-tools-3.19.1-4.el5_11.x86_64.rpm     MD5: e6937b5083bac59f1f9a23eeeb650f43SHA-256: 8076efffecd7eb91da1bb1115921bfd4b250e599597c1daeb920a9e620fa7550   (The unlinked packages above are only available from the Red Hat Network) 1310509 - CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
In data transmission, bandwidths in the Gigabit range call for new IT security solutions.

This applies in particular to traditional unified threat management (UTM) firewalls, which have limited performance.

At this year's CeBIT, the IT security company Rohde & Schwarz Cybersecurity will present an innovative solution that for the first time meets the challenges posed by higher bandwidths: the UTM+ firewall series with an integrated next-generation engine.

The integrated software also comes with high-end features.Munich, March 8, 2016 — The UTM+ firewall series was designed especially for the needs of medium sized businesses.
It is just as powerful as a next-generation firewall (NGFW) due to the integrated single-pass technology. While the efficiency of a traditional UTM appliances ends in the megabit range, UTM+ appliances provide performance in the Gigabit range.

And they offer even more: the UTM+ models are easy-to-use, all-in-one solutions and are significantly less expensive than next-generation firewalls. In addition to single-pass technology, further high-performance next-generation firewall features were integrated into the new UTM+ solution.

These include, for example, security mechanisms such as port-independent SSL decryption for automatic analysis of encrypted data traffic.

The permanent layer 7 scanner ensures complete and continuous analysis of data packets – even after successful validation.

The application control feature allows a fine-grained analysis of network traffic.

The firewall operating system is additionally protected with a highly secure firewall container system. Like all new Rohde & Schwarz Cybersecurity products to be showcased at CeBIT, the UTM+ firewalls follow the innovative approach "security by design", which prevents attacks proactively rather than reactively. Security certificate: made in GermanyAt CeBIT 2016, the Rohde & Schwarz security companies gateprotect, Sirrix, Rohde & Schwarz SIT and ipoque will, for the first time, bundle their broad ranges of technologically leading IT and network security solutions under the umbrella of the new Rohde & Schwarz Cybersecurity GmbH.

The first product of this new big player is the UTM+ V16. The UTM+ V16 is the improved successor model to the successful GP series with V15 software from gateprotect.

The V16 software is not only more powerful, but can be optically recognized as a Rohde & Schwarz product.
Instead of the familiar red, it now comes in the blue and gray Rohde & Schwarz corporate colors. Rohde & Schwarz Cybersecurity, a 100 % subsidiary of the Rohde & Schwarz electronics group, develops and manufactures its products exclusively in Germany.

Customers can therefore rely on the stringent German quality and data protection standards as well as maximum performance for all Rohde & Schwarz Cybersecurity products. Contact:Svenja Borgschulte, Tel.: +49 (0)221 801087 85, Fax: +49 (0)221 801087 77, E-Mail: sb@moeller-pr.de Kontakt für Leser:Christian Reschke, Tel.: +49 (0)30 65884 232, Fax: +49 (0)30 65884 184, E-Mail: christian.reschke@rohde-schwarz.com https://cybersecurity.rohde-schwarz.com/de CeBIT 2016 in Hanover, March 14 to 18 hall 6/booth G16 Rohde & Schwarz CybersecurityThe IT security company Rohde & Schwarz Cybersecurity protects companies and public institutions around the world against espionage and cyberattacks.

The company offers high-end encryption solutions, next-generation firewalls, network traffic analytics and endpoint security software in addition to producing cutting-edge technical solutions for IT and network security.

These “Made in Germany” IT security solutions range from compact all-in-one products to custom solutions for critical infrastructures.

The “security by design” approach, which employs a proactive rather than reactive approach to dealing with cyberattacks, is central to the development of trusted IT solutions.

Around 400 employees work at the current sites in Berlin, Bochum, Darmstadt, Hamburg, Leipzig, Munich and Saarbrücken. R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG.All press releases are available online at https://cybersecurity.rohde-schwarz.com/de.Image material can also be downloaded there.
Google addressed 19 security vulnerabilities, seven of them rated critical, in its latest Android security update.  The updates addressed critical security vulnerabilities in the keyring component, MediaTek Wi-Fi Driver, Conscrypt, the libvpx library, Mediaserver component, and the Qualcomm Performance component.

The most severe vulnerability is the remote code execution flaw in Mediaserver that could be exploited through multiple methods, including email, Web browsing, and MMS, when processing maliciously crafted media files. Mediaserver still vulnerable Google has patched more than two dozen Mediaserver flaws since August, when the original Stagefright flaw was disclosed.
Since then, Google's internal security team has been identifying and fixing other security vulnerabilities scattered throughout the rest of the Mediaserver and the libstagefright library code. The steady stream of Mediaserver vulnerabilities has slowed, as this month's update fixed only two critical flaws (CVE 2016 0815, CVE 2016 0816) and three high-priority issues in Mediaserver. "During the media file and data processing of a specially crafted file, vulnerabilities in Mediaserver could allow an attacker to cause memory corruption and remote code execution as the Mediaserver process," wrote Google in the security bulletin. Google also patched an information disclosure vulnerability in libstagefright (CVE 2016 0824), two elevation of privilege vulnerabilities in Mediaserver (CVE 2016 0826, CVE 2016 0827), and two information disclosure vulnerabilities in Mediaserver (CVE-2016-0828, CVE 2016-0829).

They are all rated as high priority because they cannot be used for remote code execution, but they can be used by attackers to gain elevated capabilities, such as Signature or SignatureOrSystem permissions, which most third-party apps should not have access to.

The information disclosure flaws can be used to bypass security measures, while the elevation of privilege flaw could be used by a malicious app to execute arbitrary code. The critical flaw in libvpx (CVE 2016 1621) is related to previous Mediaserver vulnerabilities, as attackers could exploit this issue to cause memory corruption and remote code execution as the mediaserver process.

The flaw can be triggered with remote content, such as MMS messages or playing media files through the browser. Multiple elevation of privilege bugs fixed The remaining critical vulnerabilities are elevation of privilege flaws.

The Conscrypt bug (CVE 2016 0818) could allow a specific type of invalid certificate to be trusted, resulting in a man-in-the-middle attack.

A malicious app could trigger the flaw in the Qualcomm performance component (CVE 2016-0819) to execute arbitrary code in the kernel.

The only way to repair the compromised device would be by re-flashing the operating system.

The Kernel Keyring bug (CVE 2016-0728) will also let a malicious app execute arbitrary code locally, requiring reflashing the operating system. However, the Kernel Keyring component is protected in Android versions 5.0 and above because SELinux rules prevent third-party applications from accessing the vulnerable code, according to the bulletin. The final critical vulnerability in the MediaTek Wi-Fi kernel driver (CVE 2016 0820) could also be abused by a malicious app. While another MediaTek flaw (CVE 2016 0822) could result in arbitrary code execution, it was rated only as high priority because the attacker would first have to compromise the conn_launcher service, "which may not even be possible," Google said. The patches for Qualcomm and MediaTek components are posted on the Google Developer site and not in the Android Open Source Project repository. High priority and medium priority bugs also addressed Google fixed a mitigation bypass vulnerability in the kernel (CVE 2016 0821) that could let attackers bypass security measures in place.

The vulnerability is related to a change made to poison pointer values in the Linux kernel back in September.

The updates also addressed an information disclosure vulnerability in the kernel (CVE 2016 0823) that could result in malicious apps locally bypassing exploit mitigation technologies like ASLR in a privileged process.

The bug was also fixed in the Linux upstream back in March 2015. The information disclosure vulnerability in the Widevine Trusted Application component could allow code running in the kernel context to access information in TrustZone secure storage, Google said in its bulletin. Like the high-priority Mediaserver flaws, this bug could be used to gain permissions typically not granted to third-party apps.

The final high-priority bug is a remote denial-of-service flaw in Bluetooth that could allow an attacker within a certain distance of the target device to block access.

The attacker could cause an overflow of identified Bluetooth devices in the component, leading to memory corruption and service stop.

The issue could potentially only be fixed by flashing the device, Google said. The two moderate-priority bugs are in the Telephony component and the Setup Wizard.

The information disclosure vulnerability in the telephony component could allow an app to access sensitive data on the device.

The elevation of privilege vulnerability in Setup Wizard can be exploited by an attacker who has physical access to the device and can perform a manual device reset. Patch if possible None of these issues have been exploited in the wild. Builds LMY49H or later and Android M with Security Patch Level of "March 01, 2016" or later contain fixes for these issues.

The Build information is available through the Settings app on Android devices, under the About phone option.

The Security Patch Level is shown in the same location on Android M devices and some Samsung devices running the latest Lollipop versions. Since phone makers and carriers control when the updates are actually pushed to Android devices, for most users, the best ways to stay up-to-date with the security fixes are to buy Nexus devices, upgrade to newer devices frequently, or install custom Android versions themselves. Partners, including handset makers and phone carriers, received the bulletin on Feb. 1.

The Nexus devices will receive over-the-air updates and the patches are expected to be posted to the Android Open Source Project repository. Non-Nexus devices will follow schedules determined by the manufacturers or the carriers. While Samsung has committed to updates for its latest models, many Android phones remain on older versions. Google's Android Security team is actively monitoring for abuse with Verify Apps and SafetyNet, which both warn users of potentially harmful applications about to be installed. Introduced in Android 4.2, Verify Apps works by scanning all .apk packages downloaded from Google Play and other sources for potentially harmful applications. "Google's systems use machine learning to see patterns and make connections that humans would not," Elena Kovakina, a senior security analyst at Google, said in Febrary at the Kaspersky Lab Security Analyst Summit. Verify Apps scan for known attack vectors and scenarios such as phishing, rooting operations, ransomware, backdoors, spyware, harmful sites, SMS fraud, WAP fraud, and call fraud.

Because it's enabled by default, most malicious attacks are thwarted, Kovakina said.

An example is the recent Lockdroid malware, which could have affected a large percentage of Android devices, but turned out to have not infected any Android users. Even if users can't update their Android devices to the latest versions, the SafetyNet and Verify Apps features filter out the majority of bad apps which could take advantage of these flaws.
NEWS ANALYSIS: The first known attempt to spread ransomware on Macs was quickly spotted and disabled by security researchers and by Apple, but it won’t be the last. The first try at creating ransomware for the Macintosh was a bust, according to a spokesperson at Apple who told eWEEK that the company acted to invalidate the developer certificate tied to the malware to protect users from installing it.The malware was initially found by researchers at Palo Alto Networks, who alerted Apple and Transmission, the software developer that made the Tor file transfer app that was infected to spread the malware.Macintosh users who downloaded the Transmission software can get rid of the malware, now called KeRanger, by downloading the updated version 2.9.2 of the Transmission installer, which among other things, contains code that will find and remove the malware.Meanwhile, Apple updated XProtect so that it would recognize the KeRanger malware, and prevent it from infecting more Macintosh computers. XProtect is Apple's built-in anti-malware software for the Macintosh. Of the approximately 6,500 Mac users that downloaded the infected Transmission software, most won't actually have their files encrypted by the malware nor have to pay the hackers a Bitcoin ransom to get the decryption key because the necessary file, called General.RTF, won't execute. Unfortunately, a few Mac users will have had their files encrypted before the malware was detected and thwarted.

These users will either need to pay to decrypt them, or if they're lucky, restore their files from a backup.The vast majority of Macintosh users dodged the bullet this time, but it's not safe for them to assume that the hackers won't have better luck and better malware, the next time.Then Mac users will find themselves in a situation similar to what Windows users have been dealing with for years.

The only safe approach is to assume that any software you don't personally know to be safe probably isn't.The reason that Mac users haven't had to worry about ransomware or other malware until recently isn't that the Macintosh is immune, because it's not.

The reason that Macs haven't had a problem is mainly that their market share has been so low that malware writers didn't have the economic incentive to write malware.

But that's all changed.As Apple's market share has grown, so has the temptation to create malware and Apple's XProtect is the first approach at fighting it.

But XProtect is only a basic, signature-based security package, so it's limited in what it can do against advanced threats.

Fortunately, all of the familiar antivirus packages are also available for your Mac, including software from Symantec, McAfee, Avast, Trend Micro and many others.But ransomware isn't always picked up by antivirus software or by corporate firewalls. What happens then is that you could still end up with your data encrypted and find yourself stuck with no means of getting your work done except to pay the ransom.Unfortunately, the problem is only going to get worse. "This is the first really functional ransomware on the Mac," said Dodi Glenn, vice president of cyber-security for PC Pitstop, a security vendor. 
Quick detection by Palo Alto Networks, Apple and the affected open-source project means most users likely disabled the software before it started to run. A ransomware group targeted Mac users with the first fully functional malware program capable of encrypting data and demanding a ransom of 1 Bitcoin, about $412, for providing the key to unlock the data, Palo Alto Networks said on March 7.Users of the open-source Transmission Bittorrent client, who downloaded the latest version of that software on March 4, may have infected their system with the malware, dubbed KeRanger by Palo Alto.

Because the security firm identified the threat within six hours of its posting and warned Apple and the developers that the open-source software had been infected, the ransomware's impact will likely be blunted, Ryan Olson, director of threat intelligence for Unit 42, the research group at Palo Alto Networks, told eWEEK."We will see now whether people report whether they had files encrypted, but we think the impact will be small because we were able to work quickly to find this and work with our peers in the industry to remove the threat before it had an impact," Olson said.KeRanger is designed to encrypt more than 300 different file types on Macs and to replace the files with encrypted versions.

After installation, however, KeRanger waits three days before starting its encryption cycle, a technique that can foil some defenders' attempts to detect potentially malicious files.
In this case, Palo Alto hoped the delay allowed users to uninstall the malicious program before it started its encryption routine, Olson said. While ransomware is a very successful attack on Windows systems, making criminals millions of dollars in payments, the Mac had not seen a significant ransomware attack. However, the advent of KeRanger shows that criminals are targeting the operating system. The ransomware attack took a lot of effort, Olsen said. Not only did the criminals write the malware, but they also had to steal a legitimate software certificate to bypass Apple's Gatekeeper software for blocking non-legitimate apps.In addition, the criminals behind the malware had to somehow gain access to the site from which the Transmission Bittorrent client could be downloaded. On March 4, the criminals replaced the Transmission client with a copy infected with the KeRanger malware.

Any users who downloaded version 2.90 of the program are at risk of being infected by the malware, Palo Alto Networks warned on March 6.The Transmission project posted a warning on its Website for its users."Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file," the company stated. "This new version will make sure that the 'OSX.KeRanger.A' ransomware … is correctly removed from your computer."KeRanger is not the first attempt to use ransomware against Mac OS X users.
In June 2014, antivirus firm Kaspersky Lab found an unfinished program on malware-classification site VirusTotal.

The ransomware, dubbed FileCoder, appeared to have been an early test version of a program that had not been completed."At this point, it became totally clear that (FileCoder) is a relatively harmless program, which could be turned into a fully functioning Trojan encrypter demanding money from its victims, but for some reason this had not been done," Kaspersky Lab stated at the time.
The first known working ransomware aimed at Macs contained hints that the cybercriminals were working on a way to encrypt backups in an attempt to force payment, security researchers said today. Dubbed "KeRanger" by Palo Alto Networks, whose researcher...
A type of malware that locks computer files and demands a fee for their release has successfully targeted Apple computers.The security researchers from Palo Alto Networks believe it is the first time ransomware has appeared on Macs.The KeRangers m...
With the help of security researchers, Apple over the weekend quickly blocked a cyberattack aimed at infecting Mac users with file-encrypting malware known as ransomware. The incident is believed to be the first Apple-focused attack using ransomware, which typically targets computers running Windows. Victims of ransomware are asked to pay a fee, usually in bitcoin, to get access to the decryption key to recover their files. Security company Palo Alto Networks wrote on Sunday that it found the "KeRanger" ransomware wrapped into Transmission, which is a free Mac BitTorrent client.  Transmission warned on its website that people who downloaded the 2.90 version of the client "should immediately upgrade to 2.92." It was unclear how the attackers managed to upload a tampered version of Transmission to the application's website.

But compromising legitimate applications is a commonly used method. "It’s possible that Transmission's official website was compromised and the files were replaced by re-compiled malicious versions, but we can’t confirm how this infection occurred," Palo Alto wrote on its blog. The tainted Transmission version was signed with a legitimate Apple developer's certificate.
If a Mac user's security settings are set to allow downloads from identified Apple developers, the person may not see a warning from Apple's GateKeeper that the application could be dangerous. Apple revoked the certificate after being notified on Friday, Palo Alto wrote.

The company has also updated its XProtect antivirus engine. After it is installed on a system, KeRanger waits three days before connecting to a remote command-and-control server using the Tor system.
It is coded to encrypt more than 300 types of files. The ransom is 1 bitcoin, or about $404. There are few defenses against ransomware.

Antivirus programs often do not catch it since the attackers frequently make modifications to fool security software. The best method is to ensure files are regularly backed up and that the backup system is isolated in a way to protect it from being infected as well. Disturbingly, KeRanger appears to also try to encrypt files on Apple's Time Machine, its consumer backup drive, Palo Alto wrote. Ransomware schemes have been around for more than a decade, but over the last few years have spiked. At first the attacks struck consumer computers, with the aim of extracting a few hundred dollars.

But it appears attackers are targeting companies and organizations that may pay a much larger ransom to avoid disruption. Last month, a Los Angeles hospital said it paid a $17,000 ransom after saying it was the quickest, most effective way to restore its systems.

The ransomware had affected its electronic medical records. Although Apple's share of the desktop computing market is much lower than Windows, cyberattackers have been showing increasing interest in it.

But so far, ransomware hasn't been a problem, although some researchers have created proof-of-concept file-encrypting malware for Macs. Last November, Brazilian security researcher Rafael Salema Marques published a video showing how he coded ransomware for Mac in a couple of a days. He didn't release the source code. Also, OS X security expert Pedro Vilaca posted proof-of-concept code on GitHub for Mac ransomware he wrote, another experiment showing how simple it would be for attackers to target the platform.
If you downloaded 2.90, you've got a few hours to get rid of it The first "fully functional" ransomware targeting OS X has landed on Macs – after somehow smuggling itself into downloads of the popular Transmission BitTorrent client. Transmission's developers have warned in a notice splashed in red on the app's website that if you fetched and installed an afflicted copy of the software just before the weekend, you must upgrade to a clean version. Specifically, downloads of version 2.90 were infected with ransomware that will encrypt your files using AES and an open-source crypto library, and demand a payment to unscramble the documents. Transmission has millions of active users.
It is possible the app's website was compromised, and the downloads tampered with to include the KeRanger nasty. Those who have had files encrypted will be asked by the malware to cough up US$400 in Bitcoins, paid to a website hidden in the Tor network, to get their files back. "Everyone running [version] 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file," the Transmission authors posted on Sunday. Palo Alto Networks researchers Claud Xiao and Jin Chen found the KeRanger ransomware hidden in the BitTorrent software on Friday, and warned the Transmission team of the infection. The pair and a group of seven others from Palo Alto Networks detected the infiltration hours after miscreants somehow injected the malware into the downloads.

They noted that KeRanger is programmed to encrypt victims' files three days after the infected Transmission client is installed. The website warning Mac fans who installed Transmission for OS X 2.90 from the official website between March 4 and March 5 are probably at risk.

Those who upgrade to the latest clean and ransomware-free version of Transmission – version 2.92 – by Monday, 11am PT (7pm UTC) should avoid having their files encrypted. The malicious code has a process name of kernel_service, which can be killed, and it stores its executable in ~/Library/kernel_service, which should be deleted.

The latest safe version of Transmission, v2.92, includes a tool to remove the KeRanger ransomware. "On March 4, we detected that the Transmission BitTorrent installer for OS X was infected with ransomware, just a few hours after installers were initially posted," Xiao and Chen wrote. "As FileCoder (earlier Mac ransomware) was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform. "It’s possible that Transmission’s official website was compromised and the files were replaced by re-compiled malicious versions, but we can’t confirm how this infection occurred." Attackers could potentially alter the ransomware through its command-and-control server so that KeRanger immediately encrypts files rather than lying in wait for a few days. KeRanger was cryptographically signed using a now-revoked Apple-issued developer certificate, but will still be accepted by OS X's Gatekeeper protection system.

That means if an OS X system is configured to only run software from trusted developers, KeRanger will be allowed to start as it is signed by a developer cert.

Apple has added the ransomware's signature to OS X's XProtect mechanism, which screens downloads and blocks malicious code. KeRanger also contains other dormant features that could encrypt Mac TimeMachine backups preventing users from restoring their machines.

As an interesting aside, the malware's executable was smuggled in an .RTF README file within Transmission. ® Sponsored: Managing business risk
nrkbeta A security research firm announced Sunday its discovery of what is believed to be the world’s first ransomware that specifically goes after OS X machines. "This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Ryan Olson, of Palo Alto Networks, told Reuters.The KeRanger malware, which imposes a 72-hour lockout window unless the victim pays 1 bitcoin ($410 as of this writing), appears to have been first discovered via a rogue version of Transmission, a popular BitTorrent client. For some time now, ransomware has primarily targeted Windows machines—threatening total data destruction if the ransom isn't paid. Recently, even a Los Angeles hospital was infected, which resulted in the payment of a $17,000 ransom.
In June 2015, the FBI said it had been contacted by 992 victims of CryptoWall, a similar ransomware scheme, who have sustained combined losses totaling over $18 million. On Saturday evening, some Transmission users noticed the strange activity on a discussion board—users concluded that the 2.90 version of Transmission was infected with the ransomware.
It appears that somehow the Transmission website may have been compromised as it was served via HTTP rather than the primary HTTPS Transmission website. Soon after, Transmission posted this message on its website: "Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file." In a technical analysis, Palo Alto Network’s Claud Xiao and Jin Chen wrote: The KeRanger application was signed with a valid Mac app development certificate; therefore, it was able to bypass Apple’s Gatekeeper protection.
If a user installs the infected apps, an embedded executable file is run on the system. KeRanger then waits for three days before connecting with command and control (C2) servers over the Tor anonymizer network.

The malware then begins encrypting certain types of document and data files on the system.

After completing the encryption process, KeRanger demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files.

Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data. Palo Alto Networks reported the ransomware issue to the Transmission Project and to Apple on March 4.

Apple has since revoked the abused certificate and updated XProtect antivirus signature, and Transmission Project has removed the malicious installers from its website. Palo Alto Networks has also updated URL filtering and Threat Prevention to stop KeRanger from impacting systems. Apple did not immediately respond to Ars’ request for comment. Palo Alto Networks also added: Users who have directly downloaded Transmission installer from official website after 11:00am PST, March 4, 2016 and before 7:00pm PST, March 5, 2016, may be been infected by KeRanger.
If the Transmission installer was downloaded earlier or downloaded from any third-party websites, we also suggest users perform the following security checks. Users of older versions of Transmission do not appear to be affected as of now. This story is developing. Please check back for updates.