6 C
London
Wednesday, November 22, 2017
Home Tags Internet Protocol Security (IPsec)

Tag: Internet Protocol Security (IPsec)

Secusmart, the BlackBerry subsidiary that secures the German Chancellor Angela Merkel’s smartphone, will roll out a version of its SecuSuite security software compatible with Samsung Electronics’ Knox platform later this year.That means that organizations looking for smartphones offering government-grade security will be able to buy the Samsung Galaxy S7 or, soon, the S8 rather than the now-discontinued BlackBerry OS smartphones like the one Merkel uses.[ Android is now ready for real usage in the enterprise. Read InfoWorld's in-depth guide on how to make Android a serious part of your business. | Get the best office suite and the 38 best business-worthy apps for your Android device. ] In addition to encrypting communications and data stored on the device, the new SecuSuite also secures voice calls using the SNS standard set by Germany’s Federal Office for Information Security (BSI). Organizational app traffic is passed through an IPsec VPN, while data from personal apps can go straight to the internet.

Encrypted voice calls go through a different gateway, not the VPN.To read this article in full or to leave a comment, please click here
At a time when the size of distributed denial-of-service attacks has reached unprecedented levels, researchers have found a new attack technique in the wild that allows a single laptop to take down high-bandwidth enterprise firewalls. The attack, dubbed BlackNurse, involves sending Internet Control Message Protocol (ICMP) packets of a particular type and code.
ICMP is commonly used for the ping network diagnostic utility, and attacks that try to overload a system with ping messages—known as ping floods—use ICMP Type 8 Code 0 packets. BlackNurse uses ICMP Type 3 (Destination Unreachable) Code 3 (Port Unreachable) packets instead and some firewalls consume a lot of CPU resources when processing them. According to experts from the Security Operations Center of the Danish telecom operator TDC, it would take from 40,000 to 50,000 ICMP Type 3 Code 3 packets a second to overload a firewall.

This is not a large number of packets and the bandwidth required to generate them is 15Mbps to 18Mbps, which means that BlackNurse attacks can be launched from a single laptop. “The impact we see on different firewalls is typically high CPU loads,” the TDC Security Operations Center (SOC) said in a technical report. “When an attack is ongoing, users from the LAN side will no longer be able to send/receive traffic to/from the internet.

All firewalls we have seen recover when the attack stops.” TDC SOC tested the attack successfully against Cisco Adaptive Security Appliance (ASA) firewalls in default configurations.

Cisco’s own documentation recommends that users allow ICMP Type 3 messages. “Denying ICMP unreachable messages disables ICMP Path MTU discovery, which can halt IPSec and PPTP traffic,” the company warns in its user guidelines. Some firewalls from Palo Alto Networks, SonicWall and Zyxel Communications are also affected, but only if they’re misconfigured or if certain protections are not turned on. “Palo Alto Networks Next-Generation Firewalls drop ICMP requests by default, so unless you have explicitly allowed ICMP in a security policy, your organization is not affected and no action is required,” Palo Alto said in a blog post in response to TDC SOC’s report. Customers who need to allow ICMP requests can follow best practices for DoS protection to mitigate this attack, the company said.

This involves enabling ICMP Flood and ICMPv6 Flood in their firewall’s DoS protection profile. Denial of service attacks are typically about generating more traffic than the target’s internet bandwidth can take.

BlackNurse is unusual in this respect, because it cannot be stopped by provisioning additional bandwidth. “On firewalls and other kinds of equipment a list of trusted sources for which ICMP is allowed could be configured,” the TDC SOC experts advise. “Disabling ICMP Type 3 Code 3 on the WAN interface can mitigate the attack quite easily.

This is the best mitigation we know of so far.” That said, there are many devices out there that are configured to accept ICMP traffic from the internet.

The TDC SOC has identified 1.7 million of them in Denmark alone.
Researchers warn that many 1,024-bit keys used to secure communications on the internet today might be based on prime numbers that have been intentionally backdoored in an undetectable way. Many public-key cryptography algorithms that are used to secure web, email, VPN, SSH and other types of connections on the internet derive their strength from the mathematical complexity of discrete logarithms -- computing discrete logarithms for groups of large prime numbers cannot be efficiently done using classical methods.

This is what makes cracking strong encryption computationally impractical. Most key-generation algorithms rely on prime parameters whose generation is supposed to be verifiably random. However, many parameters have been standardized and are being used in popular crypto algorithms like Diffie-Hellman and DSA without the seeds that were used to generate them ever being published.

That makes it impossible to tell whether, for example, the primes were intentionally "backdoored" -- selected to simplify the computation that would normally be required to crack the encryption. Researchers from University of Pennsylvania, INRIA, CNRS and Université de Lorraine recently published a paper in which they show why this lack of cryptographic transparency is problematic and could mean that many encryption keys used today are based on backdoored primes without anyone -- aside from those who created them -- knowing. To demonstrate this, the researchers created a backdoored 1,024-bit Diffie-Hellman prime and showed that solving the discrete log problem for it is several orders of magnitude easier than for a truly random one. "Current estimates for 1,024-bit discrete log in general suggest that such computations are likely within range for an adversary who can afford hundreds of millions of dollars of special-purpose hardware," the researchers said in their paper. "In contrast, we were able to perform a discrete log computation on a specially trapdoored prime in two months on an academic cluster." The problem is that for someone who doesn't know about the backdoor, demonstrating that a prime has been trapdoored in the first place would be nearly impossible. "The near universal failure of implementers to use verifiable prime generation practices means that use of weak primes would be undetectable in practice and unlikely to raise eyebrows." This is conceptually similar to the backdoor found in the Dual_EC random number generator, which is believed to have been introduced by the U.S. National Security Agency. However, that backdoor was much easier to find and, unlike Diffie-Hellman or DSA, Dual_EC never received widespread adoption. Diffie-Hellman ephemeral (DHE) is slowly replacing RSA as the preferred key exchange algorithm in TLS due to its perfect forward secrecy property that's supposed to keep past communications secure even if the key is compromised in the future. However, the use of backdoored primes would defeat that security benefit. Furthermore, 1,024-bit keys are still widely used online, despite the U.S. National Institute of Standards and Technology recommending a transition to larger key sizes since 2010.

According to the SSL Pulse project, 22 percent of the internet's top 140,000 HTTPS-enabled websites use 1,024-bit keys. "Our results are yet another reminder that 1,024-bit primes should be considered insecure for the security of cryptosystems based on the hardness of discrete logarithms," the researchers said. "The discrete logarithm computation for our backdoored prime was only feasible because of the 1,024-bit size, and the most effective protection against any backdoor of this type has always been to use key sizes for which any computation is infeasible." The researchers estimate that performing similar computations for 2048-bit keys, even with backdoored primes, would be 16 million times harder than for 1,024-bit keys and will remain infeasible for many years to come.

The immediate solution is to switch to 2048-bit keys, but in the future all standardized primes should be published together with their seeds, the researchers said. Documents leaked in 2013 by former NSA contractor Edward Snowden suggested that the agency has the ability to decrypt a lot of VPN traffic. Last year, a group of researchers speculated that the reason for this was the widespread use in practice of a small number of fixed or standardized groups of primes. "Performing precomputation for a single 1,024-bit group would allow passive eavesdropping on 18 percent of popular HTTPS sites, and a second group would allow decryption of traffic to 66 percent of IPsec VPNs and 26 percent of SSH servers," the researchers said in their paper at that time. "A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break."
Publish primes with seeds, so we know there are no backdoors Researchers with at the French Institute for Research in Computer Science and Automation (INRIA) and the University of Pennsylvania have called for security standards-setters to publish the seeds for the prime numbers on which their standards rely. The boffins also demonstrated again that 1,024-bit primes can no longer be considered secure, by publishing an attack using “special number field sieve” (SNFS) mathematics to show that an attacker could create a prime that looks secure, but isn't. Since the research is bound to get conspiracists over-excited, it's worth noting: their paper doesn't claim that any of the cryptographic primes it mentions have been back-doored, only that they can no longer be considered secure. “There are opaque, standardised 1024-bit and 2048-bit primes in wide use today that cannot be properly verified”, the paper states. Joshua Fried and Nadia Heninger (University of Pennsylvania) worked with Pierrick Gaudry and Emmanuel Thomé (INRIA at the University of Lorraine on the paper, here. They call for 2,048-bit keys to be based on “standardised primes” using published seeds, because too many crypto schemes don't provide any way to verify that the seeds aren't somehow back-doored. Examples of re-used primes in the paper include: Many TLS implementations use some form of default, and as a result, “in May 2015, 56 per cent of HTTPS hosts selected one of the 10 most common 1024-bit groups when negotiating ephemeral Diffie-Hellman key exchange”; In IPSec, “66 per cent of IKE responder hosts preferred the 1024-bit Oakley Group 2 over other choices” for their Diffie-Hellman exchange; and OpenSSH implementations favour “a pre-generated list that is generally shipped with the software package”. If any of the “hard-coded” primes were maliciously produced – something that's happened before, for those who remember RSA's NSA-funded Dual EC Deterministic Random Bit Generator – it would be hard to spot by looking at the numbers, but factorisation would be feasible. It might not necessarily be easy, however: the paper describing the SNFS computation notes it needed “a little over two months of calendar time on an academic cluster” (using between 500 and 3,000 cores in different phases in the operation – a total of around 400 core-years). Their experiments ran on France's Grid'5000 testbed, the University of Pennsylvania's Cisco UCS cluster, the University of Waterloo's CrySIP RIPPLE facility, and Technische Universiteit Eindhoven's Saber cluster. Earlier this year, INRIA researchers turned up the Sweet32 birthday attack against old Blowfish and Triple DES ciphers, and in January the group warned the world that the zombie MD5 and SHA1 hash protocols live on in too many TLS, IKE and SSH implementations. ®
Cisco has determined that the following products are vulnerable when they are configured to use IKE version 1 (IKEv1): All Cisco products running an affected release of Cisco IOS Software All Cisco products running an affected release of Cisco IOS XE Software All Cisco products running an affected release of Cisco IOS XR Software Cisco PIX firewalls Note: Although only IKEv1 packets can be used to trigger this vulnerability, devices that are running Cisco IOS Software or Cisco IOS XE Software are vulnerable when they are configured to use IKEv1 or IKEv2. The investigation is ongoing to determine if other Cisco products may be affected by this vulnerability.

This section will be updated if additional products are found to be vulnerable.Note: Cisco has investigated this issue and concluded that PIX versions 6.x and prior are affected by this vulnerability.PIX versions 7.0 and later are confirmed to be unaffected by this vulnerability.

Cisco PIX is not supported and has not been supported since 2009.Configuring IKEv2 on Cisco IOS Software or Cisco IOS XE Software automatically enables IKEv1.Although IKEv1 is automatically enabled on Cisco IOS Software and Cisco IOS XE Software when IKEv1 or IKE version 2 (IKEv2) is configured, the vulnerability can be triggered only by sending a crafted IKEv1 packet. A number of features use IKEv1, including different VPNs such as: LAN-to-LAN VPN Remote access VPN (excluding SSLVPN) Dynamic Multipoint VPN (DMVPN) Group Domain of Interpretation (GDOI) Note: Cisco IOS XR platforms do not support DMVPN or GDOI-based VPNs.There are two methods to determine if a device is configured for IKE: Determine if IKE ports are open on a running device Determine if IKE features are included in the device configuration Determine if IKE Ports are Open on a Running Device The preferred method to determine if a device has been configured for IKE is to issue the show ip sockets or show udp EXEC command.
If the device has UDP port 500, UDP port 4500, UDP port 848, or UDP port 4848 open, it is processing IKE packets.In the following example, the device is processing IKE packets in UDP port 500 and UDP port 4500, using either IPv4 or IPv6: router# show udp Proto Remote Port Local Port In Out Stat TTY OutputIF 17 --listen-- 192.168.130.21 500 0 0 1001011 0 17(v6) --listen-- UNKNOWN 500 0 0 1020011 0 17 --listen-- 192.168.130.21 4500 0 0 1001011 0 17(v6) --listen-- UNKNOWN 4500 0 0 1020011 0 !--- Output truncated router# Determine if IKE Features are Included in the Device Configuration To determine if a Cisco IOS device configuration is vulnerable, the administrator needs to establish whether there is at least one configured feature that uses IKE.

This can be achieved by using the show run | include crypto map|tunnel protection ipsec|crypto gdoi enable mode command.
If the output of this command contains either crypto maptunnel protection ipsec, or crypto gdoi, then the device contains an IKE configuration.

The following example shows a device that has been configured for IKE: router# show run | include crypto map|tunnel protection ipsec|crypto gdoi crypto map CM 100 ipsec-isakmp crypto map CM router# Note: Only Cisco products accepting IKEv1 SA negotiation requests are affected by this vulnerability.
If the device initiates IKE main, aggressive, or quick modes security association (SA) establishment or is initiating a rekey for IKE and IPsec SAs, it cannot be exploited by this vulnerability. Cisco devices that only initiate IKEv1 SA negotiation are not affected by this vulnerability.Note: Cisco Easy VPN (EzVPN) client configuration still listens for IKE request and can be exploited by processing such requests.Determining the Cisco IOS Software Release To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the command-line interface (CLI), and then refer to the system banner that appears.
If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software.

The banner also displays the installed image name in parentheses, followed by the Cisco IOS Software release number and release name.
Some Cisco devices do not support the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.5(2)T1 with an installed image name of C2951-UNIVERSALK9-M: Router> show version Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Mon 22-Jun-15 09:32 by prod_rel_team . . . For information about the naming and numbering conventions for Cisco IOS Software releases, see White Paper: Cisco IOS and NX-OS Software Reference Guide. Determining the Cisco IOS XE Software ReleaseTo determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device and use the show version command in the CLI.
If the device is running Cisco IOS XE Software,Cisco IOS XE Software or similar text appears in the system banner. The following example shows the output of the show version command on a device that is running Cisco IOS XE Software Release 3.6.2S, which maps to Cisco IOS Software Release 15.2(2)S2:  Router# show version Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(2)S2, RELEASE SOFTWARE (fc1)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2012 by Cisco Systems, Inc.Compiled Tue 07-Aug-12 13:40 by mcpre Determining the Cisco IOS XR Software ReleaseTo determine which Cisco IOS XR Software release is running on a device and the name of the device on which it is running, administrators can log in to the device and use the show version command in the CLI.
If the device is running Cisco IOS XR Software, Cisco IOS XR Software or similar text appears in the system banner.

The location and name of the system image file that is currently running on the device appears next to the System image file is text.

The name of the hardware product appears on the line after the name of the system image file.The following example shows the output of the show version command on a device that is running Cisco IOS XR Software Release 4.1.0 with an installed image name of mbihfr-rp.vm: RP/0/RP0/CPU0:router# show version Mon May 31 02:14:12.722 DSTCisco IOS XR Software, Version 4.1.0Copyright (c) 2010 by Cisco Systems, Inc.ROM: System Bootstrap, Version 2.100(20100129:213223) [CRS-1 ROMMON], router uptime is 1 week, 6 days, 4 hours, 22 minutesSystem image file is "bootflash:disk0/hfr-os-mbi-4.1.0/mbihfr-rp.vm"cisco CRS-8/S (7457) processor with 4194304K bytes of memory.7457 processor at 1197Mhz, Revision 1.2 Cisco ASA 5500 and Cisco ASA 5500-X Series Adaptive Security Appliance are not affected by this vulnerability.The investigation is ongoing to determine if other Cisco products may be affected by this vulnerability.

This section will be updated as more details are learned.No other products are currently known to be affected by this vulnerability at the time of this disclosure.
Google is making it possible for enterprises to cryptographically validate Chrome OS devices before letting them connect to secure networks with its new Verified Access for Chrome OS. With Verified Access, network services -- VPN gateways, sensitive servers, an enterprise certificate authority, enterprise Wi-Fi access points -- can get a hardware-backed cryptographic guarantee from the client machine that it has not been compromised and the user is who he or she claims to be. Verified Access uses the Trusted Platform Module chip present on all Chrome OS devices to confirm the device is unmodified and complies with existing security policies.

The network service uses that information to determine what level of access the device gets to sensitive corporate systems and applications. The combination of a cryptographic attestment of the device's untampered state, anchored to a chip on the device, has long been used in Apple's iOS devices, BlackBerrys, and Samsung's higher-end Android devices.

The Trusted Platform Module chip used in Chrome OS devices has been available on higher-end Windows PCs for several years as well, though its use there is typically tied to validating the encryption key in a tamperproof manner. "For years, Google has been using Verified Access to enhance security by ensuring the veracity and policy compliance of Chrome devices before allowing access to resources, and now we are making it available externally," Saswat Panigrahi, senior product manager for Chrome for Work, wrote on the Google for Work blog. The Chrome OS Verified Access API is now publicly available and configurable in the Google Apps Admin Panel.

Administrators get started by enabling Verified Access and granting access to use the enterprise.platformKeys API.

A Chrome extension also needs to be installed on the devices to interact with the enterprise.platformKeys API. ID, please Enterprises typically have policies in place to restrict network and data access only to corporate-issued and verified devices, but they rely on client-side methods to verify the devices.

A malicious actor who has compromised the operating system can conceivably fake the signals and bypass the client-side checks. Verified Access obtains the cryptographic guarantee from the Trusted Platform Module chip present on the device and uses the Google server-side API to confirm the identity and status of the device.
It confirms the device is a real Chrome OS device and not some other hardware with the Chrome OS image installed, and the request was recently initiated and not an older, cached request.
Verified Access is managed by the corporate domain, so it can check the device against security settings and policies, as well as its compliance with internal policies.
It can also verify the user is a valid domain user. One potential scenario is to integrate Verified Access with an enterprise certificate authority.
In this case, hardware-protected device certificates can be distributed to only devices that IT manages and has verified.

A VPN gateway can be configured to authenticate the user with a certificate and issue that certificate if the user and device passes the Verified Access check, Panigrahi said.

This way, enterprises get a hardware-backed cryptographic guarantee of the identity of the device, the user, and its policy compliant state before granting them access to the protected resources behind the VPN. This setup would work many of  the popular commercial VPN gateways, including Pulse Secure VPN, Dell SonicWALL Mobile Connect, Cisco AnyConnect, F5 Access, GlobalProtect, OpenVPN, and L2TP over IPSec.
VPN vendors can build direct integrations with Verified Access, but it won't be necessary to get the benefits of the attestation protocol. As long as the VPN is set up to accept certificate-based authentication, a common arrangement among enterprises, certificate issuance can be conditioned on Verified Access without making additional changes on the gateway, Panigrahi said. The Chromebook security advantage Many organizations are giving Chromebooks to their employees because of their security advantages, such as the automatic operating system updates, sandboxing and isolation technologies, whitelists for trusted Chrome extensions, and built-in encryption.

Chrome OS also makes it easy to enforce policies, such as isolating the device to the Google Apps domain and using Verified Boot to complicate persistence across reboots.

For organizations relying heavily on cloud applications and email-based attachments, Chromebooks make a lot of sense. This is why cloud-based trusted access provider Duo Security has decided to issue Chromebooks to more than a quarter of its employees, across different job functions and departments. Over the past few months, Duo Security has been using Verified Access internally to assess Chromebooks before granting access to corporate resources, Michael Hanley, director of security at Duo Security, wrote in a blog post. In Duo's case, Verified Access passed the cryptographic guarantees to the company's trusted access service to make decisions about the level of access to grant to the device.

A login attempt passes a challenge from the Verified Access API to the Chrome extension (via the Chrome Message Passing API), which uses the enterprise.platformKeys API to get a response.

The challenge response is sent to Duo's service, which verifies it by sending it to the Verified Access API and receiving the response.

The service makes an access control decision based on that outcome.
If the device fails the protocol, then access is denied. "We use this to reliably assess the security posture of Chromebooks at Duo before they are allowed to access particularly sensitive resources," Hanley wrote. Duo Security and Ruckus Wireless has already integrated the Verified Access API with their offerings.

Duo plans to have general availability of Verified Access in Duo's Platform Edition later this year.

Administrators would be able to use Duo's service to make access control decisions based on information from Verified Access, much in the same way Duo currently uses the feature internally. "Part of the reason we like this feature is it's a very strong property based on how the protocol works and what it attests to and because it was very easy for us to deploy and manage," Hanley said.  Ruckus has integrated its Cloudpath ES security management platform with the API to securely differentiate between IT-owned and user-owned Chromebooks.

Cloudpath uses the API to ensure only IT-owned Chromebooks are allowed to join the wireless network or receive the certificate to access sensitive resources. Other identity, network, and security providers can follow Ruckus and Duo's example, but integrating their services with the Verified Access API.

Duo's Hanley said Verified Access required "very minimal adjustments" to deploy the API internally. "For customers that are heavy on Chromebooks and google Apps, the lift is surprisingly low considering what customers gain from this," Hanley said. Google has also been working on other ways to strengthen endpoint security on Chrome devices, such as adding Smartcard Authentication support.

The newly launched Citrix Receiver for Chrome 2.1 lets users authenticate to virtualized Citrix applications using smartcards.
If single sign-on is enabled, they can login to their Chromebook and automatically be authenticated across Citrix and virtualized Windows applications. At the moment, Verified Access is only available for Chrome devices, and there's no word on whether Google plans to expand the security feature for other TPM-enabled platforms.
Verified Access makes Chrome OS even more attractive in the enterprise endpoint security space.
Boffins blow up Blowfish and double down on triple DES Researchers with France's INRIA are warning that 64-bit ciphers – which endure in TLS configurations and OpenVPN – need to go for the walk behind the shed. The research institute's Karthikeyan Bhargavan and Gaëtan Leurent have demonstrated that a man-in-the-middle on a long-lived encrypted session can gather enough data for a “birthday attack” on Blowfish and triple DES encryption. They dubbed the attack “Sweet32”. Sophos' Paul Ducklin has a handy explanation of why it matters here. The trick to Sweet32, the Duck writes, is the attackers worked out that with a big enough traffic sample, any repeated crypto block gives them a start towards breaking the encryption – and collisions are manageably common with a 64-bit block cipher like Blowfish or Triple-DES. They call it a “birthday attack” because it works on a similar principle to what's known as the “birthday paradox” – the counter-intuitive statistic that with 23 random people in a room, there's a 50 per cent chance that two of them will share a birthday. In the case of Sweet32 (the 32 being 50 per cent of the 64 bits in a cipher), the “magic number” is pretty big: the authors write that 785 GB of captured traffic will, under the right conditions, yield up the encrypted HTTP cookie and let them decrypt Blowfish- or Triple-DES-encrypted traffic. If you do it right, and here begins the TL;dr part. To launch the attack, you need to: Get a victim to visit a malicious site (site A) – one that they have to log into. The victim's login sets an HTTP cookie the browser uses for future requests; Pass the victim on to Site B, which generates millions of JavaScript requests to Site A, using the login cookie given to the victim; Keep the connection alive long enough to store 785 GB of encrypted data blocks, and look for a collision; Decrypt the login cookie. Decryption is still the hard part: the researchers note that it's far from an instant process: On Firefox Developer Edition 47.0a2, with a few dozen workers running in parallel, we can send up to 2,000 requests per second in a single TLS connection. In our experiment, we were lucky to detect the first collision after only 25 minutes (220.1 requests), and we verified that the collision revealed [the plaintext we were after …The full attack should require 236.6 blocks (785 GB) to recover a two-block cookie, which should take 38 hours in our setting. Experimentally, we have recovered a two-block cookie from an HTTPS trace of only 610 GB, captured in 30.5 hours. As they note, however, long-lived encrypted connections exist in at least one real-world setting: VPN sessions. “Our attacks impact a majority of OpenVPN connections and an estimated 0.6% of HTTPS connections to popular websites. We expect that our attacks also impact a number of SSH and IPsec connections, but we do not have concrete measurements for these protocols” (emphasis added). For users, that means switching from 64-bit ciphers to 128-bit ciphers; or if you can't get the server to switch, set up your client to force frequent re-keying. Browser makers, TLS library authors and OpenVPN have been notified and are working on patches. ® Sponsored: Global DDoS threat landscape report
There is now a practical, relatively fast attack on 64-bit block ciphers that lets attackers recover authentication cookies and other credentials from HTTPS-protected sessions, a pair of French researchers said. Legacy ciphers Triple-DES and Blowfish need to go the way of the broken RC4 cipher: Deprecated and disabled everywhere. Dubbed Sweet32, researchers were able to take authentication cookies from HTTPS-protected traffic using triple-DES (3DES) and Blowfish and recover login credentials to be able to access victim accounts, said the researchers, Karthikeyan Bhargavan and Gaëtan Leurent of INRIA in France.

The attack highlights why it is necessary for sites to stop using legacy ciphers and upgrade to modern, more secure ciphers. "We show that a network attacker who can monitor a long-lived Triple-DES HTTPS connection between a web browser and a website can recover secure HTTP cookies by capturing around 785 GB of traffic.
In our proof-of-concept demo, this attack currently takes less than two days, using malicious Javascript to generate traffic," said Bhargavan and Leurent.

They are expected to present the full paper in October at the 23rd ACM Conference on Computer and Communications Security. Sweet32 is a collision attack against triple-DES (3DES) and Blowfish in cipher block chaining (CBC) mode.
In CBC mode, input collisions lead to XOR of two message blocks. When lots of message blocks are encrypted with the same key in this mode, collisions become more likely, which leads to getting the contents of two different message blocks as output.

Attackers can target a victim's authentication cookie by luring them to a malicious site and injecting JavaScript into the victim's browser. JavaScript repeatedly sends HTTP queries to a site the victim is logged into, and each request will include the authentication cookie. The researchers found that if the attackers send at least 232 queries and capture all the requests, they will eventually see a collision and be able to recover the contents of the cookie. "An important requirement for the attack is to send a large number of requests in the same TLS connection.

Therefore, we need to find client and servers that not only negotiate the use of Triple-DES, but also exchange a large number of HTTP request in the same TLS connection (without rekeying).

This is possible using a persistent HTTP connection, as defined in HTTP/1.1 (Keep-Alive). On the client side, all browsers that we tested (Firefox, Chrome, Opera) will reuse a TLS connection as long as the server keeps it open," the researchers said. Blowfish and 3DES are still supported in TLS, IPsec, SSH, and other protocols and well-known sites such as Nasdaq.com and Walmart.com still support these legacy ciphers.

The majority of OpenVPN connections and between 1 percent and 2 percent of the Internet's traffic may be susceptible to Sweet32, the researchers estimated.

The implementation used in OpenSSL is also affected, although the OpenSSL maintainers claimed the attack did not expose a critical weakness. OpenVPN 2.3.12 comes with a warning about Blowfish weaknesses and secure configuration advice for dealing with Sweet32. OpenSSL 1.0.2 and 1.0.1 will move 3DES from the "HIGH" keyword to "MEDIUM" keyword and support it by default, the newer OpenSSL 1.1.0 will no longer compile the cipher as part of the default build.

Administrators wanting to use the legacy cipher in OpenSSL 1.1.0 will need to use the ‘enable-weak-ssl-ciphers' configuration option, and even then, the cipher is allowed only in the ‘MEDIUM' keyword. Major browsers makers are making changes which would prioritize more secure ciphers over 3DES. The techniques and principles used to craft the attack are well-understood in cryptographic circles.

The researchers reduced the complexity and time needed to execute the attack. "While the principles behind this attack are well known, there's always a difference between attacks in principle and attacks in practice. What this paper shows is that we really need to start paying attention to the practice," wrote Matthew Green, cryptography expert and professor at Johns Hopkins University. Just because the attack is possible doesn't mean it is particularly easy to carry out.

For Sweet32, the attacker needs to be able to both monitor traffic passing between the end user and a vulnerable websites and control JavaScript on a webpage loaded by the user's browser.
It would take about 38 hours to collect hundreds of gigabytes of data necessary to decrypt the authentication cookie.

This attack scenario is very much a laboratory scenario, but it's still a good reminder that eventually these attacks will become easier to carry out. Enterprises and developers should treat 3DES and Blowfish in the same way they treat RC4: stop using it.

The complexity of Sweet32 is comparable to recently developed attacks against RC4, the researchers said. Researchers developing more ways to attack RC4 sped up its deprecation. Major web browsers no longer support RC4, and major websites such as Gmail have also entirely deprecated the cipher. Developers should stop using legacy 64-bit block-ciphers altogether.
In the case of Sweet32, that means disabling the Triple DES symmetric key cipher in TLS and retiring Blowfish in OpenVPN.

Ciphers with larger block sizes, such as AES, are immune from Sweet32.
Server administrators can also disable shorter ciphers entirely.

This would affect a small number of users who are still relying on older hardware and software. There is no need to wait till the attackers are easy and cheap to execute to get rid of weak and vulnerable cryptographic ciphers. Just as there is a concerted effort to ditch RC4, other 64-bit ciphers also need to go.
Take precautions – like using a strong passphrase Microsoft software still leaks usernames and password information to strangers' servers – thanks to an old design flaw in Windows that was never properly addressed. These details can be used to potentially unmask VPN users and commandeer Windows accounts.

They can be obtained simply by tricking victims into visiting malicious websites or opening dodgy emails.
It still works even on the latest builds of Windows 10 – Microsoft is unlikely to fix this any time soon. The infosec world has known about this shortcoming for years; if it's news to you, read on. Whenever Redmond's software encounters a link to an SMB network share, it attempts to log into it using the user's credentials.
Imagine accidentally clicking on an smb://cool.domain.bro/receipe.pdf link in an Outlook message, or using Internet Explorer or Edge to visit a webpage with a hidden image that has an smb:// URL: Microsoft's software will follow the address, reach the SMB file server, and try to log into it using your credentials to fetch whatever file is needed. In doing so, it automatically hands over your computer's login name and an NTML hashed password, which can be cracked in seconds if you have a weak passphrase.

This could be bad news if the file server is malicious and simply wants your details to compromise your gear. You can check out the kinds of information leaked by your computer – including any login details – by visiting this test site with Internet Explorer or Edge (obviously, use at your own risk). Oops ... What the above test site looks like if you leak an NTML hashed password This design flaw was highlighted in March 1997 and again at Black Hat last year [PDF].
It wasn't considered a big deal for most people because it wasn't possible to log into their PCs over the internet even if you knew their local username and had cracked their password hash.
It was mostly a problem for IT departments: you could, from their connecting IP address, deduce where a victim worked, and if they had a weak password, crack it and try using it to log into other corporate services – such as their email or VPN. People love reusing passwords. Then Windows 8 encouraged people to use their Microsoft cloud accounts to sign into their PCs, and Windows 10 made it the default.

That means when Outlook, IE and Edge fetch an smb:// URL, they hand over your Microsoft account username and hashed password.

That username is usually your email address, so if you're hiding behind a VPN or some other anonymizing service, you'll give away your registered contact info. If you're able to crack someone's Microsoft account login, you can potentially drill into their OneDrive cloud storage, Office account, Xbox Live account, Bing search history, any associated Windows Mobile device, Outlook inbox, and Skype account. It gets worse: if you use Windows' built-in VPN software – such as IPsec or PPTP – with MSCHAPv2 authentication, your PC will send not your local login details but your VPN service username and hashed password to potentially malicious SMB servers. "The old security issue which was considered harmful only for business now can be easily used on home users," said security researcher Valdik, who goes into lots more detail about the design blunder here. He blogged about it in Russian, too.
Valdik, who published his research on Monday, said he successfully exploited the flaw on three Windows 10 machines. Here's a video of him receiving hashes after using Internet Explorer and Yandex webmail to open a message that contains a file:// URL to an SMB share on the internet.
IE fetches the file, handing over his login information in the process. Youtube Video VPN provider Perfect Privacy has blocked SMB port 445 on its network and updated its software to stop the handover of VPN credentials.
It also warns against using Microsoft's software over the 'net and to not use a Microsoft cloud account to log into your machine. You should also, as always, use strong passwords that cannot be easily cracked. The biz explained: This was not considered a big problem when the attack only leaked local Windows login information (as in most cases you cannot connect remotely with those credentials).

But since Windows 8, Microsoft allows to login to your computer with your Microsoft Live account and since Windows 10 this is the default.

As result, this compromises every single service you signed up with your Microsoft account, including email, Skype and- XBox Live. While this is not a VPN related issue, it also affects VPN connections: when using an IPSec VPN connection, a successful attack will not reveal your Windows credentials but the username and password of your VPN connection. While this does not affect the security of the encryption of the VPN tunnel, it may compromise the anonymity of the VPN user.

Also VPN login credentials of company VPNs (e.g. for external service agents) may fall into the hands of an attacker. Even if VPN would not be affected, we still feel it is our responsibility to protect our users from such blatantly open security holes. Microsoft had no comment at time of publication.

This design cockup affects Redmond's software.

Chrome and Firefox do not normally cough up your credentials, although if you cut'n'paste a malicious file:// URL into Chrome's address bar, it can be fooled into fetching from an SMB share.

Essentially, any application that calls URLDownloadToFile() to an SMB server, friendly or not, will hand over your information. ® Sponsored: 2016 Cyberthreat defense report
The annual hacker gatherings will bring out new research in car, payment and internet protocol security. No week in the information security calendar is quite like this one, with the annual Black Hat USA and DefCon security conferences descending on Las Vegas.

The mythos of the two security conferences runs deep across more than two decades as the places where new research is revealed and zero-day exploits are announced, and the 2016 events are no exception.While the focus of Black Hat USA, which has its briefings on Aug. 3 and 4 at the Mandalay Bay Resort and Casino, is largely on new issues, the event kicks off with a keynote address from security researcher Dan Kaminsky that will likely reminisce about one of the largest issues ever revealed at a Black Hat event.In 2008, Kaminsky dominated the Black Hat headlines by detailing a flaw in the Domain Name System (DNS) that has since become known simply as the "Kaminsky Flaw." The Kaminsky Flaw is one that was thought to be critical to the foundation of the internet as we know it, and could have enabled the widespread disruption of traffic.

At Black Hat USA 2016, Kaminsky is talking about the hidden architecture of the internet and how it is at risk today."Essentially, I'd like to provide a model for comprehending the internet as it stands that prevents harm to it while providing the useful resources to promote its continued operation," the abstract for Kaminsky's session states. Kaminsky won't be the only person at Black Hat talking about core internet protocols and the risks they pose, as there are multiple talks on DNS and HTTPS security.
Security researcher Erik Wu from startup Acalvio, for example, is giving a talk titled "Dark Side of the DNS Force" that will discuss DNS-based attacks. SafeBreach security researchers Itzik Kotler and Amit Klein are talking about how to cripple HTTPS encrypted traffic."We will demonstrate that, by forcing your browser/system to use a malicious PAC (Proxy AutoConfiguration) resource, it is possible to leak HTTPS URLs," the SafeBreach session abstract states.Among the most anticipated protocol talks is one titled "BadWPAD" (Web Proxy Auto Discovery) in which researcher Maxim Goncharov will detail how the WPAD protocol is often misconfigured in a way that could be exposing millions of users to risk.Hijacking HTTP CookiesColumbia University researchers Suphannee Sivakorn and Jason Polakis are giving a talk about how to hijack HTTP cookies and what attackers have already been able to do. The two researchers will reveal flaws that enable attackers to steal cookies and get access to user information, including search history and contact lists.Abusing security features is a common theme at most Black Hat events, and at Black Hat USA 2016, one of the most interesting sessions is a talk titled "Certificate Bypass: Hiding and Executing Malware from a Digitally Signed Executable," from Deep Insight security researcher Tom Nipravsky.
In his talk, Nipravsky will detail how he was able to bypass Microsoft security for digitally signed applications.Bypassing the security of antivirus vendors is also a theme this year, and in a talk titled "Captain Hook: Pirating AVs to Bypass Exploit Mitigations," researchers from security firm enSilo will detail vulnerabilities they reported to multiple antivirus vendors in how they hook into the Windows operating system.
2016-07 Security Bulletin: Junos: Self-signed certificate with spoofed trusted Issuer CN accepted as valid (CVE-2016-1280)Product Affected:This issue can affect any product or platform running Junos OS Problem:Junos OS runs PKId for certificate validation. When a peer device presents a self-signed certificate as its end entity certificate with its issuer name matching one of the valid CA certificates enrolled in Junos, the peer certificate validation is skipped and the peer certificate is treated as valid. This may allow an attacker to generate a specially crafted self-signed certificate and bypass certificate validation.This issue only affects certificates used for IKE/IPsec.  Other public key-based authentication is unaffected by this vulnerability.Juniper SIRT is not aware of any malicious exploitation of this vulnerability.No other Juniper Networks products or platforms are affected by this issue.This issue has been assigned CVE-2016-1280. Solution:The following software releases have been updated to resolve this specific issue: Junos OS 12.1X44-D52, 12.1X44-D55, 12.1X46-D37, 12.1X46-D40, 12.1X47-D30, 12.3R12, 12.3X48-D20, 13.3R10, 14.1R8, 14.1X53-D40*, 14.2R7, 15.1R4, 15.1X49-D20, 15.1X53-D60*, 16.1R1, and all subsequent releases.*Available Q3/2016This issue is being tracked as PR 1096758 and is visible on the Customer Support website.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. Workaround:Configure all PKI-VPN tunnels to accept only Distinguished Name (DN) as the remote peer’s IKE ID.Example for SRX devices:The SRX can match the DN by exact string, or a wildcard string. If a wildcard string is used, it must not match any of its trusted CA’s Subject name.One of the following four options can be used: set security ike gateway <peer name> dynamic distinguished-name container <peer certificate's subject string> set security ike gateway <peer name> dynamic distinguished-name wildcard <wildcard string> set security ike gateway <peer name> remote-identity distinguished-name container <peer certificate's subject string> set security ike gateway <peer name> remote-identity distinguished-name wildcard <wildcard string> Note: The remote peer’s tunnel must also be reconfigured to identify itself using its DN as the IKE ID. For SRX devices, the config statement is: set security ike gateway <peer name> local-identity distinguished-name Implementation:How to obtain fixed software:Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.Modification History: 2016-07-13: Initial publication2016-07-15: Removed mitigation of disallowing usage of self-signed certificates for IKE/IPsec authentication Related Links:CVSS Score:6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) Risk Level:Medium Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
IOS 9.3.4 iOS 9.3.4 provides an important security update for your iPhone or iPad and is recommended for all users.   For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222 IOS 9.3.3 iOS 9.3.3 includes bug fixes and improves the security of your iPhone or iPad.   For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222   iOS 9.3.2   iOS 9.3.2 fixes bugs and improves the security of your iPhone or iPad.

This update:   Fixes an issue where some Bluetooth accessories could experience audio quality issues when paired to the iPhone SE Fixes an issue where looking up dictionary definitions could fail Addresses an issue that prevented typing email addresses when using the Japanese Kana keyboard in Mail and Messages Fixes an issue for VoiceOver users using the Alex voice, where the device switches to a different voice to announce punctuation or spaces Fixes an issue that prevented MDM servers from installing Custom B2B apps   For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222 iOS 9.3.1 Fixes an issue that caused apps to be unresponsive after tapping on links in Safari and other apps For information on the security content of this update, please visit this website:http://support.apple.com/kb/HT1222 iOS 9.3 With this update your iPhone, iPad and iPod touch gain improvements to Notes, News, Health, Apple Music and a new feature called Night Shift that may even help you get a better night’s sleep by shifting the colors in your display to the warmer end of the spectrum at night. New features, improvements, and bug fixes include:   Night ShiftWhen enabled, Night Shift uses your iOS device’s clock and geolocation to determine when it’s sunset in your location, then it automatically shifts the colors in your display to the warmer end of the spectrum and may even help you get a better night’s sleep. Notes improvements Protect notes that contain your most personal data with Touch ID or a passcode Sort notes alphabetically, by date created, or by date edited When sketching, quickly bring up a fresh canvas with a two finger swipe, or by tapping the New Sketch button A new checklist button at the bottom of every note makes it easier to create lists Show thumbnails instead of large images and attachments by long-pressing on any image or attachment in a note Choose whether photos and videos taken within Notes are stored only in Notes, or also added to Photos Long-press on an Evernote Export file to import its contents into Notes News improvements New Top Stories section in For You highlights the most important stories of the day Discover something great to read in Editors' Picks, a selection of channels and topics handpicked by our Apple News editors Swipe left on stories in For You on iPhone to quickly share or save or swipe right for more options Play video stories right from For You — without opening the article Read stories and watch videos in landscape orientation on iPhone Change the text size in articles to make reading easier Health improvements Related third-party apps for select data types such as weight, workouts and sleep are displayed in the Health app Health dashboard adds support for move, exercise, and stand Activity data and goals from Apple Watch Easy access to Dashboard and Medical ID using 3D Touch Quick Actions from the Home screen Third-party apps now have access to Activity rings and summaries from Apple Watch through HealthKit Apple Music improvements Add songs from the Apple Music catalog to playlists without having to add them to your library Watch music videos on iPad in full screen See what’s playing on Beats 1 directly from the Radio tab — without having to tune in Tap the name of the currently playing song in Now Playing to go to the album See which songs are most popular on albums in the Apple Music catalog Photos improvements Extract the still image from a Live Photo by tapping Duplicate which will give you the option to duplicate the Live Photo, or just the still image Improved download performance of full size original photos or videos stored in iCloud Photo Library Share Live Photos between iOS and OS X through AirDrop and Messages iBooks improvements Adds the ability for iBooks to store your PDFs in iCloud, making them available across all of your devices Adds support for downloading previously purchased audiobooks from the iBooks Store Adds the ability to share your audiobook purchases with any of your family members using Family Sharing New controls for reading Manga more comfortably with faster page turns and simple controls for enlarging text Adds Apple Pencil support to highlight and save your favorite passages for later Education improvements Introduces a preview of Shared iPad that enables multiple students to use the same iPad at different times throughout the day Adds support for signing into iCloud with Managed Apple IDs Adds compatibility for the new Classroom app New configuration options to control the organization of apps on the Home Screen New controls to determine which apps to show or hide on the Home Screen Adds support for new restrictions for iCloud Photo Library and Apple Music CarPlay improvements Apple Music members now have access to their For You and New content in CarPlay New Nearby screen in Maps to quickly find Gas, Parking, Restaurants, Coffee, and other driving essentials Siri speaks more concisely when reading back and composing messages in CarPlay Equalized sound levels between different audio sources in CarPlay Dolby Digital Plus Adds support for playing video encoded with Dolby Digital Plus audio streams with support for multichannel output using the Apple Lightning Digital AV Adapter Hardware keyboard improvements and fixes Enables the use of arrow keys to navigate through lists in Spotlight, Mail and Safari Enables the use of space bar to scroll in Mail Improves performance when using the space bar to scroll in Safari Adds the ability to bring up the software keyboard from the Shortcut Bar when a hardware keyboard is connected Fixes an issue that could prevent unlocking an iPad using the hardware keyboard Fixes an issue that caused hardware keyboards to become unresponsive in captive login pages Fixes an issue that could cause the Messages input field to disappear behind the Shortcut Bar when connected to a hardware keyboard Other improvements Maps adds support for getting a highlighted view of destinations and stops for a specific transit line by tapping on it Maps now displays whether there are multiple transit line options for each route suggestion Wallet app adds the ability to view the app related to a card or pass in the Wallet app by tapping an icon on the card or pass Apple Pay adds support for signing up for store rewards programs with Apple Pay at point of sale terminal Podcasts adds support for fullscreen video playback Activity app adds a new Workout tab with monthly summaries of key metrics and the ability to filter by workout type Move to iOS now offers app suggestions from the App Store based on apps installed on your Android device iCloud Storage adds proactive status information and in-app notifications to let you know before you run out of space Two-factor authentication is now available for all iCloud accounts Support for Spanish (Latin America) system language Siri support for Finnish (Finland), Hebrew (Israel), and Malay (Malaysia) Enterprise bug fixes Resolves an issue that could prevent some VPP purchased apps from launching after being updated Adds iCloud backup support for device-assigned VPP apps Addresses an issue that could prevent certificates from installing correctly when updating configuration profiles Fixes an issue for some IPSec VPN configurations that could cause the internet connection to be interrupted after a VPN session was ended Fixes an issue to prevent iBooks from emailing enterprise managed PDFs from unmanaged accounts Resolves an issue for some Exchange users that caused Calendar to send multiple responses to the same invitation Improves reliability for devices connecting to OS X Caching Server Accessibility bug fixes Improves 3D Touch reliability with Switch Control Accessibility option Fixes an issue where VoiceOver interferes with speech after dictation Fixes an issue where VoiceOver users could not write a review on the App Store Resolves an issue where VoiceOver becomes unresponsive when receiving a phone call with a Bluetooth headset Fixes an issue where large text was unreadable in Reminders Other bug fixes, performance and stability improvements Fixes an issue where manually changing the date to May 1970 or earlier could prevent your iOS device from turning on after a restart Fixes issues that could prevent some iCloud Backups from completing Fixes an issue for some users where Health data was incomplete after restoring from iCloud Backup Fixes an issue where an inaccurate battery percentage could be displayed Addresses an issue that prevented iMessage or FaceTime activation for some users Addresses an issue that could prevent displaying the Phone interface while receiving a call Fixes an issue that enabled overriding restrictions applied to cellular data toggle Fixes an issue that caused notification settings to appear in the Watch app for apps that were not installed on Apple Watch Improves reliability when using 3D Touch on the keyboard Improves stability of the Phone app when setting up voicemail Improves stability of the Mail app when your device is low on storage Improves stability in Mail while using Mail Drop to send large attachments   Some features may not be available for all countries or all areas, for more information visit: http://www.apple.com/ios/feature-availability  http://www.apple.com/ios/whats-new  ​For information on the security content of this update, please visit this website:  http://support.apple.com/kb/HT1222 iOS 9.2.1 This update contains security updates and bug fixes including a fix for an issue that could prevent the completion of app installation when using an MDM server. For information on the security content of this update, please visit this website: https://support.apple.com/HT201222 iOS 9.2 Apple Music improvements You can now create a new playlist when adding a song to a playlist Your most recently changed playlist is now listed at the top when adding songs to playlists Download albums or playlists from your iCloud Music Library by tapping the iCloud download button See which songs have been downloaded with the new download indicator next to each song in My Music and Playlists See works, composers, and performers while browsing Classical music in the Apple Music catalog A new Top Stories section in News so you can stay up to date with the most important news of the day (available in the United States, United Kingdom, and Australia) Mail Drop in Mail for sending large attachments iBooks now supports 3D Touch to peek and pop pages from the table of contents, your notes and bookmarks, or from search results inside a book iBooks now supports listening to an audiobook while you browse your library, read other books, or explore the iBooks Store iPhone support for the USB Camera Adapter to import photos and videos Improved stability of Safari Improved stability of Podcasts Fixing an issue that caused mail attachments to be inaccessible for some users with POP email accounts Resolving an issue for some users that caused attachments to overlap text in mail Fixing an issue where Live Photos could have turned off after restoring from a previous iCloud backup Addressing an issue that could cause search in Contacts to display no results Resolving an issue that could have prevented Calendar from displaying all seven days in week view Fixing an issue where Camera screen on iPad could be black when attempting to capture video Addressing an issue that could cause instability in the Activity app when viewing the day of Daylight Savings Time transition Fixing an issue that could prevent data from appearing in Health Fixing an issue that could prevent Wallet updates and Lock screen alerts from displaying Addressing an issue where updating iOS could prevent an alarm from going off Fixing an issue where some users were unable to log in to Find my iPhone Fixing an issue that prevented some manual iCloud Backups from completing Addressing an issue where using the iPad keyboard could unintentionally trigger text selection mode Improved keyboard responsiveness when using Quick Reply Improved punctuation input on the 10-key Chinese (Pinyin & Stroke) keyboards with new expanded view of punctuation symbols and better predictions Fixing an issue on Cyrillic keyboards where caps lock would be enabled when typing in URL or email fields Accessibility improvements Fixing issues with VoiceOver when using Camera face detection  Adding support for VoiceOver to wake up the screen Adding support for VoiceOver to invoke app switcher with 3D Touch gesture Fixing an issue with Guided Access when trying to end phone calls Improved functionality for Switch Control users when using 3D Touch Fixing an issue with speech rate of Speak Screen Siri support for Arabic (Saudi Arabia, United Arab Emirates)  For information on the security content of this update, please visit this website: https://support.apple.com/HT201222 iOS 9.1 This release includes new features, improvements and bug fixes, including: Live Photos now intelligently senses when you raise or lower your iPhone, so that Live Photos will automatically not record these movements  Over 150 new emoji characters with full support for Unicode 7.0 and 8.0 emojis  Improved stability including CarPlay, Music, Photos, Safari, and Search  Improved performance while in Multitasking UI  Fixes an issue that could cause Calendar to become unresponsive in Month view  Fixes an issue that prevented Game Center from launching for some users  Resolves an issue that zoomed the content of some apps  Resolves an issue that could cause an incorrect unread mail count for POP mail accounts  Fixes an issue that prevented users from removing recent contacts from new mail or messages  Fixes an issue that caused some messages to not appear in Mail search results  Resolves an issue that left a gray bar in the body of an Audio Message  Fixes an issue that caused activation errors on some carriers  Fixes an issue that prevented some apps from updating from the App Store  For information on the security content of this update, please visit this website:       http://support.apple.com/kb/HT1222 iOS 9.0.2 This update contains bug fixes and improvements including: Fixes an issue with the setting to turn on or off app cellular data usage Resolves an issue that prevented iMessage activation for some users Resolves an issue where an iCloud Backup could be interrupted after starting a manual backup Fixes an issue where the screen could incorrectly rotate when receiving notifications Improves the stability of Podcasts For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222 iOS 9.0.1 This update contains bug fixes including: Fixes an issue where some users could not complete setup assistant after updating Fixes an issue where sometimes alarms and timers could fail to play Fixes an issue in Safari and Photos where pausing video could cause the paused frame to appear distorted Fixes an issue where some users with a custom APN setup via a profile would lose cellular data For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222 iOS 9.0 With this update your iPhone, iPad and iPod touch become more intelligent and proactive with powerful search and improved Siri features. New multitasking features for iPad allow you to work with two apps simultaneously, side-by-side or with the new Picture-in-Picture feature.

And, built-in apps become more powerful with detailed transit information in Maps, a redesigned Notes app, and an all-new News app.

And improvements at the foundation of the operating system enhance performance, improve security and give you up to an hour of extra battery life. Intelligence Proactive assistance Presents relevant information even before you start typing Notifies you when you need to leave for appointments using traffic conditions Learns what you listen to in a certain location or at a particular time of day and can automatically display playback controls for your preferred music and audio apps  Suggested events and contact details are added to apps based on information found in Mail Siri improvements Search your personal photos and videos based on dates, locations and album names Ask Siri to remind you about things you’re looking at in your apps, including Safari, Mail, Notes and Messages Request directions via public transit  Spotlight search improvements Get sports scores, weather conditions and stock prices Simple math calculations and conversions Initiate messages, phone calls and FaceTime calls from contact search results New iPad Features Slide Over Quickly use a second app without leaving the one you’re in Easily switch between Slide Over apps Support for Apple apps and enabled third party apps Split View View and interact with two apps at once Ability to resize your view to give equal attention to both apps or prioritize one app over another Support for Apple apps and enabled third party apps Picture in picture Continue watching a video while using your favorite apps Support for Safari video, FaceTime, Videos and Podcasts and enabled third party apps QuickType improvements  Multi-Touch gestures for easier text selection on iPad  Quick access to text editing tools with Shortcut Bar on iPad  Support for hardware keyboard shortcuts  Support for all Unicode emoji flags Built-in Apps Map improvements Support for public transit lines, station details with exits and entrances, schedules and directions in select major cities Browse for places around you by category, including Food, Drinks, Shopping, Fun and more  Apple Pay support is indicated on place cards at participating retail locations Place cards include Wikipedia information for landmarks and cities Redesigned Notes app Add photos to your notes with the built-in camera or from your Photo Library Create useful checklists and check off completed items with a tap Sketch a quick thought using just your finger Save interesting items directly from other apps using the Share menu All-new News app Read your favorite newspapers, magazines, and blogs, or choose from over a million topics Beautiful typography and layouts, photo galleries, videos, animations, and more Browse articles that are chosen based on your interests in For You.

Find channel and topic recommendations in Explore. News gets more personalized the more you read Easily share articles with friends or save them to read later — even when you’re offline Mail improvements Search improvements help you quickly find what you're looking for by filtering results based on sender, recipient, subject or a combination of options Support for Markup lets you annotate an image or PDF attachment with text, shapes and even your signature, then send it back — without leaving Mail Easily save the attachments you receive or add files from iCloud Drive or other document providers while composing a new message Apple Pay and Wallet improvements Support for Discover cards Support for rewards cards and store credit and debit cards To check out even faster, you can prepare an upcoming payment by double-clicking the Home button from the Lock Screen and keeping your finger on Touch ID New iCloud Drive app Easily search for a file or browse in the new iCloud Drive app by date, name, or tags you added on your Mac Open files in any compatible app or share with those you choose Organize folders and files Get the iCloud Drive app in Settings > iCloud > iCloud Drive and select Show on Home Screen CarPlay improvements  Plays back audio messages, letting you hear from people in their own voices Full support for car knob controls, so you can tilt and spin to scroll through lists or pan around in Maps  Support for CarPlay apps from auto manufacturers Foundation Longer battery life Up to one hour of additional time before you need to charge your battery Facedown detection for turning display off when not in use Low power mode optimizes device performance to extend battery by up to an additional three hours Software updates require less space to download and offer an option to install later iOS apps and user interface now use Metal to deliver faster scrolling, smoother animation, and better overall performance Improved security with two-factor authentication support and a default 6 digit passcode support for Touch ID devices Other improvements New San Francisco system font Leave a message option if recipient isn't available for a FaceTime call Share voicemails from the Phone app using the share sheet Flight and package tracking for data detectors Health app adds support for reproductive health, UV exposure, water intake and sedentary state data types HomeKit adds support for motorized windows and shades, motion sensors and home security system accessories Podcasts has an all-new design, makes it easy to find the latest episodes of your favorite shows and notifies you when new episodes become available for you Support for Wi-Fi calling on iPad, iPod touch and Mac, without iPhone in proximity on participating carriers Wi-Fi Assist to automatically use cellular data when Wi-Fi connectivity is poor Transfer content from an Android device with the Move to iOS app, visit http://www.apple.com/move-to-ios for more details Expanded language support New PingFang Chinese system font Improved predictions, learning and autocorrection for Chinese in QuickType Redesigned punctuation input on 10-key Chinese keyboard Redesigned User Interface for right-to-left languages Added Siri support for Austria, Belgium (French and Dutch), and Norway Added Spotlight search support for Mexico New keyboards for French (Belgium), German (Austria), Gujarati, Hindi (Transliteration), Hinglish, Punjabi, Spanish (Mexico),  and Telugu Predictive input for French (Belgium), German (Austria), Korean, Russian, Spanish (Mexico), and Turkish Dictation support for Dutch (Belgium), English (Ireland, Philippines, South Africa), French (Belgium), German (Austria), and Spanish (Chile, Colombia) Spell check for Finnish and Korean Definition dictionary for Hindi, Norwegian and Swedish Bilingual dictionary for French-English and German-English New Japanese autocorrection and improved predictions and learning in QuickType Option to switch between number systems for Arabic and Hindi Enterprise & Education Assign apps directly to iOS devices without needing to have an iTunes Store account configured Improved calendar reliability for customers using Microsoft Exchange ActiveSync v16 Expanded Per App VPN support for the built-in IPSec and IKEv2 VPN clients New networking controls for managed apps to help limit international data roaming costs New restrictions to prevent changes to passcodes, device names and wallpapers, or to disable AirDrop on managed devices Third party app extension support for VPN, advanced content filtering, and captive Wi-Fi networks  Accessibility Touch Accommodations provides additional touch control for those with physical motor limitations Switch Control Recipes to customize features or create your own Support for Siri Voices for VoiceOver users Additional customization of AssistiveTouch Hardware keyboard support for Key Repeat, Slow Keys and Sticky Keys Improved MFi hearing aid audio routing to choose where audio is played Some features may not be available for all countries or all areas, for more information visit:    http://www.apple.com/ios/feature-availability and http://www.apple.com/ios/whats-new For information on the security content of this update, please visit this website:       http://support.apple.com/kb/HT1222