[Translation] Theft of data due to the latest features of Windows and Mac OS X
Information security researchers have discovered the possibility of stealing confidential information using standard Windows behavior.
Man-in-the-middle (MITM) attacks, described on Monday [04/04/2011], use the capabilities of the latest versions of Windows OS to simplify communication with IP-based networks of the next-generation IPv6 protocol. It is possible to carry out similar attacks against computers running Mac OS X, although there is no practical confirmation yet. This statement was voiced by Jack Koziol, the head of information security at InfoSec Institute.
The attack exploits a vulnerability called “Automatic Addressless Configuration” ( Stateless Address Auto Configuration , SLAAC), which allows clients and hosts to find each other in IPv6 networks. By enabling this addressing (IPv6), as it is implemented by default on OS X, Windows Vista, Windows 7 and Server 2008, SLAAC can be used to create an unauthorized IPv6 network, and it can redirect traffic through the equipment controlled by the attackers.
As noted by Jack Koziol, “In the event of such an attack, Windows machines will connect to the“ bad ”router instead of the right one. If Microsoft did not enable this option by default, most of the negative consequences of this attack could have been avoided. ”
')
Confirming the possibility of an attack based on data from the InfoSec Institute researcher Alec Waters assumes that the user does not affect the automatic operation of the protocol at all and does not receive any warnings when connecting to an unauthorized IPv6 network.
This attack works because the system is configured to use a newer communication protocol if it is available. Unauthorized connection of IPv6 equipment to IPv4 networks will cause computers to start routing traffic through it, rather than through a standard gateway. In other words, the attack uses the default system behavior, in which it uses the most recent version of the protocol if possible.
According to Jack Koziol, Linux, FreeBSD, and other operating systems are not subject to this attack at default settings.
This technique of theft of network traffic has long been known in theory in connection with the Address Resolution Protocol (ARP). According to Jack Koziol, although there are many tools for ARP to identify and eliminate attacks, there is almost nothing to profile SLAAC attacks today. Moreover, with the proliferation of new versions of Windows and OS X, such attacks can work effectively on an increasing number of machines.
Of course, the attackers still have to install the appropriate hardware in the network. But in networks that are open to attacks from within, the presence of Windows or OS X can make it possible, whereas previously it was impossible.
Bruce Cowper, head of Microsoft’s Trustworthy Computing group, commented on the situation as follows:
From the translator. "About how many wonderful discoveries are to us ..." . Continuing on IPv6 readiness .
Man-in-the-middle (MITM) attacks, described on Monday [04/04/2011], use the capabilities of the latest versions of Windows OS to simplify communication with IP-based networks of the next-generation IPv6 protocol. It is possible to carry out similar attacks against computers running Mac OS X, although there is no practical confirmation yet. This statement was voiced by Jack Koziol, the head of information security at InfoSec Institute.
The attack exploits a vulnerability called “Automatic Addressless Configuration” ( Stateless Address Auto Configuration , SLAAC), which allows clients and hosts to find each other in IPv6 networks. By enabling this addressing (IPv6), as it is implemented by default on OS X, Windows Vista, Windows 7 and Server 2008, SLAAC can be used to create an unauthorized IPv6 network, and it can redirect traffic through the equipment controlled by the attackers.
As noted by Jack Koziol, “In the event of such an attack, Windows machines will connect to the“ bad ”router instead of the right one. If Microsoft did not enable this option by default, most of the negative consequences of this attack could have been avoided. ”
')
Confirming the possibility of an attack based on data from the InfoSec Institute researcher Alec Waters assumes that the user does not affect the automatic operation of the protocol at all and does not receive any warnings when connecting to an unauthorized IPv6 network.
This attack works because the system is configured to use a newer communication protocol if it is available. Unauthorized connection of IPv6 equipment to IPv4 networks will cause computers to start routing traffic through it, rather than through a standard gateway. In other words, the attack uses the default system behavior, in which it uses the most recent version of the protocol if possible.
According to Jack Koziol, Linux, FreeBSD, and other operating systems are not subject to this attack at default settings.
This technique of theft of network traffic has long been known in theory in connection with the Address Resolution Protocol (ARP). According to Jack Koziol, although there are many tools for ARP to identify and eliminate attacks, there is almost nothing to profile SLAAC attacks today. Moreover, with the proliferation of new versions of Windows and OS X, such attacks can work effectively on an increasing number of machines.
Of course, the attackers still have to install the appropriate hardware in the network. But in networks that are open to attacks from within, the presence of Windows or OS X can make it possible, whereas previously it was impossible.
Bruce Cowper, head of Microsoft’s Trustworthy Computing group, commented on the situation as follows:
Microsoft is in the know of security experts about the possibility of man-in-the-middle attacks on IPv6-based networks. The described method requires a hypothetical situation where an attacker has physical access to the network to install a black router. This situation is not a "security hole." As the only protection option, we propose to prohibit the IPv6 protocol on all machines that do not use it.
From the translator. "About how many wonderful discoveries are to us ..." . Continuing on IPv6 readiness .
Source: https://habr.com/ru/post/116889/
All Articles