Amazines Free Article Archive - Monday, October 19, 2020
Read about the most recent changes and happenings at
Log into your account or register as a new author. Start submitting your articles right now!
Search our database for articles.
Subscribe to receive articles emailed straight to your email account. You may choose multiple categories.
View our newest articles submitted by our authors.
View our most top rated articles rated by our visitors.
* Please note that this is NOT the ARTICLE manager
Add a new EZINE, or manage your EZINE submission.
Add fresh, free web content to your site such as newest articles, web tools, and quotes with a single piece of code!
Home What's New? Submit/Manage Articles Latest Posts Top Rated Article Search
Subscriptions Manage Ezines
 Article Archive
 Advertising (133418)
 Advice (161139)
 Affiliate Programs (34751)
 Art and Culture (73737)
 Automotive (145654)
 Blogs (75196)
 Boating (9843)
 Books (17221)
 Buddhism (4128)
 Business (1328956)
 Business News (426365)
 Business Opportunities (366330)
 Camping (10967)
 Career (72752)
 Christianity (15847)
 Collecting (11638)
 Communication (115068)
 Computers (241945)
 Construction (38924)
 Consumer (49684)
 Cooking (17066)
 Copywriting (6633)
 Crafts (18205)
 Cuisine (7543)
 Current Affairs (20417)
 Dating (45881)
 EBooks (19691)
 E-Commerce (48222)
 Education (185288)
 Electronics (83503)
 Email (6407)
 Entertainment (159837)
 Environment (28929)
 Ezine (3039)
 Ezine Publishing (5449)
 Ezine Sites (1550)
 Family & Parenting (110922)
 Fashion & Cosmetics (196423)
 Female Entrepreneurs (11845)
 Feng Shui (131)
 Finance & Investment (310451)
 Fitness (106330)
 Food & Beverages (62909)
 Free Web Resources (7939)
 Gambling (30220)
 Gardening (25143)
 Government (10529)
 Health (629694)
 Hinduism (2206)
 Hobbies (44054)
 Home Business (91574)
 Home Improvement (251132)
 Home Repair (46166)
 Humor (4833)
 Import - Export (5453)
 Insurance (45106)
 Interior Design (29581)
 International Property (3485)
 Internet (191001)
 Internet Marketing (146454)
 Investment (22837)
 Islam (1167)
 Judaism (1356)
 Law (80491)
 Link Popularity (4595)
 Manufacturing (20852)
 Marketing (98961)
 MLM (14136)
 Motivation (18218)
 Music (27013)
 New to the Internet (9495)
 Non-Profit Organizations (4048)
 Online Shopping (129629)
 Organizing (7803)
 Party Ideas (11852)
 Pets (38068)
 Poetry (2234)
 Press Release (12682)
 Public Speaking (5635)
 Publishing (7526)
 Quotes (2407)
 Real Estate (126636)
 Recreation & Leisure (95385)
 Relationships (87666)
 Research (16165)
 Sales (80334)
 Science & Technology (110255)
 Search Engines (23486)
 Self Improvement (153216)
 Seniors (6235)
 Sexuality (35947)
 Small Business (49293)
 Software (83013)
 Spiritual (23474)
 Sports (116105)
 Tax (7659)
 Telecommuting (34066)
 Travel & Tourism (307829)
 UK Property Investment (3121)
 Video Games (13427)
 Web Traffic (11739)
 Website Design (56838)
 Website Promotion (36587)
 World News (1000+)
 Writing (35788)
Author Spotlight

My Name is Anish Sah, I am an Internet Marketing and SEO Expert, Social Media Guru and young Entrepr...more

I love to research products and write reviews only high-quality useful products. ...more

I am the Founder Director of, India’s First Financial Helpline and am an expert on Per...more

I'm Ellisen, nice to meet you! Obviously you're here because you want to know who I am. Wel...more

Former English Teacher; Musician (20+ years); Freelance Writer ...more

Tech behind flame attack could compromise microsoft update - Automatic Encrusting and Forming Machi by he ni

Article Author Biography
Tech behind flame attack could compromise microsoft update - Automatic Encrusting and Forming Machi by
Article Posted: 08/21/2012
Article Views: 95
Articles Written: 1145
Word Count: 744
Article Votes: 0
AddThis Social Bookmark Button

Tech behind flame attack could compromise microsoft update - Automatic Encrusting and Forming Machi

Business,Business News,Business Opportunities
Few of the people you or I know need to worry about a Flame malware attack -- unless you know a lot of Iranian bureaucrats. But thetechnology behind the attack -- details of which are only startingto surface -- should have all of us concerned. Not just about thesophisticated cracking techniques employed, but about the tools weuse and rely on all the time. Yes, I'm talking specifically about WSUS and Microsoft's AutomaticUpdate. F-Secure's Mikko Hypponen (who has been known to succumb tohyperbole from time to time) calls it "the nightmare scenario."According to his News from the Lab blog , "Flame has a module which appears to attempt to do aman-in-the-middle attack on the Microsoft Update or Windows ServerUpdate Services (WSUS) system.

If successful, the attack drops afile called WUSETUPV.EXE to the target computer. This file issigned by Microsoft with a certificate that is chained up toMicrosoft root. Except it isn't signed really by Microsoft ." Sunday night, Microsoft pushed through an out-of-band patch known as SA 2718704 that effectively killed three root certificates that had beencompromised by the Flame throwers. That begs at least two painfullyobvious questions: If Microsoft didn't give the certificates to thepeople who made Flame, how did the bad guys get them? And what canbe done to prevent the same thing from happening again? We aren't talking about a break-in at a small Comodo certificate-issuing authority in the Netherlands.

These are, as Mikko says, the certificatesthat validate WSUS patches -- Microsoft Update's family jewels. Yesterday the Microsoft Security Response Center posted an update to the Security Advisory that says, "The Flame malware used a cryptographic collisionattack in combination with the terminal server licensing servicecertificates to sign code as if it came from Microsoft. However,code-signing without performing a collision is also possible. Thisis an avenue for compromise that may be used by additionalattackers on customers not originally the focus of the Flamemalware. In all cases, Windows Update can only be spoofed with anunauthorized certificate combined with a man-in-the-middle attack." Permit me to translate that into English.

A "cryptographic collision attack" is a brute-force approach tocracking a hashing method, where the attacker guesses at a wholebunch of input strings, runs the hashing algorithm, and comparesthe result to the real hash. If the hashes match, then the originalstrings matched. Sophisticated guessing techniques can be employed,but in general cracking not one, but three original Microsoftcertificates must've taken eons of computing time. There's still alot of confusion about exactly how the Flame folks used thecollision attack.

Microsoft's statement is subject to a lot ofinterpretation. Dan Goodin has an analysis on Ars Technica . As Microsoft rightly notes, just having the certs isn't goodenough. In order to subvert WSUS/Windows Update for a site, theperson with the cracked certs has to be able to insert themselvesbetween the site's network and the Microsoft update servers: aman-in-the-middle attack.

In some countries, that's certainlypossible for any organization that has influence over local DNSservers. In general, though, it's a highly nontrivial exercise. But working inside a network, man-in-the-middle may not be sodifficult. Aleks Gostov at Kaspersky Lab has started peeling away at Flame and discovered that fully patched Windows 7 machines running on anetwork with one Flame-infected machine were getting infected "in avery suspicious manner. When a machine tries to connect toMicrosoft's Windows Update, [Flame] redirects the connectionthrough an infected machine and it sends a fake, malicious WindowsUpdate to the client." That's the man in the middle.

What can you do to protect yourself? Get SA 2718704 installed, ofcourse. SANS Internet Storm Center gives a manual patching procedure if you don't feel comfortable applying the update. More than that, you need to be aware of the fact that some very,very smart people, using an enormous amount of computing power,were able to subvert some of the most trusted authenticationcertificates -- and techniques -- that we have. The bad guys just got a leg up. This story, " Tech behind Flame attack could compromise Microsoft Update ," was originally published at

Get the first word on what the important tech news really meanswith the InfoWorld Tech Watch blog . For the latest developments in business technology news, follow on Twitter .

The e-commerce company in China offers quality products such as Automatic Encrusting and Forming Machine , Kubba Machine Manufacturer, and more. For more , please visit Meat Ball Forming Machine today!

Related Articles - Automatic Encrusting and Forming Machine, Kubba Machine Manufacturer,

Email this Article to a Friend!

Receive Articles like this one direct to your email box!
Subscribe for free today!

 Rate This Article  
Completely useless, should be removed from directory.
Minimal useful information.
Decent and informative.
Great article, very informative and helpful.
A 'Must Read'.


Do you Agree or Disagree? Have a Comment? POST IT!

 Reader Opinions 
Submit your comments and they will be posted here.
Make this comment or to the Author only:
*Your email will NOT be posted. This is for administrative purposes only.
Comments: *Your Comments WILL be posted to the AUTHOR ONLY if you select PRIVATE and to this PUBLIC PAGE if you select PUBLIC, so write accordingly.
Please enter the code in the image:

 Author Login 
Register for Author Account


Advertiser Login


   Limited Time $60 Offer!
   90  Days-1.5 Million Views  


Great Paranormal Romance


Stevert Mckenzie, Travel Enthusiast. ...more

At LeadGenerators, we specialise in content-led Online Marketing Strategies for our clients in the t...more

Steve Bye is currently a fiction writer, who published his first novel, ‘Looking Forward Through The...more

Demonstrated exceptional leadership in the government and private sector at an executive level. Skil...more

Jason Ng has a huge passion for the health and fitness industry as he strongly believes that having ...more

I have been involved in nutrition and weight management for over 12 years and I like to share my kn...more

Susan Friesen, founder of the award-winning web development and digital marketing firm eVision Media...more

I am not a writer nor am I trying to become a writer. I am an average person with average intelligen...more

Author of four books and two screenplays; frequent magazine contributor. I have four other books "in...more

Rev Bresciani is the author of two Christian books. One book is an important and concisely written b...more

HomeLinksAbout UsContact UsTerms of UsePrivacy PolicyFAQResources
Copyright © 2020, All rights reserved.
Some pages may contain portions of text relating to certain topics obtained from under the GNU FDL license