not quite minimalistic enough  

2018-11-14

S-1-1-0 – Update

According to the company, this is not a security issue. I reserve – and exercise – my right to disagree, but I’m not a security researcher.

They say that:

  1. The global write permissions on the firmware files (they are firmware files) is

    • necessary to enable successful updates, and
    • not a problem because the PC software does not interpret them when feeding them to the reader, and the reader will reject manipulated files due to invalid signatures.
  2. The registry permissions are necessary for interoperability between components on the same system.

Finally, they say their software and devices are getting tested not only by them, but also by the IT security people of the companies using the things, and if no one complains, everything must be fine.

Very well then; if they won’t fix their bugs, I can only do work around them in my own environment.

2018-11-13

S-1-1-0

From the installation log of the driver for a REINER SCT smart card reader:

Executing Process <C:\Program Files (x86)\REINER SCT\cyberJack\subinacl.exe> with </subdirectories "C:\ProgramData\REINER SCT\*" /grant="S-1-1-0"=F>

Um. Come again? S-1-1-0 is Everyone.

C:\ProgramData\REINER SCT\cyberJack Base Components>icacls ctf_bdr.rsct
ctf_bdr.rsct Everyone:(F)
             NT AUTHORITY\SYSTEM:(I)(F)
             BUILTIN\Administrators:(I)(F)
             BUILTIN\Users:(I)(RX)

C:\ProgramData\REINER SCT\cyberJack Base Components>icacls .
. Everyone:(OI)(IO)(F)
  Everyone:(CI)(F)
  NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
  BUILTIN\Administrators:(I)(OI)(CI)(F)
  CREATOR OWNER:(I)(OI)(CI)(IO)(F)
  BUILTIN\Users:(I)(OI)(CI)(RX)
  BUILTIN\Users:(I)(CI)(WD,AD,WEA,WA)

The files are “transfer files” according to the (rather pointless) file type registration. They look encrypted. I suspect they are some kind of firmware.

Why would anyone in their right mind set a directory full of firmware for a smart card reader to be world writable?

The next line in the log file is this:

Executing Process <C:\Program Files (x86)\REINER SCT\cyberJack\subinacl.exe> with </keyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\Readers" /grant="S-1-5-19"=F>

NT AUTHORITY\LOCAL SERVICE. Probably also not a good idea; I think this is left from before there were virtual service accounts.

Time to ask the company.

Komposita

2018-11-10

Hidden knowledge

How to remove a systemwide installation of Fusion 360

"Fusion 360 Client Downloader.exe" --globalinstall -p uninstall

2018-11-08

QA, setzen, sechs.

Ach du lieber Deutschlandfunk.

Fall 1: »Jetzt muss Sessions gehen. Nachfolger wird aber nicht sein Stellvertreter, sondern Trumps Stabschef Matthew Whitaker.« Äh, nein, Whitaker ist/war nicht Trumps Stabschef, sondern Sessions’.

Fall 2: »Was man auch erzählen muss, weil es vermutlich bei der Geschichte eine Rolle spielt: die Bahira-Mitarbeiterin, die das Erlebnis hatte, ist nicht irgendwer. Das ist Pinar Cetin, die Ehefrau, des früheren Moscheevorsitzenden Ender Cetin, der im Dezember 2016 überraschend aus diesem Amt entfernt wurde. Auch sie selbst war in der Moschee und bei Ditib schon in wichtigen Ämtern bekleidet.« Wieso, sind Frauen in Moscheen und bei Ditib normalerweise unbekleidet?