Mitigating the BEAST attack on TLS | Qualys Security Labs Update (19 March 2013): This blog post advises to use RC4 to migitate the BEAST attack, but RC4 has recently been discovered to be weaker than previously known. At this point the attacks against RC4 are still not practical. The only fully safe choice at the moment is the AES-GCM suites supported only in TLS 1.2. During the summer rumours about a new attack against SSL started circulating. As it turns out, the attack itself was conceived years ago, deemed impractical, but it was nevertheless fixed in TLS 1.1. In terms of mitigation, I expect this problem will be largely addressed on the client side, despite a potential compatibility problem that may cause some TLS sites to stop working. Just as an example, here's one way to do the above in Apache: SSLHonorCipherOrder OnSSLCipherSuite RC4-SHA:HIGH:! Not everyone likes RC4, even though there is little to no evidence that it is insecure in the context of SSL/TLS.
Hack and / - Password Cracking with GPUs, Part I: the Setup Bitcoin mining is so last year. Put your expensive GPU to use cracking passwords. When the Bitcoin mining craze hit its peak, I felt the tug to join this new community and make some easy money. I wasn't drawn only by the money; the concepts behind Bitcoin mining intrigued me, in particular the new use of graphics processors (GPUs). Then Bitcoin tanked. Legitimate Reasons to Crack Passwords Before I get started, let's admit that there are some pretty shady reasons to crack passwords. That said, like with lock picking, there are legitimate reasons to crack passwords, particularly for a sysadmin or Webmaster: Test local users' password strength. In fact, many Linux systems will run a basic dictionary attack when you change your password to evaluate how weak it is. An Introduction to Password Hashes Password hashes were created to solve a particularly tricky problem. How Password Cracking Works On a very basic level, password cracking works much like a regular login. $id $salt $encrypted
Hack and / - Forensics with Ext4 Learn from my mistakes as I figure out how to gather forensics data on an ext4 filesystem. One great thing about writing technical articles is that you have a nice collection of documentation you can turn to. I tell people that I probably reference my books and articles more than anyone else, because although I may not always remember specific steps to perform a task, I do always remember whether I wrote about how to do it. One article I find myself referring to now and then is the "Introduction to Forensics" article I wrote in Linux Journal back in the January 2008 issue (my first feature article in Linux Journal). The Victim As I mentioned, recently I investigated a server (let's call it alvin to protect the innocent) that had been compromised by a brute-force attack. The first big difference about this system I ran into compared to past investigations was the sheer size of the data. The Problem $ sudo mount -o loop /path/to/image /mnt/image Like Ext3 Plus One More
sniffer - Mobile numbers capture and transmit data - IT Security Yes, You can build a GSM basestation using an USRP and the OpenBTS. What you do, is announce that you are a basestation for i.e. AT&T, and if you have better signal power than other basestations in the area, AT&T cellular phones will start connecting to your basestation. Normally, the mobile phones would encrypt the sent data using keys that only AT&T knows, but if you tell the phones not to encrypt, they gladly oblige. At this point, you will be acting as their basestation. You will not be sending messages to their phone numbers, but you will sending it to their ISMI's. More random links: Airprobe, Monitoring Gsm Traffic With Usrp (Har 2009) - Gsm Srsly (Shmoocon 2010) - Gsm Security At Brucon 2010 -
How to bypass strict firewalls on public wifi hotspots and restricted networks, by tunneling blocked ports and protocols - verot.net Public wifi hotspots and restricted internet access More and more, you can find public wireless hotspots, in cities, train stations, airports... and even some public hotspots that are available with a subscription, accessible through a web login form. The thing is, most of the time, these hospots will have a reduced connectivity. Only some ports and protocols will be allowed. For instance, you may be restricted to HTTP, HTTPS, POP and SMTP. This also applies to protected networks, such as libraries, schools and office environments, where your access to Internet is limited, and some ports and protocols are blocked. I will explain here two different solutions to break free of these restrictions: SSH tunneling and SOCKS servers. What do we need? You do need the following: HTTPS access through the firewall. You may want to use a free shell provider such as SilenceIsDefeat as your server, but make sure you can access SSH through port 443. How does it work? Before we start Listen 443 SSH tunneling
What’s a Trojan Horse virus? I came across this gem on the Visa website: Trojan Horse virus What’s a Trojan Horse virus? A Trojan Horse is an email virus usually released by an email attachment. If opened, it will scour your hard drive for any personal and financial information such as your social security, account, and PIN numbers. Once it has collected your info, it is sent to a thief’s database. Now, there are Trojan Horses and there are viruses, but there's no such thing as a Trojan Horse virus. The Visa description continues with, "A Trojan Horse is an email virus usually released by an email attachment." Just what is a Trojan then? There are several different types of Trojans. But one thing you probably won't find a Trojan doing is scouring your hard drive for personal details, as the Visa description alleges. But why is it important to know the difference between a virus, a worm, and a Trojan?
Online security must be a priority for retailers - ICO news release News release: 9 August 2011 Cosmetics retailer Lush breached the Data Protection Act after the security of its website was compromised for a four month period, the Information Commissioner’s Office (ICO) said today. The breach, which occurred between October 2010 and January 2011, meant that hackers were able to access the payment details of 5,000 customers who had previously shopped on the company’s website. As a result of the breach, the ICO has required Lush to sign an undertaking to ensure that future customer credit card data will be processed in accordance with the Payment Card Industry Data Security Standard. The ICO is taking this opportunity to warn online retailers that if they do not adopt this standard, or provide equivalent protection when processing customers’ credit card details, they risk enforcement action from the ICO. Lush discovered the security lapse in January 2011 after receiving complaints from 95 customers who had been the victim of card fraud. Notes to Editors
Five Things To Know About DHCP Snooping This is a new format of blog post I’m trying out. The idea is to put key points about a technology into easily digestible bullet points. I’ll draw from textbook knowledge and real-world experience to sum up the “what” and the “why”. If you know “what” and “why”, the “how” becomes an exercise in syntax which you can look up, so I probably won’t belabor individual coding steps as much. This overview of DHCP snooping is in the context of Cisco Catalyst switches running IOS, although I suspect DHCP snooping in other vendors’ switches will function similarly. 1. 2. DHCP snooping will drop DHCP messages from a DHCP server that is not trusted. 3. 4. %DHCP_SNOOPING-5-DHCP_SNOOPING_MATCH_MAC_FAIL messages are potentially safe to ignore. 5. Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995.
Blackhole exploit kit The supposedly Russian creators use the names "HodLuM" and "Paunch". It was reported on the October 7, 2013 that "Paunch" has been arrested.[5] Basic summary of how Blackhole works[edit] Defenses against the Blackhole exploit kit[edit] A typical defensive posture against this and other advanced malware includes, at a minimum, each of the following: First release on the Internet[edit] Blackhole exploit kit was released on "Malwox", an underground Russian hacking forum. References[edit] Jump up ^ Howard, Fraser (March 29, 2012).
BlackHole Exploit Kit 2.0 released with more latest Exploits According to release announcement on Pastebin by unknown developers in a Russian-language BlackHole Exploit Kit 2.0 released with more latest Exploits. BlackHole is one of the most dominant exploit toolkits currently available in the underground market. It enables attackers to exploit security holes in order to install malicious software on victim's systems. The new variant doesn’t rely on plugindetect to determine the Java version that’s installed, thus speeding up the malware download process. The exploit kit is offered both as a "licensed" software product for the intrepid malware server operator and as malware-as-a-service by the author off his own server. Some interesting claims by developer about new version: Finally, a number of “private tricks” have been implemented, which the author prefers to keep a secret because he fears that competitors and antivirus companies are “sneaking around.”