Jump to content

Nytro

Administrators
 View Profile  See their activity

  • Posts

    18753

  • Joined

  • Last visited

  • Days Won

    726

 Content Type 

Everything posted by Nytro

  1. Nytro
    [h=1]Hashes Used by PHP, ASP.NET, Java, Python and Ruby Vulnerable to DoS Attacks[/h]December 29th, 2011, 12:16 GMT · By Eduard Kovacs A couple of researchers showed how a common flaw in the implementation of the most popular web programming languages and applications can be used to force servers to use their CPU at full capacity for several minutes, causing a denial-of-service (DoS) condition. Julian Wälde and Alexander Klink made a presentation at the 28C3 Chaos Communication Congress in Berlin, Germany, showing that the way most popular programming languages such as PHP, Java, Apache Tomcat, ASP.NET, Phyton, Plone, Ruby and V8, use hash tables make servers susceptible to DoS attacks. The issue was known since 2003 when Perl and CRuby changed their hash functions to include randomization, but others seem to have neglected to take the same measures. Hash tables are data structures that utilize hash functions to map identifying values, or keys, to their associated values. Most of these hash functions can be broken fairly fast by using equivalent strings or by launching a meet-in-the-middle attack, according to the advisory published by n.runs AG. The first method is plausible because some hash functions have the property that if two strings collide, then hashes having the same substrings at the same position collide as well. Basically, any website that runs a technology that provides the option to perform a POST request is highly vulnerable to a DoS attack and since the attack is just a POST request, a website can be targeted by using an XSS flaw present on another popular site. Just to make an idea on how effective these attacks are, Cryptanalysis provides some interesting figures. Assuming that the processing time for a request is not limited, a Core i7 CPU on a system that uses PHP, can be kept busy for 288 minutes just to process 8 megabytes of POST data. More precisely, you could keep 10,000 such CPU’s busy processing requests by using a 1 gigabit Internet connection. Some of the vendors rushed to release updates and workarounds for their products. Microsoft will release sometime today an out-of-band security update for ASP.NET and Ruby’s security team have already provided updates for their customers. The guys from Apache Tomcat also came up with some effective workarounds. PHP has yet to release an official statement regarding the issue, but in the meantime, users who haven’t heard from their product’s vendor can apply some simple measures to counterattack the problem. The easiest way to reduce impact is by limiting the CPU time that a request is allowed to take. Also, by limiting the maximal POST size and the number of parameters, an attack can be mitigated. A video demonstration made by the researchers can be downloaded from here. Sursa: Hashes Used by PHP, ASP.NET, Java, Python and Ruby Vulnerable to DoS Attacks - Softpedia
  2. Nytro
    Wi-Fi Protected Setup PIN brute force vulnerability Stefan @ 3:00 am A few weeks ago I decided to take a look at the Wi-Fi Protected Setup (WPS) technology. I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide. I reported this vulnerability to CERT/CC and provided them with a list of (confirmed) affected vendors. CERT/CC has assigned VU#723755 (will be released today) to this issue. To my knowledge none of the vendors have reacted and released firmware with mitigations in place. Detailed information about this vulnerability can be found in this paper: Brute forcing Wi-Fi Protected Setup – Please keep in mind that the devices mentioned there are just a tiny subset of the affected devices. I would like to thank the guys at CERT for coordinating this vulnerability. P.S. My brute force tool will be released once I get around to cleaning up the code Download paper: http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf Sursa: Wi-Fi Protected Setup PIN brute force vulnerability
  3. Nytro
    [h=1]28c3: Apple vs. Google Client Platforms[/h] **This video might be broken, incomplete and out of sync. It will be replaced very soon by the official recording.**
  4. Nytro
    [h=1]Tails (Incognito OS) - foloseste computerul fara sa lasi urme pe internet[/h]de Radu Eftimie | 29 decembrie 2011 De la bun inceput trebuie sa precizam ca a folosi un sistem de operare care nu lasa urme pe internet si care iti asigura in mare parte cel mai eficient anonimat nu inseamna ca poti face tot ceea ce iti trece prin cap fara sa tii cont de regulile si de legile care guverneaza spatiul virtual. Nu. Sistemul de operare pe care vi-l prezentam astazi este dedicat celor care doresc mai multa intimitate atunci cand folosesc internetul, nimic mai mult. Daca vreti, va asigura mai mult un confort psihic, daca sunteti genul care isi face griji ca datele personale introduse la autentificarile pe retele sociale, mail, messenger si alte astfel de servicii pot fi urmarite si retinute de anumite servere. Tails - The Amnesic Incognito Live System este un sistem de operare bazat pe Linux (Debian) si care poate fi rulat pe orice computer in sistem "live", adica direct de pe un mediu extern precum un CD sau un memory stick. Ce este Tor? Tail functioneaza prin intermediul retelei Tor, care asigura anonimat online si care va permite sa navigati pe orice site de pe internet in mod incognito, fara sa lasati urme. Mai exact, toate conexiunile la servere externe pe care le accesati cand folositi Tails sunt fortate sa devina active doar prin Tor, un server care va pune la adapost de monitorizarea pe care o folosesc anumite retele, care va incalca, nu de putine ori, intimitatea online, avand ca pretext ca nu pot functiona altfel. Tor, care poate fi descarcat individual si folosit pe sisteme de operare precum Windows, Mac, Linux/Unix si Android, previne tentativele de localizare, dar si monitorizarea comportamentului utilizatorilor de internet, metode deja folosite de majoritatea advertiserilor, de exemplu. Aveti in vedere, insa, faptul ca Tor nu poate rezolva toate problemele legate de anonimatul online si se concentreaza pe transferul de date. Tail Incognito OS este un sistem de operare complet, gratuit, care poate functiona independent de sistemul de operare preinstalat pe un PC. Ofera o interfata grafica familiara utilizatorilor de distributii Linux (KDE) si este bazat pe Debian Linux. Sistemul vine cu mai multe aplicatii utile preinstalate: un browser web, client de mesagerie intantanee multi account - Pidgin, client de email, o suita office, editor de sunet si imagini etc. The Amnesic Incognito OS ofera aproape toate aplicatiile de care aveti nevoie pentru o utilizare zilnica normala. Tails este configurat special pentru a nu utiliza hard disk-ul PC-ului, chiar daca exista partitii swap pe HDD. Folosit in sistem "Live", Tail utilizeaza doar memoria RAM pentru a stoca anumite informatii, iar in momentul in care opriti sau reporniti calculatorul, toate aceste date sunt sterse din memorie in mod automat. Astfel nu veti lasa urme nici legate de utilizarea Tails pe un anumit PC si nici legate de ceea ce ati facut pe PC-ul respectiv. Acesta este de altfel si motivul pentru care dezvoltatorii l-au denumit "Amnesic". Cel mai important aspect dupa asigurarea anonimatului online este ca Tails nu permite recuperarea de date dupa repornirea unui calculator, iar acest lucru este extrem de important in momentul in care folosit date "sensibile" pe PC. Nu uitati - Tor poate fi utilizat pe orice sistem de operare, iar Tails - The Amnesic Incognito OS ofera o integrare excelenta. Descarca Tails - The Amnesic Incognito OS Un tutorial si alte informatii pentru instalare se gasesc AICI Sursa: Tails (Incognito OS) - foloseste computerul fara sa lasi urme pe internet | Hit.ro
  5. Nytro
    [h=1]GrrCON '11 Hunting Hackers Tim Crothers[/h] While a web site defacement is an indicator that bad guys have been doing bad stuff in your network or systems, in the real day-to-day of security increasingly its rarely that obvious. The criminals likely to do the most damage use stealth. So how do you find and get rid of them? In this session we'll cover techniques for finding the wily rabbits, err hackers, lurking in our environments unseen. We'll use several real-life incidents (anonymized to protect the not-so-innocent of course) to cover some of the latest techniques in use by the miscreants and methods for helping you defeat them.
  6. Nytro
    [h=1]GrrCON '11 sploit me if u can - atlas 0f d00m[/h] The exploitation landscape has changed it's scenery with aslr/nx... have you aDEPted? this presentation will cover some of the challenges exploiting in newer environments, tactics for success, and tricks to make the job easier. come watch as atlas iterates through the 2011 defcon quals "potent pwnables 500? challenge and a few solutions. the quals system may not have used NX, but what if it had? 'cuz eip is half the battle... from there you have to think.'
  7. Nytro
    [h=1]GrrCON '11 ZeuS -- Inside Command and Control Adam Johnson[/h] The ZeuS bot network, while being some what aged, still represents a major realization of what past bot networks have tried to achieve. This "low-PowerPoint" presentation gives an inside look at a ZeuS command and control server. From setting up command and control, to configuring and creating the bot, to the ease or difficulty of controlling and issuing commands to one of the infected computers in its network, this presentation covers the bot-masters tools and capabilities. While being specific to ZeuS, the general capabilities of the Zeus bot net are replicated in most modern bot nets.
  8. Nytro
    [h=1]28c3: Rootkits in your Web application[/h] Uploaded by 28c3 on Dec 28, 2011
  9. Nytro
    [h=1]28c3: Bitcoin - An Analysis[/h] Uploaded by 28c3 on Dec 29, 2011
  10. Nytro
    [h=1]22C3: Disassembler Internals[/h]Speaker: Richard Johnson Disassembler Internals II is an advanced look at the power of programmatic disassembly analysis. The talk will focus on data structure recognition for the purposes of reducing time spent reverse engineering protocols and proprietary file formats. For more information visit: 22C3: Private Investigations To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network
  11. Nytro
    [h=1]22C3: Secure Code[/h]Speaker: Paul Böhm Why developing Secure Software is like playing Marble Madness This talk will introduce new strategies for dealing with entire bug classes, and removing bug attractors from development environments. For more information visit: 22C3: Private Investigations To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network
  12. Nytro
    [h=1]22C3: Learning cryptography through handcyphers[/h]Speaker: Brenno de Winter Shaping a digital future with ancient wisdom For many people cryptography is something that they consider too complicated. But actually one can understand the principles very well if they only try. By looking at old handcyphers used for coding one can begin to understand modern cryptography. For more information visit: 22C3: Private Investigations To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network
  13. Nytro
    [h=1]22C3: Vulnerability markets[/h]Speaker: Rainer Böhme What is the economic value of a zero-day exploit? What is the market value of a zero-day exploit? It is evident that information on vulnerabilities and information security threads is very valuable, but the market for it is neither structured nor liquid. This talk combines examples from real world information security business with academic arguments on the pros and cons of vulnerability markets, including vulnerability sharing circles, bug auctions, remote root derivatives, and cyber-insurance. Would we live in a more secure world if every geek could go and sell his exploit at the market price? How could this market eventually be organised? What are the incentives of market participants and where are dangers for conflicts of interest? Join us on a journey to a hypothetical world where information security is entirely melted into finance so that S&P quotes a daily kernel hardness index ... For more information visit: 22C3: Private Investigations To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network
  14. Nytro
    [h=1]22C3: Covert channels in TCP/IP: attack and defense[/h]Speaker: Steven J. Murdoch Creation and detection of IP steganography for covert channels and device fingerprinting This talk will show how idiosyncrasies in TCP/IP implementations can be used to reveal the use of several steganography schemes, and how they can be fixed. The analysis can even be extended to remotely identify the physical machine being used. For more information visit: 22C3: Private Investigations To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network
  15. Nytro
    [h=1]22C3: Attacking the IPv6 Protocol Suite[/h]Speaker: van Hauser After a short introduction on the differences of IPv4 to IPv6, the weaknesses in IPv6 will be shown. Highlight of the talk is the presentation of the THC-IPV6 Attack Toolkit, which includes all IPv6 attacks as well as a low level packet library for easy crafting packets. For more information visit: 22C3: Private Investigations To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network
  16. Nytro
    [h=1]22C3: A discussion about modern disk encryption systems[/h]Speaker: Jacob Appelbaum Jacob Appelbaum will discuss different disk encryption systems in their current implementation, the users rights in their given country (ie: the USA, Germany and the UK), issues with the implementations, commentary on the community surrounding each featured implementation, threats posed by legal systems, requirements for users, as well as ideas for working around the letter of the law. For more information visit: 22C3: Private Investigations To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network
  17. Nytro
    [h=1]27c3: Recent advances in IPv6 insecurities[/h]Speaker: vanHauser New protocol features have been proposed and implemented in the last 5 years and ISPs are now slowly starting to deploy IPv6. This talk starts with a brief summary of the issues presented five years ago, and then expands on the new risks. Discovered implemention security issues in Windows 7/2008, Linux and Cisco will be shown too. Comes with a GPL'ed toolkit: thc-ipv6 Five years have past since my initial talk on IPv6 insecurities at the CCC Congress. New protocol features have been proposed and implemented since then and ISPs are now slowly starting to deploy IPv6. Few changes have led to a better security of the protocol, several increase the risk instead. This talk starts with a brief summary of the issues presented 5 years ago, and then expands on the new risks especially in multicast scenarios. As an add-on, discovered implemention security issues in Windows 7/2008, Linux and Cisco will be shown too. Lets hope patches are out until the conference, if not - they had enough time. All accompanied with GPL'ed tools to and a library: the new thc-ipv6 package. rewritten, expanded, enhanced. For more information visit:http://bit.ly/27c3_information To download the video visit: Index of /CCC/27C3/
  18. Nytro
    [h=1]22C3: Lawful Interception in VoIP networks[/h]Speaker: Hendrik Scholz Old Laws and New Technology the German Way Lawful Interception (aka voice and signalling sniffing) equipment has been deployed and is in use for both traditional PSTN networks and internet connections. With the advent of Voice over IP applications the governments step-by-step adopted laws to extend PSTN interception to VoIP. The talk gives an introduction to the applying laws, rules of conduct and the basic PSTN setup. Sample VoIP setups show drawbacks and the resulting development and intermediate steps of the german Law Enforcement Agency (LEA) named Bundesnetzagentur that eventually aim to gain as much information as possible while still allowing companies to run a lucrative business. An outlook to possible countermeasures and detection methods will be given. For more information visit: http://bit.ly/22c3_information To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network
  19. Nytro
    [h=1]22C3: Advanced Buffer Overflow Methods [or] Smack the Stack[/h]Speaker: Izik Cracking the VA-Patch A quick review of the standard buffer overflow exploit structure VA Patch, What it is and what it does to prevent buffer overflows. For more information visit: http://bit.ly/22c3_information To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network
  20. Nytro
    [h=1]22C3: Finding and Preventing Buffer Overflows[/h]Speaker: Martin Johns An overview of static and dynamic approaches A talk that will present academic tools, which are designed to find or disarm security problems in C code For more information visit: http://bit.ly/22c3_information To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network
  21. Nytro
    [h=1]22C3: Understanding buffer overflow exploitation[/h]Speaker: Christiane Ruetten The fascinating interplay of CPU, stack, C-compiler and shellcode in a nutshell Everything started with Aleph One's paper "Smashing the Stack for Fun and Profit". These techniques are still the basis for modern exploitation of buffer, heap and format string vulnerabilities. We will give a swift overview about C functions, stack usage, assembler, gcc, gdb and how these few tools can be used to understand and write shell-code to turn simple buffer overflows into backdoors that open whole systems to potential attackers. Sure you want to know how to defend against that. We also will tell you about that! For more information visit: http://bit.ly/22c3_information To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network
  22. Nytro
    [h=1]25c3: TCP Denial of Service Vulnerabilities[/h]Speaker: Fabian Yamaguchi Accepting the Partial Disclosure Challenge The Transmission Control Protocol (TCP) is one of the fundamental protocols used in today's communication networks. Recently, there has been an increased discussion on possible Denial of Service attacks against TCP-based services, which has largely been triggered by the partial disclosure of several vulnerabilities by the security company Outpost24. This talk will present several TCP vulnerabilities in an attempt to find out just what they found. This year, vulnerabilities have been identified in the specifications of various core network protocols. This included BGP, DNS and TCP. Accompanying these wide-ranging discoveries, a new form of vulnerability disclosure named "partial disclosure" has been introduced. In practice, this means that the public knows that there is something wrong, yet, it is uninformed about the details. This, of course, can be understood as a challenge to find out just what could be wrong, which is what we at Recurity Labs did after the Denial of Service vulnerabilities in TCP had been announced. This talk will present known vulnerabilities in the protocol, which have been receiving rather sparse media-attention, as well as some attacks we have been working on during our research. Additionally, we hope to provide sufficient background information on the protocol's fundamental weaknesses to motivate further research on the subject. We argue that certain assumptions made by the protocol engineers almost 30 years ago do not hold in today's networks and that most possible Denial of Service attacks against TCP can be derived from these assumptions. More information about the 25th Chaos Communication Congress can be found via the Chaos Communication Congress website: http://bit.ly/25c3_program Source: http://bit.ly/25c3_videos
  23. Nytro
    [h=1]25c3: Wikileaks[/h]Wikileaks vs. the World Wikileaks is developing an uncensorable Wikipedia for untraceable mass document leaking and analysis. In the past year, Wikileaks has publicly revealed more sensitive military documents than the entire world's press combined. Its mission has been quite successful after the launch, spawning reportage worldwide and effectively helping to bring about reform on important matters based on factual information. As of now the effort has spawned thousands of press references in major newspapers like The NY Times, The Guardian and the BBC, and tens of thousands in blog posts. We will talk about experiences that have been made within the first year of its operation, the impact activities on Wikileaks had in various parts of the globe, technical, political and legal challenges faced as well as give an overview of the state of classic and internet media today. We will also talk about conclusions we can derive from these experiences and will present strategies on how investigative journalism, and therefore the fourth estate as the only truly independent control over the state and our future might be resurrected. Lastly we will address why your involvement and that of the technical community is inherently important to ensuring free and uncensored access to information in the future. During the year of operation we have been able to make many different observations on the state of free information on the internet, the media, governments, military and corporations. We have observed how material that is published is being picked up, sued for, digested, hyped or ignored, and these observations, whether legal, behavioral or qualitative, lead to insights and conclusions that we would like to present and discuss. Especially we have found the 4th estate as 'the' supposedly independent control over the state, inherently important to any society and its development, is clinically dead, bankrupt and headed in a dangerous direction. While the number of reportage is increasing with bloggers and other new media, the number of genuine reportage, let alone investigative journalism, is rapidly decreasing. This today goes in hand with censorship even in the free world and its media becoming daily routine and increasingly easy. Wikileaks has developed mechanisms that can actively help to address this problem and as has been proven from experience, lead to change and reform. We have found these mechanisms and others in their effectiveness only depend on the awareness and involvement of the public, on our all 'making use of them'. We want to present these findings in an effort to further this awareness and involvement, especially in the technical community that possesses a lot of the power to shape these important facets of our technologically-driven society, and so in some respect might carry a certain responsibility towards the future of our world. More information about the 25th Chaos Communication Congress can be found via the Chaos Communication Congress website: http://bit.ly/25c3_program
  24. Nytro
    [h=1]DEFCON 19: Kernel Exploitation Via Uninitialized Stack[/h]Speaker: Kees Cook Ubuntu Security Engineer, Canonical Ltd Leveraging uninitialized stack memory into a full-blown root escalation is easier than it sounds. See how to find these vulnerabilities, avoid the pitfalls of priming the stack, and turn your "memory corruption" into full root privileges.
  25. Nytro
    [h=1]DEFCON 19: Steganography and Cryptography 101[/h]Speaker: eskimo There are a lot of great ways to hide your data from prying eyes this talk will give a crash course in the technology and some tools that can be used to secure your data. Will also discuss hiding your files in plain site so an intruder will have no idea that hidden files even exist. These same techniques can also be employed by somebody wishing to transmit messages.
×
×
  • Create New...