Mitigating the BEAST attack on TLS | Qualys Security Labs Update (19 March 2013): This blog post advises to use RC4 to migitate the BEAST attack, but RC4 has recently been discovered to be weaker than previously known. At this point the attacks against RC4 are still not practical. The only fully safe choice at the moment is the AES-GCM suites supported only in TLS 1.2. During the summer rumours about a new attack against SSL started circulating. As it turns out, the attack itself was conceived years ago, deemed impractical, but it was nevertheless fixed in TLS 1.1. In terms of mitigation, I expect this problem will be largely addressed on the client side, despite a potential compatibility problem that may cause some TLS sites to stop working. Just as an example, here's one way to do the above in Apache: SSLHonorCipherOrder OnSSLCipherSuite RC4-SHA:HIGH:! Not everyone likes RC4, even though there is little to no evidence that it is insecure in the context of SSL/TLS.
All You Need to Know about Texel Density by Leonardo Iezzi – zbrushtuts LEONARDO IEZZI is a Environment Artist at Reflections a Ubisoft Studio from Newcastele Upon Tyne, United Kingdom. In this post you will learn All You Need to Know about Texel Density by Leonardo Iezzi. This is a crucial topic for environment artists: Texel Density!!
GitHub - mikeaddison93/awesome-pentest: A collection of awesome penetration testing resources, tools and other shiny things Hack and / - Password Cracking with GPUs, Part I: the Setup Bitcoin mining is so last year. Put your expensive GPU to use cracking passwords. When the Bitcoin mining craze hit its peak, I felt the tug to join this new community and make some easy money. I wasn't drawn only by the money; the concepts behind Bitcoin mining intrigued me, in particular the new use of graphics processors (GPUs). Then Bitcoin tanked. Legitimate Reasons to Crack Passwords Before I get started, let's admit that there are some pretty shady reasons to crack passwords. That said, like with lock picking, there are legitimate reasons to crack passwords, particularly for a sysadmin or Webmaster: Test local users' password strength. In fact, many Linux systems will run a basic dictionary attack when you change your password to evaluate how weak it is. An Introduction to Password Hashes Password hashes were created to solve a particularly tricky problem. How Password Cracking Works On a very basic level, password cracking works much like a regular login. $id $salt $encrypted
SSL Certificate Installation - Ubuntu Server with Apache2 Ubuntu Server with Apache2 SSL Certificate Installation For help creating a CSR for Ubuntu Server with Apache2, see our Apache CSR Creation instructions, or try our Easy CSR Generator. These instructions were created using Ubuntu server 12.x. Additional help is available at: Copy the Certificate files to your server. Configuration and Useful Commands Install Apache2 Required for SSL certificates to be used: sudo apt-get install apache2 Enable SSL Module 'default-ssl' can be replaced by the real site name you set up in /etc/apache2/sites-available/ Once the site listed in the command above is enabled with that command, the site will appear in /etc/apache2/sites-enabled. Apply SSL Module to Site sudo a2ensite default-sslsudo /etc/init.d/apache2 restart Cipher Suite Once the a2enmod ssl command has been run, you can edit the ssl.conf file in /etc/apache2/mods-enabled.
american fuzzy lop American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful for seeding other, more labor- or resource-intensive testing regimes down the road. Compared to other instrumented fuzzers, afl-fuzz is designed to be practical: it has modest performance overhead, uses a variety of highly effective fuzzing strategies and effort minimization tricks, requires essentially no configuration, and seamlessly handles complex, real-world use cases - say, common image parsing or file compression libraries. The "sales pitch" In a hurry? It is pretty sophisticated. Want to try it out? The bug-o-rama trophy case Yeah, it finds bugs. Download & other useful links Contact and mailing list
Hack and / - Forensics with Ext4 Learn from my mistakes as I figure out how to gather forensics data on an ext4 filesystem. One great thing about writing technical articles is that you have a nice collection of documentation you can turn to. I tell people that I probably reference my books and articles more than anyone else, because although I may not always remember specific steps to perform a task, I do always remember whether I wrote about how to do it. One article I find myself referring to now and then is the "Introduction to Forensics" article I wrote in Linux Journal back in the January 2008 issue (my first feature article in Linux Journal). The Victim As I mentioned, recently I investigated a server (let's call it alvin to protect the innocent) that had been compromised by a brute-force attack. The first big difference about this system I ran into compared to past investigations was the sheer size of the data. The Problem $ sudo mount -o loop /path/to/image /mnt/image Like Ext3 Plus One More
Obscure Ethernet for $200 please, Alex: The Ethernet PAUSE frame – jeffq, published This is a bizarre one. It all started when the internet seemed to go out at my house. My desktop, phone, TV, everything stopped working. The usual solution at a time like this is to power cycle the modem and router. While this fixed the situation temporarily, soon after the problem returned. After some clever deductive reasoning, a.k.a randomly unplugging cables from the router, I determined that my TV was sending these mystery frames (yes, my TV — I have a Sony X805D Android TV). The type of an Ethernet frame is determined by it’s EtherType, which is a two byte identifier that comes after two six byte MAC addresses denoting source and destination. The very existence of Ethernet flow control may come as a shock, especially since protocols like TCP have explicit flow control mechanisms, presumably to compensate for Ethernet’s lack of one. Sure enough, sending this frame repeatedly killed all traffic on my home network. Have we reached the end of the road?
GitHub - mikeaddison93/faraday: Collaborative Penetration Test and Vulnerability Management Platform sniffer - Mobile numbers capture and transmit data - IT Security Yes, You can build a GSM basestation using an USRP and the OpenBTS. What you do, is announce that you are a basestation for i.e. AT&T, and if you have better signal power than other basestations in the area, AT&T cellular phones will start connecting to your basestation. Normally, the mobile phones would encrypt the sent data using keys that only AT&T knows, but if you tell the phones not to encrypt, they gladly oblige. At this point, you will be acting as their basestation. You will not be sending messages to their phone numbers, but you will sending it to their ISMI's. More random links: Airprobe, Monitoring Gsm Traffic With Usrp (Har 2009) - Gsm Srsly (Shmoocon 2010) - Gsm Security At Brucon 2010 -
eko.one.pl - start trustedsec/ptf How to bypass strict firewalls on public wifi hotspots and restricted networks, by tunneling blocked ports and protocols - verot.net Public wifi hotspots and restricted internet access More and more, you can find public wireless hotspots, in cities, train stations, airports... and even some public hotspots that are available with a subscription, accessible through a web login form. The thing is, most of the time, these hospots will have a reduced connectivity. Only some ports and protocols will be allowed. For instance, you may be restricted to HTTP, HTTPS, POP and SMTP. This also applies to protected networks, such as libraries, schools and office environments, where your access to Internet is limited, and some ports and protocols are blocked. I will explain here two different solutions to break free of these restrictions: SSH tunneling and SOCKS servers. What do we need? You do need the following: HTTPS access through the firewall. You may want to use a free shell provider such as SilenceIsDefeat as your server, but make sure you can access SSH through port 443. How does it work? Before we start Listen 443 SSH tunneling