Archive | December, 2013

Researchers Crack 4096-bit RSA Encryption With a Microphone

Your website & network are Hackable


So this is a pretty interesting acoustic based cryptanalysis side-channel attack which can crack 4096-bit RSA encryption. It’s been a while since we’ve seen anything hardware based, and RSA 4096 is pretty strong encryption, I wonder how they figured this one out.

Acoustic Cryptanalysis

It makes sense though when you think about it, although I wouldn’t have thought about it – I wasn’t even aware that processors made any audible noise when processing (even if the noise can only be picked up by a fairly high quality mic).

Security researchers have successfully broken one of the most secure encryption algorithms, 4096-bit RSA, by listening – yes, with a microphone — to a computer as it decrypts some encrypted data. The attack is fairly simple and can be carried out with rudimentary hardware. The repercussions for the average computer user are minimal, but if you’re a secret agent, power user, or some other kind of encryption-using miscreant, you may want to reach for the Rammstein when decrypting your data.

This acoustic cryptanalysis, carried out by Daniel Genkin, Adi Shamir (who co-invented RSA), and Eran Tromer, uses what’s known as a side channel attack. A side channel is an attack vector that is non-direct and unconventional, and thus hasn’t been properly secured. For example, your pass code prevents me from directly attacking your phone — but if I could work out your pass code by looking at the greasy smudges on your screen, that would be a side channel attack. In this case, the security researchers listen to the high-pitched (10 to 150 KHz) sounds produced by your computer as it decrypts data.

Interesting that one of the researchers involved in this is also a co-inventor of RSA, but that’s also a good thing – showing they are constantly trying to find ways to improve it, break it etc.

Perhaps all new encryption software will come with a feature to play some kind of white noise/music to disrupt any snooping of the high frequency CPU sounds.


Without going into too much detail, the researchers focused on a very specific encryption implementation: The GnuPG (an open/free version of PGP) 1.x implementation of the RSA cryptosystem. With some very clever cryptanalysis, the researchers were able to listen for telltale signs that the CPU was decrypting some data, and then listening to the following stream of sounds to divine the decryption key. The same attack would not work on different cryptosystems or different encryption software — they’d have to start back at the beginning and work out all of the tell-tale sounds from scratch.

The researchers successfully extracted decryption keys over a distance of four meters (13 feet) with a high-quality parabolic microphone. Perhaps more intriguingly, though, they also managed to pull of this attack with a smartphone placed 30 centimeters (12 inches) away from the target laptop. The researchers performed the attack on different laptops and desktops, with varying levels of success. For what it’s worth, the same kind of electrical data can also be divined from many other sources — the power socket on the wall, the remote end of an Ethernet cable, or merely by touching the computer (while measuring your body’s potential relative to the room’s ground potential).

Thankfully it’s a very academic type of attack and doesn’t have much of a real world implication on the majority of folks, the method could be constructed for other algorithms I assume – using the same technique.

But really, how many people sit around in public places decrypting sensitive documents? I don’t think there’s many.

Source: ExtremeTech


Posted in: Cryptography, Exploits/Vulnerabilities, Hardware Hacking

Tags: , , , , , , , , ,

Posted in: Cryptography, Exploits/Vulnerabilities, Hardware Hacking | Add a Comment
Recent in Cryptography:
- PEiD – Detect PE Packers, Cryptors & Compilers
- DROWN Attack on TLS – Everything You Need To Know
- Dell Backdoor Root Cert – What You Need To Know

Related Posts:

Most Read in Cryptography:
- The World’s Fastest MD5 Cracker – BarsWF - 47,779 views
- Hackers Crack London Tube Oyster Card - 45,096 views
- WPA2 Vulnerability Discovered – “Hole 196” – A Flaw In GTK (Group Temporal Key) - 33,174 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


THC-Hydra 7.5 Released – Fast Parallel Network Logon Cracker

Find your website's Achilles' Heel


Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast.

THC-Hydra

Features

  • IPv6 Support
  • Graphic User Interface
  • Internationalized support (RFC 4013)
  • HTTP proxy support
  • SOCKS proxy support

The tool supports the following protocols –

And is faster in most tests than ncrack or medusa.

Changelog for 7.5

  • Added module for Asterisk Call Manager
  • Added support for Android where some functions are not available
  • hydra main:
    • – reduced the screen output if run without -h, full screen with -h
    • – fix for ipv6 and port parsing with service://[ipv6address]:port/OPTIONS
    • – fixed -o output (thanks to www417)
    • – warning if HYDRA_PROXY is defined but the module does not use it
    • – fixed an issue with large input files and long entries
  • hydra library:
    • – SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems
    • – removed support for old OPENSSL libraries
  • HTTP Form module:
    • – login and password values are now encoded if special characters are present
    • – ^USER^ and ^PASS^ are now also supported in H= header values
    • – if you the colon as a value in your option string, you can now escape it with \: – but do not encode a \ with \\
  • Mysql module: protocol 10 is now supported
  • SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be defined as an option “TLS” if required. This increases performance.
  • Cisco module: fixed a small bug (thanks to Vitaly McLain)
  • Postgres module: libraries on Cygwin are buggy at the moment, module is therefore disabled on Cygwin

You can download THC-Hydra 7.5 here:

hydra-7.5.tar.gz

Or read more here.


Posted in: Network Hacking, Password Cracking

Tags: , , , , , , ,

Posted in: Network Hacking, Password Cracking | Add a Comment
Recent in Network Hacking:
- fping 3 – Multi Target ICMP Ping Tool
- WOL-E – Wake On LAN Security Testing Suite
- dnmap – Distributed Nmap Framework

Related Posts:

Most Read in Network Hacking:
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,457,082 views
- Wep0ff – Wireless WEP Key Cracker Tool - 514,523 views
- THC-Hydra – The Fast and Flexible Network Login Hacking Tool - 328,098 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Linux.Darlloz Worm Targets x86 Linux PCs & Embedded Devices

Find your website's Achilles' Heel


So this is not a particularly technical source article, but it looks fairly interesting and I haven’t heard of this Linux.Darlloz worm before, so it might be new to some of you too.

Seems like it’s going after old php-cgi installs, which are very common on embedded systems (routers/pos systems/stbs etc). The vulnerability being used is actually pretty old and was patched back in May 2012.

It’s not really likely to cause a serious risk to servers, which tend not to run php-cgi any more – and it would be more common for them to be updated.

A new worm is targeting x86 computers running Linux and PHP, and variants may also pose a threat to devices such as home routers and set-top boxes based on other chip architectures.

According to security researchers from Symantec, the malware spreads by exploiting a vulnerability in php-cgi, a component that allows PHP to run in the Common Gateway Interface (CGI) configuration. The vulnerability is tracked as CVE-2012-1823 and was patched in PHP 5.4.3 and PHP 5.3.13 in May 2012.

The new worm, which was named Linux.Darlloz, is based on proof-of-concept code released in late October, the Symantec researchers said Wednesday in a blog post.

“Upon execution, the worm generates IP [Internet Protocol] addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability,” the Symantec researchers explained. “If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target.

The only variant seen to be spreading so far targets x86 systems, because the malicious binary downloaded from the attacker’s server is in ELF (Executable and Linkable Format) format for Intel architectures.

I’m not exactly sure what the end game for this worm is, perhaps it’s just into spreading and doesn’t do anything particularly malicious. But in this day and age, that seems pretty unlikely. Infected hosts are more likely to be turned into botnet zombies for a DDoS network.

It seems like it has infection vectors for non x86 architectures, but no actual infections on non PC devices have been confirmed – so the code might not even work properly.


However, the Symantec researchers claim the attacker also hosts variants of the worm for other architectures including ARM, PPC, MIPS and MIPSEL.

These architectures are used in embedded devices like home routers, IP cameras, set-top boxes, and many others.

“The attacker is apparently trying to maximize the infection opportunity by expanding coverage to any devices running on Linux,” the Symantec researchers said. “However, we have not confirmed attacks against non-PC devices yet.”

The firmware of many embedded devices is based on some type of Linux and includes a web server with PHP for the web-based administration interface. These kinds of devices might be easier to compromise than Linux PCs or servers because they don’t receive updates very often.

Patching vulnerabilities in embedded devices has never been an easy task. Many vendors don’t issue regular updates and when they do, users are often not properly informed about the security issues fixed in those updates.

In addition, installing an update on embedded devices requires more work and technical knowledge than updating regular software installed on a computer. Users have to know where the updates are published, download them manually and then upload them to their devices through a Web-based administration interface.

It’s an interesting enough story though, something to keep an eye out for, but honestly I don’t think it’s going to spread very far – and it won’t do much damage. Only old and neglected machines will be vulnerable to the exploit.

But well, as we know – there are far too many such machines plugged into the Internet.

Source: PC World


Posted in: Linux Hacking, Malware

Tags: , , , , , , , ,

Posted in: Linux Hacking, Malware | Add a Comment
Recent in Linux Hacking:
- Cyborg Hawk Linux – Penetration Testing Linux Distro
- The Linux glibc Exploit – What You Need To Know
- LaZagne – Password Recovery Tool For Windows & Linux

Related Posts:

Most Read in Linux Hacking:
- Kon-Boot – Reset Windows & Linux Passwords - 140,374 views
- Russix – LiveCD Linux Distro for Wireless Penetration Testing & WEP Cracking - 126,834 views
- BackTrack v2.0 – Hackers LiveCD Finally Released - 101,294 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Sandboxie – Sandbox Your Browser / Software / Programs In Windows

Find your website's Achilles' Heel


Sandboxie enables you to easily sandbox your browser and other programs, it runs your applications in an isolated abstraction area called a sandbox. Under the supervision of Sandboxie, an application operates normally and at full speed, but can’t effect permanent changes to your computer. Instead, the changes are effected only in the sandbox.

Sandboxie - Sandbox Your Programs

For those too lazy to set up a full on vm image for testing stuff, this is a pretty good alternative.

Benefits of the Isolated Sandbox

  • Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.
  • Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don’t leak into Windows.
  • Secure E-mail: Viruses and other malicious software that might be hiding in your email can’t break out of the sandbox and can’t infect your real system.
  • Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

Registration is optional but there is a nag screen after 30 days (typical shareware style).

You can download Sandboxie here:

SandboxieInstall.exe

Or read more here.


Posted in: Countermeasures, Malware, Security Software

Tags: , , , , , , ,

Posted in: Countermeasures, Malware, Security Software | Add a Comment
Recent in Countermeasures:
- An Introduction To Web Application Security Systems
- OpenIOC – Sharing Threat Intelligence
- Cuckoo Sandbox – Automated Malware Analysis System

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,202 views
- Password Hasher Firefox Extension - 117,856 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,742 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Stuxnet 2 Under Development By Spy Agencies?

Your website & network are Hackable


It’s been a fair while since we’ve heard a mention of Stuxnet, so the potential for Stuxnet 2 is quite interesting. Of course at this point, it’s pretty much all just rumours – but still I’d be very surprised if such a thing wasn’t already in the works.

Apparently in this case, it’s the Saudi and Israeli governments working together so develop something more powerful than Stuxnet, for the same end – to disrupt Iran’s nuclear program and facilities.

Hold the front page: Saudi Arabian and Israeli spy agencies are developing a worm more powerful than Stuxnet to sabotage Iran’s nuclear program again, after meeting in Vienna last week.

Sound a little far-fetched? Well, stranger things have happened but this particular yarn comes from Iran’s FARS news agency, thought to have strong ties to the country’s Revolutionary Guard, so a healthy dose of scepticism is probably advised.

Citing “an informed source close to the Saudi secret service”, the agency claims that the November 24 meeting was held to “increase the two sides’ cooperation in intelligence and sabotage operations against Iran’s nuclear program”.

“One of the proposals raised in the meeting was the production of a malware worse than the Stuxnet to spy on and destroy the software structure of Iran’s nuclear program,” the source told FARS, adding that the $1m plan was welcomed by the Saudis.

It’ll be interesting to see in the coming months if anything actually turns up, and well even if it does – will Iran ever let us hear about it? For those not familiar with the original:

Stuxnet is a computer worm discovered in June 2010 that is believed to have been created by United States and Israel agencies to attack Iran’s nuclear facilities. Stuxnet initially spreads via Microsoft Windows, and targets Siemens industrial control systems. While it is not the first time that hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit. – Wikipedia


The two sides had apparently set off on this hardline course after being frustrated by a warming of relations between the US and Iran and a deal struck between the Islamic Republic and the US, UK, Russia, China, France and Germany.

This November 24 deal, branded a “historic mistake” by Israel, will see Iran agree to halt some of its nuclear activities in return for around £4bn in sanctions relief.

The yarn certainly plays to the paranoia and FUD so often present in coverage of the Middle East, but it’s unlikely that Israel would want to anger its allies in Washington by jeopardising the recent rapprochement with Iran.

Unless, that is, the idea is to have the malware all ready to go in case there’s a sudden breakdown in talks.

A final thought: FARS lifted almost word-for-word an entire Onion story last year claiming most rural US voters would rather hang out with former Iranian president Mahmoud Ahmadinejad than Barack Obama.

The agency’s editorial judgement was called into question again this year after it posted a story claiming an Iranian boffin had invented a time machine.

If it follows a similar infection vector to the original Stuxnet tho, we probably would hear of it due to the massive Windows infections that precede the attacks on the industrial systems.

And well the original ‘source’ of this news is rather suspicious to say the least, with them publishing satire as real news last year.

Source: The Register


Posted in: Legal Issues, Malware, Privacy

Tags: , , , , , , , , ,

Posted in: Legal Issues, Malware, Privacy | Add a Comment
Recent in Legal Issues:
- The Panama Papers Leak – What You Need To Know
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,715 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,651 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,629 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95