Hacking

You are currently browsing the archive for the Hacking category.

Environment Controls Are Important to Security

March 5, 2010 in Hacking, Information Security | No comments

Well, we all knew they were, really… Computer and Information Security after all does (amongst other things) encompass availability and integrity, which can both be impacted by poor environment controls in the data-centre. There’s a popular adage that states that once a person has physical access, all bets are off, but all bets could be off if temperature is above operational parameters, or dirty power is introducing short-duration transient faults. New research has demonstrated a proof-of-concept attack against OpenSSL, and unlike side-channel attacks such as differential power analysis, the effect of these short-duration transient faults upon cryptographic signatures can be sampled without physical access to the device, assuming the signatures are sent via a network session.

The proof-of-concept involved induced short-duration transient faults, which resulted in recovery of private key bits. The remaining phase-space was explored on an eighty-one node cluster, and yielded a 1024-bit RSA key in approximately one-hundred hours. So far, this is difficult to induce, but the researchers state “If environmental conditions (such as high temperatures or voltage manipulation by an attacker) slow down the signal propagation in the system, it is possible that signals through the critical path do not reach their corresponding registers or latches before the next clock cycle begins.” (Pellegrini, A., Bertacco, V. & Austin, T. 2010)

Pellegrini, A., Bertacco, V. & Austin, T. (2010) ‘Fault-Based Attack of RSA Authentication’, University of Michigan [Online]. Available from: http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf (Accessed 5th March 2010).

The Secret of Monkey Island SE for iPhone

July 25, 2009 in Hacking | 2 comments

If you have a jailbroken iPhone, you may have some issues with playing The Secret of Monkey Island Special Edition. It seems that the installation does not set-up the necessary directory permissions needed to support the save game functions.

Simply changing the permissions of /var/mobile/Applications/<id>/Documents, and /var/mobile/Applications/<id>/tmp to 775, and then re-booting your iPhone should be enough to fix the issue. In order to do that, you’ll first need SSH access to your iPhone.

ZoneAlarm Injects JavaScript into DOM

May 27, 2009 in Hacking | No comments

It looks like I caught another in-flight modification for one of this blog’s visitor. This one injects the script “http://127.0.0.1:1025/js.cgi?pa&r=” into web pages viewed, and seems to be injected by Check Point’s ZoneAlarm, as part of it’s privacy control settings.

I’ve created a relevant signature, and added it to this blog. It will make it’s way into a future release of the WordPress Web Tripwire Plugin.

Vodafone Inject JavaScript into DOM

May 21, 2009 in Hacking | No comments

I noticed another event generated by a triggering of a web tripwire on this blog. The injection revolved around an inserted piece of JavaScript “http://1.2.3.4/bmi-int-js/bmi.js“, and then various calls to the script surrounding images in the page code. The purpose of the script is to reduce bandwidth utilisation by serving lower quality versions of the images from the ISPs transparent proxy server. A quick search reveals that this has been noted by Vodafone users, Vodafone being primarily a mobile phone telecommunications company. I’m assuming that they don’t like paying customers swamping their 3G network with images. So no Flickr for you on Vodafone, now go and surf nicely like they want you too :)

Either way, I’ve now written a signature which will alert users if Vodafone, or other providers inject this script into the page.

And That’s What it Does

May 11, 2009 in Hacking | No comments

I checked the status of the Web Tripwire plugin on this blog this morning to find that I had a real-world event recorded. I thought I’d grab some screenshots, and show them here as it highlights precisely what the plugin does.

You can see in the first image that a user visited the http://blog.yibble.org/webtripwire/ page at 21.28 (EDT) on the 10th of May, and the HTML was altered before it was rendered in their web browser. In this case, we can see that Privoxy dumped a new script on the page, and a call to that script.

The second image shows that I’ve created a new signature for Web-Tripwire, which in future will specfically notify the user that these changes were made by Privoxy, instead of ‘unknown’.

That’s it! A proper real-world example to illustrate what web tripwires can do.

Release of Web Tripwire Plugin for WordPress

May 10, 2009 in Hacking | No comments

Well, I finally got to packaging my Web Tripwires for WordPress plugin, which I’ve been working on during my academic break. It’s now available for download from the WordPress.org Plugin Directory, which means it can also be downloaded and installed via the administrative interface of all up to date WordPress installations.

I’ve also created a forum for any support requirements or discussions, as I’m sure with this initial release there are likely to be defects which can only be found through exposure to blogs with various other plugins, and themes.

If you run a WordPress blog and happen to give the plugin a try, please drop by the forums and say ‘Oi, this $bit doesn’t work!’ ;)

City of Ely College… FAIL!

March 6, 2009 in Hacking, Information Security | No comments

City of Ely Community College has recently implemented a biometric registration system for its sixth formers. It uses face recognition techniques combined with a four digit PIN in order to check students in, and out again. Great, two-factor authentication, something you are and something you know.

If only the designer realised that the warm fuzzy feeling of security does not come from one step in the process, but is a sum off the entire chain. There are multiple chinks in this one. For example, the embedded video in the article clearly shows a huge on screen-display for entering PINs, students queue up, and can easily shoulder-surf… The PIN is even echoed to the screen. Perhaps worst of all, they release a flash video on to the World-Wide-Web of a student (with close-ups of her face) demoing the system, and we can clearly see her PIN (6447).

Whilst perhaps not the most important system on the planet, shenanigans are still to be had for those that are inclined. Also, environment creep is one thing to consider when installing any system. However, I’m more concerned with ‘social creep’, what does a system like this teach young adults about security?

student1

student2

Lifestreaming… The New Tumblelogging?

September 18, 2008 in Hacking, News, Random Wibblings | No comments

Some time ago, I blogged about how my blog was less of place for thought out editorials, and how it was more a collection of snippets that I was gathering from around the World-Wide-Web. Since then, many more sites support XML or RSS feeds for syndication of interaction, and their integration into software like Flock, has created a more social World-Wide-Web.

So I’m left wondering if WordPress is the correct platform for this web-site. Because ultimately, I’m occasionally posting scraps here, and occasionally actually writing stuff. Then I look at how I use Facebook as a feed aggregator for my friends that glass over at the mention of syndication. Perhaps Facebook is the wrong place for that, and perhaps just by using social sites that have XML/RSS feeds, I’m effortlessly creating content, where posts like this are just occasional seasoning.

This brings us to Lifestreaming, and Sweetcron. Lifestreaming is pretty much automated tumblelogging. By posting a public photograph to Flickr, an entry is created, or by digging an article, or bookmarking a web-site, new entries are also created. If you want to see what I’m waffling about, head over to http://yibble.org/, where I have set up a Lifestream page. I’ve disabled commenting on the items, and changed the item links, so that they take you to source sites, but by default commenting and viewing items is done through the Lifestream site, producing a more blog like environment.

At the moment, I’m only experimenting with Sweetcron and Lifestreaming, but would certainly consider it as a potential replacement for WordPress, if I could import all the posts, and all of my readers comments. What do you think?

« Older entries