Weekly security week wrapup 23 and 24

It’s been two weeks since the weekly security wrapup, which makes ‘weekly’ a rather week term. Lots of excuses I could utter, but they’re all saying: “been busy”, which is another way of saying “I decided that other things were more important to do”. However, here we go again.

Cheap GPUs are breaking passwords faster

Obviously, they’re good at doing stupid things fast(er), and cracking passwords is about the stupidest task possible for a computer. However, for some of the strong stuff out there, like truecrypt, it does not really matter.  Truecrypt, for instance, has a rather slow initialization routine, which takes about 10ms on an average processor, which means you can check 100 passwords/sec. If a CUDA implementation were to increase that 1 million times (10^6), you can check 10^8 passwords per second. But if you have a 10 char password (upper/lower/digits), there are roughly 10^17 possibilities. Checking 10^8 passes/s means it takes 10^17/10^8/2 ~= 10^8 seconds. Which is another way of saying 76 years. That’s longer than the average time it takes for a disk to disintegrate by itself, last time I checked. Still, using CUDA to speed things up is quite cool.


Mac Reversing: Starter’s guide

I’ve found this article on (OSX) malware analysis for beginners. It talks you through the beginning of using IDAPro and how to start analysing it. It’s excellent, but you need to keep paying attention, or you loose track quite easily.


Electric car trouble

And we’re not talking about the trouble you have driving your new electric Nissan Leaf and looking for a place to have lunch, dinner and a nap before your car is charged up. No, we’re talking about the car’s builtin firmware’s RSS reader telling all servers your current location, speed and whether you have the aircon on. That’s not funny.


Weekly security week wrapup 22

Intercepting skype

Intercepting skype in transit is quite complicated. The ‘oracle’ needed to decode the signalling traffic is quite well known and understood, resulting into legible signalling information. The primitives used in the user-to-user voice traffic are also well known, but this knowledge does not gain you any understanding of the contained traffic. Knowing you’re looking at AES and RSA doesn’t make it any more fun to start cracking.

This week we also heard some news that a Russian reverse engineer, Efim Bushmanov, has been able to reverse engineer skype to the point where it should become possible to write your own (open source perhaps) skype client. Skype (being aquired by Microsoft, conspiracy theorists unite, but that’s a different topic) does not like this one bit and brought in the big lawyers to tell Efim that he was violating the EULA.

But there are other ways to gain access to the traffic: intercept at the end-point, where the traffic has been decrypted for you. This article in the wall street journal describes quite detailed how the Egyptian government has been using this method to intercept traffic of young dissidents.

Lockheed Martin breach

All over the news: Lockheed Martin has been breached because it used the RSA tokens that had been compromised a couple of weeks before that. LM has the resources to actually detect a compromise like that, but there are way more small companies that use RSA tokens. How are they going to handle it? This is not the last breach we’ve seen that’s caused by the broken RSA tokens.

Lowcost USB Bluetooth sniffer

This is so nice, and it’s NFH (Nice for Hometinkering)-appeal is big. A small usb bluetooth sniffer, ehm, bluetooth monitor. Ordinary bluetooth devices are very difficult to get in a monitoring mode and other commercial bluetooth monitoring tools cost you an arm and a leg and your soul. This one is selling for under 100 GBP, and you can make it more cheaply if you can solder, which I cannot.

Pentester’s cheat sheet

If you’ve been doing pentesting, one of the goals is to get a shell on the machine. This article lists a number of methods to (ab)use common tools to get the shell working. It’s a nice cheat sheet.