Follow:

Latest articles in ‘Opinions’

  1. 'Blackhat' topic logo

    Wannacry: a full scale war game?

    Published: Tue 16 May 2017 in Opinions.
    With the shadowbroked announcing WWIII, the ransomware may actually convey a different message than the advertised one.

    An unidentified group, the Shadow Brokers, stole NSA’s secret cyber-weapons and decided to publish (some of) them. A mafia group took this opportunity to develop a ransomware which will make the headlines as “WannaCry” or “Wcry”.

    Fortunately, the damages were far from what they could have been:

    • Microsoft published a fix for the exact issue exploited by the ransomware just a month before these tools became public.
    • The malware embedded a trivial kill switch allowing anyone in the world to easily stop the propagation: it worked so well it was accidentally trigerred stopping malware propagation just a few hours after its release.

    Without this “luck” the attack could have been damaging in a way out of proportion with what we currently encountered. The current estimation of 230,000 infected computers may seem a high and impressive number, but this is nothing like one could expect with such a piece …

    Continue
  2. 'Carding' topic logo

    Are EMV credit cards clonable? How?

    Published: Tue 15 September 2015 in Opinions.
    Why a system regularly presented as unbreakable actually isn't.

    From a theoretical perspective, a smart card can be compared to a networked computer: it’s content cannot be accessed directly like a disk or a USB stick, you must send requests to the chip (either to access some data or to execute some operation) and the chip answers following a given protocol (authentication may be needed for some requests, etc.).

    Therefore, still from a theoretical perspective, while a smart card itself can be considered as secure, this led to a wrong marketing discourse claiming that systems based on it were “unbreakable” or that such cards were “unclonable”. However, a complex system like a complete payment system cannot be shrinked to the sole EMV card security. The payment card is only the tip of the iceberg, every element composing this system and their mutual interaction must be taken into account, from the various involved devices to the protocols and the …

    Continue
  3. 'Encryption' topic logo

    What is the difference between HTTP and HTTPS with a self-signed certificate?

    Published: Fri 28 August 2015 in Opinions.
    The security and user experience differences and how to safely manage them.

    Security difference

    First, let’s talk about SSL (now called TLS by the way), which adds the ‘S’ at the end of HTTPS and is in charge of “securing the communication“. The clue to answer this question is indeed to fully understand what we mean by “securing the communication”.

    SSL, no matter if it is a self-signed certificate which is being used or one signed by a trusted CA, will ensure that the communication between you and the remote host remains confidential and that no one can tamper with any data exchanged.

    The warning message shown by browser about self-signed certificates is therefore not about that.

    But, how can you be sure that the remote host answering to your requests is really the one you expect? With public websites, for which you have no direct way to authenticate the certificate by yourself, this is just impossible. Here comes external …

    Continue
  4. 'Selinux' topic logo

    Can SELinux really confine the root user?

    Published: Thu 20 August 2015 in Opinions.
    How but most importantly why SELinux allows to confine even the root user.

    Several projects such as [this one][play_root] propose a free root access to a Linux box in order to demonstrate SELinux confinement abilities. Even given a root access on a box, SELinux still prevents any harm from being done.

    Is this for real or is there any trick behing such setup?

    This is indeed possible because SELinux does not actually care about the current Unix user: all it sees is a supplementary metadata called the context (which includes, among other fields, a domain field) and which lets SELinux decide whether the requested action can be authorized or not.

    What one usually conceives as the root user should be mapped in SELinux as a root Unix user running either the unconfined_t or sysadm_t SELinux domain. It is the classical full-powered omnipotent root user.

    However, one could perfectly setup his system to spawn a root shell (I mean root Unix user shell …

    Continue
  5. 'Hardening' topic logo

    Do randomized PIDs bring more security?

    Published: Sat 23 May 2015 in Opinions.
    The limits of randomness-based security and the position of the main free *nixes on the subject.

    The issue

    I read an article in the french magazine MISC (no. 74 - July/August, 2014) publishing a flaw affecting stunnel and libssh.

    To make things short, this flaw relies on the fact that a hello cookie created by the server is generated using the current Unix timestamp (so up to the second) and the PID of the process handling the request. The exploit sends a high number of connection attempts in order to force the server to generate duplicated cookies. At the end this attacks aims to deduce the server private keys.

    The author explains that such attack is not realizable on systems using traditionnal sequential PID because it would require more than 65000 connections attempts to made in less than one second.

    However, thanks to random PIDs used on some “hardened” systems the author demonstrates that, with 20 connection attempts per seconds, there is statistically more than one …

    Continue

Pages: 1 2

Popular tags see all

Website

Author

Follow