bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 15th Feb 2012, 11:09   #1
brumgrunt
Ultramodder
 
brumgrunt's Avatar
 
Join Date: Dec 2011
Posts: 1,009
brumgrunt is a hoopy frood who really knows where their towel is.brumgrunt is a hoopy frood who really knows where their towel is.brumgrunt is a hoopy frood who really knows where their towel is.brumgrunt is a hoopy frood who really knows where their towel is.brumgrunt is a hoopy frood who really knows where their towel is.brumgrunt is a hoopy frood who really knows where their towel is.brumgrunt is a hoopy frood who really knows where their towel is.brumgrunt is a hoopy frood who really knows where their towel is.brumgrunt is a hoopy frood who really knows where their towel is.brumgrunt is a hoopy frood who really knows where their towel is.brumgrunt is a hoopy frood who really knows where their towel is.
EFPL report warns of SSL security flaw

A report by EFPL researchers claims that RSA-based HTTPS connections are worryingly insecure thanks to poor randomness.

http://www.bit-tech.net/news/bits/20...ecurity-flaw/1
brumgrunt is offline   Reply With Quote
Old 15th Feb 2012, 15:53   #2
r3loaded
Ultramodder
 
r3loaded's Avatar
 
Join Date: Jul 2010
Location: Manchester, UK
Posts: 1,076
r3loaded is definitely a rep cheat.r3loaded is definitely a rep cheat.r3loaded is definitely a rep cheat.r3loaded is definitely a rep cheat.r3loaded is definitely a rep cheat.r3loaded is definitely a rep cheat.r3loaded is definitely a rep cheat.r3loaded is definitely a rep cheat.r3loaded is definitely a rep cheat.r3loaded is definitely a rep cheat.r3loaded is definitely a rep cheat.
Sounds like the CAs either weren't using the right RNG or using one that was dodgy. Ideally, they should use some sort of hardware-based generator (like the ones in Sandy Bridge CPUs), or even do something like hooking up an aerial tuned to receive cosmic background radiation to generate random numbers.
__________________
Main: Silverstone FT03 | Asus P8P67-M Pro | i5 2500K @ 4.6Ghz | CM 212+ | 16GB Corsair Vengeance 1600Mhz | XFX Radeon 7970 DD | 500GB Samsung 840 Evo | CM Silent Pro Gold 600W | Samsung XL2270HD | KBT Race (brown switches) | Sidewinder X8 | Arch Linux + Windows 8.1
Server: Asus M3N78-AM | Athlon II X3 400e | 4GB Corsair XMS2 | 4x 2TB Samsung F4EG (RAID-5) | LSI MegaRAID 8708EM2 | Corsair CX400 | Arch Linux
r3loaded is offline   Reply With Quote
Old 15th Feb 2012, 21:35   #3
TheKrumpet
Once more, into the breach!
 
TheKrumpet's Avatar
 
Join Date: Oct 2011
Location: Hull, UK
Posts: 406
TheKrumpet can run CrysisTheKrumpet can run CrysisTheKrumpet can run CrysisTheKrumpet can run CrysisTheKrumpet can run CrysisTheKrumpet can run CrysisTheKrumpet can run CrysisTheKrumpet can run CrysisTheKrumpet can run CrysisTheKrumpet can run CrysisTheKrumpet can run Crysis
The problem is a computer is completely incapable of generating true random numbers. It doesn't have the reasoning to pick one out of thin air, so we have to use a number to seed it. And that almost always means it can be guessed.

@r3loaded: You can't tell them to use a RNG in a specific chip for a worldwide standard. Everyone would have to convert to Sandy Bridge for it to work, which isn't feasible. We therefore have to rely on something which is common to every computer, which limits the scope of what can be used somewhat.
__________________
i7 920 @ 4GHz | ASUS P6TD X58 Motherboard | 6GB Corsair Dominator DDR3 1600MHz | Gainward Phantom GTX570
Titan Fenrir | Samsung Spinpoint F3 1TB | Corsair HX650W | Cooler Master HAF 922 | Dell U2412M | HP w2007v
Steam | Twitter

To quote Moriquendi - "Resistance is Relix" - stonedsurd
TheKrumpet is offline   Reply With Quote
Old 15th Feb 2012, 22:49   #4
thehippoz
Banned
 
Join Date: Dec 2008
Location: Fresno, CA
Posts: 5,780
thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!
well moxie wrote ssl sniff but stripping is pretty easy if the network allows man in the middle attacks.. most people don't even look to see if they are secure though

you can get the bank account numbers, all passwords you think are secure through ssl can be passed to the attacker in clear text by poisoning the arp and then stripping the encryption before it is sent to the victim.. now everything inputted by the victim comes back to the attacker in plain text- no need for any shenanigans

it's a very easy attack to pull off.. one of my favorites is spoofing though.. run a apache server and make sure errordocument 404 is forwarded to a page you wrote in httpd.conf.. then poison the arp and redirect all pages to your server.. monitoring is done the same way

the thing is.. you can stop man in the middle if you setup the network to prepare for this type of attack.. I've defeated it on my own home network and everyone else can too.. just in an age of plug and play- not to mention the recent attacks on wps, which made hacking long wpa/wpa2 passwords easy.. getting into a home lan isn't really that difficult anymore for practically anyone (but console gamers- they are a lost cause)

my 6970 does 95k/s in pyrit by itself.. that translates to a billion pass phrases in 3 hours without pre generated rainbow tables.. with custom code written to target specific types of routers.. there's a high percentage of breaking it.. even a script kiddie could do it with reaver nowdays too

just to show how simple it is to break into a wps enabled network.. I installed reaver 1.4 when I got back from michigan (been away for a couple months) and did this within an hour- after a few tweaks



that's less than 2 and a half hours to recover the psk.. the scary part is now that you have the pin, it doesn't matter if the guy changes his password.. you just use the pin to get the new pass whenever you want it

I don't really see how hackers get caught.. it's just loose lips and who you know I guess- I do it for a hobby here and like to write my own.. there are ways to protect yourself though- like separating your dhcp server from the gateway and running the wired part where you want rigs to be secure static.. there's plenty of advice on wireless security- just too many people who don't care

this I really don't see as that big of a problem.. maybe companies who don't use encryption to communicate on top of ssl

you probably have guys though sending company secrets through hotmail
thehippoz is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 13:13.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.