1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News EFPL report warns of SSL security flaw

Discussion in 'Article Discussion' started by brumgrunt, 15 Feb 2012.

  1. brumgrunt

    brumgrunt What's a Dremel?

    16 Dec 2011
    Likes Received:
  2. r3loaded

    r3loaded Minimodder

    25 Jul 2010
    Likes Received:
    Sounds like the CAs either weren't using the right RNG or using one that was dodgy. Ideally, they should use some sort of hardware-based generator (like the ones in Sandy Bridge CPUs), or even do something like hooking up an aerial tuned to receive cosmic background radiation to generate random numbers.
  3. TheKrumpet

    TheKrumpet Once more, into the breach!

    18 Oct 2011
    Likes Received:
    The problem is a computer is completely incapable of generating true random numbers. It doesn't have the reasoning to pick one out of thin air, so we have to use a number to seed it. And that almost always means it can be guessed.

    @r3loaded: You can't tell them to use a RNG in a specific chip for a worldwide standard. Everyone would have to convert to Sandy Bridge for it to work, which isn't feasible. We therefore have to rely on something which is common to every computer, which limits the scope of what can be used somewhat.
  4. thehippoz

    thehippoz What's a Dremel?

    19 Dec 2008
    Likes Received:
    well moxie wrote ssl sniff but stripping is pretty easy if the network allows man in the middle attacks.. most people don't even look to see if they are secure though

    you can get the bank account numbers, all passwords you think are secure through ssl can be passed to the attacker in clear text by poisoning the arp and then stripping the encryption before it is sent to the victim.. now everything inputted by the victim comes back to the attacker in plain text- no need for any shenanigans

    it's a very easy attack to pull off.. one of my favorites is spoofing though.. run a apache server and make sure errordocument 404 is forwarded to a page you wrote in httpd.conf.. then poison the arp and redirect all pages to your server.. monitoring is done the same way

    the thing is.. you can stop man in the middle if you setup the network to prepare for this type of attack.. I've defeated it on my own home network and everyone else can too.. just in an age of plug and play- not to mention the recent attacks on wps, which made hacking long wpa/wpa2 passwords easy.. getting into a home lan isn't really that difficult anymore for practically anyone (but console gamers- they are a lost cause)

    my 6970 does 95k/s in pyrit by itself.. that translates to a billion pass phrases in 3 hours without pre generated rainbow tables.. with custom code written to target specific types of routers.. there's a high percentage of breaking it.. even a script kiddie could do it with reaver nowdays too

    just to show how simple it is to break into a wps enabled network.. I installed reaver 1.4 when I got back from michigan (been away for a couple months) and did this within an hour- after a few tweaks


    that's less than 2 and a half hours to recover the psk.. the scary part is now that you have the pin, it doesn't matter if the guy changes his password.. you just use the pin to get the new pass whenever you want it :D

    I don't really see how hackers get caught.. it's just loose lips and who you know I guess- I do it for a hobby here and like to write my own.. there are ways to protect yourself though- like separating your dhcp server from the gateway and running the wired part where you want rigs to be secure static.. there's plenty of advice on wireless security- just too many people who don't care :worried:

    this I really don't see as that big of a problem.. maybe companies who don't use encryption to communicate on top of ssl

    you probably have guys though sending company secrets through hotmail
Tags: Add Tags

Share This Page