Blog‎ > ‎

32c3 comments, random ramblings, thoughts, notes, dump part III

posted Feb 4, 2016, 7:40 AM by Sami Lehtinen   [ updated Feb 7, 2016, 12:15 AM ]
UEFI reverse engineering, task how to turn 64 characters into 32 bytes. Challenges: no debugger, no system calls, no dynamic symbols. UEFI uses modules. Efiperun, scan codes, sha256, serial number, model number. Talk by Jethro Beekman. Insecurity of embedded devices firmware. Hah, no surprises, that's why it's going to be called Internet of Targets. Billions of devices to hijack trivially and user for attacks. Static Firmware Analysis, Password Hash Cracker, Fuzzy Hashing, Misconfiguration, Credentials, Correlation and clustering, Weak / Default / Hard-coded passwords. Emulation, Complexity, Speed with Dynamic Firmware Analysis. Chroot, Kernel, Userland, architectural, application, generic, original, hosted. Vulnerabilities, challenges, beneficial, conclusions. Sanitizing PCAPs properly for outsourced analysis without leaking confidential information or traffic payloads. Tor onion services: more useful than you think, Hidden Services (HS), Security Conserns, Exit Node Attacks, Reporting Corruption, Deep Dark Web, Facebook uses EV SSL Certificate for their Tor onion service. .onion is special-use top level domain. OnionShare. Pond @ Imperialviolet - - Don't collect data you don't need, limit the granularity of data, describe benefits and risks, and explain why benefits out weight risks, consider auxiliary data when accessing risk. Use test network whenever possible. Only collect data that is acceptable / safe to make public. HSDir flags. CMU attacked Tor for FBI? Tor ethics review board? Onion identity keys are too short. Using chosen relay identity to target particular onion service. Using relays to harvest onion addresses. using Sybil attacks to take control of parts of the network. Use Guard node discovery attack. Fingerprinting web sites / pages / content based on traffic patterns. Which is proven to work very well with HTTPS as example. Introduction points, public key, cloud, circuit, one-time secret, rendezvous point. HSDir predictability, Shared Randomness, daily renewed new random shared key. Better cryptography, sha1 -> sha256, ed25519 public key base32. Rendezvous Single Onion Services (RSOS) for faster access and shorter Onion hop path (Proposal 260). Single Onion Services (SOS) according Proposal 252 without using introduction or rendezvous points. OnionBalance TSoP load balancing for Onion Services. Safe and Secure Python Web Server. Using bitcoin blockchain to generate randomness? Internet needs diversity. Internet Cube. Open Hardware. Configuration management tools, Chef, use-case, config, custom, filesystem conflict, detection, manual changes, script, scripting, definition file,  provisioning, version control and management, holocm. Patenting innovations, balancing interests, broad scope of making activities, information sharing, patented exlusive inventions. QtPass password manager - -. NFC Primer, Smart Card and NFC Chips. Android ISO 14443-3 for HCE. Multiple proprietary and incompatible protocols, nfc card emulation using software (libnfc). No support for MiFare Classic. Host Card Emulation (HCE). No Card UID emulation in stock Android NFC. Lol, does your NFC identification system use more than just the UID, right? Right? Hah hah... Yeah, right...  NFC is dangerous, it's just like Internet of Targets! Talker actually said: "Fix your shitty security or someone is going to break your stuff". sixfw, thinking ipv6 first. Fun hacking. RobustIRC without net splits using multiple parallel paths and mesh networking. Fail never ends. ;) Absolutely great talk about TLS security auditing and post quantum cryptography. Quantum Computers will break ECC. Quantum Computation Discrete Logarithms and Factoring (Peter W. Shor). D-Wave "Quantum Computer", running Shor's algorithm. RSA, DSA, ECDSA are dead. Grover's algorithm brute-force search for AES. Easy to screw up, easy to backdoor, hard to audit. Quantum resistant algorithm suite. Did you remember that ECC crypto is not new. It's from 80s. Signatured, hashing, public key cryptography, hash-based signature, Lamport one-time signatures. Merkle signatures. 'Good / secure hash function'. binascii.hexlify, lol. Singing and verification. Do not use one secret key to sign two messages, always prevent replay attacks. Winternitz signatures. Merkle hash tree. XMSS: Extended Hash-Based Signatures, WOTS+. Stateless hash-based signatures Goldreich. SPHINCS signature optimization. Hamming code. Coding theory. Code-based encryption. Goppa, McEliece, Bernstein-Lange-Peters, Niederreiter. Very fast constant-time decryption. Security analysis. Bernstein-Jeffery-Lange-Meurer (post-quantum) - May-Ozerov. QC-MDPC. NTRU (lattice). Multivariate-quadratic systems. Isogeny-based cryptography. "Technology is neither good nor bad; nor it is neutral.". Tokenization, Ranking. Comparing Mental Models on Cyber Security, Cyber Security Dashboard, National CERT. Operation, Analysis, Management, Users. Alice, Bob, Mallory, application system, malicious system. Phishing. Cyber attack countermeasures. Missing important technical details. Management doesn't understand cyber attacks and threats.