Blog‎ > ‎

33C3 notes & keywords part 1

posted Feb 19, 2017, 12:08 AM by Sami Lehtinen   [ updated Feb 25, 2017, 11:11 PM ]
What could possibly go wrong with <insert x86 instruction here>? - ASLR, CPU cache layers, cache line, cache attacks, covert channels, flush+reload attack, prime+probe attack, SSH connection over CPU cache covert channel. Awesome. Crypto side-channel attack using cache timings. T-Tables, Bouncy Castle, Android. Flush+Flush attack. Timing leakage. Pre-fetch, Address Translation, Page Directory. Kernel Addres Space Layout Randomization (KASLR). Virtual address space -> Physical memory direct-physical map. Translation-level oracle. Rowhammer / Row hammer - attacks on privileged addresses.
The Global Assassination Grid: Espionage, Killing, National Security. Sounded like the Drone Operations Team is actually very well informed, compared to situation where you just turn up with gun in some random site and have to make decisions without all that background & analytical information. Doesn't sound that bad at all. Of course mishaps happen at times, but in general. That's much better than what it could be. DDS Sometimes media makes it seem like they would be just picking random targets from video feed. But that's not true, there' much more background intelligence behind it. Where, What, Why, etc. Intelligence Surveillance & Reconnaissance (ISR) network. Target Identification & Acquisition. Wide-band Global Satellites (WGS). Autonomous systems. Counter-surveillance, Transparency. Loitering weapon systems. Weaponized Drones. - Documentary movie about this topic is coming out and that's what I'm going to watch for sure when it's out.
Reverse Engineering Outernet - Outernet @ Wikipedia. That's pretty much legacy tech, but interesting project still.
Everything you always wanted to know about Certificate Transparency - HTTPS, Certificate Authority (CA), Online Certificate Status Protocol (OCSP), Vulnerabilities, ENISA, Implementation issues, Deployment issues, HTTPS / TLS / Drown Attack, CipherSuite mess, Signed Certificate Timestamp (SCT). Hash tree with signed tree head (STH). History proves that Certificate Authorities can't be trusted! /ct/v1/get-sth - - Cert Watch
The Fight for Encryption in 2016 - Crypto fight in the Wake of Apple v. FBI. - The Encryption Debate. - Defend Encryption / EFF - Privacy vs Security vs Security - This is actually extremely intersting talk. This is what we've (at least I'm) been waiting for. - Hacking & Cracking mobile phones with several different attack vectors and exploits. Mythical "Secure Golden Key". - UK Snooper's Charter. - European Court of Justice. - Gag Orders. - Investigatory Powers Act - Everyone's should use strong encryption all the time.
Predicting and Abusing WPA2/802.11 Group Keys - Tornado Attack WPA-TKIP session key recovery - Broadcast group frame encrypted using Group Keys. - Flawed RNG - Weakening encryption using MITM to force RC4 encryption during handshake - Hidden terminal problem - Group Temporal Key (GTK) - Following bad standard, is bad practice. It's better to implement your own than follow the standard. - "random enough", that's well said. - Group Master Key (GMK) - Nice, the demo worked also. - Hole 196 check - Classic ARP poison - RC4 NOMORE - Don't put extremely bad example code in specification. - AP should ignore group-addressed frames. 
My own comment about previous talk 802.11n prevents use of TKIP, probably to prevent just this attack.
The DROWN Attack - Additional information at - Funny, people still usign and loving SSLv2. Well, not a real surprise at all. Nobody cares. - PreMasterSecret (PMS) - TLS RSA handshake - Bleichenbacher's Attack - Shared Key Among Protocols / Ports, that's really bad. Generating new keys isn't that expensive after all. Ciphersuite selection bug. It's also obvious that crappy code is just everywhere, even in the most critical code sections. Special DROWN. Lol, ridiculusly bad bugs. Generig DROWN 2^40. Special DROWN requires only 15 probe connections and on average 15*128=1920 trial encryptions. That's just like awww and it works with older versions of OpenSSL. Ancient SSLv2 breaks current TLS. Totally amazing talk.

I'll be posting 33C3 notes as long as I've finished watching all the interesting talks. These will be probably posted before the normal weekly post.