33C3 notes & keywords part 3

Post date: Mar 5, 2017 6:31:09 AM

• Deploying TLS 1.3: the great, the good and the bad - TLS 1.2 ECDHE - TLS 1.3 contains larger changes compared to TLS 1.0, 1.1, and 1.2. Faster quick handshake with less round trips. AEAD. Session Resumption. 0-RTT HTTPS when resuming session. Neat. Zero Round Trip. Session Ticket (Pre-Shared Key (PSK)). Early Data transmission. Static RSA mode. Out-of-band TLS decryption. Classic. We want secure encryption, but not too secure. Finally got rid of: RC4, 3DES (EDE3), AES-CBC, SHA5, SHA1, RSA-PKCS1-1.5, Compression, Renegotiation, SLOTH, Lucky 13, Lucky Microseconds, LogJam, WeakDH, CRIME, POODLE, RC4 Weakness, BEAST, FREAK, BREACH, Vaudenay Padding Oracle, DROWN, CurveSwap, 3Shake. Philosophy: Simplify & Fortify. I like that approach. Non signed data is bad, always. Everything needs to be signed. Fewer better choices. Safe Resumption, provides better security than 1.2 naturally. Formal Verification. QUIC. Should it have been called TLS2? People really should give up using SSL. Lots of servers run really bad code. Hah, I'm not surprised by that either. GREACE protocol, laugh. Bad code is everywhere. That's the norm. TLS-tri library. ZRTT opt-in. Lol, in questions someone asked if developers are going to get that 0-RTT wrong. Well, it's obvious that it will happen.
• Visiting The Bear Den - Sednit Exploits Factory. Seduploader dropper. Payload dropping, privilege escalation, payload persistence. Sedreco. XAGENT. botnet Command & Control (C&C) network. XTUNNEL. Bootkit, rootkit, boot sector. Bootsector virus flashback. Haha. Questions if it's Russia doing this, at the end were funny.
• Woolim – Lifting the Fog on DPRK’s Latest Tablet PC - Interesting talk, yet nothing worth of technically mentioning.
• You can -j REJECT but you can not hide: Global scanning of the IPv6 Internet - Finding interesting targets in 128bit of entropy. RDMA, TR069, MonboDB, iSCSI, Misconfiguration. zMap Exhaustive network Scans. IPv6 address space is huge 2^128. DNS data is quite obvious, I would obviously used BGP data. Just my thoughts, before possibly mentioned in this talk. ip6-arpa-scan python tool. It's totally logical to use dynamically generated reverse zones for IPv6. Ok, they came to that BGP approach, unsurprisingly. Yet this talk got more interesting when they started to analyze .mil network. It's seems that even they're utterly incompetent in network management. So who's competent then? I don't know. Network security totally sucks. Lots of network infrastructure exposed, BGP RIP, etc. Elastic Search without authentication. Docker without authentication. If it's public, why you shouldn't talk about it? ip6walk @ github.
• State of Internet Censorship 2016 - EU - U.S. Privacy Shield. Scalable Spooky Scan. Blocked Sites, Blockd IP, DNS Blocking. Null Routing. GreatFire, Circumvention Central.
• Geo-location methods in mobile networks - Base Station Time Measurement, GPS location, WiFi SSID leak, Cell ID location, Angular Measurement, Drone based location, Snooping Internet Traffic for location information.
• In Search of Evidence-Based IT-Security - Yay, Security Science, sounds cool. - I liked the start, guaranteed security, artificial intelligence security, cloud security. Yeah, neat. Security products which make your company more vulnerable. Cool. There's anti-virus, so it's logical there's also anti-security products, right? Beliefs vs reality. No scientific security tests are being conducted on products. Theoretical attacks which work only in laboratory. Problems with proxy evidence, correlation doesn't prove causation.
• Now they said it: "Practical research tends to investigate interesting, but probably not very relevant parts of the problem". That's just what I've been saying about elite coders. They tinker for months or years, producing something cool and theoretical, which might have but probably won't have practical value. - Of course there's somewhere the balance between that and my extremely practical and straight style.