• 28.Jan.15
    GHOST Vulnerability: glibc gethostbyname buffer overflow news, security | rafacas | (0)
    The GHOST vulnerability was discovered and disclosed by Qualys. It is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials. CVE-2015-0235 has been assigned to this issue. Qualys researchers discovered a buffer overflow in the __nss_hostname_digits_dots() function of glibc. This bug can be triggered both locally and remotely via all the gethostbyname*() functions. Applications have access to the DNS resolver primarily through the gethostbyname*() set of functions. These functions convert a hostname into an IP address. They have developed a full-fledged remote ...
  • 28.Jun.11
    The Sibyl going to the No cON Name network, news, security | pfortuny | (0)
    Both rafacas and pfortuny are going next September to Barcelona to the No cON Name conference, to talk about The Sibyl, of which we have already written here. If any of you is interested in IT Security and can make it to Barcelona in September (14-17), it would be nice to meet you there.
  • 08.Dec.10
    The savannah.gnu incident and the Sibyl news, security | pfortuny | (0)
    The compromise in December 2010 is another example of the weakness of system passwords: there will always be someone using a brute-force attackable key. And that is the weakest link. I just want to point out to all our readers out there that the Sibyl is precisely an idea to implement a secure way to store hashes of passwords and prevent brute-force attacks. It is not computationally cheap or even the simplest of setups, but security has a price. At least, it is, but for the hardware part, which depends on your implementation, 'gratis' and BSD-licenced. Hope you like it.
  • 04.Aug.10
    The Sibyl security | rafacas | (1)
    The Sibyl is a project invented and implemented by Pedro (pfortuny) and me (rafacas). Although I have to admit that it was Pedro's idea. It started with the goal of secure storage of the shadow file and, in general, of any database of secret authentication tokens (think of passwords -actually hashes of passwords- of users of a Web-based service, for example). We consider it addresses the main concern on those databases: dictionary attacks and rainbow tables, which have become available at negligible cost: there is a cloud-based service for doing dictionary attacks on a WPA key. Our approach for storing shadow files ...
  • 25.Sep.09
    Creating RSA keys security | rafacas | (0)
    RSA is an algorithm for public-key cryptography. Its advantage is that it does not require the initial exchange of secret keys unlike symmetric key algorithms. Each user has a pair of keys, one for encryption (the public key) and another one for decryption (the private key). The private key is kept in secret while the public key may be widely distributed. OpenSSL is usually the tool used for creating an RSA key pair (the public and private ones). $ openssl genrsa -out key.pem 1024 Generating RSA private key, 1024 bit long modulus ............................................++++++ .....++++++ e is 65537 (0x10001) This command creates a 1024-bit key pair and ...
  • 06.Sep.09
    How to verify MD5 or SHA-1 digests security | rafacas | (2)
    MD5 and SHA-1 are cryptographic hash functions. They are deterministic procedures that take an arbitrary block of data as input and return a fixed-size bit string, the hash value (called message digest or fingerprint as well). Verifying MD5 or SHA-1 digest is highly recommended when you download new software for your system. In most of Linux distros the md5sum and sha1sum commands are available: $ md5sum ubuntu-9.04-desktop-i386.iso 66fa77789c7b8ff63130e5d5a272d67b ubuntu-9.04-desktop-i386.iso $ sha1sum ubuntu-9.04-desktop-i386.iso 19aabf327fdbde9e66db54dc04e3a83b92f70280 ubuntu-9.04-desktop-i386.iso Solaris (even version 10) doesn’t ship either with md5sum or sha1sum installed. However you can use digest: % /usr/bin/digest -a md5 GNUgcc.3.4.4.SPARC.64bit.Solaris.10.pkg.tgz 498c344fe2839631bb7cf4b869b7b830 % /usr/bin/digest -a sha1 GNUgcc.3.4.4.SPARC.64bit.Solaris.10.pkg.tgz a8da8247900dd06a7000fd0e6d41f834d6ab3e40 And in Mac OS X, ...
  • 10.Jul.09
    Adding password protection on a file with vim cmd, security | rafacas | (2)
    $ vim -x filename The -x option uses encryption when writing the file. It will ask for a key: Enter encryption key: ****** Enter same key again: ****** From then on your filename will be encrypted and accessed using the password. The -x option will no longer be necessary when editing the file.
  • 26.May.09
    Auditing ports (FreeBSD) security | fernape | (0)
    One of the most important aspects of *BSD systems is security. Knowing which installed packages have exploitable vulnerabilities is one of the admin's tasks. Here, the portaudit utility comes in handy. It is not part of the base system, so it must be installed first: % cd /usr/ports/ports-mgmt/portaudit; make install clean To run a simple check: % portaudit Affected package: XXX Type of problem: XXX -- embedded GD library Use-After-Free vulnerability. Reference: <> Affected package: YYY- Type of problem: YYY -- integer overflow vulnerability. Reference: <> Affected package: ZZZ-1.10.2_2 Type of problem: ZZZ -- integer overflow. Reference: <> I have omitted the details of the vulnerable packages of my own machine. I'm sure you ...
  • 13.Apr.09
    OpenBSD’s pf null pointer dereference network, news, security | pfortuny | (0)
    We have talked quite a few times about pf, OpenBSD's Packet Filter (firewall). Well, a bug has been discovered which may trigger a kernel panic. There exists a solution, be sure to patch your boxes asap. Notice that the 'editing' solution works on all platforms and versions (at least from 4.2 upwards and probably on older ones).
  • 09.Jan.09
    Authpf: authenticated routing and firewalling on OpenBSD network, security, shell | pfortuny | (0)
    In our detailed description of OpenBSD's packet filter (here and there) we mentioned authpf, and spoke of it as a useful tool, but what is it use? I tend to understand it as an instrument for authenticated routing, that is, a way to provide routing (and firewalling etc...) services only to authenticated users. Think of a corporate setting with different users having access to different services according to their identities (and not according to their computer's IPs, which may well be dynamic or different). For example, user boss may access the firm's MAIN smb (ports 139, 435) server and any http ...