Problems with PKI

it’s complex. having a complex system that has a lot of requirements makes it hard to manage and get right, giving attackers a chance to exploit any holes during the process.

SSL/PKI

SSL/TLS

SSL (Secure Sockets Layer) is a security protocol that establishes a link between a web server and a client. SSL allows the secure transmission of sensitive information such as credit card numbers, login credentials and more, providing a layer of security that utilises a public/private key pair. By encrypting all information sent in-between, someone eavesdropping on the network will not be able to see exactly what is being sent.

The SSL protocol is enabled through something called a SSL Certificate, which allows you to create a secure connection in the first place. First the server needs to GET a SSL Certificate by requesting a Certificate Signing. This certificate then needs to be sent to a Certificate Authority, that is trusted digital signers who verify the security of your server and that it adheres to certain standards.

Once a Certificate Authority signs this, the server’s certificate is then associated with that certificate, and you are able to see which CA signed off on it in the Subject of the Certificate.

Thanks to browsers coming with a pre-installed list of trusted organisations and CAs, a server certificate who had their certificate signed off by any of these organisations is automatically trusted. By a company signing off on this, they are claiming that an trusted third party has verified the identity of the server host (authenticated).

PKI

SSL alone isn’t enough to secure a web connection. SSLs alone can be susceptible to a man-in-the-middle attack where an attacker could intercept the key exchange protocol (like Diffie Hellman) and replace the server public key with their own. This way, once a ‘secure connection’ is established between the client and server, all traffic and requests sent by the client are directly transmitted to the attacker and decrypted for them.

This is where PKI comes in - the idea is that we don’t blindly trust that a public key provided by a server is the genuine public key, until it is verified or ENDORSED by someone we do trust. So we trust a few select key entities and also trust anyone they say is trustworthy (kinda sus).

As mentioned before, there are a few root certificate authorities who have been hard-coded/pre-installed into our browsers or OS whom we trust. This means they have power to determine what is secure/not...

dead content

would be interesting to see the increase in blogging before the job app was due now to the massive drop off lmao

Google Data

yikes there’s like 10 gigs of my data here

my link is broken for some reason so reblogging to top

unregistered hypercam 2

Password Leaks

Found that some of my old emails had accounts tied to it which were compromised. Unfortunately I couldn’t narrow down to which platforms that were attacked, but that actually doesn’t matter. All platforms that you might think are secure and safe end up getting broken into eventually like LinkedIn and Yahoo - so the best way to secure yourself against that is to use better passwords.

As revealed by TroyHunt and his password g4ngs, using a password manager and generating better passwords that are unique and follow a set of requirements will be effective even if passwords are leaked. That way even if they are using a broken hash like MD5 to store the passwords, you’re at least able to protect against that in some way. But pray for your soul if they’re storing them in plaintext.

I did a bit of research on PasteBin to look up my email in any of the leaks. I recall a few years ago I did a similar search up and I think I found my email on there (yikes). So that’s a big player in terms of password leaks.

I actually browsed there for a few hours and tried out some of the passwords in the leaks - and oh boy even from a few months ago, a lot of those account still haven’t changed their passwords! They’re pretty weak passwords too, so even with the hashes a simple lookup gives the plain-text for free.

I’d say if you’re interested (you should be), don’t just see if your email has been compromised (https://haveibeenpwned.com/), look up you and your friends on PasteBin because your old accounts may still be on there.

Dumpster Hiding

After finding out your trash has so much information leakage about you - I’ve gotten a bit wary about throwing things out that have my details on it. Theoretically speaking if an attacker was after me, they would be able to gather a lot of knowledge about me just by digging through what I throw away.

So over the past few weeks I’ve been doing something similar to Richard, by destroying documents with sensitive information responsibly. And for things I need to throw out, I’ve been going around and slipping them in other bins across the neighbourhood, as well as public bins to spread confusion about.

I’m not exactly sure how effective this is, but at the very least it’s some deterrent and confidentiality about my trashabouts.

Updating Privacy

After sifting through my information, I’ve made the wise decision to go and update my privacy settings on the platforms that I use. Not only will this serve as a form of OpSec, but also to deter any third-party information coming through against my case.

Digging into my Facebook settings, there’s a lot of things left unchecked by default such that they ‘optimize’ the regular individual’s experience. Everything is linked and pretty much public for everyone which is less than ideal in terms of privacy.

Facebook is tracking when and wherever you log in and on what devices you’re accessing your account from. Looking at this list, there’s a lot of things I’m still logged in on - so let’s just go ahead and sign out of all of them and do a massive overhaul.

Setting up Layers

Here we can do a security bump too. Although you might think it’s not important enough to secure your account - that’s probably because you don’t think that you’re at a high risk of losing your account. In fact, if this account were to be compromised, I personally wouldn’t be too happy about it. It’ll be an inconvenience to go up and set up another one. Either way I could do with 2FA because if not I’m pretty much just saying to the world ‘go hack me’. Adding other layers of security like encrypting my emails is definitely a better option than none at all too.

Facial Recognition?

Previously I just given up all rights to tagging me in photos and posting all that fun facebook jazz. But that’s just like taking away the option for me to approve things that are being posted about me. What if like that CIA director my wife or someone I know posts some sensitive information about me? I want to have the ability to control what information pops up and prevent it from occurring in the first place, rather than doing damage control after. Like what’s the dealio with this Facial Recognition being on by default?

Old Login Permissions (BAD)

Memes

Answering Questionz

Buffer Caff

1.0 Basic

So below is the basic structure of the stack (for local variables) once you’re in the doCheck() function. We simply need to write 32 characters to the name and access name[32] to overwrite the team variable. gets() the lovely vulnerable function as it is, will naively take that and we can happily enter the win() function!

1.1 whereami

This is pretty similar to the one before, where instead of the variable team = ‘A’, we have the void function pointer, ‘function’. So again, we simply need to overflow the buffer, by writing the address that is printed for the win() function. Simple stuff.

1.2 Blind

For this we have no source code or information really to go off. Therefore we take the following steps:

Run the code first (see what it does)

Verify that it is vulnerable to a buffer overflow

Find the address at which the win() function is stored at

Using external tool

Overflow the buffer and overwrite the return address

win???

Login Leaks

Wrote a script 4 this.

{><!A9-n$)(e*WzqL_&Zf2R6^d}

Barbauthentication

She uses 2-step verification for her email account using Google Authenticator, and she signs up with new websites by using 'Sign in With Google', and for when she is at a computer she doesn't trust, she has generated a set of 10 one-use only passwords for her Gmail account.

Create a fake website to phish her and she’ll sign in with Google - then once that’s done send her a text and she’ll enter the Google Authenticator code. From there, you can just copy that code and log into her account!

Sp0t the F4ke

TripAdvisor

Find an example of something that has been faked or spoofed. Describe how it was achieved, and how it could be detected or prevented.

The moon landing.

Lmao nah but the TripAdvisor is the example given. It was done by keeping the restaurant discrete and closed off such that those who had not been could never validate how bad it was and review it. This was done together with the efforts of his friends who helped craft genuine looking reviews, which altogether built up the status of the restaurant.

It doesn’t take that many to really build your restaurant up, since there’s not a huge population who will actually take their time out to review a restaurant. In general, most people review only if their experience has been REALLY GOOD or REALLY BAD; there aren’t many in-between. This is the case for a real restaurant, so for a fake one that can control their ratings and only have 5 stars coming in, getting to the top like that is quite easy.

The issue that allowed this to happen is that there isn’t a formal verification process for TripAdvisor. They pretty much took it upon good faith that it existed as a restaurant, despite it not being registered as a business or anything. There were no third party checks or multiple steps to becoming a legitimate restaurant on TripAdvisor. To prevent such things from occurring in the future, more rigid processes should be developed for validating and getting your restaurant up there. In fact, with the scale that TripAdvisor is, they should be able to afford having someone from their company come down and actually check that the restaurant actually exists and to taste their food and such.

Find an example of something in everyday life that could be easily faked and explain how it might be achieved.

Certificates and credentials on ambiguous things. You can easily develop your own course, and in the same vein as the restaurant create accounts and fake the reviews. If you make the course require payments, people will be discouraged initially until it gets popular.

DeepFakes

At the moment this technology is quite limited, so it’s not too hard to spot it by eye. However, eventually it’ll get good enough that will make it hard for the human eye to spot out. Although it remains to be seen a ‘perfect’ deepfake, perhaps we can spot the artificiality (but I guess that wouldn’t be perfect). The solution to that will then have to be to resort to machines to identify fakes, or analysis in other means, such as the binary data or formal tests like modifying real and fake videos for comparison.

Viral Videos

Viral videos are also getting extremely hard to determine - especially with a low quality or high quality video. With low quality videos, the problem is that there’s not enough information to be able to visually determine if something is fake. Perhaps on a binary level or pixel state a computer may be able to differentiate things just like DeepFakes - but that still isn’t clear.

Googling Myself

Facebook Data

holy heck there’s a lot

Google Data

requested brb

Case Study: Ghost

yo okAY this was hella tough and honestly we didn’t come up with a perfect solution

so the premise is that you are a general army dude right and you sent one of your mates to the nether portal (goes to alien planet) and goes to do recon and meet the aliens. he talks to one of the aliens and asks if he can come back with him, but upon returning, your mate is dead and turns into a ghost. so now there’s just you and your squad standing outside the portal looking at this deadass alien and confused and scared as heck.

so how do you know that:

A) your friends ghost is with the alien (authentication)

B) the alien comes in peace (non-malicious intent)

if the alien can hear your mate speaking:

how do you know that he’s speaking the truth

that your friend is actually there

that he’s not modifying the message

like your friend is telling him to tell you that he (the alien) killed him (your friend)

so what I came up with was we need something that gives:

Authentication

Integrity

Non-Repudiation

Proof of non-malicious intent

So this is kind of like Houdini. Taking the first three into account, I considered what we use in Security today to solve this issue and came up with Signatures. If we were to take the report of your friend, and he in his ghostly form were to first HASH it, then sign that hash then we would be able to verify it was from him (authentication), and the message was not tampered with (integrity) and he would not be able to take it back and say that it wasn’t from him (non-repudiation).

However the fact of the matter is that we’re dealing with a threat that we have NO KNOWLEDGE of. all the knowledge is in that report which we can’t get caues our friend is dead. So with an alien there’s alien technology and things that we are unable to know.

Like how do we know the alien didn’t kill our mate

and that he didn’t steal all his memories and brain power

and that he’s not controlling the ghost friend

or that he’s not torturing him for the answers

And so far in reality we don’t have a successful attempt of measuring good intent. We can’t tell. Humans are corruptible, and probably the same for aliens. There’s no guarantee that this alien comes in peace and so I couldn’t come up with a perfect solution given this.

Week 8 NotMyTutorial

Case Study (interesting tbh)

at first it’s like hey this is just like houdini but with extra steps

but wait! turns out its broken and there’s no solution lol

Block Cipher Modes (actually good)

ok this is actually good hang on

they’re like sourdough bread

the moulding starter is like the IV