Using default private keys to decrypt SSL streams

An old but hugely overlooked issue. Many appliance vendors ship their units with a default private key for SSL communications. Even if you reissue a new certificate, your appliance could still be using the same private key as everyone else’s.. and it’s typically bundled within the firmware packages publicly distributed by the application vendor. This affects everything from DD-WRT to enterprise class VPN appliances, tape libraries, and firewalls.

Well, someone has finally begun cataloguing these into a searchable database:
http://www.devttys0.com/2010/12/breaking-ssl-on-embedded-devices/

Just lookup the device in question, point the lookup tool to a running appliance, or feed it a packet capture or live network interface and it will provide any known private keys. Once the private key is obtained, you can decrypt the SSL stream with tshark:

tshark -nn -t ad -r <pcap_file> -o ssl.keys_list:<HTTPS_server_IP>,443,http,”<private_key.pem>” -V -R http

Wireshark: Remote Packet Capture, bit of Security

This seems handy!

Wireshark: Remote Packet Capture, bit of Security

Wireshark/Ethereal is one of the best open source tools we have. I don’t think there will be individuals working in Networking domain (especially into IDS/IPS, Firewalls etc.) and don’t know Wireshark/tcpdump. Please I wanna see u guys/gals ­čśë

There are many features available in Wireshark, we are going to focus on remote packet capture.

Need Wireshark Version 1.4.2 with the new WinPcap available inbuilt with it. Install this on bothe the machines, where you are going to take capture (client) and on the machine where we want to sniff the traffic(server). On Server we need to start “Remote Packet Capture Protocol v.0 (experimental)” service, which will open TCP Port 2002 on the Server.

Security Unplugged !!!: Wireshark: Remote Packet Capture, bit of Security.

‘Blast off Lebanon coast was IDF destroying espionage device’ – Haaretz Daily Newspaper | Israel News

The explosion heard in Lebanon late Wednesday was an Israel Air Force operation aimed at destroying an espionage device it had installed off the coast of the city of Sidon, the Voice of Lebanon radio station reported on Thursday.

The report comes a day after the Lebanese Army said it had uncovered two Israeli spy installations in mountainous areas near Beirut and the Bekaa Valley, The installations included photographic equipment as well as laser and broadcast equipment.

‘Blast off Lebanon coast was IDF destroying espionage device’ – Haaretz Daily Newspaper | Israel News.

RFID Credit Card Skimming – Defcon Forums

RFID Credit Card Skimming

Yesterday, I was talking to a producer for the CBS Evening News regarding credit and ATM/bank cards with embedded RFID chips being vulnerable to wireless skimming. CBS is currently working on a story about this, due to a CBS affiliate station’s story:
http://www.wreg.com/videobeta/?watch…a-1884ec348310

CBS News’ take on this is that the skimming is great TV, but it’s probably only a small portion of things that can be skimmed or otherwise attacked by the populace, and they are interested in expanding the story. Our discussion went on for a while, and we talked about similar vulnerabilities pertaining to RFID including passports, EZPay, etc.

In the middle of all this, the producer remarked that while this vulnerability was “brand new” to the public, my reactions were making it seem like this was old news to the infosec community. My response was that the touch-less credit card issue had been known and demonstrated going back at least 6 years, if not more. He said that the same type of reaction had occurred last April, when CBS had run the story about the copier imaging on hard drives. The public was aghast, but the infosec people they’d contacted all remarked “what took you so long?”

More after the jump…

RFID Credit Card Skimming – Defcon Forums.

When Lawyers & Financiers attack

Ellis says the city is hoping it won’t have to pull fiber optic cable out of the ground to return the property to leaseholder CitiCapital. Instead, the city hopes to be able to find the same kind of cable and that it can then turn over to CitiCapital.

via Vermont state board hears from Burlington Telecom | The Burlington Free Press | Burlington, Vermont.

Pull fiber from the ground to recoup debt? WTF? Last time I checked recovered fiber wasn’t worth anything. And most of the money spent was in installation.┬á And it cost a ton to remove it in the first place.

And if you can find the “same kind” of cable, why don’t you just give them cash? Or does BT has a secret stockpile of cable.

I’ve always figured that CitiCapital would be pulling equipment from the core. Say some routers & switches? Or something from the IPTV head end. At least there is a resale market for that stuff.