An old but hugely overlooked issue. Many appliance vendors ship their units with a default private key for SSL communications. Even if you reissue a new certificate, your appliance could still be using the same private key as everyone else’s.. and it’s typically bundled within the firmware packages publicly distributed by the application vendor. This affects everything from DD-WRT to enterprise class VPN appliances, tape libraries, and firewalls.
Well, someone has finally begun cataloguing these into a searchable database:
Just lookup the device in question, point the lookup tool to a running appliance, or feed it a packet capture or live network interface and it will provide any known private keys. Once the private key is obtained, you can decrypt the SSL stream with tshark:
tshark -nn -t ad -r <pcap_file> -o ssl.keys_list:<HTTPS_server_IP>,443,http,”<private_key.pem>” -V -R http
This seems handy!
Wireshark: Remote Packet Capture, bit of Security
Wireshark/Ethereal is one of the best open source tools we have. I don’t think there will be individuals working in Networking domain (especially into IDS/IPS, Firewalls etc.) and don’t know Wireshark/tcpdump. Please I wanna see u guys/gals 😉
There are many features available in Wireshark, we are going to focus on remote packet capture.
Need Wireshark Version 1.4.2 with the new WinPcap available inbuilt with it. Install this on bothe the machines, where you are going to take capture (client) and on the machine where we want to sniff the traffic(server). On Server we need to start “Remote Packet Capture Protocol v.0 (experimental)” service, which will open TCP Port 2002 on the Server.
Security Unplugged !!!: Wireshark: Remote Packet Capture, bit of Security.
The explosion heard in Lebanon late Wednesday was an Israel Air Force operation aimed at destroying an espionage device it had installed off the coast of the city of Sidon, the Voice of Lebanon radio station reported on Thursday.
The report comes a day after the Lebanese Army said it had uncovered two Israeli spy installations in mountainous areas near Beirut and the Bekaa Valley, The installations included photographic equipment as well as laser and broadcast equipment.
‘Blast off Lebanon coast was IDF destroying espionage device’ – Haaretz Daily Newspaper | Israel News.
SANS Internet Storm Centers Summary of Black Tuesday updates from the Microsoft Beast. [Link Here]
RFID Credit Card Skimming
Yesterday, I was talking to a producer for the CBS Evening News regarding credit and ATM/bank cards with embedded RFID chips being vulnerable to wireless skimming. CBS is currently working on a story about this, due to a CBS affiliate station’s story:
CBS News’ take on this is that the skimming is great TV, but it’s probably only a small portion of things that can be skimmed or otherwise attacked by the populace, and they are interested in expanding the story. Our discussion went on for a while, and we talked about similar vulnerabilities pertaining to RFID including passports, EZPay, etc.
In the middle of all this, the producer remarked that while this vulnerability was “brand new” to the public, my reactions were making it seem like this was old news to the infosec community. My response was that the touch-less credit card issue had been known and demonstrated going back at least 6 years, if not more. He said that the same type of reaction had occurred last April, when CBS had run the story about the copier imaging on hard drives. The public was aghast, but the infosec people they’d contacted all remarked “what took you so long?”
More after the jump…
RFID Credit Card Skimming – Defcon Forums.
Oh yes! Karmetasploit, wepbuster, aircrack, and kismet on a Sheevaplug microserver!
send_keystrokes.rb: Meterpreter script to interactively send keystrokes to an open application window using the vbscript SendKeys method. Can be used to escalate privileges into RunAs-invoked command shells on XP.
IE_click_run.rb: Meterpreter script to interactively click “Run” at the IE “File Download Security Warning” prompts. Can be used to escalate privileges into RunAs-invoked IE instances without end-user interaction on XP.
7 Days Newspaper publish an cover story article last week about the developing digital forensics culture in Vermont. [LINK HERE]