http://www.ccc.de/updates/2008/stellungnahme202c?language=en
Not much to say here, read for yourself…
technology | art | nature
http://www.ccc.de/updates/2008/stellungnahme202c?language=en
Not much to say here, read for yourself…
You may remember the paper released by a princeton research group regarding cold boot attacks on notebook computers in order to recover crypto keys. click to view old blog entry
The princeton research group has now released the sourcecode of a tool which will be able to recover the key, providing that the key is still stored in the DRAM. This can be achieved by severly cooling down the DRAMS temperature.
Turning off pxe or overall network boot may get you some valuable time, but its probably best too look out for ninjas who are carrying major cooling devices. Apparently they look something like this:
The small version of the Chaos Communication Camp, the ICMP4 aka. Intergalaktische Club Mate Party is less than one month away. The first lectures are popping up on the schedule, including mine
I will be holding a presentation which is a mix between a hacking and a social track about criminalization of computer security and computer analysis tools using wireshark as an example.
Why a packet sniffer?
Why Wireshark?
Presentation will be up about one or two days before the event, I might also upload an English version in case someone is interested.
In order to check your ISPs DNS for vulnerabilites, Dan Kaminski has posted an online tool on his website to check the vulnerability status.
Until the vulnerability has been fully disclosed, you will have to stick with the check on http://doxpara.com
VU#800113 Multiple DNS implementations vulnerable to cache poisoning
Dan actually appeared on a youtube video discussing this issue:
Backtrack, a security and penetration testing oriented Live Boot Linux Distribution has reached Final Stage in the current verison 3.
The Download consists of CD Images, USB bootable Version (which i am booting off a SD Card on my EEE PC) and vmware Images and contains more than 300 tools used by white hats and black hats as well and will give you an introduction on real world attack methodologies on your IT infrastructure.
Hope you all have been updating/replacing your keys by now 😉
The Debian Site is hosting a wiki on all services affected by the predictable PRNG.
It is essential that these keys are also replaced in order to mitigate attacks against your servers.
Storing ..um.. classified Information on your webserver in hidden directories is not exactly very bright because you can be sure that google will index anything it can get.
The goolag scanner, which was recently released by the famous hacker group cultDeadcow actually found pornography on chinese government owned (gov.cn) sites and security holes on western servers.
http://www.cultdeadcow.com/archives/2008/03/cult_of_the_dead_cow.php3
Please assume that files being stored in http://mydomain.com/_this/is/a_super/secret/directory/ will easily be found by simple methods such as specially designed search queries:
intitle:index.of +”last modified” +”parent directory” +(pdf|doc) +”Secret” -htm -html -php -asp
A Princeton computer scientist team has released a white paper which documents their cold boot attacks on encryption keys. The scenarios are based on a key recovery involving primarily laptop computers using various methods to keep the key stored in dram on a power off.
Very interesting article and a guideline on preventing attacks like this. The most effective way is certainly limiting boot options in order do prevent anyone booting up tools to steal your encryption key.
http://citp.princeton.edu.nyud.net/pub/coldboot.pdf
SecuriTeam Article
I highly reccomend anyone still running Sarge to start planning on an upgrade to Etch, the current stable release.
Finally, some decent video footage from the most awesome event i attended in the last few years.
ftp://ftp.ccc.de/camp2007/ccc_camp_2007_movie_DVD
Some news that might interest all the happy campers out there:
The Erlangen CCC organisation Bits n Bugs is hosting the ICMP4 this year. Not too much info up yet but be sure to check out the event wiki and the event site
Update
ICMP4 Website is up and the event ist sheduled for August 8-12
The ICMP is basically yet another outdoor hacker event which focuses on a lot of chill out and some lectures.