The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,428 other followers

Archive for the ‘Security’ Category

Is warshipping still a thing?

Posted by jpluimers on 2021/07/30

Reminder to self to see if warshipping is still a thing, and in which regions.

Related:

Via:

–jeroen

Read the rest of this entry »

Posted in Power User, Security | Leave a Comment »

Ken Thompson’s 1980 Unix password got cracked only a while ago: he used much entropy in his password

Posted by jpluimers on 2021/07/22

A few years back, Ken Thompson’s 1980 Unix password got cracked.

It took that long because his password p/q2-q4! had enough entropy by using uncommon characters so the crypt(3) based hash ZghOT0eRm4U9s was hard to crack.

The password was an opening chess move noted in the variety of the descriptive notation. A shorter notation would have been P-Q4, which would require months to crack in that era.

In modern chess notation, it would be 1. d4, moving the Queen’s Pawn from d2 to d4.

References (many interesting messages in the TUHS thread below):

Read the rest of this entry »

Posted in *nix, B, C, Development, Power User, Security, Software Development | Leave a Comment »

Many http headers via 🔎Julia Evans🔍 on Twitter: “some security headers… “

Posted by jpluimers on 2021/07/20

An image on CORS will follow; likely more on related topics too. [WayBack] 🔎Julia Evans🔍 on Twitter: “some security headers… “ about:

Interesting comments in the thread.

More to follow: [Archive.is] 🔎Julia Evans🔍 on Twitter: “going to talk about CORS headers on a different page because that’s a Whole Thing but i’d love to know what else I left out / got wrong here :)” including these:

Read the rest of this entry »

Posted in Communications Development, Development, Encryption, HTTP, https, HTTPS/TLS security, Internet protocol suite, Power User, Security, TCP | Leave a Comment »

Criminals are mailing altered Ledger devices to steal cryptocurrency: looks added USB flash card is from Intenso

Posted by jpluimers on 2021/06/28

Last week, Bleeping Computer write about [Wayback] Criminals are mailing altered Ledger devices to steal cryptocurrency:

Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach that are used to steal cryptocurrency wallets.

The fake Ledger hardware wallet has a piggy back USB flash device on it (image from Mike):

[Archive.is] _MG_ on Twitter: “Malicious hardware implant in the wild! I helped @LawrenceAbrams dig into this. It’s a hardware wallet with a malicious implant added. It’s being mailed to targets. Read about it here: “

This week, Jilles opened up a bunch of USB flash devices to compare them with the pictures of the fake Ledger hardware wallet, where Mike noted that likely an Intenso device. It all started with a compliment

I reacted that earlier this year, I had an Intenso device die that was the boot stick for an ESXi server which after booting (once in months at most) only does read-only access to it. If I find it back (I might have ditched it), I will open it up and post pictures.

[Wayback] Jeroen Wiert Pluimers on Twitter: “Note I had one of these Intenso sticks die in an ESXi server: it was just the boot stick, so no writes at all. “

Anyway, this was the one that died (maybe because it was very cheap):

According to [Wayback] USB Sticks | Intenso, these devices are manufactured by or for this German company:

Intenso International GmbH
Gutenbergstraße 2
49377 Vechta, Germany

Indeed the conclusion of Jilles and Mike, while figuring out the type of USB PCB, was already that opening up the device could give an indication in what geographic region or what era these fakes might originate from:

Meta-information is information too, and especially important in forensics.

Fake Ledger hardware wallet video

Mike also created a video. It is below the signature.

This was the tweet about it: [Archive.is] _MG_ on Twitter: “I sat down and walked through the Ledger Wallet implant. From phish, to Amazon poisoning attack, to implant, and what’s next. “

Attribution

As Jilles mentioned, attribution is important, though both Mike and Jilles hardly sees that with red teams. So thanks Mike and Jilles for doing the grunt work.

[Archive.is] Jilles on Twitter: “Thanks @_MG_! One of the hard things about creating cool stuff for red teams is that you usually cannot share what epic stuff you did, apart from your team and the client. Unless… You see one of your methods in the wild. And really love the tiny USB modules being used here.… https://t.co/Cs4rzvuNrT”

[Archive.is] Jilles on Twitter: “I have actually been working on assignments where attribution, purpose and forensics of discovered implants had to take place. Not a red team exercise.… “

–jeroen

Read the rest of this entry »

Posted in Power User, Security | Leave a Comment »

mnot S05E03 – Boba – Met Nerds om Tafel

Posted by jpluimers on 2021/06/18

Some links via [WayBack] S05E03 – Boba – Met Nerds om Tafel:

–jeroen

Read the rest of this entry »

Posted in LifeHacker, Power User, Privacy, Security | Leave a Comment »

 
%d bloggers like this: