[WayBack] Kristian Köhntopp on Twitter: “Modaler Filter für Veloziraptoren… “
–jeroen
Archive for the ‘Security’ Category
Kristian Köhntopp on Twitter: “Modaler Filter für Veloziraptoren… ” (0 factor authentication)
Posted by jpluimers on 2021/10/08
Posted in Authentication, Power User, Security | Leave a Comment »
Teams, hats and colours
Posted by jpluimers on 2021/10/06
I learned a few new things a while ago, but still have a hard time to get the association between colours and meanings right.
Colours:
- white: friendly / sanctioned / by permission
- black: enemy / unsanctioned
- red: attacks by permission
- blue: defends by permission
Based on these tweets and links:
- [Archive.is] jmelesky on Twitter: “@jpluimers Red teams try to break in, blue teams try to keep them out.”
- [Archive.is] Jeroen Pluimers on Twitter: “@IanColdwater @honeybadgerhack What’s a blue team?” / Twitterper
- [Archive.is] Jeroen Pluimers on Twitter: “@jmelesky Great. Thanks! Which hat colors do red teams have? Black or white hat? I’m really bad at learning terminology, so getting the aimed associations right is important for me. So: where do the color names from?”
- [Archive.is] Jeremi M. Gosney on Twitter: “Red/blue stems from military exercises. Blue is used to designate friendly forces, red for enemy forces.… “
- [Archive.is] jmelesky on Twitter: “That’s in the linked article, and the “red team” article it links to. Both teams are white hat — red is paid by an org to try and infiltrate/attack that org, blue is internal to the org, trying to defend.… “
- [Archive.is] Bryce Katz on Twitter: “@jpluimers @jmelesky As I understand it, “white hats” are sanctioned to infiltrate or defend. “Black hats” are the unsanctioned folks (read: criminals) trying to gain access. Blue/Red teams are white hat by definition.”
- [Archive.is] Carmen San Diego 👩💻🐡🐙 on Twitter: “Black hat definition is dependent on who you ask. Corps view anyone poking around in their system without their permission as black hat. Infosec community defines it more as someone or some group that is trying to get into something or break something for personal gains/agendas.…”
- [Archive.is] Jeroen Pluimers on Twitter: “@brycekatz @jmelesky So red teams work “by permisson” hence white hat? Attacks from teams without permission are black hat?” / Twitter
- [Archive.is] Jeroen Pluimers on Twitter: “@brycekatz @jmelesky So red teams work “by permisson” hence white hat? Attacks from teams without permission are black hat?”
- [WayBack] Black and white hat symbolism in film – Wikipedia
- [WayBack] Red team: Overview – Wikipedia
In United States war-gaming simulations, the U.S. force is always the Blue Team and the opposing force is always the Red Team.
–jeroen
Share this:
Posted in Development, LifeHacker, Power User, Security, Software Development | Leave a Comment »
Solved: ‘Answering Yes to “You have an older version of PackageManagement known to cause issues with the PowerShell extension. Would you like to update PackageManagement (You will need to restart the PowerShell extension after)?” hung my Visual Studio Code.…’
Posted by jpluimers on 2021/10/04
From a while back: [Archive.is] Jeroen Wiert Pluimers on Twitter: ‘Answering Yes to “You have an older version of PackageManagement known to cause issues with the PowerShell extension. Would you like to update PackageManagement (You will need to restart the PowerShell extension after)?” hung my Visual Studio Code.… ‘
After clicking “Yes”, the the only thing visible was this notification that had an ever running “progress bar”:
Notifications – Powershell – Source: Powershell (Extension)
The first part of the solution was relatively simple: restart Visual Studio code, then the original notification showed, and after clicking “Yes”, the “Panel” (you can toggle it with Ctrl+J) showed the “Terminal” output (yes, I was working on [Wayback/Archive.is] PowerShell script for sending Wake-on-LAN magic packets to given machine hardware MAC address, more about that later):
Share this:
Posted in .NET, Communications Development, Development, Encryption, HTTP, HTTPS/TLS security, Internet protocol suite, Power User, Security, Software Development, TCP, Visual Studio and tools, vscode Visual Studio Code, Windows, Windows 10 | Leave a Comment »
One of the Let’s Encrypt’s Root Certificates expired today (and their corresponding intermediate yesterday); how is your infrastructure doing?
Posted by jpluimers on 2021/09/30
Last weekend I published 5 days before the Let’s Encrypt’s Root Certificate is expiring!
It basically was a post trying to amplify the [Wayback/Archive.is] Let’s Encrypt’s Root Certificate is expiring! message by [Wayback] Scott Helme .
Yesterday and today, he is maintaining a Twitter thread on things that have broken.
Quite a few things have, including some versions of curl, on which a lot of infrastructure relies (the certificate for it got fixed later on 20120930), see:
- [Archive.is] Scott Helme on Twitter: “Yeah that’s reasonable, we’ve not had a notable certificate chain expiry issue like this to speak of really.… “
- [Archive.is] Daniel 🥌 Stenberg on Twitter: “the Mozilla CA cert bundle on curl.se now has the expired ‘DST Root CA X3’ cert removed: …”
- [Wayback/Archive.is] curl – Extract CA Certs from Mozilla:
This bundle was generated at Thu Sep 30 03:12:05 2021 GMT .
- [Wayback/Archive.is] curl – Extract CA Certs from Mozilla:
- [Archive.is] Daniel 🥌 Stenberg on Twitter: “The order is restored and https://libssh2.org/ is again served by a good cert. Sorry for the minor disruption.”
Two important starting points in his thread:
- [Archive.is] Scott Helme on Twitter: “🚨🚨🚨 5 minutes until the Let’s Encrypt R3 intermediate expires 🚨🚨🚨 29 September 2021 19:21:40 UTC”
- [Archive.is] Scott Helme on Twitter: “🚨🚨🚨 30 minute warning 🚨🚨🚨 IdentTrust DST Root CA X3 Expires: Sep 30 14:01:15 2021 UTC… “
If you want to check from one of your own clients, try [Archive.is] Scott Helme on Twitter: “I’ve created a test site to help identify issues with clients. If you can connect to https://t.co/bXHsnlRk8D then your client can handle being served the expired R3 Intermediate in the server chain!… “
[Wayback/Archive.is] https://expired-r3-test.scotthelme.co.uk/
Note that neither SSLabs, nor Cencys, nor CertCheckkerApp do show the expired certificate, only the new one:
- [Wayback/Archive.is] SSL Server Test: pluimers.com (Powered by Qualys SSL Labs)
- [Wayback/Archive.is] CN=pluimers.com – Censys
- [Wayback/Archive.is] CertCheckerApp Certificate Checker: pluimers.com
Yes, I know the pluimers.com web server is rated B from a TLS perspective. Will be working on it, but I’m still recovering from rectum cancer treatments, and have an almost 1.5 year backlog to get through.
–jeroen
Share this:
Posted in Communications Development, Development, Encryption, HTTP, https, HTTPS/TLS security, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, Security, Software Development, TCP, TLS, Uncategorized, Web Development | Leave a Comment »
5 days before the Let’s Encrypt’s Root Certificate is expiring!
Posted by jpluimers on 2021/09/24
Only 5 days left to take a close look at both your web-clients (including back-end clients!) and servers to prevent potential Let’s Encrypt mayhem.
Last week, [Wayback] Scott Helme published about [Wayback/Archive.is] Let’s Encrypt’s Root Certificate is expiring!
Let’s Encrypt has done loads of work over the past lustrum to prevent trouble like cross-signing, issuing the successor certificates, and more.
The problem is that people like you and me have refrained from keeping their clients and servers up-to-date, so some security issues will occur. Hopefully they are limited to non-functioning communication and not leaking of data.
It is about this DST Root CA X3 certificate, used by the vast majority of Let’s Encrypt certificates, [Wayback/Archive.is] Certificate Checker: CN=DST Root CA X3, O=Digital Signature Trust Co.:
DST Root CA X3 Certificate Trusted anchor certificate Subject DN CN=DST Root CA X3, O=Digital Signature Trust Co. Issuer DN CN=DST Root CA X3, O=Digital Signature Trust Co. Serial Number 44AFB080D6A327BA893039862EF8406BValid to Key RSAPublicKey (2048 bit) SHA1 Hash DAC9024F54D8F6DF94935FB1732638CA6AD77C13MD5 Hash 410352DC0FF7501B16F0028EBA6F45C5SKI C4A7B1A47B2C71FADBE14B9075FFC41560858910AKI
Quoting Scott, these clients likely will fail, so need attention:
- OpenSSL <= 1.0.2
- Windows < XP SP3
- macOS < 10.12.1
- iOS < 10 (iPhone 5 is the lowest model that can get to iOS 10)
- Android < 7.1.1 (but >= 2.3.6 will work if served ISRG Root X1 cross-sign)
- Mozilla Firefox < 50
- Ubuntu < 16.04
- Debian < 8
- Java 8 < 8u141
- Java 7 < 7u151
- NSS < 3.26
- Amazon FireOS (Silk Browser)
On the server side, you can help Android devices by using a Let’s Encrypt certificate that is cross-signed with the ISRG Root X1 certificate [Wayback/Archive.is] Certificate Checker: CN=ISRG Root X1, O=Internet Security Research Group, C=US:
ISRG Root X1 Certificate Subject DN CN=ISRG Root X1, O=Internet Security Research Group, C=US Issuer DN CN=DST Root CA X3, O=Digital Signature Trust Co. Serial Number 4001772137D4E942B8EE76AA3C640AB7Valid to Key RSAPublicKey (4096 bit) SHA1 Hash 933C6DDEE95C9C41A40F9F50493D82BE03AD87BFMD5 Hash C1E1FF07F9F688498274D1A18053EABFSKI 79B459E67BB6E5E40173800888C81A58F6E99B6EAKI C4A7B1A47B2C71FADBE14B9075FFC41560858910
Via [Archive.is] Scott Helme on Twitter: “There are only 10 days left until the Let’s Encrypt root certificate expires and there are still questions over what the impact will be! Full details here: …” which links to the above article showing a nice graph of the current Let’s Encrtypt root certificate setup:
–jeroen
Share this:
Posted in Communications Development, Development, Encryption, https, HTTPS/TLS security, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, Security, Software Development, TCP, TLS, Web Development | Leave a Comment »
Laat Je Niet Hack Maken: een goed wachtwoord kiezen of maken
Posted by jpluimers on 2021/09/13
[WayBack] Laat Je Niet Hack Maken: een goed wachtwoord
Laat Je Niet Hack Maken legt op een begrijpelijke manier uit hoe je jezelf beschermt tegen hackers.
–jeroen
via:
https://twitter.com/danielverlaan/status/1174262886472048640
Share this:
Posted in LifeHacker, Power User, Security | Leave a Comment »
Hardening your network from locally logged on users
Posted by jpluimers on 2021/09/10
SwiftOnSecurity is a great account to follow.
One tweet was the base of my post [WayBack] On Windows, having an empty password can improve security.
Another tweet the base of this one.
- [WayBack] SwiftOnSecurity on Twitter : “Group Policy > Computer > Policies > Windows > Security > Local > Rights > Deny access from network > Add “Local account” Apply to clients.”
Doug is great!
- [WayBack] defendthehoneypot (Doug Richmond) · GitHub
- [WayBack] GitHub – defendthehoneypot/NamingConvention: Naming convention for Active Directory objects
- [WayBack] GitHub – defendthehoneypot/DomainController-GPOs: Domain Controller GPOs
- [WayBack] GitHub – defendthehoneypot/Client-GPOs: GPOs for client systems
- [WayBack] GitHub – defendthehoneypot/Server-GPOs: Member Server GPOs
Swift has some great github resources too:
- [WayBack] SwiftOnSecurity · GitHub
- [WayBack] GitHub – SwiftOnSecurity/OrgKit: Provision a brand-new company with proper defaults in Windows, Offic365, and Azure
- [WayBack] GitHub – SwiftOnSecurity/sysmon-config: Sysmon configuration file template with default high-quality event tracing
- [WayBack] GitHub – SwiftOnSecurity/SwiftFilter: Exchange Transport rules to detect and enable response to phishing
- and some secondary repositories:
- [WayBack] GitHub – SwiftOnSecurity/windows-event-forwarding: A repository for using windows event forwarding for incident detection and response
- [WayBack] GitHub – SwiftOnSecurity/OfficeDeployFramework: A batch script to demonstrate complex Microsoft Office deployments
- [WayBack] GitHub – SwiftOnSecurity/PhishingRegex: Backup of my phishing regular expression testing bench
–jeroen
Share this:
Posted in Power User, Security, Windows | Leave a Comment »
For my link archive: DNS over https
Posted by jpluimers on 2021/09/02
DNS over HTTPS
For my link archive:
- DNS over HTTPS – Wikipedia / Public recursive name server – Wikipedia
- [WayBack] RFC 8484 – DNS Queries over HTTPS (DoH)
- [WayBack] DNS over HTTPS · curl/curl Wiki · GitHub (which has a list of publicly available servers)
- [WayBack] A cartoon intro to DNS over HTTPS – Mozilla Hacks – the Web developer blog
- [WayBack] DNS over HTTPS – Cloudflare Resolver
JSON DNS output
Some DNS over HTTSP providers support dns-json, which Cloudflare delivers non-pretty printed.
Share this:
Posted in Cloud, Cloudflare, Communications Development, Development, DNS, Encryption, HTTP, https, HTTPS/TLS security, Infrastructure, Internet, Internet protocol suite, Power User, Security, Software Development, TCP, TLS | Leave a Comment »
Ryan O’Horo on Twitter : “Computerphile with a clear and complete explanation of how the block cipher AES works and how it’s different from older ciphers. Background info… “
Posted by jpluimers on 2021/09/01
From a while back, but still relevant: [WayBack] Ryan O’Horo sur Twitter : “Computerphile with a clear and complete explanation of how the block cipher AES works and how it’s different from older ciphers. Background https://t.co/WyvYpM5JJN SP Networks https://t.co/MGILCxkqUR AES Cipher https://t.co/ReHpnCBTvI… https://t.co/VbZomPrOow”
Videos below the fold
–jeroen
Share this:
Posted in Development, Encryption, Hashing, Power User, Security, Software Development | Leave a Comment »
Some links related to Apple’s NeuralHash algorithm, as it was reverse engineered and collisions can be generated so abuse with pictures matching sensitive hashes can be performed
Posted by jpluimers on 2021/08/24
Last week, I wrote [Archive.is] Jeroen Wiert Pluimers on Twitter: “Apple’s NeuralHash algorithm for automagically reporting sensitive images from iOS devices has not only been reverse engineered, but also collisions can now be generated. Now just wait for abuse of innocent pictures matching sensitive hashes. … “
Below, for my link archive, some relevant links on this:
- [Archive.is] stacksmashing on Twitter: “I generated a picture that shows its own NeuralHash… “
- [Wayback/Archive.is] anishathalye/neural-hash-collider: Preimage attack against NeuralHash 💣
- [Wayback/Archive.is] ImageNet contains naturally occurring NeuralHash collisions
NeuralHash is the perceptual hashing model that back’s Apple’s new CSAM (child sexual abuse material) reporting mechanism. It’s an algorithm that takes an image as input and returns a 96-bit unique identifier (a hash) that should match for two images that are “the same” (besides some minor perturbations like JPEG artifacts, resizing, or cropping).
- [Wayback/Archive.is] ImageNet contains naturally occurring NeuralHash collisions
- [Wayback/Archive.is] roboflow-ai/neuralhash-collisions: A catalog of naturally occurring images whose Apple NeuralHash is identical.
- Serious flaw in Apple’s CSAM scanner uncovered: [Wayback/Archive.is] Apple says collision in child-abuse hashing system is not a concern – The Verge
- [Wayback/Archive.is] AsuharietYgvar/AppleNeuralHash2ONNX: Convert Apple NeuralHash model for CSAM Detection to ONNX.
- [Wayback/Archive.is] Apple’s NeuralHash Algorithm Has Been Reverse-Engineered – Schneier on Security
- [Wayback/Archive.is] International Coalition Calls on Apple to Abandon Plan to Build Surveillance Capabilities into iPhones, iPads, and other Products – Center for Democracy and Technology
- [Wayback/Archive.is] iOS 15 – Wikipedia: CSAM Detection (NeuralHash)
- [Wayback/Archive.is] Hash collision in Apple NeuralHash model : programming
- Thread about duplicate hashes fore both related and unrelated images: [Wayback] Sarah Jamie Lewis on Twitter: “I let NeuralHash run most of the day in the background processing ~200K images. Didn’t find any absolute “random” hashes (a few were 2-3 bits close) – but did find a few sets like this – sets of burst photos which match All have the same hash: 75bbd25662074bdc7ac97677… “
- [Archive.is] Rich Harang on Twitter: “Do you see a difference between these two images? Apple’s NeuralHash thinks they differ on 52 of 96 bits (ed570844756690de887ceec3 vs 2d574044756690de887cfe43). No I won’t tell you how I did it, but it runs on CPU in about 10 seconds. NeuralHash is trivial to evade.… “
- [Archive.is] badidea 🪐 on Twitter: “neural hash c78fc26ec100f8508d4e60a3 🙂… “
–jeroen
Share this:
Posted in AI and ML; Artificial Intelligence & Machine Learning, Development, Hashing, Power User, Security, Software Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 