Archive for November, 2008

Gmail Vulnerability: All hype?

Wednesday, November 26th, 2008

As far as I know this has not been patched yet.

There is a very simple solution to monitoring this problem. Simply adding your own filter with an alternative email address. I just tested this and while the email is sent away from your inbox, it is sent to both addresses. This way you will atleast have a record, and if you check that address more regularly it will act as a notification system.

The exploit is not quite as glamorous as that article depicts either. It’s a Cross Site Request Forgery vulnerability introduced by an improperly implemented token key-pair. As the author mentions, the token should be changed at each request, rather than each session. As mentioned in the article, both the ‘Session Authorization Key’, the token, and the ‘Unique Account Identifier’, which I assume is something like the session key are required. Neither is trivial. The session key would require a vulnerability, such as Cross Site Scripting or Tracing vulnerability, to be accessed. The token must be read from the page that you are posting ‘from.’ Because of JavaScript’s sandbox, this cannot be done through the use of an iFrame or AJAX request. It must be done from the client’s localhost or the domain, in this case Google.

Obviously it is possible, since Google has responded to the threat and proof has been shown of domains being stolen, but nothing new has happened here. It is simply a clever implementation of a few common tricks.


http://geekcondition.com/2008/11/23/gmail-security-flaw-proof-of-concept/

http://googleonlinesecurity.blogspot.com/2008/11/gmail-security-and-recent-phishing.html

Tags: , , , , ,
Posted in SamuraiNet Archive | No Comments »

crackIt: aircrack-ng automated

Saturday, November 15th, 2008

I was playing around with my wireless network early today and realized I didn’t have the key written down near by where I was working. Rather than expending the effort of getting up and moving, I decided I’d just crack it.

After starting up airodump-ng I was looking at aircrack-ng’s man page. Trying to decide which options would make it crack most effectively. After browsing the man page for half an hour or so I decided that they should be run in a certain order for best effect. Still being lazy, I began to script this up. I added some ‘fluff’ and called it crackIt.

crackIt uses 20 different permutations of aircrack-ng. These different configurations are run from fastest targetted, least reliable to slow, broad, sure-fire methods. I chose to order it this way because in my experience, the targeted, least reliable method is effective in a large number of cases.

crackIt begins using aircrack’s standard configuration with the fudge factor lowered to 1. The fudge factor is used to determine how many votes should required for a key to be ‘valid’. The largest number of votes for each key, the key in the left most position’s parenthesis value, is divided by the fudge factor. The result is the minimum number of votes required to be ‘valid.’ By reducing this to one, we provide a very targeted, quick method of attack. This method is prone to false positives or failing.

Next, crackIt uses the standard configuration of aircrack, raising the fudge factor back to the default 2. It then moves onward to try again with each of the 17 Korek attacks omitted. The Korek attacks are prone to large numbers of false positives. In the event both the fast-crack and default modes in aircrack fail, odds are good that one of these is to blame.

Finally, crackIt uses “an experimental single brute-force attack which should only be used when the standard attack mode fails with more than one million IVs.” aircrack won’t even let you run this method without 780,000 IVs. If you’ve left airodump-ng running, by the time it gets to this mode, we should have atleast that.

Technical details, usage, and future plans can be found in the fully commented code here.

References:

aircrack-ng man page

http://www.aircrack-ng.org/doku.php?id=aircrack-ng

Tags: , , , , , , ,
Posted in SamuraiNet Archive | 3 Comments »

Hackers For Charity

Saturday, November 1st, 2008

In one of my recent HFC emails, I read the following:

“This month, I thought that it would be fun to partner up with Hackers
for Charity in order to raise money for the people of Uganda. The
Academy has offered to donate $1 to Hackers for Charity for every user
that registers for a free account at www.theacademy.ca for the entire
month of November. If you’re a registered user already please forward
this email or post it on a blog. Anything you can do to spread the
word would be greatly appreciated. Let’s try to make a substantial
donation to charity this month. Thanks everybody!”

As this seems like a good cause, I thought I’d repost it here. You don’t even have to be active, just register.

Enjoy!

Tags: , , , ,
Posted in SamuraiNet Archive | 1 Comment »