Musings on Information Security

en thierryzoller tag:blogger.com,1999:blog-3832621951001364942 Sun, 16 Jun 2019 12:41:51 +0000 Advisory Rants from Thierry Tool Vulnerabilties Misc 0day How-to Interesting Reads BTcrack Bluetooth Omron 3S4YR-MVFW Card reader Whitepaper About Lectures sslaudit Hardware hacking Vulnerability disclosure Policy sslscan tls scan zero day Musings on Information Security _Where facts are few, experts are many http://blog.zoller.lu/ noreply@blogger.com (Thierry Zoller) Blogger 166 1 25 tag:blogger.com,1999:blog-3832621951001364942.post-8661950861256834912 Sun, 01 Oct 2017 11:58:00 +0000 2017-10-01T20:48:48.072+02:00 sslaudit sslscan tls scan Tool TLS/SSL Audit - updated release

TLS/SSL Audit 09 release
Getting my hands on code again feels good. I updated TLS/SSL Audit to version 0.9. I improved the custom rudimentary core TLS engine, it remains independent of any open-source or commercial TLS Stack (like openssl) and hence allows it to support any cipher-suite or protocol.
Read more →]]> http://blog.zoller.lu/2017/10/update-to-tlsssl-audit-tlsssl-scanner.html noreply@blogger.com (Thierry Zoller) Luxemburg 49.815273 6.1295830000000251 49.1595375 4.838689500000025 50.471008499999996 7.4204765000000252 tag:blogger.com,1999:blog-3832621951001364942.post-6291877876688983305 Sat, 20 Jul 2013 16:08:00 +0000 2017-05-07T14:33:58.424+02:00 Rants from Thierry A prime example at bad Threat Modeling (Or ignoring it) - Yahoo! Email Wishlist

Yahoo! - "Wish list"

Yahoo! announced that it will open up email accounts that are inactive since over a year for registration to anyone that applies. Yahoo! is explaining this as a service to give everyone the chance to an Yahoo ID of their choice.

As a lot of organisations and in particular web … Read more →

]]> http://blog.zoller.lu/2013/07/an-prime-example-at-bad-thread-modeling.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-8547154996188882360 Tue, 25 Jun 2013 20:26:00 +0000 2013-07-20T18:26:45.669+02:00 Tool Updated "Harden SSL/TLS" - Tweak and Harden Windows TLS SSL settings I uploaded a new version of "Harden SSL/TLS"

Changes

Added Windows 8 support
Added Windows Server 2012 support
Resolved an issue around P521 additions

About Harden SSL/TLS

Harden SSL/TLS” allows to configure and harden the SSL/TLS settings of Windows System, ranging from Windows XP to Windows 8 and from … Read more →

]]> http://blog.zoller.lu/2013/06/updated-harden-ssltls-tweak-and-harden.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-2778492877113350546 Sat, 23 Mar 2013 14:56:00 +0000 2013-03-23T16:35:44.914+01:00 Interesting Reads Interesting Reads - Week 12 / 2013 Interesting Reads - Week 12 / 2013

Binary Instrumentation for Exploit Analysis Purposes (part 1)
Binary Instrumentation for Exploit Analysis Purposes (part 2)
Using the PIN instrumentalisation framework to analyse exploits
Randomly failed! Weaknesses in Java Pseudo Random Number Generators (PRNGs)
FBI… Read more →

]]> http://blog.zoller.lu/2013/03/interesting-reads-week-12-2013.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-2583740852924155355 Sun, 03 Mar 2013 20:32:00 +0000 2013-03-23T16:04:48.518+01:00 sslaudit Tool SSL Audit v.08 released

I have updated my little TLS/SSL Scanner called "SSL Audit" to version 0.8. I tweaked it slightly but the tool is still based on it's own rudimentary SSL Engine and hence is not limited by the number of ciphersuites and protocols available to OpenSSL or NSS.

By the way I am still a little bit proud… Read more →

]]> http://blog.zoller.lu/2013/03/tool-ssl-audit-v08-release.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-3993368163968645222 Mon, 19 Nov 2012 21:22:00 +0000 2012-11-19T23:00:20.953+01:00 Interesting Reads Misc Whitepaper OWASP BeNeLux 2012 - Invitation

I would like to invite you to this years OWASP BeNeLux Event, I won't give a talk this year but I happily invite you as part of OWASP BeNeLux Program Committee:

Quick Facts

Date : 29-30 Novembre
Location: Leuven (Belgium)
Price : Free
Places : Limited (First registered, First serve)
Register here
Read more →

]]> http://blog.zoller.lu/2012/11/owasp-benelux-2012-invitation.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-7456078532208424237 Sun, 05 Aug 2012 17:40:00 +0000 2012-08-07T23:30:42.775+02:00 Interesting Reads Misc Mistakes made in Incident Response [ Updated : Added "10 Common Mistakes of Incident Responders" at the bottom]

The following post will brake one major rule I adhere to when blogging, a post shall have not more than 10% of content that is not authored by myself. The content of this post resonated so well with me however that I d… Read more →

]]> http://blog.zoller.lu/2012/08/mistakes-made-in-incident-response.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-4184453865683855618 Sat, 04 Aug 2012 14:44:00 +0000 2012-08-07T23:34:14.473+02:00 Advisory Vulnerabilties What you need to know about the vulnerabilities in MSCHAPv2

A post within the "straight to the meat" category :

There was a talk at Defcon 20 entitled "Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2", by Moxie and David Hulton - the talk announced the implementation of a tool that reduced the security of MS-CHAPv2 to the strength of a single DES… Read more →]]> http://blog.zoller.lu/2012/08/what-you-need-to-know-about.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-1858116292674118071 Mon, 02 Jul 2012 20:15:00 +0000 2012-08-07T23:34:24.787+02:00 BTcrack Tool BTcrack OSS 1.01 - Updated release
I updated BTCrack Open Source Edition (BTCrack OSS) to version 1.01 by patching 2 bugs that were reported by Michael Ossmann and Carl Dunhamm.

Description

The primary goal of BTcrack is to crack/recover the PIN and reconstruct the link-key from a previously captured Bluetooth pairing … Read more →

]]> http://blog.zoller.lu/2012/07/btcrack-101-updated-release.html noreply@blogger.com (Thierry Zoller) 0 Luxembourg 49.815273 6.129583 49.487429 5.4978690000000006 50.143117 6.761297 tag:blogger.com,1999:blog-3832621951001364942.post-6833318658221322963 Sun, 24 Jun 2012 12:45:00 +0000 2012-06-24T14:46:52.182+02:00 Interesting Reads Recommended Reads - Week 25 / 2012

Publications

In a blink of an eye - there goes your AES Key
Advances in extracting keying material from Hardware (FPGA)
Visualising Botnets
Why allowing active ipv6 stacks on your network is a bad idea (but we don't route ipv6)
A bad couple of years for the cryptographic token industry - must readRead more →

]]> http://blog.zoller.lu/2012/06/recommended-reads-week-25-2012.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-8561174980972942296 Sun, 10 Jun 2012 18:48:00 +0000 2012-06-10T20:48:30.521+02:00 Interesting Reads Recommended Reads - Week 23

Tools / Techniques

How to Extract Flash Objects From Malicious MS Office Documents
Burp plugin for scanning GWT and JSON HTTP requests
SQLite3 Injection Cheat Sheet
Unoffical Guide to scapy
Scapy is immensely powerfull as a seperate tool or as instrumented within your scripts. This guide is a good… Read more →

]]> http://blog.zoller.lu/2012/06/recommeded-reads-week-23.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-6176658019190767483 Sat, 09 Jun 2012 13:00:00 +0000 2012-06-13T23:13:17.273+02:00 How-to Storing password securely - hashses, salts and bit stretching put into context

Introduction

Due to the latest row of high profile websites being compromised and parts of the password hashes being published here's a quick crash course on storing passwords "securely", for those that want a quick heads up. In this case I'd define securely as "Offering a suitable time… Read more →

]]> http://blog.zoller.lu/2012/06/storing-password-securely-hashses-salts.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-1093407873155397680 Sat, 02 Jun 2012 12:50:00 +0000 2012-06-02T15:44:51.266+02:00 Interesting Reads Interesting Reads of the Week - Week 22 My Reads

The Vulnerabilities Market and the Future of Security
Bruce Schneier comments on the evolution of the Vulnerability Market and it's implications, the essay is surprisingly good supplement to the presentation I gave at OWASP on the Matter.
SEC Guidance is a Really Big Deal
New SEC guidance on… Read more →

]]> http://blog.zoller.lu/2012/06/interesting-reads-of-week-week-22.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-8848427690374817996 Thu, 17 May 2012 11:23:00 +0000 2012-05-17T13:27:12.624+02:00 Updates and Notable comments : Updated Posts :

The Post "Attacker Classes and Pyramid " has been updated to the third iteration. The post was updated in terms of coherency but I also added my OWASP BENELUX presentation entitled "The Rise of the Vulnerability Markets - History, Impacts and Mitigations". The presentation underlines… Read more →

]]> http://blog.zoller.lu/2012/05/updated-posts-and-notable-updates.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-5536191032653560194 Sat, 05 May 2012 13:47:00 +0000 2012-11-05T12:55:17.505+01:00 Misc PCI Compliance, Security in isolated System and Parking Tellers (2nd)

Following up on my blog post a few months ago entitled "PCI compliance, Security in isolated systems and Parking Tellers Part 1" - I took a brief look the other day at another Ticket issued by a Parking Teller in Luxembourg.

Updated :

Clarified some of the explanations
Masked Luhn number

Read more »]]> http://blog.zoller.lu/2012/05/pci-compliance-security-in-isolated.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-3537530159258704742 Sat, 24 Mar 2012 13:51:00 +0000 2012-06-02T22:24:31.166+02:00 CVSS - Common Vulnerability Scoring System - a critique [ Part1 ]

Ever since I started my career in information security I was both interested and intrigued by metrics applied to vulnerabilities (or metrics in general for that matter). CVSS is certainly not new and I had to make the choice whether to use it or not in the past and I always wanted to share some is… Read more →

]]> http://blog.zoller.lu/2012/03/cvss-common-vulnerability-scoring.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-7314969346455474057 Tue, 27 Dec 2011 15:02:00 +0000 2012-06-02T23:14:20.798+02:00 Tool "SSL Audit" - Updated release (SSL/TLS Scanner) Preamble :

During my research on TLS/SSL Compatibility across different Operation Systems and Browsers I created supporting tools for myself and later decided to release them for the public.

"SSL Audit" remotely scans web servers for SSL support - unlike other tools it is not limited to ciphers… Read more →

]]> http://blog.zoller.lu/2011/12/ssl-audit-updated-released-ssltls.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-2463497595311468403 Fri, 23 Dec 2011 12:19:00 +0000 2011-12-23T14:00:00.431+01:00 Whitepaper Final - SSL/TLS renegotiation explained (CVE-2009-3555) Final release for my paper explaining the different attack vectors and impacts for (CVE-2009-3555) "TLS / SSL renegotiation vulnerability".

Added comments and corrections by Alun Jones (Who I hereby thank for his time)
Changed FTPS description
Better PDF output

I profit from the update to stress… Read more →

]]> http://blog.zoller.lu/2011/12/final-ssltls-renegotiation-explained.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-6481594316151050236 Tue, 06 Dec 2011 19:13:00 +0000 2013-03-16T13:47:23.646+01:00 PCI compliance, Security in isolated systems and Parking Tellers (Part1)

A colleague of mine spotted the below while doing expenses - The photograph below shows two separate receipts from two parking buildings that are not far away from each other in central Luxembourg (est. 1km). Both were paid by credit card / debit card.

Update: Bruce Schneier thoughts on this matter

Read more »]]> http://blog.zoller.lu/2011/12/pci-compliance-security-in-isolated.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-1150969640359588852 Tue, 01 Nov 2011 12:57:00 +0000 2011-11-01T14:47:52.139+01:00 Blog cleanup As some regulars might have noticed I restructed this blog a bit trying to get rid of some clutter. At the same time I updated a few specific pages I wanted to point out :

Vulnerability Coordination Policy ( More backround on the "why" )
About Me (For those interested I added a bit of backround on… Read more →

]]> http://blog.zoller.lu/2011/11/blog-cleanup_01.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-8294795631782082724 Wed, 26 Oct 2011 18:41:00 +0000 2011-10-26T21:13:45.861+02:00 THC SSL DoS - vs - Per Design Since this is a rather old topic with both sides having valid points I will keep this post short and sweet. I have had no time to measure of investigate in depth and I don't think I will find any.

Both have understandable view points, so let's have a look.

Secure renegotiation makes it easier -… Read more →]]> http://blog.zoller.lu/2011/10/thc-ssl-dos-vs-per-design.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-5621727569677144142 Tue, 18 Oct 2011 18:20:00 +0000 2012-05-17T13:12:13.336+02:00 Attacker Classes and Pyramid (Version 3) This is a living blog post I will update whenever I have time and new ideas.

TOC

Introduction
Updates
Attacker Classes
Attacker Pyramid
Q&A

Introduction
The other day I was brainstorming further on the attacker classes I came up with last year (to be modeled into an Security Assurance Model) when I… Read more →]]> http://blog.zoller.lu/2011/10/attacker-classes-and-pyramid-version-1.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-7096697410885773442 Mon, 26 Sep 2011 14:18:00 +0000 2011-10-01T21:01:34.749+02:00 The BEAST summary - TLS, CBC, Countermeasures (Update 4) Lots of good information floating on the internet on the Proof of Concept (dubbed 'BEAST) against TLS 1.0 by Juliano Rizzo and Thai Duong at the Ekoparty.

This blog post will be continuously updated as new items and possible mitigation emerge.
Subscribe to the RSS feed in case you are interested… Read more →

]]> http://blog.zoller.lu/2011/09/beast-summary-tls-cbc-countermeasures.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-4293378804439286873 Tue, 20 Sep 2011 15:21:00 +0000 2011-09-25T17:33:20.260+02:00 TLS/SSL hardening and compatibility Report 2011

This is a cross post from the G-SEC blog

My professional and private commitments made it difficult to maintain a healthy blogging style, I am trying to get back to some blogging on a more regular basis.

Quick Update:

G-SEC does no longer operate on a commercial basis, for those that want to join the… Read more →

]]> http://blog.zoller.lu/2011/09/tlsssl-hardening-and-compatibility.html noreply@blogger.com (Thierry Zoller) 0 tag:blogger.com,1999:blog-3832621951001364942.post-231612040921714654 Tue, 23 Aug 2011 18:47:00 +0000 2011-09-24T17:24:05.164+02:00 What did PHP crypt() and Alzheimer have in common ?

I stumbled across this weird PHP bug in the crypt() implementation (version 5.3.7RC5) [1]
The bug reporter states that :

"If crypt() is executed with MD5 salts, the return value consists of the salt only."

In other words the call :

printf("MD5: %s\n", crypt('password', '$1$U7AjYB.O$'));

results in

Read more →

]]> http://blog.zoller.lu/2011/08/what-does-php-crypt-and-alzheimer-had.html noreply@blogger.com (Thierry Zoller) 0