Archive for the ‘Hacking’ Category

Raspberry Pi #antisec LED Alert Script

Just a little Python script I wrote to make an LED blink on a Raspberry Pi and to print a message to the screen when there’s a #antisec tweet:

# Jason D. Miller
# github.com/hack-r

from twython import TwythonStreamer
import RPi.GPIO as GPIO
import time

C_KEY =  ""
C_SECRET = ""
A_TOKEN = "-"
A_SECRET = ""

GPIO.setmode(GPIO.BCM)
GPIO.setwarnings(False)
GPIO.setup(18,GPIO.OUT)

def blink():
    GPIO.output(18, GPIO.HIGH)
    time.sleep(1)
    GPIO.output(18, GPIO.LOW)

class MyStreamer(TwythonStreamer):
     def on_success(self, data):
         if 'text' in data:
              blink()
              print("Antisec Tweet detected. Call the FBI.")

stream = MyStreamer(C_KEY, C_SECRET, A_TOKEN, A_SECRET)

stream.statuses.filter(track="#antisec")

Software Sec: C / C++ Buffer overflows and Robert Morris

Buffer Overflow = any access of a bugger outside of its allotted bounds
  •      over-read or over-write
  •      could be during iteration (running off the end), or direct access (pointer arithmetic)
  •      this is a general definition; some people use more specific definitions of differing types of buffer overflows

A buffer overflow is a bug that affects low-level code, typically C and C++ with significant sec implications

Normally causes a crash, but can be used to:
  • dump/steal information
  • corrupt information
  • run code (payload)
They also share common features with other bugs.
C and C++ are the most popular languages (behind Java) and therefore buffer overflows are a major vuln. C/C++ are heavily used in:
  •      OS Kernels
  •      embedded systems
  •      HPC servers
 First buffer overflow occurred in 1988 by a student named Robert Morris, as part of a self-propagating computer worm that was an attack against fingerd and VAXes (Morris was caught and punished but is now a MIT professor); this worm affected 10% of the Internet
In 2001, CodeRed exploited a buffer overflow in the MS-IIS server, which infected >300,000 machines in 14 hours
In 2003 SQL Slammer worm infected 75,000 machines in 10 minutes by exploiting a buffer overflow in MS-SQL Server
In 2014 a latent buffer overflow bug was found in X11 that had been present over 23 years.

 

 

Usable Sec: No rights to your data

If a company has collected an American user’s personal data without their consent, how can the user respond?
They can’t —  They have no rights to their data.

Usable Sec: Smudge Attacks (Mobile device hacking attack vector)

Attack is most effective after phone is held in contact with face during a phone call

Source: https://www.usenix.org/legacy/event/woot10/tech/full_papers/Aviv.pdf

Touch screens are an increasingly common feature on personal computing devices, especially smartphones, where size and user interface advantages accrue from consolidating multiple hardware components (keyboard, number pad, etc.) into a single software definable user interface. Oily residues, or smudges, on the touch screen surface, are one side effect of touches from which frequently used patterns such as a graphical password might be inferred.

 

Usable Sec: Making secure passwords that are useable

To make usable passwords we need to look at them differently. First of all what you need is to use words you can remember, something simple and something you can type fast.

Like these:

Image1

your password increases you security substantially (from 3 minutes to 2 months). But, by simply using 3 words instead of two, you suddenly got an extremely secure password.

Using more than one simple word a

It takes:

  • 1,163,859 years using a brute-force method
  • 2,537 years using a common word attack
  • 39,637,240 years using a dictionary attack

It is 10 times more secure to use “this is fun” as your password, than “J4fS<2”.

If you want to be insanely secure; simply choose uncommon words as your password – like:

Image2

A usable and secure password is then not a complex one. It is one that you can remember – a simple password using 3+ words.

Usable Sec: Comparison of PW Cracking Time

Image

Source: https://www.baekdal.com/insights/password-security-usability

Usable Sec: 5 Simple PW Hacks

  1. Asking: Amazingly the most common way to gain access to someone’s password is simply to ask for it (often in relation with something else). People often tell their passwords to colleagues, friends and family. Having a complex password policy isn’t going to change this.
  2. Guessing: This is the second most common method to access a person’s account. It turns out that most people choose a password that is easy to remember, and the easiest ones are those that are related to you as a person. Passwords like: your last name, your wife’s name, the name of your cat, the date of birth, your favorite flower etc. are all pretty common. This problem can only be solved by choosing a password with no relation to you as a person.
  3. Brute force attack: Very simple to do. A hacker simply attempts to sign-in using different passwords one at the time. If you password is “sun”, he will attempt to sign-in using “aaa, aab, aac, aad …sul, sum, sun (MATCH)“. The only thing that stops a brute force attack is higher complexity and longer passwords (which is why IT people want you to use just that).
  4. Common word attacks: A simple form of brute-force attacks, where the hacker attempt to sign-in using a list of common words. Instead of trying different combination of letters, the hacker tries different words e.g. “sum, summer, summit, sump, sun (MATCH)“.
  5. Dictionary attacks: Same concept as common word attacks – the only difference is that the hacker now uses the full dictionary of words (there are about 500,000 words in the English language).

it takes the following time to hack a simple password like “sun“:

  • Brute-force: 3 minutes
  • Common Word: 3 minutes
  • Dictionary: 1 hour 20 minutes
https://www.baekdal.com/insights/password-security-usability

Usable Sec: Principle of Least Privilege

From Wikipedia:

In information security, computer science, and other fields, the principle of least privilege (also known as the principle of minimal privilege or the principle of least authority) requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user or a program depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose.
searchsecurity.techtarget.com:
The principle of least privilege (POLP) is the practice of limiting access to the minimal level that will allow normal functioning. Applied to employees, the principle of least privilege translates to giving people the lowest level of user rights that they can have and still do their jobs.

Useable Sec: 3 Principals of Good Interface Design

  1. Easy to recover from errors
  2. Minimal training needed for a person to use the system
  3. Relies on common interaction techniques for familiarity

Usable Sec: Low-Fi Prototypes

Advantages of low-fidelity prototypes
  • They can be created quickly and cheaply
  • Any team member can create one, regardless of programming skills