Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment: Re: Best pick up one of these (Score 1) 83

The protocol needs to start over clear voice, but than you do the equivalent of "STARTTLS" and see if the remote end answers. If it does you disable squelch and start applying the cipher to the payload in the audio packets as you build them, leaving the containers format in place, headers, sync bytes etc.

As far as the network is concerned it will still look like parametrized g.729 audio to the network. It will just decode as noise unless you possess the cipher. Which will be much more economical for most wireless customers until the carriers wise up and realize they ought to be metering the jitter controlled, packet loss intolerant voice traffic on their networks and selling best effort data as all your can eat, rather than the other way around.

Comment: Re:SMB, eh? (Score 2) 159

by DarkOx (#48640923) Attached to: Hackers Used Nasty "SMB Worm" Attack Toolkit Against Sony

I don't even bother "compromising" an initial host on many engagements when the engagement has me to go on site. Its trivially easy to tailgate your way onto most corporate campuses; and set yourself up in an empty conference room.

Then you wait for LLMNR or NetBIOS/tcp messages on your subnet; which nobody disables, ever. Then you just collect the hashes for a while. No need even to mess around with PTH half the time, more often than not hashcat can crack at least one before you finish your first soda and you have your foot hold.

Comment: Re:Sony security: strong or weak? (Score 2) 320

You do have to cut them a little slack, here. If we were talking about a coal mining company or something and terabytes of data going out the door would be pretty unusual, and SEIM systems would be trained to flag that sort of thing.

This is Sony Pictures, though, terabytes probably go out the door all the time. I mean that might be less than a few hours of uncompressed video going to a contractor for post processing or something.

No my bigger question having done this kind of thing for a living now for some time is why would a basically purely IP organization not have effective controls in place, to know what kind of data is going out the door and to put a hard stop to it the moment something that should not be there is spotted.

Ok you can't maybe do that with the aforementioned video data, but you certainly can watch for byte patterns that look like address, SS numbers, e-mails in usually great quantity etc on the wire.

You certainly do not allow anything encrypted to go out unless you MITM it. Could an attacker do something like slap some mpeg headers on top a big encrypted data stream? probably, but they'd have to know to do it.

  If my entire world was IP like Sony Pictures id probably take it a few steps further make sure my firewall devices knew the common container formats for various media types and continued to make sure sync bytes and frame markers occur where they ought to, anytime more than a hanful of megabytes of something I can't recognize flowed it would alert and some form the CERT team would pick up the phone a call whoever it was associated with that source IP. No attribution shut it down, no explanation shut it down.

The hardware and software to do this is commercially available, more or less off the shelf and has been for at least five or seven years now.

   

Comment: Re:BS (Score 1) 320

No hack would ever result in that kind of control

Disagree.

Lets face it the reality is lots and lots of BIG companies use things like Active Directory. Lots of this BIG companies might even have only a tiny handful of Enterprise Admins, who may even be very good at what they do. Chances are they have centralized and integrated the authentication against AD. Its not uncommon for Network infrastructure administrative interfaces to use an authentication gateway like say NPS (RAIDUS for AD).

So if you could get that Enterprise Admin access, well it might be a house cards from there. Given the recently published MS14-068 it might not even be that hard: https://www.trustedsec.com/dec...

So if you can get your foot in the door, however you do it just grabbing some tools off git hub and few blogs can get you near total ownage without having to do much of anything in the way of exploit development on your own. Consider this vuln was an off cycle patch put out in November, think there ~4 weeks on there are some big orgs that have lead times to get Windows patches applied to DCs longer than that? I would bet so, think an org like Sony stands a chance against a vuln like that when its an unpublished zero day? So get any access to the network at all, brute force one password for basically any user account crack a hash sniffed off the wire etc, and boom your a member of any windows groups you want!

Frankly I would not be surprised given the timing if MS14-068 was involved in the breach and I would not be surprised to hear of other major compromises thru leveraging it.

Comment: Re: Best pick up one of these (Score 1) 83

I did not give them a back door either. I you can check the thumbprints of the certs are not changing or not trust any third party CA's if that what YOU want to do under my scheme. For most folks that won't be practical, we will want to be able to call people and organizations we have never been in a position with to safely exchange keys; so just like on the web we will have to trust some third parties.

By making it easy to exchange certs directly with people you do meet in person you remove the CA chain from that point on and encourage the system in a way third parties can't compromise unless the cryptography is eventually broken. Nobody not a LEA or anyone else than has the capability to MITM calls between your devices from that point, provided they don't hack your phone somehow and change your settings modify your cert store etc.

My acceptable compromise isn't really with the LEAs but more with reality. You can't very well use a third parties network without them being able to identify the end points, TOR even if it was untraceable and its not would not be practical for a wireless voice network. My proposal has the benefit of being possible to implement with out replacing the existing cellular and telephone network infrastructure. You just need handsets that no how to negotiate with each other. In that sense its plausable that it could actually get off the ground because as we all know expecting AT&T or VZW to do anything ever without first bending over for the spooks is a non starter.

So AC and Mods who marked my post flamebate for some reason let me ask you?

[1] Do you have a better technical solution?
[2] Does your solution work without requiring the carriers to spend billions radically altering/upgrading their infrastructure
[3] Can your proposal somehow conceal which endpoints calls are between?
[4] Can your proposal somehow conceal the duration of the call, beyond padding it out for some additional period?
[5] Can your solution easily inter-operate on with existing endpoints?

Comment: Re:North Korea has proved something. (Score 1) 213

by DarkOx (#48634555) Attached to: Hackers' Shutdown of 'The Interview' Confirms Coding Is a Superpower

congratulations you have just invented privateIP MPLS service.

Someone should tell ALL the major TELCOs about this, and anyone who has ever want to build a WAN link between more than two sides in the last 15 years, needing anything better than best effort service.

Comment: Re:Screw them (Score 1) 213

by DarkOx (#48634449) Attached to: Hackers' Shutdown of 'The Interview' Confirms Coding Is a Superpower

Yea Sony might as well pack up and go home until this thing is resolved. There isn't a lot they can do.

The U.S. on the other hand should recognize this for what it is. An act of war. Once the possibility of real physical violence and attacks were introduced it was no longer an attack on Sony Pictures but on society as a whole.

Its time for Government to step up and actually do one of the very few things its actually charged with doing, provide for the common defense! We now have a situation where a foreign actor is assaulting our citizens (putting in fear) and by extension infringing their rights of free expression.

What concerns me is that 0bama is figuring out a "proportional response" you don't "proportionally" respond to an act of war. This situation calls for a very disproportionate response.

We should do something like smart bomb Kim's palace. It would minimally impact the innocent citizens of the DPRK while sending the message acts of aggression will not be tolerated and will be met with swift and brutal reprisal against YOU, not your nation, not your people YOU. That is something a despot can understand and might actually fear. If we really luck he dies in the attack.

The Chinese need to be TOLD to just sit tight, lest they be considered conspirators in this attack against us.

Comment: Re:Screw them (Score 2) 213

by DarkOx (#48634241) Attached to: Hackers' Shutdown of 'The Interview' Confirms Coding Is a Superpower

And that isn't really an option either. Sony lost lots of HR and other PII data. If you work at Sony pictures there is a good chance the "GOP" knows where you live.

If Sony releases it at all and there any attack on its own employees they might also open themselves up to lawsuits for negligence. To say nothing of the fact that they might loose their best talent due to people being afraid working their makes them a target.

Comment: Re:Best pick up one of these (Score 2, Interesting) 83

The obvious solution is just have the handsets negotiate. There is absolutely no "good" reason call setup between two cellular handsets (or any other digital endpoint for that matter) should not feature some kind of certificate validation step between the end points followed by the exchange of uniquely per call generated symmetric key exchanged securely using the same PKI used to validate the certificate authenticity. Essentially SSL for phone calls.

People could use third party CAs like they do for the web today for most callers. Phone software should be easily configured to ONLY accept previously installed self signed certificates for certain subjects. IE if a call wants to identify itself as being from cousin bob's cellphone it will be rejected unless it its signed with the public key Bob previously gave me; even if the cert has a valid their part signature and is otherwise valid. Users could easily exchange keys in person using bluetooth + pin etc.

This would allow LEAs to eavesdrop by MTIMing calls between say an individual and a financial institution. With a warrant the third party CA the financial uses could be compelled to provide the LEA with valid cert for that subject hopefully with a expiry of only a few days. Of course techniques like cert pinning could be used to detect this by individuals. It would leave LEA's with no easy avenue to eavesdrop on calls between Bob and myself. I think this is a reasonable compromise.

On the other hand it still does nothing to address the mass surveillance concern. It will still be easy for instance for an LEA to obtain call records from the phone company. They won't have the content and won't be able to get at it, but they absolutely can know when, how long, and how often Bob and I spoke. They can also know who else Bob and I called. We know that this information is very revealing, its been used very effectively to identify relationships. Its less clear it violates the 4th than accessing the content. I don't like it but it might be again part of an acceptable compromise.

Comment: Re:Land of the free (Score 1) 571

by DarkOx (#48629343) Attached to: Reaction To the Sony Hack Is 'Beyond the Realm of Stupid'

When your entire business in intellectual property I would expect some data leak protection to be in place. As security professional I really can't understand how a business in the IP industry does not have at least somewhat effective egress filtering.

Sure the volume in the case of Sony pictures might not have raised any red flags but their gateway/firewall whatever darn well should be capable of differentiating between a huge batch of uncompressed video and their HR documents.

Flags should have gone up..

Comment: I can't belive I have to say this (Score 2) 571

by DarkOx (#48626679) Attached to: Reaction To the Sony Hack Is 'Beyond the Realm of Stupid'

is not the same thing as being able to carry out physical, 9/11-style attacks in 18,000 locations simultaneously.

Who said anything about them having to hit 18,000 locations simultaneously. That isn't how terrorism works. The 911 guys did not have have to hit thousands of targets, they only tried for three, managed only two (counting the WTC complex as a single target) and look at all the trouble they caused!

A coordinated attack on only a handful of movie theaters the same night would be plenty to cause an economically significant portion of this countries population spend the holiday Christmas - New Years stretch cowering in their homes rather than going out and spending money. It would almost certainly lead to all kinds of wild ill considered national security response.

Hell look at the Batman Shooting a few years ago. It takes one suicide attacker to "hit" a theater with essentially no real resources. A few thousand in counterfeit notes (which DPRK has produced in the past) would allow would be assailants to put together the arsenal they need. Its perfectly plausible even DPRK could get three or four people into this country with limited fake credentials and no access to anything privileged enough to do even a basic background check.

I am not saying "OMG we all going to die here" but you can't completely dismiss the threat either here. Having hit Sony they have already demonstrated some capability.

Comment: Re:Dubious because facts (Score 2) 182

by DarkOx (#48626487) Attached to: US Links North Korea To Sony Hacking

That was my reaction as well a week ago when the new broke. I actually heard on the NBC Nightly news first and the moment Williams said TB of data; the first thought I had was how do you ex-filtrate that much info without it being noticed by the NOC team?

  The only think I can think of is that largish transfers are probably very common for them as they push media assets out to contractors etc. Still you wonder why are they not MTIMing everything in what is essentially an all IP business and why can't their IPS/IDS system tell the difference between a 2TB of raw YUV video and their HR database?

Comment: Re:with what? (Score 0) 182

by DarkOx (#48626183) Attached to: US Links North Korea To Sony Hacking

I don't know given our current antagonistic relations with Russia and the fact we are already imposing sanctions on them I kinda think if it had Russian finger prints they'd name names.

If anything it would make Putin look worse and serve to counter Gorby's argument that Putin isn't a bad actor but Russia is just being bullied by expansionist NATO policy.

I also suspect old Vlad recognizes his current situation is tenuous and complex enough without adding direct aggression against the US homeland to the mix at least not without being prepared to take credit for it. If the Russian state had anything to do with it they'd probably be out claiming it was done to hit back US economy in response to our "unjustified" sanctions or something.

I'll admit I am just arm chairing this thing with no real info but my guess is if it was done from/in Russia its organized crime without direct ties to the Kremlin.

Comment: Re:with what? (Score 1) 182

by DarkOx (#48626079) Attached to: US Links North Korea To Sony Hacking

I agree certainly if the official line turns out to be untrue than the rest of my thinking has to be tossed out along with it. I also agree they ought to release code and show the analysis.

Trouble is if it does implicate the Chinese they have keep it under wraps for the same reasons they won't come out and say "China" in the first place. So we don't have a good way to know if its all a false flag to justify the surveillance state as I think your suggesting or if they are being truthful with us. At least until I have a little greater personal stake in this than not seeing a probably terrible Seth Rogan movie, I guess I'll take their word for it. Now once someone start proposing legislation or invading some place, etc; than I'd be very cautious of the fact that in absence of the hard facts the very real possibility they are lying as they are know to often do exists.

Mediocrity finds safety in standardization. -- Frederick Crane

Working...