RansomWare, what ??!

I wanted to post something about Ransom-Ware on smart phones like iPhone and Android, but I decided to post small post on what this means then latter I will discuss those ransom ware on phones.

Anyway, some of you may have heard of "Bit-locker" coming with "Bit-coins" and later heard of "Crypto-locker" all are same analogy of a malware. What it does is simply installs itself on your PC machine and then runs an encryption algorithm

An Encryption Algorithm is a set of mathematical equations that you input a stream of data and a key then those 2 inputs are passed through the algorithm. The output data is different from the input thus providing confidentiality of data, so that the right parties use this key or so to decrypt the data to it's original data. Of course there are variations of this idea but you get its basic.

Now after running the algorithm it produces a unique key and sends it to the attacker, now this attacker holds your encrypted data or hard disk ransom till you pay a certain amount of money so that the attacker can send you the key for you to decrypt your data.

Up till now there was no much luck in breaking or reversing those malware since there is a lot of variations to them. Even worse it already came to mobile phones.

So what we need to do is please don't click on random links specially if they are suspicious, or coming from unknown senders to your mail. And please take care where you download your applications and software

OpenSSL is vulnerable to MiTM

Now a refresher for the enthusiastic...
One way or another you heard about the Heartbleed vulnerability in the Open SSL package. If you didn't then a littl technical lesson:

OpenSSL is the open source implementation of the SSL/TLS. or in other words if you want something like HTTPS on your website you can use this package. HTTPS makes you talk to a server in encrypted traffic so no one can eavesdrop. Heartlbleed bug simply sends to the server a request like "hello" which is 5 letters and asks it o reply back with it, normally it will reply with 5 letters also. BUT here is the trick the attacker will ask the server to reply with more and up to 64KB of data, from where does it get it?? well from the memory dump, so this will dump any thing in the server, DANGEROUS because who knows what will be revealed, passwords, accounts, credit cards...etc.

Now topping it up OpenSSL foundation released a patch 6 vulnerabilities to stop Man-in-the-middle attack or MiTM in short, here are those vulnerabilities:

DTLS invalid fragment vulnerability (CVE-2014-0195): Sending invalid DTLS fragments to a OpenSSL DTLS client or server can lead to a buffer overrun attack. A potential hacker could exploit this flaw to run arbitrary code on a vulnerable client or server. This vulnerability also marked as critical bug.

DTLS recursion flaw (CVE-2014-0221): A remote attacker can send an invalid DTLS (Datagram Transport Layer Security) handshake to an OpenSSL DTLS client, which will force the code to re-curse eventually crashing in a DoS attack. This attack is limited to the applications using OpenSSL as a DTLS client.

DTLS mainly used in VOIP and other communication related applications like Cisco Systems’ AnyConnect VPN Client. Chrome and Firefox web browser also support DTLS for WebRTC (Web Real-Time Communication) for P2P file sharing and Voice/Video Chats.

SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198), allows remote attackers to cause a denial of service via a NULL pointer dereference.

SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298), allows remote attackers to inject data across sessions or cause a denial of service.

Anonymous ECDH denial of service (CVE-2014-3470), OpenSSL TLS clients enabling anonymous ECDH (Elliptic Curve Diffie Hellman) ciphersuites are subject to a denial of service attack.

But the good news is that these vulnerabilities are not as critical as Heartbleed bug. The patched versions 0.9.8za, 1.0.0m and 1.0.1h are available on the project website to download and The OpenSSL Foundation is urging companies to update their implementation as soon as possible.

Different paths of security, same field...So what are they? I want to know, here is a brief

Now I get asked this a lot: What are the fields of security and where do I start with them?

This is a totally fine question, which I hoped someone have told me or guide me earlier before I dive in the field, at least to be more aware of things.

Anyway.... Cyber Security or what other may say Computer security though this is a smaller analogy and let me explain. It is divided into two main categories, some may argue about this way of categorization but they all point to the same meaning. 1st: Network Security, 2nd Information Security.

1- Network Security:

This is considered some how the defensive side, this field you will be responsible for the security of the infrastructure of your network corporation or whatever. You will need to develop yourself in techniques of security using solutions like two-factor authentication, firewalls, IPS/IDS, antiviruses and hardening of the network which includes securing of routers and switches of your network and also controlling access to your network. You will also need to be familiar with security solutions from vendors like Cisco, RSA, McAfee, IBM...etc.

Some of the things you may hear: Cisco ASA firewall, RADIUS Server, McAfee Endpoint, Source-fire, F5 firewall, SIEM solution, Secure-ID...etc.

2- Information Security:

This is what you may see in a movie, some "hacker" with a laptop and some socially awkward person which believe me both of those are far from true. You can't crack a system with fast typing and no the security consultants are not fat or stay in the basements, as a matter of fact I met some consultants in the field and they are like sophisticated gentlemen or ladies.

Back to matter in hand, this side is concerned with offensive and defensive side of the infrastructure. In details: security of applications like secure coding like code reviews to check for vulnerable code, or reverse engineering which some call black box testing, meaning you don't have info of this software and this is more common in closed source applications. It also includes things like Penetration Testing or Pentesting for short, this is like full infrastructure testing, web Pentesting, for web applications, incident handling, forensics. Those people need to have good understanding of computer systems and programming knowledge.

The good guys here can be called white hat hackers or grey hat hackers, grey meaning black box testing like a black hat hacker but hired by a company. And yes the black hat is the one who steals your credit card info.

Some of those grey hatters who expose vulnerabilities for companies in return for money or recognition, those programs are called bug bounty programs, famous companies like Google and Facebook give out large bounties to encourage vulnerability researchers find and report those bugs before they get exploited by bad guys.

Those basically are the pillars of the field, apart of analogies and categorization, case you researched any of those terms or fields you will get a better understanding of what you want to do, or what to learn. 

PS: The bad guys are called crackers, a hacker is someone who finds a better way or new ways of doing things. So please use the correct analogy. :)

Let the Games Begin!

Hey everyone, this is the first post in this blog. What we will see is new info in information security. Whether you are a beginner who wants to get his/her feet wet or a security enthusiastic looking for new info. Intermediate or advanced researcher, you will find new tips and tricks to enhance our pool as pentesters and security professionals.

As per me, my name is Peter, I do reverse engineering and code audits. Also (web) pentesting but for fun! :D