Harald Eilertsen

Mon, 13 Jun 2022 17:29:39 +0200

The solution to our Capture the Flag exercise that we ran during this years WordCamp EU is now public:
https://jetpack.com/blog/capture-the-flag-at-wordcamp-europe-2022/

You can still download the source code and a docker setup for playing along if you want to check for yourself.

#infosec #ctf #WordPress #security

Harald Eilertsen

Tue, 23 Nov 2021 12:26:32 +0100

Really interesting webinar from @NGI Zero open source funding today on OpenPGP, with the people from @Sequoia PGP, @Keyoxide, @disroot and others. Great to see so many of the cool people from my stream present interesting and forward leaning projects in this space! This was very inspiring!

The only problem is: When will I get time to play with all the stuff presented?

#openpgp #sequoia-pgp #keyoxide #security #encryption #email #identity #privacy

show all 9 comments

Alexandre Hannud Abdo

Tue, 23 Nov 2021 23:55:53 +0100

@NGI Zero open source funding can't find it on that page...

Harald Eilertsen

Wed, 24 Nov 2021 00:12:52 +0100

@Alexandre Hannud Abdo You can see the recording here: https://conf.tube/videos/watch/4c6266f1-eefe-4f4b-8f54-9d31e5130080.

NGI Zero open source funding

Thu, 25 Nov 2021 08:42:58 +0100 from ActivityPub

@aleabdo It should be now, reloading might/could help

Harald Eilertsen

Mon, 22 Nov 2021 20:39:20 +0100

GoDaddy hack causes data breach affecting 1.2 million customers

GoDaddy said in a data breach notification published today that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment.

Seems a compromised password was the culprit. Could possibly have been prevented with 2FA?

#infosec #wordpress #godaddy #2fa #security #password

Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

Harald Eilertsen

Tue, 03 Dec 2019 10:24:19 +0100 last edited: Wed, 12 Aug 2020 13:55:07 +0200

Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a device to masquerade as any other app on it, including any privileged system app.

In other words, when a user taps the icon of a legitimate app, the malware exploiting the Strandhogg vulnerability can intercept and hijack this task to display a fake interface to the user instead of launching the legitimate application.

Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

This seems like a neat attack. Does anybody know of a legitimate use of the taskAffinity feature of android?

#android #security #0day #malware

infosec

KeePassXC 2.5.0 released

Harald Eilertsen

Sun, 27 Oct 2019 16:21:54 +0100

KeePassXC 2.5.0 released - KeePassXC

The new release comes with a large number of new features and improvements. A few key additions that are worth highlighting are the ability to create a paper backup of your database for safe storage of your credentials away from your computer, a brand-new database statistics panel, a redesigned unlock dialog, a reworked entry panel, a function to download favicons for all your entries at once, and username autocompletion based on known usernames from other entries.

In addition to that, we can now import 1Password OpVault files and support the use of the open-source OnlyKey hardware token as an alternative to YubiKeys.

KeePassXC on Linux can now also function as a credentials provider for libsecret-based clients via the Freedesktop.org secret storage DBus API.

New release of this great offline password manager. Personally I keep the password db synced between my devices with syncthing, but anything that works for you is fine.

#password #security #keepasscx

hEARt PhoniX

Sun, 27 Oct 2019 16:52:23 +0100

Harald Eilertsen

Sun, 27 Oct 2019 17:02:16 +0100

@hEARt PhoniX I don't think KeePassXC supports that feature. Note there are several variants and forks all compatible with the KeePass database format. Syncing the db itself using syncthing has worked fine for me, so far, so it's i small price to pay to not have to mess with .net and such.

hEARt PhoniX

Tue, 29 Oct 2019 06:00:15 +0100

Harald Eilertsen

Tue, 18 Jun 2019 13:53:49 +0200

The Zeek Network Security Monitor The Zeek Network Security Monitor

Why Choose Zeek? Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. (Zeek is the new name for the long-established Bro system. Note that parts of the system retain the "Bro" name, and it also often appears in the documentation and distributions.) While focusing on network security monitoring, Zee...

Anybody have any experience with this or it's predecessor Bro?

#infosec #ids #security #monitoring

Haakon Meland Eriksen (Parlementum)

Tue, 18 Jun 2019 16:40:39 +0200

I left OSSIM, Snort, OpenNMS etc behind in 2007, so nope, no Zeek or Bro, sorry.

A tale of private key reuse

Harald Eilertsen

Sun, 20 Jan 2019 23:40:33 +0100 last edited: Sun, 20 Jan 2019 23:41:23 +0100

In the end I had a list of a little over 60 certificates that all used the same compromised key. These certificates were valid for DNS names of seemingly-unrelated customers, which ruled out the possibility that one customer simply reused their private key in different certificates. This made me curious to figure out the source of the compromise.

https://koen.io/2019/01/17/a-tale-of-private-key-reuse/

An interesting little detective story.

#security #pki #tls

Edit: Link!

Security

Debacle

Mon, 21 Jan 2019 08:53:08 +0100 from Diaspora

How about a link?

Harald Eilertsen

Mon, 21 Jan 2019 08:55:33 +0100

@Debacle It's in the edit (probably a separate post in diaspora.) And now also here: https://koen.io/2019/01/17/a-tale-of-private-key-reuse/

Debacle

Mon, 21 Jan 2019 22:09:11 +0100 from Diaspora

Thanks!

In January, the EU starts running Bug Bounties on Free and Open Source Software

Harald Eilertsen

Sat, 29 Dec 2018 21:25:45 +0100 last edited: Fri, 29 Mar 2019 20:10:56 +0100

In January the European Commission is launching 14 out of a total of 15 bug bounties on Free Software projects that the EU institutions rely on.

https://juliareda.eu/2018/12/eu-fossa-bug-bounties/

This is definitely cool! Even better if other countries, institutions and companies will follow up and do the same.

#software #security #bug #bugbounty #eu

Politics Free software

Security flaw in libssh leaves thousands of servers at risk of hijacking

Harald Eilertsen

Wed, 17 Oct 2018 09:09:29 +0200

https://www.zdnet.com/article/security-flaw-in-libssh-leaves-thousands-of-servers-at-risk-of-hijacking/#ftag=RSSbaffb68

An attacker can do this by sending the SSH server "SSH2_MSG_USERAUTH_SUCCESS" message instead of the "SSH2_MSG_USERAUTH_REQUEST" message that a server usually expects (...)

The vulnerability, which is tracked as CVE-2018-10933, was introduced in libssh 0.6.0, released in January 2014. The libssh team released versions 0.8.4 and 0.7.6 yesterday to address this bug.

Come on!

This is what happens when you don't test your protocol implementation. Good thing it only took four and a half year to discover. Sadly, that's two and a half years less than the average for zero-day exploits.

#security #zeroday #ssh #libssh

Security

Sensitive Data Exposure via WiFi Broadcasts in Android OS [CVE-2018-9489]

Harald Eilertsen

Mon, 03 Sep 2018 10:40:05 +0200

System broadcasts by Android OS expose information about the user’s device to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address. Some of this information (MAC address) is no longer available via APIs on Android 6 and higher, and extra permissions are normally required to access the rest of this information. However, by listening to these broadcasts, any application on the device can capture this information thus bypassing any permission checks and existing mitigations.

https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/

#android #vulnerability #security #privacy

Security

Harald Eilertsen

harald@hub.volse.no