Scribd
Upload
111 views29 pages

Week 03

The document discusses various topics related to cyber security including: 1) Recent malware found in the Apple AppStore and issues with trusted certificate authorities. 2) An analysis of Apple source code identifying a vulnerability (CVE-2014-1266) in how it verifies server keys in the SSL handshake. 3) An overview of common techniques for attacking authentication systems including brute force cracking tools like John the Ripper.

Uploaded by

api-247491493
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
111 views29 pages

Week 03

The document discusses various topics related to cyber security including: 1) Recent malware found in the Apple AppStore and issues with trusted certificate authorities. 2) An analysis of Apple source code identifying a vulnerability (CVE-2014-1266) in how it verifies server keys in the SSL handshake. 3) An overview of common techniques for attacking authentication systems including brute force cracking tools like John the Ripper.

Uploaded by

api-247491493
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 29

CYBER

SECURITY: ESSENTIALS
Daniel Medina [email protected]

ADMINISTRATION

Anything in the news?

NEWS
Malware in Apple AppStore:
Developers download trojand dev tools
When trusted CAs go bad: Symantec Google cert
New in web security: Subresource Integrity

RECAP

#
# http://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c
# https://www.imperialviolet.org/2014/02/22/applebug.html
#

SSLVerifySignedServerKeyExchange(...) { # ...
if ((err = SSLHashSHA1.update(&hashCtx, &clientRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail;
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
goto fail;

err = sslRawVerify(ctx,
ctx->peerPubKey,
dataToSign,


/* plaintext */
dataToSignLen,

/* plaintext length */
signature,
signatureLen);

if(err) {


sslErrorLog("SSLDecodeSignedServerKeyExchange: sslRawVerify "
"returned %d\n", (int)err);


goto fail;

}

Apple Vulnerability / CVE-2014-1266

fail:
SSLFreeBuffer(&signedHashes);
SSLFreeBuffer(&hashCtx);
return err;
}

Others: https://www.openssl.org/news/vulnerabilities.html

ACCESS CONTROLS

I+AAA
IdenLcaLon
AuthenLcaLon
AuthorizaLon
AccounLng

IDENTIFICATION
$id
dm129
Daniel Medina
[email protected]
N11412345

ASIDE: NYU ID
NYU Policy on PIN
What is this data?
CODABAR barcode
HID Card

AUTHENTICATION
Prove you are $id
Passwords
Biometrics (many kinds)
TOTP / rotaLng token
CerLcates (w/passphrase)

ASIDE: LANMAN
Brute Force Search of a DES Keyspace:
DefeaLng LM Hashes

ASIDE: LANMAN
compromised
since about 1997
disabled by default in 2008

ASIDE: TOTP
RFC6238: Time-Based One-Time
Password Algorithm
Roughly:
H(secret token Lmestamp)

ASIDE: TOTP

AUTHORIZATION
What can $id do?
a.k.a,
Permissions, Roles, ACLs
EnLtlement, Access

ACCOUNTING
What did $id do?
When? Where?
Gulp: Unied Logging
AcLvity monitoring

ATTACKING
IdenLcaLon
AuthenLcaLon
AuthorizaLon
AccounLng

ATTACKING
Brute-force
DicLonaries
Rainbow Tables
Man In The Middle (MITM)
Oine vs Online, AcLve vs Passive

CRACKERS
John the Ripper, hjp://www.openwall.com/john
# c/s = "combinations per second"
$ run/john crypted
Loaded 6 password hashes with 5 different salts (DES)
test (test)
daniel2 (medinad)
medina1 (medina)
password (utility)
guesses: 4 time: 0:00:02:02 (3) c/s: 1355K
trying: dmorai7 - dmokOUM

For Windows: hjp://ophcrack.sourceforge.net/

WEB SECURITY

From Cookies to TLS

COOKIES
Session idenLer
This client is already logged on
State across stateless requests

WEB AUTHN / AUTHZ

SAML 2.0

SAML / Shibboleth (NYU uses)


OpenID
OAUTH (Google, Facebook, etc.)

FIRESHEEP

hjp://codebutler.github.io/resheep (2010)

You might also like