M32 Security » Cryptography

The Evolved GPU: Password Killer?

Kyle — Sun, 05 Jun 2011 22:42:35 +0000

Since the advent of Open CL and technologies like Nvidia’s CUDA that use the massive potential in the evolved design of today’s Graphics Processing Units to aid in other areas of computing that require massive repetitive, parallel processing power, there has been a lot of new applications that were before impractical with standard CPUs to do. One of them is brute-forcing passwords. The trend in the modern GPU mixed with Moore’s law may actually make even some of the strongest password schemes obsolete. ZDNet’s Adrian Kingley-Hughes has a good writeup on it and the implications that may come of the trend in GPUs.

Tags: computing, cuda, gpu, GPUs, nvidia, OpenCL, parallel processing, Password, password schemes, power, processing units

Conficker: The Proactive Worm Ahead Of The Curve

Kyle — Sun, 08 Aug 2010 19:26:15 +0000

An interesting article over at The Register shows how the now infamous ~6 million strong Conficker botnet/worm stays ahead of the curve in terms of Information Security by staying proactive and paranoid in how it is managed. Although the classification of the worm only goes from A through E, the botnet itself is ever-evolving; creating a nightmare for researchers world-wide in detection and cleansing of infected machines. It is unknown who runs the botnet, but it is known that the technical skill behind its command is very much on the bleeding-edge of security as well as social engineering. For instance, the worm uses simple exploits to infect Windows machines, but it phones home to domain names which can no longer be predicted and shut-down to receive new instructions and updates to the code that infects the machine. It has used scareware in the past to spread as well, such as bogus security software. It has even gone so far as to actually remove or fix other security threats on an infected machine to avoid detection. It constantly stays up-to-date and often mitigates even the newest anti-malware tools designed to remove it.

What makes it so hard to remove is its inability to be cracked. It has used the MD6 cryptographic hash function that was a candidate for the NIST SHA-3 Hash Competition with a 4096-bit RSA key. Even when a buffer-overflow vulnerability was discovered in MD6, the botnet’s owner corrected the implementation within a matter of days. There is an entire working group called The Conficker Working Group tasked entirely to the botnet, which has yet to break-in and take any sort of control away from whoever runs it.

In-depth article at The Register

Tags: botnet, buffer overflow, Conficker, Conficker Working Group, Downadup, Downup, Kido, MD6, nist, RSA, scareware, SHA-3, worm

CYBERCOM’s Secret Code Demystified

Kyle — Sat, 10 Jul 2010 01:27:36 +0000

As I posted earlier this week, a hexadecimal code was discovered on the gold ring encircling US Cyber Command’s newly released logo. That code was 9ec4c12949a4f31474f299058ce2b22a and it sent the NetSec community on a challenge. To the untrained eye, it looks like just a bunch of numbers and letters. To those in the InfoSec/NetSec field, it looks like a 128-bit MD5-hash. MD5 hashes are derived from an algorithm that “digests” the data into a hexadecimal result like the one here. They are often used in file integrity checks to ensure the data is exactly what it should be without any corruption or tampering.

Around 2004, the MD5 algorithm had started to show vulnerabilities and signs of age. It is now fairly easy to reverse these hashes to reveal the original data. Obviously this is a big security problem. The NIST and DHS has a policy that requires all government agencies to use more complex hashing functions after 2010. Considering US CYBERCOM is one of the most secretive and secured entities of the publicly known US Government and intimately tied to the NSA, I would imagine there may be more than meets the eye to the new logo and we’ll come across more interesting things the geeks over there threw in to challenge us.

CYBERCOM’s Secret Code Demystified.

Tags: cybercom, hash md5, hexadecimal code, infosec, integrity checks, md5 algorithm, md5 hashes, security problem

9ec4c12949a4f31474f299058ce2b22a

Kyle — Wed, 07 Jul 2010 23:51:22 +0000

http://www.niconnect.com/9EC4C12949A4F31474F299058CE2B22A.jpg

Poder Cibernetico = Cyber Power

39 6 31.38,-76 46 12.66 Put that into Google Maps. Haha.

Reverse MD5 comes out as this:

USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

Tags: adversaries, cyber power, defense information, department of defense, freedom, full spectrum, google, google maps, information networks, jpg

Laptop stolen from MoD with encryption key that could open highly sensitive files

Kyle — Mon, 14 Dec 2009 04:03:16 +0000

The Sun and now the BBC have reported that a laptop used by a high-ranking RAF Officer at the UK’s Ministry of Defence was stolen in late November; possibly much more recently that included an encryption key with the potential to open highly sensitive files. The laptop was said to be stolen from a highly secure area has arisen fears that a mole is operating within the Ministry. If the severity of the breach is as serious as has been reported, this could be be one of the largest breaches of data security in a very long time.

It is not known if the laptop in question has been secured with disk encryption or any other type of techniques used in attempt to keep data from unauthorized parties.

As of writing this, the MoD has been bluntly quiet on the incident saying only that “An investigation is ongoing.”

Heads up to The Spy Blog UK for highlighting this

Tags: Breaches, data security, disk encryption, late november, ministry of defence, mole, raf officer, sensitive files, severity, unauthorized parties

Microsoft adds free root certificate authority to Windows

Kyle — Wed, 18 Nov 2009 20:30:06 +0000

Microsoft adds free root certificate authority to Windows

Tags: free microsoft, free root, microsoft, microsoft certificate, root certificate authority, windows microsoft

IBM Creates Algorithm For Fully Homomorphic Encryption

Kyle — Sun, 04 Oct 2009 05:22:45 +0000

IBM has claimed that it has made a breakthrough in data security that could potentially usher in a new era of manipulation of sensitive encrypted data without revealing what the data actually is. The idea isn’t new, Ronald Rivest (the R in RSA) thought it up thirty years ago; thinking it to be too infeasible to ever implement. The future implications on data security are very promising to say the least.

Read the whole story over at SmartPlanet

Tags: Algorithm, breakthrough, data security, encrypted data, Encryption, Homomorphic, IBM, manipulation, new era, Ronald Rivest, RSA, SmartPlanet, thirty years

OpenSSH exploit might or might not be out there

Kyle — Wed, 08 Jul 2009 03:09:36 +0000

SANS has posted that they’ve heard grumblings on the Internets of a new OpenSSH exploit in the wild. They haven’t gotten their hands on it yet, but they’ve had several reports and a console log of the supposed exploit in action.

More info after the jump. SANS Diary on the Exploit

Tags: exploit, Internets, isc, OpenSSH, SANS

SHA-1 hash collision predicted within the year

Kyle — Wed, 17 Jun 2009 03:02:41 +0000

Bruce Schneier writes about a new cryptanalysis attack published recently brings the SHA-1 hashing algorithm increasingly closer to a realistic collision. Considering the SHA-1 algorithm is designed closeley to the principles of MD4 and MD5 hashing algorithms, it seems not a question of if, but a question of when. Bruce writes:

A new attack can, at least in theory, find collisions in 2⁵² hash operations — well within the realm of computational possibility. Assuming the cryptanalysis is correct, we should expect to see an actual SHA-1 collision within the year.

This has little immediate real-world implications on data security since most have moved on to stronger or the SHA-2 family of algorithms which, for now, are safe. Nontheless, the NIST has already begun development on a “SHA-3″ algorithm with publication to be expected in 2012.