lunedì 29 marzo 2010

Ancora per vedere HTTP

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.

Fiddler is freeware and can debug traffic from virtually any application, including Internet Explorer, Mozilla Firefox, Opera, and thousands more.

(segnalatomi da Alfredo Canziani 2009/2010)

Password cracking demo

Feel free to enter any windows password hash and to have it cracked below. This should take only a few seconds in average. The demo cracks passwords made of 52 mixed case letters, 10 numbers and 33 special characters of length up to 14 (XP special tables on steroids).

Come nascondere le tracce...

An "open proxy" is a machine that has been misconfigured to forward requests back out to the Internet. Hackers constantly rescan the Internet looking for these open proxies, usually HTTP proxies at ports 80, 8080, and 3127, or SOCKS at port 1080. Hacker websites maintain lists of active misconfigured proxies. When hackers want to be anonymous, they choose one of these proxies at random, they configure their web browser to go through the proxy. In this manner, anything they do appears to come from the proxy's IP address, and not from the hacker's IP address.

Ancora sulle vulnerabilità

Microsoft knew of nasty IE bug a year before attacks

By Dan Goodin

Microsoft was aware of a critical vulnerability in an Internet Explorer component at least 12 months before attackers started targeting it in lethal exploits that take full control of end-users' PCs, a member of its security team said Wednesday.

La nascita di una connessione HTTPS

(analisi molto dettagliata, passo-passo, di ciò che accade quando viene aperta una connessione https)
Whoa! What just happened?

In the 220 milliseconds that flew by, a lot of interesting stuff happened to make Firefox change the address bar color and put a lock in the lower right corner. With the help of Wireshark, my favorite network tool, and a slightly modified debug build of Firefox, we can see exactly what's going on. ...

Come cambiare Ethernet address

Di norma non servirebbe, però sappiamo che può essere utile per (tentare di) generare risposte fraudolente a richieste ARP...

AnalogX AnonyMAC enables you to change the MAC address for any selected network adapter. You can choose to type your own MAC address or use a randomly generated one from a list of manufacturers that ...more

screen capture of AnalogX AnonyMAC

screenshot of AnalogX AnonyMAC

Crittografia e Sicurezza Informatica

Breve articolo in italiano (scritto da me) di cui consiglio caldamente la lettura a tutti.

L’effettivo ruolo della crittografia nelle applicazioni informatiche è spesso frainteso. Si tende infatti a considerare il mero uso della crittografia come sinonimo di “garanzia assoluta di sicurezza”. Purtroppo questa conclusione è del tutto infondata ed in questo breve contributo cercheremo di spiegarne il motivo. In estrema sintesi, la sicurezza di un’applicazione informatica richiede la soluzione di numerosi problemi. La crittografia risolve alcuni di essi ma è del tutto inutile per altri. Nella pratica, gli attaccanti sfruttano proprio i numerosi problemi irrisolti.

"Direct Access" (ovvero "VPN" nel gergo Microsoft)

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2.

DirectAccess overcomes the limitations of VPNs by automatically establishing a bi-directional connection from client computers to the corporate network. DirectAccess is built on a foundation of proven, standards-based technologies: Internet Protocol security (IPsec) and Internet Protocol version 6 (IPv6).

DirectAccess uses IPsec to authenticate both the computer and user, allowing IT to manage the computer before the user logs on. Optionally, you can require a smart card for user authentication.

DirectAccess also leverages IPsec to provide encryption for communications across the Internet. You can use IPsec encryption methods such as Triple Data Encryption Standard (3DES) and the Advanced Encryption Standard (AES).

Clients establish an IPsec tunnel for the IPv6 traffic to the DirectAccess server, which acts as a gateway to the intranet. Figure 1 shows a DirectAccess client connecting to a DirectAccess server across the public IPv4 Internet. Clients can connect even if they are behind a firewall.

Vulnerabilità (controllo traffico aereo negli States)

No comment. Leggere con calma. Il linguaggio è neutro ma, ahimé, chiarissimo.

On May 4, 2009, we issued our report on Federal Aviation Administration (FAA) web applications security and intrusion detection in air traffic control (ATC) systems, requested by the Ranking Minority Members of the full House Transportation and Infrastructure Committee and its Aviation Subcommittee. We found that web applications used in supporting ATC systems operations were not properly secured to prevent attacks or unauthorized access. During the audit, our staff gained unauthorized access to information stored on web application computers and an ATC system, and confirmed system vulnerability to malicious code attacks. In addition, we found that FAA had not established adequate intrusion–detection capability to monitor and detect potential cyber security incidents at ATC facilities. Intrusion–detection systems have been deployed to only 11 (out of hundreds of) ATC facilities. Also, cyber incidents detected were not remediated in a timely manner.

Estratto da pg. 3:
We tested 70 Web applications, some of which are used to disseminate
information to the public over the Internet, such as communications frequencies
for pilots and controllers; others are used internally within FAA to support eight
ATC systems.

Our test identified a total of 763 high-risk, 504 medium-risk, and
2,590 low-risk vulnerabilities, 4 such as weak passwords and unprotected critical
file folders.

By exploiting these vulnerabilities, the public could gain unauthorized access to
stored on Web application computers. Further, through these
vulnerabilities, internal FAA users (employees, contractors, industry partners, etc.)
could gain unauthorized access to ATC systems
because the Web applications
often act as front-end interfaces (providing front-door access) to ATC systems. In
addition, these vulnerabilities could allow attackers to compromise FAA user
computers by injecting malicious code onto the computers
. During the audit, ௰

Cryptographic Keylength Recommendation

In most cryptographic functions, the key length is an important security parameter. Both academic and private organizations provide recommendations and mathematical formulas to approximate the minimum key size requirement for security. Despite the availability of these publications, choosing an appropriate key size to protect your system from attacks remains a headache as you need to read and understand all these papers. This web site implements mathematical formulas and summarizes reports from well-known organizations allowing you to quickly evaluate the minimum security requirements for your system. You can also easily compare all these techniques and find the appropriate key length for your desired level of protection.

The lengths provided here are designed to resist mathematic attacks; they do not take algorithmic attacks, hardware flaws, etc. into account.

Attacchi a SSL (Man-In-The-Middle)

Articolo di 4 pagine, molto semplice, accessibile dal portale IEEExplore (, solo dalla rete di ateneo) che descrive un modo semplice per attaccare HTTPS/SSL (protocollo per collegarsi con banche e simili)

Man-in-the-Middle Attack to the HTTPS Protocol
Callegati, F. Cerroni, W. Ramilli, M.
Univ. of Bologna, Bologna;
This paper appears in: Security & Privacy, IEEE
Publication Date: Jan.-Feb. 2009
Volume: 7, Issue: 1
On page(s): 78-81
ISSN: 1540-7993
INSPEC Accession Number: 10460191
Digital Object Identifier: 10.1109/MSP.2009.12
Current Version Published: 2009-02-03
Web-based applications rely on the HTTPS protocol to guarantee privacy and security in transactions ranging from home banking, e-commerce, and e-procurement to those that deal with sensitive data such as career and identity information. Users trust this protocol to prevent unauthorized viewing of their personal, financial, and confidential information over the Web.

Punti di accesso wireless: protetti ?

The majority of wireless access points located in seven metropolitan financial centers have easy-to-break or nonexistent security, according to a survey conducted by security firm AirTight Networks and published on Wednesday.

Come avrei potuto prendere il controllo di tutti i vostri PC

Peccato non averlo saputo prima...sarebbe bastato distribuire dei ppt invece che dei pdf per installare un bel trojan su tutte le vostre macchine e prenderne il controllo...peccato.

Wednesday, May 13, 2009

US-CERT: United States Computer Emergency Readiness Team

Microsoft PowerPoint Multiple Vulnerabilities

Original release date: May 12, 2009
Last revised: --
Source: US-CERT

Systems Affected


Microsoft has released updates that address vulnerabilities in Microsoft PowerPoint.

I. Description

As part of the Microsoft Security Bulletin Summary for May 2009, Microsoft released updates to address vulnerabilities that affect Microsoft PowerPoint.

II. Impact

By convincing a user to open a specially crafted PowerPoint file, a remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause PowerPoint to crash.

III. Solution

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for May 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

IV. References

Feedback can be directed to US-CERT.

Produced 2009 by US-CERT, a government organization. Terms of use

May 12, 2009: Initial release

Attacchi al DNS nel mondo reale

Una delle prime "cose belle" che racconto nel corso di Reti è la possibilità di alterare le risposte dell'infrastruttura DNS: l'utente chiede l'indirizzo IP associato ad un nome N; invece di ricevere l'indirizzo IP-V legittimo, riceve un indirizzo IP-F fraudolento. L'utente quindi si collega con un server fraudolento ad indirizzo IP-F pensando di essere collegato con il server legittimo.
Sono certo che quasi tutti pensano "mah, si, in teoria potrebbe in pratica chi vuoi che riesca ad alterare le risposte DNS...qui si parla solo di teoria..."
Notizie di questi giorni:
  1. DNS Cache Poisoning Targets Brazilian Bank

  2. Hackers hijack DNS records of high profile New Zealand sites

Bancomat & C

Tra i molti temi molto interessanti che non analizziamo c'è tutto il mondo della sicurezza dei circuiti di pagamento (ATM, bancomat e simili).
Riporto di seguito qualche fatterello recentissimo ed interessante. Soprattutto in quanto dimostrazione (spero a questo punto inutile) delle cose dette più volte a lezione:
  • I problemi pratici nascono da errori di implementazione/configurazione;
  • gli attacchi sono spesso limitati da ciò che l'attaccante trova conveniente fare, non tanto da ciò che può fare;
  • gli attacchi man-in-the-middle sono fattibili e particolarmente pericolosi;
  • al tempo X tutti dicono "questo attacco non è realistico" e poi al tempo Y>X si scopre che non è vero;
  • nei rapporti con le banche il cliente è responsabile "a prescindere";
  • la crittografia non garantisce un bel nulla di per sé;
  • le applicazioni di smartcard e simili si basano su dispositivi fidati per definizione, ma che nella pratica possono essere controllabili da un attaccante
  • ...etc

Le solite cose.

Cambridge security boffins slam banking card readers

Vulnerabilità delle nuove tessere ATM/Bancomat con il chip (purtroppo ce l'ho anch'io).
Card readers for online banking are inherently insecure...Researchers found a number of serious security shortcomings after reverse engineering the underlying protocol (called the Chip Authentication Programme or CAP) that underpins hand-held card readers. Readers are typically used alongside customer's debit cards to generate one-time codes for online banking login and transaction authentication. The devices are designed to thwart online banking fraud, but cost-saving measures have resulted in design compromises that have left customers open to risk of fraud.
Il lab citato nel blog qui sopra si trova qui. Ha molti altri studi interessantissimi, tra i quali il seguente (attacco man-in-the-middle al circuito ATM; contiene un bel giochino challenge-response):

Chip & PIN (EMV) relay attacks

...For example, when customers pay with a Chip and PIN card, they have no choice but to trust the terminal when it displays the amount of the transaction. The terminal, however, could be replaced with a malicious one, without showing any outward traces. When the customer pays for a low-value product and enters the PIN into the terminal, the challenge from a different shop selling a far more expensive product could be relayed to the card. The PIN and response from the card could likewise be relayed back to the other shop, which will accept the transaction....

PIN Crackers Nab Holy Grail of Bank Card Security

The attacks...., are behind some of the millions of dollars in fraudulent ATM withdrawals that have occurred around the United States....
...It was believed that once a PIN was typed on a keypad and encrypted, it would traverse bank processing networks with complete safety, until it was decrypted and authenticated by a financial institution on the other side. But the new PIN-hacking techniques belie this theory, and threaten to destabilize the banking-system transaction process.
...Information about the theft of encrypted PINs first surfaced in an indictment last year against 11 alleged hackers accused of stealing some 40 million debit and credit card details
... Unlike fraudulent credit card charges, which generally carry zero liability for the consumer, fraudulent cash withdrawals that involve a customer's PIN can be more difficult to resolve since, in the absence of evidence of a breach, the burden is placed on the customer to prove that he or she didn't make the withdrawal.

Attacchi informatici nel mondo reale

Abbiamo parlato a lezione del fatto che, in generale e prescindendo dalla sicurezza informatica, il compito del difensore è molto più complicato del compito dell'attaccante: il difensore deve difendere tutto, mentre per l'attaccante è sufficiente trovare un punto debole.
Nel caso specifico della sicurezza informatica, una delle implicazioni di questa verità fondamentale è che il difensore può avere Kerberos, SSL, firma digitale etc etc etc, basta però un banalissimo bug in un software di visualizzazione immagini (tanto per dirne una) per permettere all'attaccante di eseguire del codice arbitrario sul nodo target e, pertanto, vincere la partita.
E' da notare, inoltre, che il "sistema" da difendere non è composto solo da computer, dispositivi di rete e così via. Comprende anche le persone, i processi operativi e di gestione, etc. I punti deboli più interessanti per l'attaccante possono essere proprio questi ultimi. Ciò è sintetizzato in modo divertente e chiarissimo da questa vignetta segnalatami da Lorenzo Dal Col.

Estensioni Firefox per giocare con HTTP

HttpFox: An HTTP analyzer addon for Firefox

HttpFox monitors and analyzes all incoming and outgoing HTTP traffic between the browser and the web servers.

It aims to bring the functionality known from tools like HttpWatch or IEInspector to the Firefox browser.

Information available per request includes:
- Request and response headers
- Sent and received cookies
- Querystring parameters
- POST parameters
- Response body


Live HTTP Headers 0.14

View HTTP headers of a page and while browsing.

Tamper Data 10.1.0

Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.

Trace and time http response/requests.

Security test web applications by modifying POST parameters.

Web Server TinySSL

TinySSL is a Secure Sockets Layer (SSL v2/v3) and Transport Layer Security Web Server Daemon based on TinyWeb. TinySSL comes under the same licence as for TinyWEB and is FREE for commercial and non-commercial use.

NOTA: SSL è trattato nella seconda parte del corso; TinySSL è utile, anche senza SSL, per "giocare" con la BASIC authentication (che non è supportata da TinyWeb); se non interessa SSL, saltare tutto e andare direttamente alla:

Access Authentication

TinySSL supports Basic Access Authentication (rfc-2068), which is configured in realms.cfg file. There are MD5/DES-hybrid hashes (also may be called digests) that allow avoiding cleartext reusable passwords to be stored in realms.cfg file. Each line of the file describes a single realm and has the following format:

ListOfURLs RealmName User1 User2 User3 User4 ....
ListOfURLs is a list of URLs (pipe-seperated) belonging to specified realm, RealmName is name of the realm as per rfc-2068 and UserN is user name and hash of a password. To produce a hash, run str2key.exe utility, passing password as a command line parameter (no space characters are allowed). As you see, you may assign several users and URLs to an realm. If you do not need access authentication, simply leave realms.cfg empty (but do not even think to delete it). The sample file with two realms looks like this:

/cgi-bin/*|/view.html|/edit.html Operations mickey|7a4064683b98bf5e/photos.html Photos ronnie|4f1fab620816ea8a coolman|f1578aa107bc4aef
Here user mickey will have access to Operations realm and will be able to retrieve /cgi-bin/*, /view.html and /edit.html; users ronnie and coolman will have access to Photos realm with /photos.html.
str2key.exe utility produces a hash in the following steps: applies MD5 algorinthm to a password string; resulting 128 bits are split on two 64-bit blocks, 56 bits from one block is used as a DES key to ECB-encrypt 64 bits of another block; 64 bits produced by DES ecnryption are taken as hash.
Changing of realms.cfg without restarting server is allowed. TinySSL will reload the file if it was modified since last load.

Esercizio cookie: "Una votazione poco democratica"

Sidejacking (ovvero come "infilarsi" in una sessione HTTP autenticata

Sidejacking is a form of “HTTP session hijacking” that works with “passive” eavesdropping.
HTTP session hijacking is where the hacker grabs your “session cookies”. Your session with the web server is identified with a unique cookie. This cookie is sent to your browser at the start of the session, and your browser echos it back from that point forward.

There are many forms of session hijacking. Some use cross-site scripting to grab them from your browser. Some use “man-in-the-middle” attacks to intercept the connection then resend it. The sidejacking method uses passive eavesdropping of cookies. Users collect cookies using a packet-sniffer, then import them into the browser. Unlike other methods of session hijacking, there is nothing the user can possibly see that would tell them their session is being hijacked. They can’t “View source” to find errant JavaScript (as they could with cross-site-scripting attacks). They can’t sniff their own traffic is see that it’s being changed (as in man-in-the-middle) attacks.

In addition, sidejacking allows for offline attacks. Session cookies last a long time, sometimes for years. That means a hacker could capture packets with a packet-sniffer at one point, then weeks later in another part of the world, import the cookies into the browser and access the session.
Abbiamo visto a lezione un esempio di algoritmo "sicuro" (incremento pseudorandom dello Initial Sequence Number in TCP); tutti convinti che è davvero "sicuro", dopo N anni qualcuno si accorge che si erano sbagliati tutti.
Abbiamo detto che queste cose si sono verificate più volte (ad esempio in Kerberos, con il protocollo Needham-Schroeder).
E' appena successo un altro esempio (Marzo 2009). Meno grave perché si riferisce ad un algoritmo utilizzato solo nei laboratori, ma concettualmente la situazione è la stessa:
In 2008, a generalized ring signature scheme based on the original ElGamal signature scheme was proposed for the first time. The authors claimed that the proposed generalized ring signature scheme is convertible. It enables the actual message signer to prove to a verifier that only she is capable of generating the ring signature. Through cryptanalysis, the convertibility of the generalized ring signature scheme can not be satisfied. Everyone in the ring signature has the ability to claim that she generates the generalized ring signature.
"Cryptanalysis of a Generalized Ring Signature Scheme," IEEE Transactions on Dependable and Secure Computing, 11 Mar. 2009. IEEE computer Society Digital Library. IEEE Computer Society,
(pochi giorni dopo ho aggiunto ancora un altro esempio, qui di seguito)

On the Security of an Efficient Time-Bound Hierarchical Key Management Scheme

Recently, Bertino et al. proposed a new time-bound key management scheme for broadcasting. The security of their scheme is planted on the hardness breaking of elliptic curve discrete log problem, HMAC, and tamper-resistance devices. They claimed that as long as the three assumptions hold, their scheme is secure. By means of secure, users cannot access resources that they are not granted, even if users collude. In this paper, we demonstrate that this scheme is insecure against the collusion attack. We also provide some possible amendments to this scheme.

Ancora email e GMAIL

(Carlo Tauraso 2008/2009)

Il server di posta di Gmail autentica anche account del dominio In pratica è possibile accedere ad una mailbox utilizzando il medesimo server Lascia abbastanza stupiti entrare sull'interfaccia webmail di Vodafone che come si vede richiama decisamente quella standard di Gmail.


Ho provato a fare un DNS lookup sul dominio e in effetti i record MX (vedi qui) riportano server del dominio
Ho seguito anche il suo consiglio ed ho inviato una mail da gmail a vodafone e viceversa e dagli headers (vedi qui) si vede come in effetti il messaggio passa tranquillamente nello stesso nodo

Analizzando gli headers mi sono accorto di un'altra cosa interessante. Se si guarda bene ci sono due header di cui non avevo mai sentito parlare Received-SPF e Authorization-results. SPF Sender Policy Framework e' uno standard che permette di combattere lo spam e in generale le fake-mail. In pratica ha inserito dei record SPF nel DNS di zona (record TXT) che indica quali sono gli IP dei server utilizzati per l'invio dei loro messaggi (Policy-SPF). Se ad un server mail arriva un messaggio che dice di provenire da puo' verificare se soddisfa la policy SPF, se non e' cosi' si rifiuta di inoltrarlo. Ho provato a leggere questi record ed in effetti facendo una query DNS su con record TXT si trova prima una redirezione su, rifacendo l'interrogazione ecco che sono comparsi tutti gli indirizzi di fiducia (vedi qui). A questo punto ho provato a contattare via Telnet uno dei server SMTP. Sembrava piu' amichevole di quello pubblico (quello dell'altra volta) ma come si vede dalla sessione (telnetGMAIL2.png), non appena e' stato rilevato che il mio IP non e' autorizzato (probabilmente dalla policy SPF) mi e' stato impossibile proseguire.

Header mail GMAIL

(Carlo Tauraso, 2008/2009)

Ho fatto alcune prove sugli argomenti visti a lezione ed ho notato due cose che forse possono essere interessanti per tutti.

Dall'interfaccia Web di Gmail è possibile visualizzare gli header dei messaggi, cosa che avevamo escluso. Dettagli qui.

Inoltre sia il server SMTP che POP di Gmail (in realtà è sempre il sono accessibili dall'esterno e rimangono in ascolto oltre che su 25, 110 anche sulle porte 465 e 995. Utilizzano SSL. (VEDREMO SSL NELLA SECONDA PARTE DEL CORSO; E' UN PROTOCOLLO PER COMUNICAZIONE CRITTATA, QUINDI INUTILIZZABILE VIA TELNET) In particolare il server in uscita usa una versione avanzata del protocollo SMTP chiamata ESMTP ma come si vede dall'immagine di sessione cha allego richiede l'uso di STARTTLS quindi da Telnet non si puo' far molto.

Reblog this post [with Zemanta]