Friday, September 23, 2011

BEAST beating SSL & TLS :: What You Can do to be Secured

B.E.A.S.T.?
Browser Exploit Against SSL/TLS Tool [B.E.A.S.T.], is the new Javscript utility created by J. Rizzo & T. Duong capable of breaking SSL3.0 & TLS1.0 level protection for HTTPS connections and deciphering the secure connection data.

What It Does?
There have been previous mention of cryptanalysis attacks over
+ SSL3.0
 |   (a Paper 'Analysis of SSL3.0 Protocol' by D.Wagner & B.Schneier in 1999 ), &
+ TLS1.0
 |   (a Paper 'Renegotitating TLS' by Marsh Ray in 2009).
B.E.A.S.T. is a pure exploit tool built over these (or similar) visions.
B.E.A.S.T. is based upon blockwise-adaptive chosen-plaintext attack approach exploited on victim's end via man-in-the-middle attack.

Point-to-Note!
It's a MitM over Browser, javascript injected does all harvesting of plaintext attack (which currently takes around 30 minutes for useful data) and then enables you to break the encrypted session.

Security Measures until F!XED
  1. Use a different browser (totally different, i.e. just not a new instance of same browser but a new browser, as in FireFox & Chrome are different) for browsing your Secured Connection. And a different browser for you general web surfing experience, even any external links from your secured session used browser should be copied and opened in the general web-surfing browser.
  2. It's better if the browser used for secured session is used in Private Browsing Mode.
  3. Don't keep log-in active in any service if you are not using it currently.

Something you should already be doing, if not start now...
Use browser extensions like AdBlock & NoScript, to protect your browser from injected IFrames and infected AdServices which are the major source channel for BEAST also.

To get a more detailed insight at the exploit Paper & Code, get your hands over
http://www.insecure.cl/Beast-SSL.rar

What to do at Server Side
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635

Tuesday, September 13, 2011

Open Intelligence Gathering FOR Passive Reconnaissance FROM "Eden Guide To Hacking"


Open Intelligence Gathering : github.com/abhishekkr.....Open_Intelligence..
FOR 
FROM 
The following content structure is discussed in detail @
https://github.com/abhishekkr/eden_guide_to_hacking/blob/b00ef1502b9f91953f5d734efd4a03c3a0f04002/part1_Hacking_Cycle/chapter4_Reconnaissance/section0_Passive_Recon/article0_Open_Intelligence_Gathering.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[+] Open Intelligence Gathering
 |
 |[+] What Is Open Intelligence?
 |
 |[+] Legal Documents Got Them
 |
 |[+] Search Engines Sort Them
 |
 |[+] Web Activity Caught Them
 | |
 | |[+] You Blog/Comment
 | |[+] You Socialize
 | |[+] You Subscribe
 | |[+] You Show/Click Ads
 | |[+] Even If You Surf Web
 | |_
 |
 |[+] Automating the Act
 | |
 | |[+] Paterva Maltego CE
 | | |[+] URL
 | | |[+] What it does?
 | | |[+] Example Usage
 | | |_
 | |
 | |[+] The Harvester
 | | |[+] URL
 | | |[+] What it does?
 | | |[+] Example Usage
 | | |_
 | |_
 |_

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~