The Internet map
An interactive map of teh interwebs!
Monday, September 17, 2012
Sunday, April 22, 2012
3 Networky AIX 6/7 gotchas....
A colleague came across this tricky gotcha in AIX7 - his scp sessions were stalling on AIX 7.1 (VIO client) LPARs.
There is not much on the net about this one yet
By disabling tcp timestamp randomisation feature on both source and target VIO clients the randomised timestamp value is not used for setting the retransmission timer
Fix
#no -o tcp_rand_timestamp=1
Here is the APAR http://www-01.ibm.com/support/docview.wss?uid=isg1IV13121 IV13121: TCP RETRANSMIT PROCESSING IS VERY SLOW.
One possible cause of an SEA on VIOS flip flopping from primary to backup is processor unfolding delays http://www-01.ibm.com/support/docview.wss?uid=isg3T1012941
Fix - stop folding
# schedo -p -o vpm_fold_policy=4
There is a fair bit on the net about this one...
Another one I'll put here (AIX 6/7 and Oracle 11g network stalling/delays)
With Oracle 11g came IPv6 support and even though a hostname may be resolved in IPv4 land a second lookup into /etc/hosts is done for the IPv6 address/hostname.
If the IPv6 address is not matched in /etc/hosts then it goes out to the DNS servers for IPv6 name resolution because of the (default) name resolution order in net service (/etc/netsvc.conf) was local then bind
Fix
Force the IPv4 ie in /etc/netsvc.conf change local, bind to local4, bind4
There is a LOT on the net about this one....
There is not much on the net about this one yet
By disabling tcp timestamp randomisation feature on both source and target VIO clients the randomised timestamp value is not used for setting the retransmission timer
Fix
#no -o tcp_rand_timestamp=1
Here is the APAR http://www-01.ibm.com/support/docview.wss?uid=isg1IV13121 IV13121: TCP RETRANSMIT PROCESSING IS VERY SLOW.
One possible cause of an SEA on VIOS flip flopping from primary to backup is processor unfolding delays http://www-01.ibm.com/support/docview.wss?uid=isg3T1012941
Fix - stop folding
# schedo -p -o vpm_fold_policy=4
There is a fair bit on the net about this one...
Another one I'll put here (AIX 6/7 and Oracle 11g network stalling/delays)
With Oracle 11g came IPv6 support and even though a hostname may be resolved in IPv4 land a second lookup into /etc/hosts is done for the IPv6 address/hostname.
If the IPv6 address is not matched in /etc/hosts then it goes out to the DNS servers for IPv6 name resolution because of the (default) name resolution order in net service (/etc/netsvc.conf) was local then bind
Fix
Force the IPv4 ie in /etc/netsvc.conf change local, bind to local4, bind4
There is a LOT on the net about this one....
Monday, March 26, 2012
Graphical representation of machine generated data
In this plot Im running a (ruby) gltail of apache access log while I rip the site with a recursive wget
Often with machine generated data (eg a syslog stream) there is too much to read every item and its coming in real time from multiple sources so you cant see the forest for the trees.
By graphically showing the data the eye can see if something looks strange or different than normal.
The human eye has a data bandwidth of ~10 Mbps and couple that with the brain and you have a kick ass data miner!
Wednesday, March 7, 2012
Ask For Forgiveness Programming
I recon THIS is how the brain mitigates Amdahl's law and why our brains are 'slow and inaccurate' when compared to a computer at adding numbers.
ACID/locking/mutex/semaphore etc just wont scale to billions of cores (neurons)
However a computer is 'slow and inaccurate' at identifying real word objects or doing stand-up comedy.
ACID/locking/mutex/semaphore etc just wont scale to billions of cores (neurons)
However a computer is 'slow and inaccurate' at identifying real word objects or doing stand-up comedy.
Thursday, January 12, 2012
Using a GPU to hack(brute-force/dictionary)at a salted MD5 hash....
Ive been using john(JtR)for years and one week while my laptop fan was overblowing I thought: there must be a better way than cooking my CPU for a week,that GPU must be able to help so I jumped on the internets and found a few GPU based tools.
I tried hashgpu http://www.golubev.com/hashgpu.htm and hashcat http://hashcat.net/oclhashcat-plus/
I used the OpenCL version of Hashcat+ (there is a cdua version for nivdia cards but I have a ATI) to pick away at a salted MD5 hash.
A good wordlist is your best bet,even try and cewl candidate data for a wordlist before you resort to a bruteforce then you can run mp(on hashcat site too) to generate a brute force char stream to stdout
$mp64 -1 ?l?u?d ?1?1?1?1?1?1?1?1 #Lower,Upper,Digits for 8 chars
#pipe to hashcat (8 char Lower,Upper,Digits bruteforce...take a while)
$mp64 -1 ?l?u?d?s ?1?1?1?1?1?1?1?1 | oclHashcat-plus64 -m 500 hash.txt #dropped the rules mode 500 is md5 unix)
I ran a dictionary based attack on my hash with a ruleset that comes with Hashcat, then I use mp to generate 8 char passwords...and go to bed while it chews away on the hash....how good is this software...and its free
oclHashcat-plus64.exe -m 500 hash.txt example.dict -r rules/best.rule
here is my demo/screen shots....
http://www.youtube.com/watch?v=5LTs_mmne0Q
I tried hashgpu http://www.golubev.com/hashgpu.htm and hashcat http://hashcat.net/oclhashcat-plus/
I used the OpenCL version of Hashcat+ (there is a cdua version for nivdia cards but I have a ATI) to pick away at a salted MD5 hash.
A good wordlist is your best bet,even try and cewl candidate data for a wordlist before you resort to a bruteforce then you can run mp(on hashcat site too) to generate a brute force char stream to stdout
$mp64 -1 ?l?u?d ?1?1?1?1?1?1?1?1 #Lower,Upper,Digits for 8 chars
#pipe to hashcat (8 char Lower,Upper,Digits bruteforce...take a while)
$mp64 -1 ?l?u?d?s ?1?1?1?1?1?1?1?1 | oclHashcat-plus64 -m 500 hash.txt #dropped the rules mode 500 is md5 unix)
I ran a dictionary based attack on my hash with a ruleset that comes with Hashcat, then I use mp to generate 8 char passwords...and go to bed while it chews away on the hash....how good is this software...and its free
oclHashcat-plus64.exe -m 500 hash.txt example.dict -r rules/best.rule
here is my demo/screen shots....
http://www.youtube.com/watch?v=5LTs_mmne0Q
Wednesday, December 14, 2011
Oracle Corp reference one of my test results
Oracle refenrce one of my tests...
http://www.oracle.com/us/corporate/press/497230
On-chip Cryptographic Acceleration – New crypto units support over a dozen industry standard ciphers, enabling security conscious organizations in industries including telecommunications, healthcare, financial services and the public sector to keep their data safe with up to 44 percent faster secure queries than the latest generation of x86 systems when encrypted with Oracle's Advanced Security Products(4), 3x faster Oracle Solaris ZFS file system encryption than the latest generation of x86 systems(5), and 4x faster single-thread OpenSSL security than IBM POWER7(6).
Footnotes:
(6)Comparison is based on internal testing of AES-256-CBC encryption at 8K using OpenSSL against published test results for IBM: http://xmlisnotaprotocol.blogspot.com/2010/10/openssl-098-benchmark-on-power7-35ghz.html.
http://www.oracle.com/us/corporate/press/497230
On-chip Cryptographic Acceleration – New crypto units support over a dozen industry standard ciphers, enabling security conscious organizations in industries including telecommunications, healthcare, financial services and the public sector to keep their data safe with up to 44 percent faster secure queries than the latest generation of x86 systems when encrypted with Oracle's Advanced Security Products(4), 3x faster Oracle Solaris ZFS file system encryption than the latest generation of x86 systems(5), and 4x faster single-thread OpenSSL security than IBM POWER7(6).
Footnotes:
(6)Comparison is based on internal testing of AES-256-CBC encryption at 8K using OpenSSL against published test results for IBM: http://xmlisnotaprotocol.blogspot.com/2010/10/openssl-098-benchmark-on-power7-35ghz.html.
Wednesday, November 2, 2011
Compromising emissions!
Been reading about various side channel attacks, I think my skills (lateral thinking, electronics, 'puters, physics and math) could lend themselves well to this ...where do I sign up!
basically is eavesdropping information leaked via power,RF/EMI,sound,light or other means to gain information
http://en.wikipedia.org/wiki/Power_analysis
http://youtu.be/4L8rnYhnLt8
(RF/EMI demo)
http://syhw.posterous.com/two-amusing-side-channel-attacks
(USB port power and sound)
http://cs.tau.ac.il/~tromer/acoustic/
(PoC for picking up sound from mobo capacitors to break RSA )
http://digitallounge.gatech.edu/digitallife/index.html?nid=71506
(Keyboard taps)
http://lasecwww.epfl.ch/keyboard/
(keyboard EMI)
http://www.wired.com/threatlevel/2007/08/researchers-cra/
(car keys...brute forcing the private key from all challenge/responses)
http://www.pop.is/1eyo
(a physical side channel aka safe cracking)
Padding oracle attacks
http://www.usenix.org/event/woot10/tech/full_papers/Rizzo.pdf
(decrypt ciphertext without knowing the key eg to bypass CAPTCHA )
http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf
( Efficient Padding Oracle Attacks on Cryptographic Hardware )
RSA FOB tokens
http://www.geekosystem.com/broken-tokens/
http://www.newscientist.com/blogs/onepercent/2011/11/encryption-for-transit-cards-h.html
(Crack 3DES smart cards with an RFID reader and an oscilloscope, via power analysis of the chip in the card while de/encrypting)
http://www.techwarelabs.com/rfid-hacking-is-it-a-threat
http://www.cl.cam.ac.uk/~mgk25/ieee02-optical.pdf
(Read displays at a distance)
http://applied-math.org/acm_optical_tempest.pdf
http://dl.acm.org/citation.cfm?doid=545186.545189
(Flashing lights on your network kit may be a spanned port!)
TEMPEST backronyms from wikipedia
Tiny ElectroMagnetic Particles Emitting Secret Things
Transmitted Electro-Magnetic Pulse / Energy Standards & Testing
Telecommunications ElectroMagnetic Protection, Equipment, Standards & Techniques
Transient ElectroMagnetic Pulse Emanation STandard
Telecommunications Electronics Material Protected from Emanating Spurious Transmissions
basically is eavesdropping information leaked via power,RF/EMI,sound,light or other means to gain information
http://en.wikipedia.org/wiki/Power_analysis
http://youtu.be/4L8rnYhnLt8
(RF/EMI demo)
http://syhw.posterous.com/two-amusing-side-channel-attacks
(USB port power and sound)
http://cs.tau.ac.il/~tromer/acoustic/
(PoC for picking up sound from mobo capacitors to break RSA )
http://digitallounge.gatech.edu/digitallife/index.html?nid=71506
(Keyboard taps)
http://lasecwww.epfl.ch/keyboard/
(keyboard EMI)
http://www.wired.com/threatlevel/2007/08/researchers-cra/
(car keys...brute forcing the private key from all challenge/responses)
http://www.pop.is/1eyo
(a physical side channel aka safe cracking)
Padding oracle attacks
http://www.usenix.org/event/woot10/tech/full_papers/Rizzo.pdf
(decrypt ciphertext without knowing the key eg to bypass CAPTCHA )
http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf
( Efficient Padding Oracle Attacks on Cryptographic Hardware )
RSA FOB tokens
http://www.geekosystem.com/broken-tokens/
http://www.newscientist.com/blogs/onepercent/2011/11/encryption-for-transit-cards-h.html
(Crack 3DES smart cards with an RFID reader and an oscilloscope, via power analysis of the chip in the card while de/encrypting)
http://www.techwarelabs.com/rfid-hacking-is-it-a-threat
http://www.cl.cam.ac.uk/~mgk25/ieee02-optical.pdf
(Read displays at a distance)
http://applied-math.org/acm_optical_tempest.pdf
http://dl.acm.org/citation.cfm?doid=545186.545189
(Flashing lights on your network kit may be a spanned port!)
TEMPEST backronyms from wikipedia
Tiny ElectroMagnetic Particles Emitting Secret Things
Transmitted Electro-Magnetic Pulse / Energy Standards & Testing
Telecommunications ElectroMagnetic Protection, Equipment, Standards & Techniques
Transient ElectroMagnetic Pulse Emanation STandard
Telecommunications Electronics Material Protected from Emanating Spurious Transmissions
Subscribe to:
Posts (Atom)