|
Kuvo posted:https://twitter.com/matt_odell/status/974384961603231744 What the hell? It’s slightly distressing that it’s only about 3 days for the 6 digit code to be broken. Brb, setting up pass phrase.
|
#
?
Mar 16, 2018 02:23
|
|
|
|
| # ? Jun 1, 2024 21:38 |
|
|
BangersInMyKnickers posted:DH implementations aren't looking so hot these days so I'd probably drop them entirely for ECDH, there are very few clients that support DH that don't also support ECDH and if its legacy RSA is still an ok fallback. We'll see what's going on with curve availability, hopefully MS starts adding some additional modern curves instead of just x25519 i disabled DH on several of our servers because as i understand you can't change DH params with schannel so disabling DH is the only way to mitigate that DH vulnerability whose name escapes me.
|
|
#
?
Mar 16, 2018 02:30
|
|
|
Avenging_Mikon posted:What the hell? It’s slightly distressing that it’s only about 3 days for the 6 digit code to be broken. Brb, setting up pass phrase. I mean that's only 1,000,000 combinations to run through. three days gives a rate of slightly under four guesses per second which is pretty drat terrible. a six digit alphanumeric passphrase not in its dictionary of commonly used words would take about 225 years on average to crack at that rate.
|
|
#
?
Mar 16, 2018 03:09
|
|
|
Yeah, it’s just I swapped to 6 from 4 like 3 months ago because I started taking security more seriously for my own stuff. And then this put in stark relief how that was still insufficient. So, now over 10 characters.
|
|
#
?
Mar 16, 2018 03:14
|
|
|
quote:For most people in the US, law enforcement agents are people to be trusted. firstly, nope
|
|
#
?
Mar 16, 2018 03:18
|
|
|
what seems strange is that it "processes" the phone while disconnected. wonder if there is some firmware bug that they're exploiting and that the device will stop working once apple become aware of the exact bug and patch it
|
|
#
?
Mar 16, 2018 03:27
|
|
|
ymgve posted:what seems strange is that it "processes" the phone while disconnected. wonder if there is some firmware bug that they're exploiting and that the device will stop working once apple become aware of the exact bug and patch it Going to guess that apple has bought one or more of the devices and are working out how it works. Would not be surprised if Google bought a few as well to see what they can learn from it.
|
|
#
?
Mar 16, 2018 03:29
|
|
|
ymgve posted:what seems strange is that it "processes" the phone while disconnected. wonder if there is some firmware bug that they're exploiting and that the device will stop working once apple become aware of the exact bug and patch it yes to both i imagine
|
|
#
?
Mar 16, 2018 03:32
|
|
|
Zil posted:Going to guess that apple has bought one or more of the devices and are working out how it works. Would not be surprised if Google bought a few as well to see what they can learn from it. i doubt they'd sell it to apple or anyone within like 5 degrees of separation of apple, hell it's probably like a stingray where you're not even allowed to look at the thing from across the room if you're not enough of a cop. not that apple can't find ways around it, but it'd probably take time is all and yeah i guarantee apple will eventually patch whatever bug they're exploiting and these will become $30k bricks 
|
|
#
?
Mar 16, 2018 04:14
|
|
|
not sure exactly who's hosed up here but someone has...quote:The chief executive of a company that created highly-secure smartphones allegedly used by some of the world's most notorious criminals has been indicted. like, i know the war on drugs is hosed but i'm assuming to make these charges stick this company must have been specifically reaching out to the cartels?
|
|
#
?
Mar 16, 2018 08:13
|
|
|
goddamnedtwisto posted:not sure exactly who's hosed up here but someone has... motherboard seems to have broke the story a week ago and it seems like the company was specifically created to provide telecom security to the Sinaloa Cartel. features: -removed camera, mic, gps - added pgp encryption and servers in Panama and other countries not complying with US requests - remote wipe capabilities how to get busted by the Mounties: - assure anyone who asks, that it's safe to send messages such as "I have an MDMA delivery for you" - assist your new customer when they tell you their buddies phone needs to be wiped because he's been busted - https://motherboard.vice.com/en_us/article/a34b7b/phantom-secure-sinaloa-drug-cartel-encrypted-blackberry Media Bloodbath fucked around with this message at 08:26 on Mar 16, 2018 |
|
#
?
Mar 16, 2018 08:18
|
|
|
anandtech did an interview with cts labs. IC and DK are the anandtech interviewers in this snippetquote:IC: It was stated that, and I quote, that ‘this is probably as bad as it gets in the world of security’. These vulnerabilities are secondary attack vectors and require admin level access and they also do not work in virtualized environments (because you can’t update a BIOS or chip firmware from a virtual machine) without having metal access which is typically impossible in a VM environment. What makes these worse than primary level exploits that give admin access? https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs Condiv fucked around with this message at 09:19 on Mar 16, 2018 |
|
#
?
Mar 16, 2018 09:16
|
|
|
"So, isn't this flaw with suitcases a bit less serious because by the time you can exploit it, you have unlocked it and can steal the contents?" "Yeah, but you could MODIFY THE SUITCASE" "Okay, let's talk about enterprises." "FLOORS OF SUITCASES!" "...but enterprises use lockboxes in vaults" "Yes, enterprises have FLOORS OF SUITCASES!" I'm new to this, but is my interpretation correct here?
|
|
#
?
Mar 16, 2018 16:23
|
|
|
Cocoa Crispies posted:some sectors see availability as more important than security, which makes sense when you think of lost of big business security consulting/systems/products that just neglect availability (one of the CIA services) when not purposely shithousing it If those dipshits really valued availability then they would be standardizing on code signing/applocker or similar technologies so only known, trusted code executes in the environment. Instead they use the shield of "UPTIME UPTIME UPTIME" to not do any loving due diligence and make a trivially exploitable target despite there being plenty of controls that align with their operating model. The energy sector is a joke and its going to get people killed when someone does a concerted effort to attack it BangersInMyKnickers fucked around with this message at 16:50 on Mar 16, 2018 |
|
#
?
Mar 16, 2018 16:46
|
|
|
Condiv posted:anandtech did an interview with cts labs. IC and DK are the anandtech interviewers in this snippet
|
|
#
?
Mar 16, 2018 16:47
|
|
|
BangersInMyKnickers posted:If those dipshits really valued availability then they would be standardizing on code signing/applocker or similar technologies so only known, trusted code executes in the environment. Instead they use the shield of "UPTIME UPTIME UPTIME" to not do any loving due diligence and make a trivially exploitable target despite there being plenty of controls that align with their operating model. The energy sector is a joke and its going to get people killed when someone does a concerted effort to attack it
|
|
#
?
Mar 16, 2018 17:04
|
|
|
BurntCornMuffin posted:"So, isn't this flaw with suitcases a bit less serious because by the time you can exploit it, you have unlocked it and can steal the contents?" the persistence thing would be genuinely alarming.... ...but nobody uses amd chips for anything so it's moot not so much "floors of suitcases" as "zero suitcases found in the wild"
|
|
#
?
Mar 16, 2018 17:10
|
|
|
i must have missed something where did they ever describe an exploit focused on lateral movement? all of the exploits are focused on persistence, or secret extraction well past where network credentials would normally be protected [/quote] i don't think they did until someone pointed out "that's not actually that interesting" and they went "b-b-but what if you use it to hack other things!"
|
|
#
?
Mar 16, 2018 17:12
|
|
|
 i'm not going to touch the poop but I hope they're doing some additional verification that the turbotax user matches the robinhood user whose documents are being requested, because lol at that authentication procedure
|
|
#
?
Mar 16, 2018 18:06
|
|
|
Wiggly Wayne DDS posted:i must have missed something where did they ever describe an exploit focused on lateral movement? all of the exploits are focused on persistence, or secret extraction well past where network credentials would normally be protected they didn't publicly, in their original private release they effectively PoC'd mimikatz on systems with virtualization based security (most new computers) this "lateral movement" one is just a credential guard defeat. these guys sort of suck at marketing their own exploits... I wonder if they just stole them from the Israeli military or something Daman fucked around with this message at 19:40 on Mar 16, 2018 |
|
#
?
Mar 16, 2018 19:38
|
|
|
ymgve posted:what seems strange is that it "processes" the phone while disconnected. wonder if there is some firmware bug that they're exploiting and that the device will stop working once apple become aware of the exact bug and patch it my guess is that it jailbreaks and installs some brute force script so that you can run on a bunch of devices at once. double ultra paranoid mode: there's an exploit that lets them bypass password protection entirely, it just has an artificial delay that they let certain clients skip
|
|
#
?
Mar 16, 2018 20:03
|
|
|
vOv posted:my guess is that it jailbreaks and installs some brute force script so that you can run on a bunch of devices at once. yeah that's what I'm guessing. it's probably triggering DFU mode or something similar and installing a fake patch that either bypasses limits on queries to the secure enclave or uses the phone gpu/cpu to crack itself. the description of unplugging the phone and then taking hours or days to get a password makes it sound like it's not doing anything particularly clever beyond gaining the ability to run unsigned code; an exclave exfil exploit would not require that kind of time
|
|
#
?
Mar 16, 2018 20:09
|
|
|
i'm curious if it can bypass the '10 tries and the phone wipes' thing, i have no clue what level that's implemented at
|
|
#
?
Mar 16, 2018 20:13
|
|
|
vOv posted:i'm curious if it can bypass the '10 tries and the phone wipes' thing, i have no clue what level that's implemented at my guess is that theyve figured out a low level code injection that does the race condition PIN check thing that people were loving with last year, just fire and forget and let that run
|
|
#
?
Mar 16, 2018 20:43
|
|
|
Jonny 290 posted:my guess is that theyve figured out a low level code injection that does the race condition PIN check thing that people were loving with last year, just fire and forget and let that run
|
|
#
?
Mar 16, 2018 20:51
|
|
|
Jonny 290 posted:my guess is that theyve figured out a low level code injection that does the race condition PIN check thing that people were loving with last year, just fire and forget and let that run that or they stole a cert from apple. which would be hilarious.
|
|
#
?
Mar 16, 2018 20:54
|
|
|
Midjack posted:that or they stole a cert from apple. which would be hilarious. It wouldn't be so slow in that case.
|
|
#
?
Mar 16, 2018 21:11
|
|
|
apseudonym posted:It wouldn't be so slow in that case.
|
|
#
?
Mar 16, 2018 21:51
|
|
|
anthonypants posted:if they're selling to cops then they absolutely have to make it slower than it actually is I’m sure the 3 days number is variable, but it’s at least nice that it would be time for an emergency defence motion to be processed
|
|
#
?
Mar 16, 2018 21:54
|
|
|
Media Bloodbath posted:motherboard seems to have broke the story a week ago and it seems like the company was specifically created to provide telecom security to the Sinaloa Cartel. lol okay fair enough, at least have the sense to pretend like you're just selling to privacy-minded individuals scared of corporate espionage rather than literally making dealerphone 1.0 intrigued they based it on blackberry - just a convenient choice or is the fact they were always meant to be used in corp environments helpful?
|
|
#
?
Mar 16, 2018 22:02
|
|
|
goddamnedtwisto posted:lol okay fair enough, at least have the sense to pretend like you're just selling to privacy-minded individuals scared of corporate espionage rather than literally making dealerphone 1.0 yes, basically blackberrys were designed to be easy to lock down and manage centrally. they also have pgp and s/mime stuff built into the standard messaging client with an idiot proof user interface so you can handle everything on private servers relatively easily and do things like completely block all non-encrypted email, which is probably attractive to this customer set.
|
|
#
?
Mar 16, 2018 22:34
|
|
|
Jonny 290 posted:my guess is that theyve figured out a low level code injection that does the race condition PIN check thing that people were loving with last year, just fire and forget and let that run oh yeah i vaguely remember something about that? like you shut it off immediately after the check fails but before it increments the counter
|
|
#
?
Mar 16, 2018 23:31
|
|
|
apseudonym posted:It wouldn't be so slow in that case. not necessarily, the Secure Enclave is supposedly set up so the hardware has no ability to output the UID key without running it through the key derivation function, and stuff online says apple set the number of rounds in the kdf run by the SE processor to take ~100ms per guess. only thing apple could do is update the firmware to remove the code that counts the number of failed attempts and to read the passcodes to try from a premade list, which seems to be exactly what this device does.
|
|
#
?
Mar 17, 2018 00:09
|
|
|
vOv posted:oh yeah i vaguely remember something about that? like you shut it off immediately after the check fails but before it increments the counter yeah. they were putting a transistor on the Vcc line from the battery so they could cut the power super fast
|
|
#
?
Mar 17, 2018 00:13
|
|
|
Adrian Lamo died.
|
|
#
?
Mar 17, 2018 00:14
|
|
|
Lain Iwakura posted:Yeah. I am sorry. I wish it didn't. I'll be writing the slides into a blog post hopefully soon. I am in the midst of moving so I have some stuff on my plate No worries, it's still a pretty decent talk and I was able to learn a lot from it. Looking forward to the blog post.
|
|
#
?
Mar 17, 2018 00:15
|
|
|
spankmeister posted:Adrian Lamo died. More like lmao
|
|
#
?
Mar 17, 2018 00:17
|
|
|
ohgodwhat posted:More like lmao
|
|
#
?
Mar 17, 2018 00:18
|
|
|
Yeah I don't think anyone here will shed any tears over him. Although it's hosed up for someone to die at 37. It could also be some really hosed up April fool's prank idk. e: nvm ZDNet confirmed it http://www.zdnet.com/article/adrian-lamo-hacker-dies/ spankmeister fucked around with this message at 00:29 on Mar 17, 2018 |
|
#
?
Mar 17, 2018 00:23
|
|
|
|
| # ? Jun 1, 2024 21:38 |
|
|
Shifty Pony posted:not necessarily, the Secure Enclave is supposedly set up so the hardware has no ability to output the UID key without running it through the key derivation function, and stuff online says apple set the number of rounds in the kdf run by the SE processor to take ~100ms per guess. you can't update the firmware without the PIN, unless Apple really screwed something up or is lying
|
|
#
?
Mar 17, 2018 00:56
|
|
