Be a loving person rather than in a love relationship because relationships happen one day and disappear another day. They are flowers; in the morning they bloom, by the evening they are gone. But people find it very difficult to be a loving person, a loving soul, so they create a relationship and be fool that way that "Now I am a loving person because I am in a relationship". And the relationship may be just one of monopoly, possessiveness and exclusiveness. The relationship is needed only because love is not there. Relationship is a substitute. Become alert! Relationship destroys love, destroys the very possibility of its birth.
Monday, 24 February 2014
Hello there, Welcome to our blog. How you all are, Hope you
all doing great. On our blog you will find support for tech, hacking and social
tweaks. We provide networking solutions for any type of problem. You can
contact us through this blog. We will do whatever we can do for your problem.
have you checked last article at our blog about:
Apple's SSL bug explained, and one unofficial patch for OS
At the end of last week, Apple published iOS 7.0.6, a security update for its mobile devices.
The update was a patch to protect iPhones, iPads and iPods against what Apple described as a "data security" problem:
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLSDescription: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.CVE-ID CVE-2014-1266
Apple didn't say exactly what it meant by "a privileged network position," or by "the authenticity of the connection," but the smart money - and my own - was on what's known as a Man-in-the-Middle attack, or a MitM.
MiTM attacks against unencrypted websites are fairly easy.
If you run a dodgy wireless access point, for example, you can trick users who think they are visiting, say, http://example.com/ into visting a fake site of your choice, because you can redirect their network traffic.
You can then fetch the content they expect from the real site (you are the MitM, after all), feed it back to them with tweaks, modifications and malware, and they may be none the wiser.
But if they visit https://example.com/ then it's much harder to trick them, because your MitM site can't provide the HTTPS certificate that the official site can.
More precisely, a MitM site can send someone else's certificate, but it almost certainly can't produce any cryptographic "proof" that it has possession of the private key that the certificate is meant to validate.
So your visitors end up with a certificate warning that gives away your trickery.
At least, your visitors get a warning if the application they are using actually notices and reports the certificate problem.
→ Recent research suggested that about 40% of mobile banking apps do not check HTTPS certificates properly, or at least do not warn if an invalid certificate is presented. This led us to advise our readers to stick to their desktops or laptops for internet banking. Certificate warnings are important.
What was wrong with Apple's SSL code?
Apple's reluctance to give away too much is perhaps understandable in this case, but the result was to send experts scurrying off to fill in the blanks in HT6147, the only official detail about this risky-sounding bug.
The problem soon came to light, in a file called sslKeyExchange.c in version 55741 of the source code for SecureTransport, Apple's offical SSL/TLS library.
The buggy codepath into this file comes as a sequence of C function calls that start off in SecureTransport's sslHandshake.c.
The bad news is that the bug applies to both iOS and OS X, and although the bug was patched in iOS, it is not yet fixed in OS X.
If you'd like to follow along, you need to make your way through these function calls:
SSLProcessHandshakeRecord()-> SSLProcessHandshakeMessage()
The ProcessHandshakeMessage function deals with a range of different parts of the SSL handshake, such as:
-> SSLProcessClientHello()-> SSLProcessServerHello()-> SSLProcessServerKeyExch-> SSLProcessCertificate()ange()
This last function is called for certain sorts of TLS connection, notably where forward secrecy is involved.
That's where the server doesn't just use its regular public/private keypair to secure the transaction, but also generates a so-called ephemeral, or one-off, keypair that is used as well.
→ The idea of forward secrecy is that if the server throws away the ephemeral keys after each session, then you can't decrypt sniffed traffic from those sessions in the future, even if you acquire the server's regular private key by fair means (e.g. a subpoena) or foul (e.g. by bribery or cybertheft).
Now the C code proceeds as follows:
SSLProcessServerKeyExchange()-> SSLDecodeSignedServerKeyExchange()-> SSLDecodeXXKeyParams()nedServerKeyExchangeTls12() OTHERWISE -> SSLVerifySiIF TLS 1.2 -> SSLVerifySiggnedServerKeyExchange()
And theSSLVerifySignedServerKeyExchange function, found in thesslKeyExchange.c file mentioned above, does this:
. . .hashOut.data = hashes + SSL_MD5_DIGEST_LEN;hashOut.length = SSL_SHA1_DIGEST_LEN;0) goto fail; if ((err = ReadyHash(&if ((err = SSLFreeBuffer(&hashCtx)) ! =SSLHashSHA1, &hashCtx)) != 0) goto fail;tRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(if ((err = SSLHashSHA1.update(&hashCtx, &clie n&hashCtx, &serverRandom)) != 0) goto fail;arams)) != 0) goto fail; goto fail; /* MISTAKE! THISif ((err = SSLHashSHA1.update(&hashCtx, &signed P LINE SHOULD NOT BE HERE */ if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail;err = sslRawVerify(...);. . .
You don't really need an knowledge of C, or even of programming, to understand the error here.
The programmer is supposed to calculate a cryptographic checksum of three data items - the three calls to SSLHashSHA1.update() - and then to call the all-important function sslRawVerify().
If sslRawVerify() succeeds, then err ends up with the value zero, which means "no error", and that's what the SSLVerifySignedServerKeyExchange function returns to say, "All good."
But in the middle of this code fragment, you can see that the programmer has accidentally (no conspiracy theories, please!) repeated the line goto fail;.
The first goto fail happens if the if statement succeeds, i.e. if there has been a problem and therefore err is non-zero.
This causes an immediate "bail with error," and the entire TLS connection fails.
But because of the pecadilloes of C, tthe second goto fail, which shouldn't be there, always happens if the first one doesn't, i.e. if err is zero and there is actually no error to report.
The result is that the code leaps over the vital call to sslRawVerify(), and exits the function.
This causes an immediate "exit and report success", and the TLS connection succeeds, even though the verification process hasn't actually taken place.
What an attacker can do
An attacker now has a way to trick users of OS X 10.9 into accepting SSL/TLS certificates that ought to be rejected, though admittedly there are several steps, and he needs to:
- Trick you into visting an imposter HTTPS site, e.g. by using a poisoned public Wi-Fi access point.
- Force your browser (or other software) into using forward secrecy, possible because the server decides what encryption algorithms it will support.
- Force your browser (or other software) into using TLS 1.1, possible because the server decides what TLS versions it will allow.
- Supply a legitimate-looking TLS certificate with a mismatched private key.
Safari on OS X is definitely affected, because it makes use of the buggy version of SecureTransport.
You can work out if a application is affected by this bug by using the Apple'sotool program, which is a handy utility for digging version details out of object files and code libraries.
You use the -L option, which display the names and version numbers of the shared libraries that a program uses:
That's only a start, since the Safari app is just a wrapper for the Safari.framework, which we need run through tt> otool in its turn:
Other popular apps that link to the buggy library include, in no particular order: Mail, Numbers, Keynote, Pages, Preview and Calendar.
Clearly, not all of these apps put you in quite the same immediate danger as Safari, but the list presents a good reminder of why shared libraries are both a blessing (one patch fixes the lot) and a curse (one bug affects them all).
Popular apps in which encryption is important but that don't seem to have this problem include: Firefox, Chromium (and Chrome), Thunderbird and Skype.
What to do?
The good news is that Apple has broken its usual code of silence, by which it "does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available."
Reuters reports that an official Apple spokesperson, Trudy Muller, has gone on the record to say, "We are aware of this issue and already have a software fix that will be released very soon."
Sadly, she didn't define "very soon," but you should watch for this patch and apply it as soon as you can.
→ When you update, be sure to follow the advice below about avoiding insecure networks. The Software Update app uses the buggy Security library!
We suggest that you try any or all of the following:
Avoid insecure networks
Connecting to other people's Wi-fi networks, even if they are password protected, can be dangerous.
Even if you trust the person who runs the network - a family member or a friend, perhaps - you also need to trust that they have kept their access point secure from everyone else.
If you are using your computer for business, consider asking your employer to set you up as part of the company's VPN (virtual private network), if you have one.
This limits your freedom and flexibility very slightly, but makes you a lot more secure.
With a VPN, you use other people's insecure networks only to create an encrypted data path back into the company network, from where you access the internet as if you were an insider.
Use a web filtering product that can scan HTTPS traffic
Products like the Sophos Web Appliance and Sophos UTM can inspect HTTPS traffic - ironically by decrypting and re-encrypting it, but without any certificate shenanigans like a man-in-the-middle crook might try.
Because the Sophos web filtering products do not use Apple's libraries, or even Apple's operating system, they are not vulnerable to the certificate trickery described above, so certificate validation will fail, as it should.
Switch to an alternative browser
Alternative browsers such as Firefox and Chromium (as well as Chrome) use their own SSL/TLS libraries as a way of making the applications easier to support on multiple operating systems.
In this case, that has the effect of immunising them against the bug in Apple's SecureTransport library.
You can switch back to Safari after Apple's patch is out.
Try this completely unofficial patch!
(Only kidding. You wouldn't dream of applying a little-tested hack to an important system library, would you?)
This patch exists only:
- To demonstrate that emergency "fixes" don't always fix, but often can only work around problems.
- To show what C code looks like when compiled to assembler.
- To give some insight into how unauthorised hacks, for good and bad, can be achieved.
- To introduce the OS X codesign utility and Apple's code signing protection.
- For fun.
By all means take a look - but for research purposes only, of course.
Subscribe to:
Post Comments (Atom)
Search
Popular Posts
-
After studying or while studying, you may to work or you many want to have rather you would like to have some job experience. That will sur...
-
Have you heard about, facebook has overtaken whatsapp. What you think out of it. Hello, there, facebook is using whatsapp. I will be tak...
-
hello folks!, how you are all, this time i'm here to share some queries about OSI and TCP/IP model. Query 1 according to you, Wh...
-
Hello everyone, I'm back with hacking tutorial. This time i'm introducing to you how to hack facebook account using simple text ...
-
Hello there, Welcome to our blog. How you all are, Hope you all doing great. On our blog you will find support for tech, hacking and socia...
-
Apple is one of the most chosen products by people. Time by time it had produced such a concepts that has stunned most of us. Here as it...
-
Access Control Lists Introduction Hello everyone. How are you all. This time i'm going to discuss about Access control list with ...
-
Hello there, Welcome to our blog. How you all are, Hope you all doing great. On our blog you will find support for tech, hacking and so...
-
Social media is very important part of our life. I mean everyone's life. We can't have our food digest until we don't chat for...
-
Certified Ethical hacking Hello Folks, How ...
Categories
Account Hacking
ACL
Adobe Flash Player
algorithms
Android
APPS AND SOFTWARE
Basic Networking
Bluetooth Hacking
BREAKING NEWS
Bus Tupology
CCNA
ccna discovery
ccna exploration
CCNA Security
CCNA1
CCNA2
CCNA3
CCNA4
Cloud Storage
Credit Card Hacking
Cyber Criminal
Cyber security
DEVELOPERS
Encrypted Password
Encryption
facebook
FTP
FTP Server
GOOGLE GLASS
Google Hacking
hacking tool
internet and network security
Mark Zuckerberg
Media Hacked
NASA
Network Hacking
packet tracer tutorial
Port security
Programming
SOCIAL MEDIA
SOCIAL NETWORKS
Blog Archive
Get Content For Your Website
Get a 150-300 word article written for : $1.50
Get a 700-1000+ word article written for : $5.00
Have a 150-300 word article rewritten for : $1.25
Have a 700-1000+ word article rewritten for : $4.25
Get a 700-1000+ word article written for : $5.00
Have a 150-300 word article rewritten for : $1.25
Have a 700-1000+ word article rewritten for : $4.25
0 comments:
Post a Comment