Eikonal Blog

2012.04.27

Logon Banners

Filed under: infosec, security hardening, web security — Tags: , , , , , , — sandokan65 @ 15:06
  • On Linux systems, put pre-login banner text in the files /etc/banner, /etc/issue, and /etc/issue.net; and the after-login banner in /etc/motd.
  • For OpenSSH servers (e.g. on Linux systems), activate the banner use (by SSH/SFTP/SCP) by including following (uncommented) line in /etc/ssh/sshd_config:
    Banner /etc/banner
  • TELNET:
    • On Linux, if Kerberized TELNET is used, edit /etc/xinetd.d/krb5-telnet to add following line:
      banner = /etc/issue
    • Older versions of TELNET may be using /etc/default/telnetd containing the block:
        BANNER="\\n
        nThis should be a telnet banner\\n
        n"
        
  • FTP:
    • If gssftp is used (on Linux), edit /etc/xinetd.d/gssftp to add following line:
      banner = /etc/issue
    • If wu-ftpd is used (on Linux), edit /etc/ftpaccess to add following line:
      banner = /etc/issue
    • FTP may be using /etc/ftpd/banner.msg (or any file external to /etc/ftpd/ftpaccess) by specifying following line:
      banner /etc/ftpd/banner.msg

      in /etc/ftpd/ftpaccess.

2012.02.14

OpenSSL

  • HTTPS server banner:

      openssl s_client -connect:IPAddress:443

    after connection is established, type in “HEAD / HTTP/1.0” and press enter.

    Alternative:

      echo -e "HEAD / HTTP/1.0\n\n" | openssl s_client -quiet -connect IPAddress:443

  • NTTPS server banner

      openssl s_client -connect:IPAddress:563
      

  • IMAPS server banner:

      openssl s_client -connect:IPAddress:993
      

  • POP3S server banner:

      openssl s_client -connect:IPAddress:995
      

  • Identifying SSL cyphers:

      openssl s_client -connect website:443 -cipher EXPORT40
      openssl s_client -connect website:443 -cipher NULL
      openssl s_client -connect website:443 -cipher HIGH
      

  • Generating password hash four unix:

      openssl passwd -1 -salt QIGCa pippo
      

    output: $1$QIGCa$/ruJs8AvmrkmzKTzM2TYE.

  • Converting a PKCS12-encoded (or .pfx) certificate to PEM format:

      openssl pkcs12 -in CertFile.p12  -out NewCertFile.pem   -nodes. -cacerts
      

  • Converting a DER-encoded certificate to PEM format:

      openssl x509  -in CertFile.crt.  -inform DER  -out NewCertName.pem   -outform PEM
      

  • Download a proxy’s public certificate:

      openssl s_client-connect ProxyHostname:port   proxycert.pem
      

  • Create a key:

      openssl genrsa -des3 -out server.key 1024
      

  • Create a CSR (certificate signing request):

      openssl req -new -key server.key -out server.csr
      

  • Remove a password from a key:

      cp server.key server.key.org
      openssl rsa -in server.key.org -out server.key
      

  • Sign the CSR and create the certificate:

      openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
      cat server.crt server.key > certificate.pem
      

  • Encrypting a file:

      cat INFILE | openssl aes-256-ecb -salt -k PASSWORD > INFILE.ssl
      

  • Decrypting a file:

      cat INFILE.ssl | openssl aes-256-ecb -d -k PASSWORD > INFILE
      

2011.06.20

Web applications

Mozilla Prism (aka WebRunner) & Chromeless

Embedded IE


Related here: HTML5 – https://eikonal.wordpress.com/2011/03/04/html5/ | Scripting user interfaces – https://eikonal.wordpress.com/2010/07/22/scripting-user-interfaces/

2011.04.08

Geolocation

  • “SimpleGeo Makes Location Data Free, Complicates Smartphone Tracking Worries” by Kit Eaton (Fast Company; 2011.04.22) – http://www.fastcompany.com/1749262/simplegeo-makes-location-data-free-complicates-smartphone-tracking-worries
  • “Involuntary Geolocation To Within One Kilometer” 9SlashDot; 2011.04.08) – http://yro.slashdot.org/story/11/04/08/1245244/Involuntary-Geolocation-To-Within-One-Kilometer
      Schneier’s blog tips an article about research into geolocation that can track down a computer’s location from its IP address to within 690 meters on average without voluntary disclosure from the target. Quoting: “The first stage measures the time it takes to send a data packet to the target and converts it into a distance – a common geolocation technique that narrows the target’s possible location to a radius of around 200 kilometers. Wang and colleagues then send data packets to the known Google Maps landmark servers in this large area to find which routers they pass through. When a landmark machine and the target computer have shared a router, the researchers can compare how long a packet takes to reach each machine from the router; converted into an estimate of distance, this time difference narrows the search down further. ‘We shrink the size of the area where the target potentially is,’ explains Wang. Finally, they repeat the landmark search at this more fine-grained level: comparing delay times once more, they establish which landmark server is closest to the target.”
  • “Internet probe can track you down to within 690 metres” by Jacob Aron(NewScientist; 2011.04.05) – http://www.newscientist.com/article/dn20336-internet-probe-can-track-you-down-to-within-690-metres.html
      Online adverts could soon start stalking you. A new way of working out where you are by looking at your internet connection could pin down your current location to within a few hundred metres.
  • “Pinpointing a Computer to Within 690 Meters” by Bruce Schneier (2011.04.08) – http://www.schneier.com/blog/archives/2011/04/pinpointing_a_c.html

Related here:

2011.02.28

Code analysis, Debugging and reverse engineering / Code security

Tools

More

2011.01.13

Declawing Cookies


Disabling Flash cookies (LSOs)

2010.12.22

SSL tools

Filed under: crypto, infosec, web security — Tags: , — sandokan65 @ 12:12

Library of embeded devices’ hard-wired SSL keys

2010.12.06

Web-Cookies Security

Best practices

  • For the most secure result, the standard session management cookie should be a “session” cookie that expires as soon as the Web browser is closed. Furthermore, the server should enforce a fairly short maximum lifetime on sessions even if the browser remains open. (source: [2])

Session tracking mechanisms

Evercookies

  • Evercookies – http://samy.pl/evercookie/
      Following session (cookie-like) information can be stored:

      • Standard HTTP Cookies
      • Local Shared Objects (Flash Cookies)
      • Silverlight Isolated Storage
      • Storing cookies in RGB values of auto-generated, force-cached
      • PNGs using HTML5 Canvas tag to read pixels (cookies) back out
      • Storing cookies in Web History
      • Storing cookies in HTTP ETags
      • Storing cookies in Web cache
      • window.name caching
      • Internet Explorer userData storage
      • HTML5 Session Storage
      • HTML5 Local Storage
      • HTML5 Global Storage
      • HTML5 Database Storage via SQLite
      • Caching in HTTP Authentication
      • Using Java to produce a unique key based off of NIC info

  • Google search – http://www.google.com/search?q=evercookie

Testing security of web services (Web services security testing)

Blog at WordPress.com.