Quantum Cryptography In-band Attack

October 6, 2008 by Eliot 10 Comments

Quantum cryptography is an emerging field, but low install base hasn’t kept researchers from exploring attacks against it. It’s an attractive technology because an attacker sniffing the key exchange changes the quantum state of the photons involved. All eavesdroppers can be detected because of this fundamental principal of quantum mechanics.

We’ve seen theoretical side-channel attacks on the hardware being used, but had yet to see an in-band attack until now. [Vadim Makarov] from the University of Science and Technology in Trondheim has done exactly that (Internet Archive). Quantum key distribution systems are designed to cope with noise and [Makarov] has taken advantage of this. The attack works by firing a bright flash of light at all the detectors in the system. This raises the amount of light necessary for a reading to register. The attacker then sends the photon they want detected, which has enough energy to be read by the intended detector, but not enough for the others. Since it doesn’t clear the threshold, the detectors don’t throw any exceptions. The attacker could sniff the entire key and replay it undetected.

This is a very interesting attack since it’s legitimate eavesdropping of the key. It will probably be mitigated using better monitoring of power fluctuations at the detectors.

[via I)ruid]

Avoiding OS Fingerprinting In Windows

October 4, 2008 by Eliot 12 Comments

[Irongeek] has been working on changing the OS fingerprint of his Windows box. Common network tools like Nmap, P0f, Ettercap, and NetworkMiner can determine what operating system is being run by the behavior of the TCP/IP stack. By changing this behavior, you can make your system appear to be another OS. [Irongeek] started writing his own tool by checking the source of Security Cloak to find out what registry keys needed to be changed. His OSfuscate tool lets you define your own .os fingerprint file. You can pretend to be any number of different systems from IRIX to Dreamcast. Unfortunately this only works for TCP/IP. Other methods, like Satori‘s DHCP based fingerprinting, still work and need to be bypassed by other means. Yes, this is just “security through obscurity”, but it is something fun to play with.

Helix V2.0 Released

October 2, 2008 by Caleb Kraft 20 Comments

Helix 2.0 has been released. Helix is a collection of various tools for electronic forensics. Just like on TV, you can use this to find all kinds of information on a computer. Some of the useful tools added were Winlockpwn a tool for breaking windows security, Volitility which processes data out of the raw memory, and several other tools that are beyond our comprehension.

You’ve undoubtedly noticed that the title says Helix V2.0, but the image and header of the Helix site say 3. We have no idea why. Look at the download info to see that it says V2.0.

[Via Midnight Research labs]

System Admin Steals 20,000 Items From Work

October 2, 2008 by Caleb Kraft 32 Comments

Over the course of 10 years, [Victor Papagno] stole 19,709 pieces of equipment from the Naval Research Laboratory. He began taking stuff home in 1997 and had so much that he had to store some in a neighbors house. The report says that no secret technological information was taken. Some items listed were CDs, hard drives, floppy disks, adding up to an estimated value of 1.6 million dollars. He could face up to two years in prison for this. We shudder to think of the total cost of all the post its, CDs, and floppy disks we’ve taken home over the years.

[via NetworkWorld]
[photo: Blude]

Remote Access Programs Are Good Security For Laptops

October 1, 2008 by Kimberly Lau 28 Comments

Don’t be [Gabriel Meija], the criminal pictured above. He stole [Jose Caceres]’ laptop, but didn’t realize that [Caceres] had installed a remote access program to track the activity on the laptop. Although the first few days were frustrating, as [Meija] didn’t seem to be using the laptop for anything but porn, [Caceres]’ luck turned when he noticed that an address was being typed in. [Caceres] turned the information over to police, who were able to find [Meija] and charge him with fourth-degree grand larceny. It’s not the first time that tech-savvy consumers have relied on remote access programs to capture the criminals who’ve stolen their computer equipment, and it certainly won’t be the last, as the technology becomes more readily available to consumers.

[via Obscure Store and Reading Room]

44% Of Used Phones Contain Sensitive Data

October 1, 2008 by Caleb Kraft 11 Comments

In a recent study, researchers were able to garnish all kinds of sensitive data from second hand mobile devices. Of the units tested, 44% contained information such as salary details, bank account information, business plans, personal medical details, personal insults, and address book data. Next time you get a used device, take a good look around. You never know what you may find.

[via Zero Day]

Cloning And Modifying E-Passports

September 30, 2008 by Caleb Kraft 8 Comments

[googlevideo=http://video.google.com/videoplay?docid=-3185369830560352967&hl=de]

[THC/vonJeek] have released an application that allow you to backup and modify E-Passport data. Check out the video of Elvis checking in at the airport. Apparently there is no way for the machine to know if the passport has been tampered with.

[via Schneier]