KRACK Attacks: Breaking WPA2

WiFi is broken. The only thing we can do now is wait for updates from the vendors. If you thing about the amount of devices we put online using WiFi, do they all need an update? And how will a consumer know when he need to update something? Will there be a tool that consumers can use to scan there WiFi networks for vulnerable devices like security cameras, televisions or network attached storages?

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.


XSS in a certificate signing request

Web application developers will all know, never to trust the input of the users of the web application. But what if you do not really know what they are submitting?

While investigating some form fields in our application, I came across a form for checking a certificate signing request (CSR) which you need to order a SSL / TLS certificate.

A certificate signing request is an encoded file with the information to request a certificate from a certificate authority (CA) or a reseller of that CA. You will need to create that file yourself and put in the information that you want.

Read more

Install and use Lynis

Hardening you Linux and BSD based systems is an important job. Lynis can help you with this! I use Ubuntu 16.04 on my workstation and server, so I you use another on Linux, BSD or macOS based system, you maybe have to change some instructions.

About Lynis

Lynis is an open source security and hardening tool for system administrators, auditors and researchers. With integrated compliance testing for, for example, HIPAA, ISO27001 and PCI DSS, Lynis makes a great tool for compliance auditors. Especially when you combine this with Lynis Enterprise for reporting, monitoring and tips for a complaint and secure systems. Lynis can run on most GNU/Linux and BSD based operating systems. It is completely written in shell and it is GPLv3 licensed.

Read more