Suramya's Blog

Visit suramya.com Who am I?

November 8, 2014

Be careful of software claiming to hide your data on your Phone

Filed under: Computer Security,My Thoughts — Suramya @ 11:59 PM

Yesterday (well, technically today) I was trying to find some data on my old phone to copy to my new phone so I decided to copy over all the folders from the phone to my desktop to make it easier to look through it. While I was going through the data I found a folder called .keepsafe under the Android/data folder so I looked in it cause I got curious and found some interesting data. Actually before I tell you what I found lets take a step back and go over what Keepsafe is: It is an app for both iOS and android that allows you to hide photos/files on your phone and then only people with the correct PIN can view them. From their site: “You lock your rings in a jewelry box. You lock your certificates in a cabinet. Now KeepSafe makes sure your personal files are locked down and hidden, using privacy features such as PIN Pad and Fake PIN.” I had installed this version of Keepsafe a few years ago to try it out but had since uninstalled it as I didn’t find it useful.

Coming back to the folder and what I found. It had two files under it: .local and .email. The .email file had my email address in it but the contents of the .local file were shocking. It had my ‘secret pin’ in clear-text in the file. So anyone with some idea of how apps store data and access to a file browser would have been able to get my pin and view images/data that was supposed to have been protected.

Since this was an older version of the software I downloaded and installed the latest version on my S5 to see if the issue was still there. Thankfully someone at the company figured out that storing the data in clear-text was extremely stupid and in the latest version of the software the same two files are still there but the data is encrypted. Not sure how strong the encryption is because I don’t have the knowledge/skill set to try to figure that out. I did however identify where the files are being stored (they are all encrypted as well) so someone with the original image and an encrypted copy could potentially reverse engineer the encryption and assuming they are using a static encryption key decrypt the remaining files as well.

Moral of the story is that if you want to ‘hide’ data on your phone be very careful of the software you use to do it. Ideally you should avoid storing any data that is sensitive on the phone. There are plenty of ways to get access to the data if someone is interested and has time. This is not an isolated case of a badly written software, There are other cases as well where other software was found to have similar amazing security. So be careful out there.

I did find some more interesting data on the phone that I will take a stab at when I get some time.

Well this is all for now. Will write more later.

– Suramya

November 7, 2014

Free Intro to Cryptography course for programmers

Filed under: Computer Security,Security Tutorials — Suramya @ 1:34 AM

Security pro Laurens Van Houtven has created a free introduction cryptography course to help programmers, by giving them a bird’s eye view of how cryptosystems work and teaching them to apply the same principles in real software. This is an extension of his talk given last year on breaking crypto.

Comes with everything you need to understand complete systems such as SSL/TLS: block ciphers, stream ciphers, hash functions, message authentication codes, public key encryption, key agreement protocols, and signature algorithms.

Learn how to exploit common cryptographic flaws, armed with nothing but a little time and your favorite programming language.

Forge administrator cookies, recover passwords, and even backdoor your own random number generator.

Check it out at: Crypto 101

Thanks to The Register for the link to this great resource.

– Suramya

November 3, 2014

Use Excel to Watch Movies at Work

Before I start, let me make it very clear: I don’t recommend that you do this at work. If you get fired for doing this then it is your fault. I take absolutely no responsibility. That being said, lets proceed. I found this very interesting because it shows that no matter how much you try to secure a system there is always a way around any restrictions people put in the system and the only truly secure system is one encased in a ton of concrete at the bottom of the ocean. In this case a user figured out how to use the VBA (Visual Basic for Applications) functionality in Excel to go around the restrictions placed on his computer by his company’s IT department to watch movies at work.

From a Hacker/ingenuity point of view I love this, but from a work perspective I don’t think this was such a good idea. If you really wanted to watch a movie at work then there are easier and safer options to do so; watching it on your phone or tablet is one option that comes to mind. I seriously doubt that his IT admin or his manager would be amused when they find out about this hack.

Behind the cascade of rectangles and in the land of the Excel macro, [AyrA_ch] took advantage of the program’s VBA (Visual Basic for Applications) functions to circumvent the computer’s restrictions. Although VBA typically serves the more-complex-than-usual macro, it can also invoke some Windows API commands, one of which calls Windows Media Player. The Excel file includes a working playlist and some rudimentary controls: play, pause, stop, etc. as well as an inspired pie chart countdown timer.

Hacking things is fun, but folks need to realize that they need stop being stupid about it. I am sure there is a lot of things I can do at work that I might not be supposed to but just because you can, doesn’t mean that you should.

Check out the original post on Reddit for a link to the file and a more detailed explanation.

Thanks to Hackaday.com for the story.

– Suramya

October 12, 2014

Take Orders From A Cat And Learn Cybersecurity

Here’s an interesting site that teaches Cybersecurity to folks in the form of a game. As you know cyber criminals are getting more and more sophisticated and the best way to counter that is to train more folks on the basic principles of Cyber Security. It is targeted towards children but is good fun for adults as well.

Take cybersecurity into your own hands. In this Lab, you’ll defend a company that is the target of increasingly sophisticated cyber attacks. Your task is to strengthen your cyber defenses and thwart the attackers by completing a series of cybersecurity challenges. You’ll crack passwords, craft code, and defeat malicious hackers.

Check it out at: NovaLabs Cybersecurity
Source: Popsci.com

– Suramya

October 10, 2014

Instead of wasting time playing Sudoku you should mine Bitcoins with Pencil and Paper

Filed under: Computer Related,Computer Security,Techie Stuff — Suramya @ 11:58 PM

Do you like to play Sudoko? If so then you should look at using paper and pencil to mine Bitcoins instead and make some money out of your hobby. A bloke named Ken Shirriff who is an engineer at google has created a video and a detailed blog post on how this can be done. Apparently it is a slow process but the algorithms for Bitcoin generation are easy enough to crunch.

Shirriff completed a round of SHA-256 in 16 minutes and 45 seconds at which rate a full Bitcoin block would take about a day and a half, less with more practice, he said.

“The SHA-256 algorithm is surprisingly simple to do by hand,” Shirriff said.

“In comparison, current Bitcoin mining hardware does several terahashes per second, about a quintillion times faster than my manual hashing.

All I can say is, go for it if you like crunching numbers… I know I won’t. :)

Source: Theregister.com

– Suramya

October 1, 2014

Erase Your iCloud Drive by reseting your iPhone settings

This has not been a good month for Tech, we are getting issues across the board on all fronts. First we had the iCloud hack (or fappenning as it was called). Then ShellShock hit followed by this new issue in iOS 8 where if you reset your iPhone settings your backups on the cloud also go bye-bye. Ouch! I hope if you are using the iCloud (or any cloud for that matter) you have a duplicate copy of your data somewhere else or you better not try to reset your phone.

The bug creeps up when you select Settings > General > Reset > Reset All Settings. Typically, this is just supposed to reset your network settings to give your iOS device a clean slate to work with, but it turns out it’s also deleting all your files from iCloud Drive.

The issue was discovered by members of the MacRumors forum. It just shows that no matter how much we try nothing is perfect and there are bugs in every system. The best way to ensure that don’t loose data is to store it in multiple places using multiple types of media/services.

I have a lot of my data backed up on a RAID array and am in the process of setting up a cloud server at home to sync it across different locations. I am not using Dropbox or other such services because I don’t want to trust my data to any external provider. Earlier I used to back up data on DVD’s/CD’s. Before that I used to store the data on Floppy disks.

Fun fact, I was recently looking for some code that I had written around 1998 and ended up searching through my old Floppy disks to find it. Interesting thing was that about 90% of the disks still worked and I was able to read the data without issues. (Well… no issues other then the fact that I had to buy a USB floppy drive as my mother board doesn’t have a connector for floppy drives…) I don’t see the same level of longevity in either DVD’s or CD’s so far. I haven’t tried Blue-Ray disks yet because of the cost and the fact that HDD’s are getting cheaper / larger.

Thanks to lifehacker.com for the initial links.

– Suramya

February 12, 2012

Google Wallet PIN cracked on Android devices

Filed under: Computer Related,Computer Security,My Thoughts — Suramya @ 8:53 PM

The past few days there has been a lot of press around the fact that the Google Wallet Pin was cracked on rooted android phones. Lots of people including computer programmers and technologists (who should frankly know better) have reacted to this by posting messages/comments equivalent to: “rooting is bad”, “rooting causes security holes” etc etc etc… Guess they have forgotten the simple rule of computer security: “physical access is total access”, basically it means that if I have physical access to a device I can get full access to it eventually.

This fact was demonstrated it quite nicely by the news that you don’t really need to root your phone to get your pin hacked, all you need to do is reset the application data.

The problem in both cases is caused by the fact that the Google Wallet’s pin is stored locally on the phone itself instead of online so if you can get access to it you can bruteforce it or if you clear the app data it removes the pin and lets you choose another.

One way of fixing the second issue would be to force the phone to link to the internet after the local cache is cleared to sync the pin with the online secure server instead of just letting a user choose a new one. The fix for the first case is a lot harder because you can’t have a wallet that requires the phone to be connected to the web everytime you use it, and if you store it locally then you are just asking for trouble.

Another way would be for the receiving side to validate the pin sort of line how we do it for credit cards but that doesn’t seem too feasible either. Or we could salt the pin with the user’s account info/do a dual encryption, first one requires the pin to unlock the second one requires the account password.

Now if I can come up with such solutions then I am sure the people at Google and the various banks working on this issue will come up with other more secure options. Its not the end of the world. yet. This is a new technology and like all new tech it has its teething issues and I am looking forward to the final fixed product.

– Suramya

March 28, 2010

Wikibooks has a open-content textbook on Cryptography

Filed under: Computer Security,Interesting Sites — Suramya @ 11:56 PM

I don’t know if you have heard about Wikibooks yet or not. If you haven’t then you are missing out on a great resource. Basically Wikibooks is a community for creating a free library of educational textbooks that anyone can edit. Sort of like Wikipedia but specifically for Books.

One of the books they have is a book on Cryptography that is quite easy to read and follow. At the time of this writing a lot of the sections in the book still have to be added but new content is added regularly and over time I think it will become a great resource for everyone.

Check it out.

– Suramya

February 27, 2010

How to use UDP Tunneling to avoid hotspot or firewall restrictions

Filed under: Computer Security,Knowledgebase — Suramya @ 11:59 PM

A lot of times when you connect to a wireless hotspot or a network there are restrictions in place which prevent you from accessing the web without some sort of authentication or restrict the kind of connections allowed. Usually that’s not a problem but at times you need to be able to bypass the restrictions.

In normal cases the firewalls in place usually allow outgoing connections to pass through but in some cases even outbound connections are blocked or you need to pay for access. In such cases you can use UDP Tunneling to bypass any restrictions.

Keep in mind that using such methods on a network will not endear you to your network administrator and if caught might cause you trouble. You might even end up in Jail. So don’t try to use this for anything illegal or to browse porn at work.

The way it works is that when you try to browse to a website your system sends a request to a name server on UDP Port 53. On a lot of hotspots/firewalls/proxies the system waits for the Name server to respond and when it gets a response it redirects you to a login page or redirects you to a web proxy. What allows us to do a UDP tunnel is the fact that all port 53 UDP traffic is allowed out to anywhere on the web, without any kind of authentication.

So if you have a VPN configured to connect over UDP port 53 instead of the default port 1194 then you should be able to bypass the restrictions.

Basically what you have to do is setup a OpenVPN server on a public server and then configure it to use port 53 instead of the default 1194. Once you do that you can configure your VPN client on a laptop to connect to the server on port 53. Once connected all new connections will go over the VPN connection and you should be able to browser the web without issues or blocks.

Thanks to Adam Palmer for the tip.

[Update 11/26/2014] Please use the updated link iodigitalsec.com as the original one is broken.

I think I am going to set up a VPN server on my desktop so when I am away from home and need web access I can use this technique to get access.

– Suramya

January 20, 2010

List all machines connected to a LAN with additional details on each

Filed under: Knowledgebase,Security Tools — Suramya @ 12:15 AM

If you ever had to figure out how many systems are connected to a network and what IP’s they have then you will find this tip useful. It is also useful to identify any rouge machines on your network if you know how many systems are supposed to be there on that network. Like in case of my home network, where I know the exact no of machines.

There are multiple software out that, that allow you to do this. Some are free, some are very expensive. In my opinion the best one is nmap. It is free, fast and can be scripted.

To find all machines on my LAN (IP Range: 192.168.2.x) I just have to issue the following command:

nmap -sP 192.168.2.0/24

This gives an output like the following when I run it as a normal user:

suramya@Wyrm:~$ nmap -sP 192.168.2.0/24

Starting Nmap 5.00 ( http://nmap.org ) at 2010-01-20 00:01 IST
Host 192.168.2.1 is up (0.0018s latency).
Host 192.168.2.5 is up (0.00018s latency).
Host 192.168.2.100 is up (0.00018s latency).
Nmap done: 256 IP addresses (3 hosts up) scanned in 2.93 seconds

When I run the same command as root, it gives me additional information that looks like:

Wyrm:~# nmap -sP 192.168.2.0/24
Starting Nmap 5.00 ( http://nmap.org ) at 2010-01-19 23:50 IST
Host 192.168.2.1 is up (0.0015s latency).
MAC Address: 00:XX:XX:XX:XX:XX (Cisco-Linksys)
Host 192.168.2.5 is up.
Host 192.168.2.100 is up (0.011s latency).
MAC Address: 00:XX:XX:XX:XX:XX (Intel)
Nmap done: 256 IP addresses (3 hosts up) scanned in 3.00 seconds

In this case, as you can see nmap also gives me the MAC address of the machine. 192.168.2.5 is the machine I ran the scan from so I didn’t get any information on that one.

If you want additional details on a system you can issue the following command to get the system to try and identify the OS and services running in detail.

nmap -A 192.168.2.5

It gives an output that looks something like:

Wyrm:~# nmap -A 192.168.2.5
Starting Nmap 5.00 ( http://nmap.org ) at 2010-01-19 23:52 IST
Interesting ports on 192.168.2.5:
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.1p1 Debian 8 (protocol 2.0)
| ssh-hostkey: 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx (DSA)
|_ 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx (RSA)
80/tcp open http Apache httpd 2.2.14 ((Debian))
|_ html-title: Index of /
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
631/tcp open ipp CUPS 1.4
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 – 2.6.28
Network Distance: 0 hops
Service Info: OS: Linux

Host script results:
additional information on the server

Hope you also find this useful.

– Suramya

Older Posts »

Powered by WordPress