What Heartbleed Means to You

heartbleedOn Monday, it was announced that OpenSSL, an incredibly popular encryption library (quite possibly the single most popular), contained a rather serious security bug named Heartbleed. This name refers to the TLS “heartbeat” that is abused in order to exploit the bug.

This bug basically allows anybody to obtain an arbitrary 64kb of an affected server’s memory. An attacker can do this as many times as they need to obtain more and larger secrets. Secrets like encryption keys.

While some end users can at least get a feel for how big of a problem this is, very few are aware of how it affects them, directly, and why. What exactly can an attacker do with a “secret” from a server that you use?

I’ll also explore an SSL feature designed to mitigate this sort of attack, how it helps here, how it doesn’t and which popular websites don’t use it. Continue reading

Inside Eugene’s Gibson (EC-Council, Part II)

Mess with the best, die like the rest, amirite?

Mess with the best, die like the rest, amirite?

(Note: Earlier this week, I presented evidence of a Finnish individual by the name Julius Kivimaki being the perpetrator behind the EC-Council hack over the weekend. You should read that post first, if you haven’t already.)

tl;dr: Last weekend, a person using the nickname ‘Eugene Belford’ took over the DNS for the EC-Council, an organization that certifies “Ethical Hackers”, and pointed it to his server, where he displayed a picture of Edward Snowden’s US passport.

Last night, our team obtained access to the server used in the EC-Council hack. Somebody asked for, and received from Julius, a shell on his server for the purposes of sending spam and phishing emails. This person turned the shell over to us, we then elevated to root access, and had a look around. Here’s a small list of what we uncovered: Continue reading

Who Hacked EC-Council?

20120220

It’s not really hacking. Just FYI.

Update: Since the writing of this article, I was invited to see the contents of Mr. Kivimaki’s dedicated server after another party compromised it. You can read the analysis of what I found here.

Two days ago, the website for the EC-Council was broken into and defaced. The EC-Council is an organization that certifies so-called ‘ethical hackers’. The website was defaced and its content was replaced with a picture of Edward Snowden, and an HTML comment that gives away the identity of the “hacker”.

Once control of the website was given back to the rightful owners, a known password was used to again deface the website, to bring it to it’s current state now. It now contains a scan of Mr. Snowden’s passport and a letter from the US Department of Defense affirming his experience as a security researcher.

Continue reading to learn the hacker’s identity.

Continue reading

The 3 Entry Level IT Workers

A D-Mail is about to be sent back 2 hours

Maybe I just need a giant tube TV?

A shorter post this time around. Not as wordy.

I’ve always needed a little cash here and there for my various forays and experiments. My most recent was a failure. As it turns out, you can’t use a microwave to send text messages back in time. I blame the Organization.

The funding for these fun things has, for about a year now, come from doing contract IT work. It’s always hourly, and it’s always for less than a week. I’ve done about 20 of these little jobs so far, and I’ve been able to sort pretty much all of my coworkers into three groups: People with skills getting a start in IT, people whose family always told them they were good with computers, and a much sadder group I’ll save for last. Continue reading