«
Expand/Collapse
199 items tagged "protocol"
Related tags:
tls [+],
vulnerability [+],
msn protocol [+],
msn [+],
libpurple [+],
harald welte [+],
hacks [+],
multiple [+],
security vulnerability [+],
renegotiation [+],
session initiation protocol [+],
rose protocol [+],
rose [+],
pidgin [+],
memory corruption [+],
memory [+],
kernel [+],
black hat [+],
vendor [+],
usa [+],
plugin [+],
oscar [+],
mandriva linux [+],
mac [+],
gsm [+],
zrtp [+],
tcp ip protocol [+],
system [+],
read [+],
protocol sip [+],
protocol library [+],
phil zimmermann [+],
library [+],
intuit [+],
communication services [+],
communication protocols [+],
cisco security [+],
whatsapp [+],
wes faler [+],
webkit [+],
utf 8 [+],
usb protocol [+],
usb [+],
time scientists [+],
status [+],
starttls [+],
satellite event [+],
reverse engineer [+],
reverse [+],
registration [+],
red hat security [+],
red [+],
protocols [+],
protocol stack [+],
presence protocol [+],
mandriva [+],
manager [+],
linux security [+],
gmr [+],
free software implementation [+],
fetchmail [+],
drew fisher [+],
domain issues [+],
domain [+],
denial [+],
cross [+],
communication [+],
arbitrary user [+],
android [+],
air interface [+],
aim instant messaging [+],
advisory [+],
yahoo [+],
video [+],
unix variants [+],
transport protocol [+],
system level software [+],
steven j. murdoch tags [+],
state [+],
smart card readers [+],
slides [+],
sim im [+],
routing [+],
rohit dhamankar [+],
rohit [+],
rob king [+],
rlc [+],
rfc [+],
recommendations [+],
rds [+],
randomization [+],
radio [+],
rachel engel scott stender [+],
protocol stacks [+],
protocol designers [+],
protocol attacks [+],
privilege [+],
pisa [+],
packet data services [+],
packet [+],
osmocombb [+],
null pointer [+],
network sniffer [+],
media gateway control protocol [+],
media gateway control [+],
local privilege escalation [+],
kerberos protocol [+],
kerberos [+],
jingle [+],
ipv [+],
inspection [+],
identification [+],
html [+],
home automation system [+],
home [+],
help system [+],
hellschreiber [+],
hacking [+],
gsm protocol [+],
felix [+],
extension [+],
europe [+],
escalation [+],
directory traversal vulnerability [+],
darknet [+],
cryptographic protocol [+],
cisco unified communications manager [+],
cisco security advisory [+],
cisco pgw [+],
cisco [+],
chip authentication [+],
card [+],
brad hill [+],
bank [+],
authentication [+],
audio [+],
attiny [+],
asa [+],
aruba [+],
Tools [+],
Skype [+],
information disclosure vulnerability [+],
vector implementation [+],
tls protocol [+],
ssl [+],
yang tags [+],
xmpp [+],
world war ii [+],
working [+],
wireshark [+],
windows [+],
websocket [+],
variable field [+],
us patent application [+],
tunneling [+],
tshark [+],
transport layer security [+],
transfer protocol ftp [+],
throughput [+],
third generation [+],
telemetry data [+],
tcp [+],
talk [+],
steve weber [+],
steve markgraf [+],
statistical [+],
stack [+],
smb [+],
signal [+],
shuffle [+],
server message block [+],
security 2002 [+],
security [+],
secret messages [+],
scott harden [+],
scott [+],
sccp [+],
roving networks [+],
remote control helicopter [+],
radio transmissions [+],
pushdo [+],
protocol stream [+],
protocol mechanism [+],
protocol features [+],
proof of concept [+],
plug ins [+],
planning [+],
pic microcontrollers [+],
pic [+],
pdb [+],
paper [+],
packet data [+],
osmo [+],
open source implementation [+],
nxp [+],
node [+],
netzob [+],
network protocol analyzer [+],
network address translation [+],
network [+],
netsupport manager [+],
netsupport [+],
negotiate [+],
nat skinny [+],
nat [+],
morse code [+],
misc [+],
microcontrollers [+],
memory leak [+],
mark vandewettering [+],
mark [+],
marc heuse [+],
mac os [+],
mac layer [+],
lindner [+],
level converter [+],
level [+],
jeremy rauch [+],
ipv6 protocol [+],
ipv6 project [+],
ipod [+],
infrared guidance [+],
icmp [+],
i2c protocol [+],
http [+],
helicopter [+],
heap corruption [+],
headphone [+],
hackers [+],
general idea [+],
gateway [+],
flaw [+],
file transfer protocol [+],
file [+],
field [+],
experimental phase [+],
experiment [+],
evolving [+],
error documents [+],
engineering [+],
engineered [+],
encryption [+],
earth [+],
dos windows [+],
don [+],
devastating [+],
david carne [+],
cyber crime [+],
crack [+],
cookie [+],
converter [+],
control [+],
communications protocol [+],
cisco ios software [+],
cisco ios device [+],
cisco ios [+],
can [+],
bus [+],
bugtraq [+],
blaise jarrett [+],
blaise [+],
bad request [+],
backfuzz [+],
available tools [+],
authors [+],
arpad [+],
arduino [+],
apple filing [+],
apache [+],
afp [+],
advisory id [+],
advisory addresses [+],
ac signal [+],
Software [+],
Pentesting [+],
Hardware [+],
ExploitsVulnerabilities [+],
BackTrack [+],
chaos communication congress [+],
denial of service [+],
service vulnerability [+]
-
-
19:04
»
Packet Storm Security Misc. Files
Netzob supports the expert in reverse engineering, evaluation, and simulation of communication protocols. Its main goals are to help security evaluators to assess the robustness of proprietary or unknown protocol implementations, simulate realistic communications to test third-party products (IDS, firewalls, etc.), and create an Open Source implementation of a proprietary or unknown protocol. Netzob provides a semi-automatic inferring process, and includes everything necessary to passively learn the vocabulary of a protocol and actively infer its grammar. The learnt protocol can afterward be simulated. Netzob handles text protocols (like HTTP and IRC), fixed field protocols (like IP and TCP), and variable field protocols (like ASN.1-based formats).
-
-
21:36
»
SecDocs
Authors:
Harald Welte Steve Markgraf Tags:
GSM phone Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: In recent years, we have seen several Free Software projects implementing the network side of the GSM protocol. In 2010, OsmocomBB was started to create a free software implementation of the telephone-side. The OsmocomBB project is a Free Software implementation of the GSM protocol stack running on a mobile phone. For decades, the cellular industry comprised by cellphone chipset makers and network operators keep their hardware and system-level software as well as GSM protocol stack implementations closed. As a result, it was never possible to send arbitrary data at the lower levels of the GSM protocol stack. Existing phones only allow application-level data to be specified, such as SMS messages, IP over GPRS or circuit-switched data (CSD). Using OsmocomBB, the security researcher finally has a tool equivalent to an Ethernet card in the TCP/IP protocol world: A simple transceiver that will send arbitrary protocol messages to a GSM network.
-
-
21:27
»
SecDocs
Authors:
Marc Heuse Tags:
IPv6 Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: New protocol features have been proposed and implemented in the last 5 years and ISPs are now slowly starting to deploy IPv6. This talk starts with a brief summary of the issues presented five years ago, and then expands on the new risks. Discovered implemention security issues in Windows 7/2008, Linux and Cisco will be shown too. Comes with a GPL'ed toolkit: thc-ipv6 Five years have past since my initial talk on IPv6 insecurities at the CCC Congress. New protocol features have been proposed and implemented since then and ISPs are now slowly starting to deploy IPv6. Few changes have led to a better security of the protocol, several increase the risk instead. This talk starts with a brief summary of the issues presented 5 years ago, and then expands on the new risks especially in multicast scenarios. As an add-on, discovered implemention security issues in Windows 7/2008, Linux and Cisco will be shown too. Lets hope patches are out until the conference, if not - they had enough time. All accompanied with GPL'ed tools to and a library: the new thc-ipv6 package. rewritten, expanded, enhanced.
-
-
12:00
»
SecDocs
Authors:
Wes Faler Tags:
network Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Even after years of committee review, communication protocols can certainly be hacked, sometimes highly entertainingly. What about creating a protocol the opposite way? Start with all the hacks that can be done and search for a protocol that gets around them all. Is it even possible? Part Time Scientists has used a GPU to help design our moon mission protocols and we'll show you the what and how. Danger: Real code will be shown!
-
11:49
»
SecDocs
Authors:
Wes Faler Tags:
network Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Even after years of committee review, communication protocols can certainly be hacked, sometimes highly entertainingly. What about creating a protocol the opposite way? Start with all the hacks that can be done and search for a protocol that gets around them all. Is it even possible? Part Time Scientists has used a GPU to help design our moon mission protocols and we'll show you the what and how. Danger: Real code will be shown!
-
11:48
»
SecDocs
Authors:
Wes Faler Tags:
network Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Even after years of committee review, communication protocols can certainly be hacked, sometimes highly entertainingly. What about creating a protocol the opposite way? Start with all the hacks that can be done and search for a protocol that gets around them all. Is it even possible? Part Time Scientists has used a GPU to help design our moon mission protocols and we'll show you the what and how. Danger: Real code will be shown!
-
-
21:44
»
SecDocs
Authors:
Sylvain Munaut Tags:
GSM phone satellite Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: The latest member of the Osmocom-family projects, osmo-gmr focuses on the GMR-1 (GEO Mobile Radio) air interface used in some satellite Phones. This talk will shortly present the GMR protocol, the Thuraya network that uses this protocol in the Eurasian/African and Australian continents and finally details how you can capture samples and process them for analysis using osmo-gmr.
-
21:44
»
SecDocs
Authors:
Sylvain Munaut Tags:
GSM phone satellite Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: The latest member of the Osmocom-family projects, osmo-gmr focuses on the GMR-1 (GEO Mobile Radio) air interface used in some satellite Phones. This talk will shortly present the GMR protocol, the Thuraya network that uses this protocol in the Eurasian/African and Australian continents and finally details how you can capture samples and process them for analysis using osmo-gmr.
-
21:44
»
SecDocs
Authors:
Sylvain Munaut Tags:
GSM phone satellite Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: The latest member of the Osmocom-family projects, osmo-gmr focuses on the GMR-1 (GEO Mobile Radio) air interface used in some satellite Phones. This talk will shortly present the GMR protocol, the Thuraya network that uses this protocol in the Eurasian/African and Australian continents and finally details how you can capture samples and process them for analysis using osmo-gmr.
-
-
21:32
»
SecDocs
Authors:
Harald Welte Tags:
GSM phone Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Almost everyone uses the packet oriented transmission modes of cellular networks. However, unlike TCP/IP, Ethernet and Wifi, not many members of the hacker commnunity are familiar with the actual protocol stack for those services. This talk is aimed to give an in-depth explanation how the lower layer protocols on the air and wired interfaces for packet data services in cellular networks are structured. For 2.5/2.75G, this includes RLC/MAC, NS, BSSGP, LLC, SNDCP, GTP For 3G/3.5G, this includes RRC, RLC, PDCP, NBAP, RANAP
-
21:32
»
SecDocs
Authors:
Harald Welte Tags:
GSM phone Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Almost everyone uses the packet oriented transmission modes of cellular networks. However, unlike TCP/IP, Ethernet and Wifi, not many members of the hacker commnunity are familiar with the actual protocol stack for those services. This talk is aimed to give an in-depth explanation how the lower layer protocols on the air and wired interfaces for packet data services in cellular networks are structured. For 2.5/2.75G, this includes RLC/MAC, NS, BSSGP, LLC, SNDCP, GTP For 3G/3.5G, this includes RRC, RLC, PDCP, NBAP, RANAP
-
-
22:52
»
SecDocs
Authors:
Drew Fisher Tags:
reverse engineering USB Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: While USB devices often use standard device classes, some do not. This talk is about reverse engineering the protocols some of these devices use, how the underlying USB protocol gives us some help, and some interesting patterns to look for. I'll also detail the thought processes that went into reverse engineering the Kinect's audio protocol. This talk will narrate the process of reverse engineering the Kinect audio protocol – analyzing a set of USB logs, finding patterns, building understanding, developing hypotheses of message structure, and eventually implementing a userspace driver. I'll also cover how the USB standard can help a reverse engineer out, some common design ideas that I've seen, and ideas for the sorts of tools that could assist in completing this kind of task more efficiently.
-
22:52
»
SecDocs
Authors:
Drew Fisher Tags:
reverse engineering USB Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: While USB devices often use standard device classes, some do not. This talk is about reverse engineering the protocols some of these devices use, how the underlying USB protocol gives us some help, and some interesting patterns to look for. I'll also detail the thought processes that went into reverse engineering the Kinect's audio protocol. This talk will narrate the process of reverse engineering the Kinect audio protocol – analyzing a set of USB logs, finding patterns, building understanding, developing hypotheses of message structure, and eventually implementing a userspace driver. I'll also cover how the USB standard can help a reverse engineer out, some common design ideas that I've seen, and ideas for the sorts of tools that could assist in completing this kind of task more efficiently.
-
22:52
»
SecDocs
Authors:
Drew Fisher Tags:
reverse engineering USB Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: While USB devices often use standard device classes, some do not. This talk is about reverse engineering the protocols some of these devices use, how the underlying USB protocol gives us some help, and some interesting patterns to look for. I'll also detail the thought processes that went into reverse engineering the Kinect's audio protocol. This talk will narrate the process of reverse engineering the Kinect audio protocol – analyzing a set of USB logs, finding patterns, building understanding, developing hypotheses of message structure, and eventually implementing a userspace driver. I'll also cover how the USB standard can help a reverse engineer out, some common design ideas that I've seen, and ideas for the sorts of tools that could assist in completing this kind of task more efficiently.
-
-
13:01
»
Hack a Day
Here’s one node on the new home automation system on which [Black Rynius] is working. So far he’s testing out the system with just two nodes, but plans to build more as the project progresses. He’s chosen to use the CAN bus for communications; a protocol which is most commonly found in automotive applications. The biggest plus [...]
-
-
11:01
»
Hack a Day
[Arpad] has spent quite a bit of time reverse-engineering a home automation system, and, as he is quick to point out, presents the information learned for informational purposes only. He’s really done his homework (and documented it well), looking into the US patent application, and figuring out how the protocol works. If you’re wondering how [...]
-
-
3:11
»
Packet Storm Security Exploits
Proof of concept code for a vulnerability in protocol.c from Apache versions 2.2.x through 2.2.21. The issue is that it does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies.
-
-
11:56
»
Hack a Day
[Mark VandeWettering] was experimenting with a simple transmitting circuit and an Arduino. The circuit in the project was designed by [Steve Weber] to broadcast temperature and telemetry data using Morse Code. But [Mark] wanted to step beyond that protocol and set out to write a sketch that broadcasts using the Hellschreiber protocol. This protocol transmits [...]
-
-
16:57
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1821-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted OSCAR message. Multiple NULL pointer dereference flaws were found in the Jingle extension of the Extensible Messaging and Presence Protocol protocol plug-in in Pidgin. A remote attacker could use these flaws to crash Pidgin via a specially-crafted Jingle multimedia message.
-
16:57
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1821-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted OSCAR message. Multiple NULL pointer dereference flaws were found in the Jingle extension of the Extensible Messaging and Presence Protocol protocol plug-in in Pidgin. A remote attacker could use these flaws to crash Pidgin via a specially-crafted Jingle multimedia message.
-
16:57
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1821-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted OSCAR message. Multiple NULL pointer dereference flaws were found in the Jingle extension of the Extensible Messaging and Presence Protocol protocol plug-in in Pidgin. A remote attacker could use these flaws to crash Pidgin via a specially-crafted Jingle multimedia message.
-
-
15:24
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-183 - When receiving various stanzas related to voice and video chat, the XMPP protocol plugin failed to ensure that the incoming message contained all required fields, and would crash if certain fields were missing. When receiving various messages related to requesting or receiving authorization for adding a buddy to a buddy list, the oscar protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. This update provides pidgin 2.10.1, which is not vulnerable to these issues.
-
15:24
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-183 - When receiving various stanzas related to voice and video chat, the XMPP protocol plugin failed to ensure that the incoming message contained all required fields, and would crash if certain fields were missing. When receiving various messages related to requesting or receiving authorization for adding a buddy to a buddy list, the oscar protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. This update provides pidgin 2.10.1, which is not vulnerable to these issues.
-
15:24
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-183 - When receiving various stanzas related to voice and video chat, the XMPP protocol plugin failed to ensure that the incoming message contained all required fields, and would crash if certain fields were missing. When receiving various messages related to requesting or receiving authorization for adding a buddy to a buddy list, the oscar protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. This update provides pidgin 2.10.1, which is not vulnerable to these issues.
-
-
13:01
»
Hack a Day
You’ve got several devices which communicate via the I2C protocol, but some of them can only operate at 3.3V while the rest are hungry for a 5V connection. What to do? [Linux-works] built this I2C level converter to solve the problem. The circuit comes from an NXP app note (PDF) on the issue. You can [...]
-
-
12:01
»
Hack a Day
[Blaise Jarrett] has been grinding away to get the WebSocket protocol to play nicely with PIC microcontrollers. Here he’s using the PIC 18F4620 along with a Roving Networks RN-XV WiFi module to get the device on the network. He had started with a smaller processor but ran into some RAM restrictions so keep that in [...]
-
-
11:52
»
SecDocs
Authors:
Brad Hill Rachel Engel Scott Stender Tags:
Kerberos Event:
Black Hat USA 2010 Abstract: The Kerberos protocol is provides single sign-on authentication services for users and machines. Its availability on nearly every popular computing platform - Windows, Mac, and UNIX variants - makes it the primary choice for enterprise authentication. However, simply "adding a dash of Kerberos" does not make a magically secure a network. Kerberos is a complicated protocol whose comprehensive description requires dozens of RFCs. To use it securely requires a careful dance between protocol designers, service developers, and system administrators – the kind of dance that never quite stays in step. A careful review of RFCs, deployment guidance, and developer reference materials reveals a host of “theoretical” flaws when Kerberos is used. This presentation will demonstrate new techniques that make the theoretical practical in common Kerberos deployments, and provide guidance to ensure that software and systems are hardened against attack.
-
11:52
»
SecDocs
Authors:
Brad Hill Rachel Engel Scott Stender Tags:
Kerberos Event:
Black Hat USA 2010 Abstract: The Kerberos protocol is provides single sign-on authentication services for users and machines. Its availability on nearly every popular computing platform - Windows, Mac, and UNIX variants - makes it the primary choice for enterprise authentication. However, simply "adding a dash of Kerberos" does not make a magically secure a network. Kerberos is a complicated protocol whose comprehensive description requires dozens of RFCs. To use it securely requires a careful dance between protocol designers, service developers, and system administrators – the kind of dance that never quite stays in step. A careful review of RFCs, deployment guidance, and developer reference materials reveals a host of “theoretical” flaws when Kerberos is used. This presentation will demonstrate new techniques that make the theoretical practical in common Kerberos deployments, and provide guidance to ensure that software and systems are hardened against attack.
-
-
6:00
»
Hack a Day
After [trandi] got his hands on a cheap R/C helicopter he realized the difficulties in actually flying a remote control helicopter. Instead of giving up, he decided to reverse-engineer the infrared protocol and then build a decoder around an ATtiny that would send commands to another microcontroller using a serial connection. The remote’s communications protocol [...]
-
-
0:24
»
SecDocs
Authors:
Harald Welte Tags:
GSM Event:
Hashdays 2010 Abstract: The OsmocomBB project is a Free Software implementation of the GSM protocol stack running on a mobile phone. For decades, the cellular industry comprised by cellphone chipset makers and network operators keep their hardware and system-level software as well as GSM protocol stack implementations closed. As a result, it was never possible to send arbitrary data at the lower levels of the GSM protocol stack. Existing phones only allow application-level data to be specified, such as SMS messages, IP over GPRS or circuit-switched data (CSD). Using OsmocomBB, the security researcher finally has a tool equivalent to an Ethernet card in the TCP/IP protocol world: A simple transceiver that will send arbitrary protocol messages to a GSM network. Well-known and established techniques like protocol fuzzing can finally be used in GSM networks and reveal how reliable and fault tolerant the equipment used in the GSM networks really is.
-
-
12:30
»
Hack a Day
[Scott Harden] is drilling teeth by day and designing radios that send secret messages by night. He’s set his sights on the Hellschreiber protocol which was used by the Germans in World War II along with their Enigma encryption system. The protocol is a viable alternative for transmitting and receiving code in environments with too much [...]
-
-
6:22
»
Packet Storm Security Recent Files
ZRTP Protocol Library is an implementation of Phil Zimmermann's ZRTP protocol, created based on and interoperable with Zfone beta 2. Combined with the GNU RTP Stack (ccrtp), this offers the ability to create communication services that natively support the ZRTP protocol.
-
6:22
»
Packet Storm Security Misc. Files
ZRTP Protocol Library is an implementation of Phil Zimmermann's ZRTP protocol, created based on and interoperable with Zfone beta 2. Combined with the GNU RTP Stack (ccrtp), this offers the ability to create communication services that natively support the ZRTP protocol.
-
-
18:47
»
Packet Storm Security Advisories
Fetchmail suffers from a denial of service vulnerability in the STARTTLS protocol phases. Versions 5.9.9 up to and including 6.3.19 are affected.
-
18:47
»
Packet Storm Security Recent Files
Fetchmail suffers from a denial of service vulnerability in the STARTTLS protocol phases. Versions 5.9.9 up to and including 6.3.19 are affected.
-
18:47
»
Packet Storm Security Misc. Files
Fetchmail suffers from a denial of service vulnerability in the STARTTLS protocol phases. Versions 5.9.9 up to and including 6.3.19 are affected.
-
-
11:12
»
SecDocs
Authors:
Harald Welte Tags:
GSM Event:
Hashdays 2010 Abstract: The OsmocomBB project is a Free Software implementation of the GSM protocol stack running on a mobile phone. For decades, the cellular industry comprised by cellphone chipset makers and network operators keep their hardware and system-level software as well as GSM protocol stack implementations closed. As a result, it was never possible to send arbitrary data at the lower levels of the GSM protocol stack. Existing phones only allow application-level data to be specified, such as SMS messages, IP over GPRS or circuit-switched data (CSD). Using OsmocomBB, the security researcher finally has a tool equivalent to an Ethernet card in the TCP/IP protocol world: A simple transceiver that will send arbitrary protocol messages to a GSM network. Well-known and established techniques like protocol fuzzing can finally be used in GSM networks and reveal how reliable and fault tolerant the equipment used in the GSM networks really is.
-
-
11:13
»
Packet Storm Security Recent Files
ZRTP Protocol Library is an implementation of Phil Zimmermann's ZRTP protocol, created based on and interoperable with Zfone beta 2. Combined with the GNU RTP Stack (ccrtp), this offers the ability to create communication services that natively support the ZRTP protocol.
-
11:13
»
Packet Storm Security Misc. Files
ZRTP Protocol Library is an implementation of Phil Zimmermann's ZRTP protocol, created based on and interoperable with Zfone beta 2. Combined with the GNU RTP Stack (ccrtp), this offers the ability to create communication services that natively support the ZRTP protocol.
-
-
5:09
»
SecDocs
Authors:
Kyle Yang Tags:
malware malware analysis Event:
Black Hat EU 2010 Abstract: After several months efforts, the pushdo/cutwail botnet author(s) finally released a new pushdo advanced installer(codename "revolution") which not only changed the protocol and encryption totally but also implemented "Services" mechanism. Moreover, a new spam engine was in the experimental phase. In this presentation, I will examine pushdo's brand new protocol and encryption, reveal their "Cyber Crime Services" vendors mapping and disclose the debug version of the new spam engine's protocol and encryption.
-
-
12:52
»
SecuriTeam
Skinny Client Control Protocol (SCCP) crafted messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
10:01
»
Packet Storm Security Recent Files
Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco PGW 2200 Softswitch series of products. Each vulnerability described in this advisory is independent from other. The vulnerabilities are related to processing Session Initiation Protocol (SIP) or Media Gateway Control Protocol (MGCP) messages. Successful exploitation of all but one of these vulnerabilities can crash the affected device. Exploitation of the remaining vulnerability will not crash the affected device, but it can lead to a denial-of-service (DoS) condition in which no new TCP-based connections will be accepted or created.
-
10:00
»
Packet Storm Security Advisories
Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco PGW 2200 Softswitch series of products. Each vulnerability described in this advisory is independent from other. The vulnerabilities are related to processing Session Initiation Protocol (SIP) or Media Gateway Control Protocol (MGCP) messages. Successful exploitation of all but one of these vulnerabilities can crash the affected device. Exploitation of the remaining vulnerability will not crash the affected device, but it can lead to a denial-of-service (DoS) condition in which no new TCP-based connections will be accepted or created.
-
-
13:58
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-085 - The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for ICQ and possibly AIM, as demonstrated by the SIM IM client. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. Other issues have also been identified.
-
13:58
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-085 - The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for ICQ and possibly AIM, as demonstrated by the SIM IM client. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. Other issues have also been identified.
-
-
10:06
»
remote-exploit & backtrack
Hi bt users
I am doing an experiment in which i am trying to get an energy saving protocol in 802.11 MAC layer
i am using orinocco cards in ad-hoc mode and 2 computers with ubuntu 8.10
i am planning to switch over to bt4 as i need to dump the packets and then analyse them for throughput etc..
i am using tcpdump/wireshark for this
next stage i am going to fix the power of both the cards and vary the distances and analyse the loss in packets..
can someone recommend me utilities specifically in bt4
lastly i am planning to make one node as master and inject the protocol using some utility..please recommend me utilities to achieve my experiment..
thanx in advance
-
-
14:00
»
Packet Storm Security Recent Files
Cisco Security Advisory - Cisco Unified Communications Manager (formerly Cisco CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption of voice services. The Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) and Computer Telephony Integration (CTI) Manager services are affected by these vulnerabilities.
-
14:00
»
Packet Storm Security Advisories
Cisco Security Advisory - Cisco Unified Communications Manager (formerly Cisco CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption of voice services. The Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) and Computer Telephony Integration (CTI) Manager services are affected by these vulnerabilities.
-
-
19:00
»
Packet Storm Security Recent Files
Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances are affected by TCP connection exhaustion, Session Initiation Protocol (SIP) Inspection, Skinny Client Control Protocol (SCCP) Inspection, and other denial of service vulnerabilities.
-
19:00
»
Packet Storm Security Advisories
Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances are affected by TCP connection exhaustion, Session Initiation Protocol (SIP) Inspection, Skinny Client Control Protocol (SCCP) Inspection, and other denial of service vulnerabilities.
-
-
11:00
»
Hack a Day
The headphone remote for the third generation iPod shuffle has a special chip that identifies it to the iPod itself. [David Carne] posted an in-depth report about the process he used to reverse engineering that protocol. He’s discovered that the remote uses a peculiar signal to identify it as authentic when the device powers up. [...]
-
-
17:00
»
Packet Storm Security Advisories
Aruba Networks Security Advisory - This advisory addresses the renegotiation related vulnerability disclosed recently in Transport Layer Security protocol. This vulnerability may allow a Man-in-the-Middle (MITM) attacker to inject arbitrary data into the beginning of the application protocol stream protected by TLS.
-
-
21:10
»
SecDocs
Authors:
Harald Welte Tags:
GSM fuzzing phone Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: With the recent availability of more Free Software for GSM protocols such as OpenBSC, GSM protocol hacking is no longer off-limits. Everyone can play with the lower levels of GSM communications. It's time to bring the decades of TCP/IP security research into the GSM world, sending packets incompatible with the state machine, sending wrong length fields and actually go all the way to fuzz the various layers of the GSM protocol stack. The GSM protocol stack is a communications protocol stack like any other. There are many layers of protocols, headers, TLV's, length fields that can "accidentially" be longer or shorter than the actual content. There are timers and state machines. Wrong messages can trigger invalid state transitions. This protocol stack inside the telephone is implemented in C language on the baseband processor on a real-time operating system without any memory protection. There are only very few commercial GSM protocol stack implementations, which are licensed by the baseband chipset companies. Thus, vulnerabilities discovered in one phone will likely exist in many other phones, even of completely different handset manufacturers. Does that sound like the preamble to a security nightmare? It might well be! Those protocol stacks never have received the scrutiny of thousands of hackers and attack tools like the TCP/IP protocol suite on the Internet. It's about time we change that.
-
21:10
»
SecDocs
Authors:
Harald Welte Tags:
GSM fuzzing phone Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: With the recent availability of more Free Software for GSM protocols such as OpenBSC, GSM protocol hacking is no longer off-limits. Everyone can play with the lower levels of GSM communications. It's time to bring the decades of TCP/IP security research into the GSM world, sending packets incompatible with the state machine, sending wrong length fields and actually go all the way to fuzz the various layers of the GSM protocol stack. The GSM protocol stack is a communications protocol stack like any other. There are many layers of protocols, headers, TLV's, length fields that can "accidentially" be longer or shorter than the actual content. There are timers and state machines. Wrong messages can trigger invalid state transitions. This protocol stack inside the telephone is implemented in C language on the baseband processor on a real-time operating system without any memory protection. There are only very few commercial GSM protocol stack implementations, which are licensed by the baseband chipset companies. Thus, vulnerabilities discovered in one phone will likely exist in many other phones, even of completely different handset manufacturers. Does that sound like the preamble to a security nightmare? It might well be! Those protocol stacks never have received the scrutiny of thousands of hackers and attack tools like the TCP/IP protocol suite on the Internet. It's about time we change that.
-
-
21:04
»
SecDocs
Authors:
Steven J. Murdoch Tags:
credit card bank Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: The Chip Authentication Programme (CAP) has been introduced by banks in Europe to deal with the soaring losses due to online banking fraud. A handheld reader is used together with the customer's debit card to generate one-time codes for both login and transaction authentication. The CAP protocol is not public, and was rolled out without any public scrutiny. We reverse engineered the UK variant of card readers and smart cards and here provide the first public description of the protocol. We found numerous design errors, which could be exploited by criminals. Banks throughout Europe are now issuing hand-held smart card readers to their customers. These are used, along with the customer's bank card, for performing online banking transactions. In this talk I will describe how we reversed-engineered the cryptographic protocol used by these readers, using some custom-designed smart card analysis hardware. We discovered several flaws in this protocol, which could be exploited by criminals (and some already are). This talk will explain what vulnerabilities exist, and what the impact on customers could be.
-
21:04
»
SecDocs
Authors:
Steven J. Murdoch Tags:
credit card bank Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: The Chip Authentication Programme (CAP) has been introduced by banks in Europe to deal with the soaring losses due to online banking fraud. A handheld reader is used together with the customer's debit card to generate one-time codes for both login and transaction authentication. The CAP protocol is not public, and was rolled out without any public scrutiny. We reverse engineered the UK variant of card readers and smart cards and here provide the first public description of the protocol. We found numerous design errors, which could be exploited by criminals. Banks throughout Europe are now issuing hand-held smart card readers to their customers. These are used, along with the customer's bank card, for performing online banking transactions. In this talk I will describe how we reversed-engineered the cryptographic protocol used by these readers, using some custom-designed smart card analysis hardware. We discovered several flaws in this protocol, which could be exploited by criminals (and some already are). This talk will explain what vulnerabilities exist, and what the impact on customers could be.
Linux you can use Afpfs-ng
