«
Expand/Collapse
264 items tagged "ssl"
Related tags:
transport layer security [+],
ssl vpn [+],
ssl implementations [+],
red hat security [+],
ssl handshake [+],
server [+],
protocols [+],
https certificates [+],
read [+],
nss [+],
kssl [+],
renegotiation [+],
null character [+],
memory corruption [+],
key exchange [+],
free memory [+],
exchange [+],
cipher [+],
usa [+],
red [+],
cross platform development [+],
black hat [+],
test tool [+],
tar gz [+],
tar [+],
survey [+],
sslsmart [+],
ssl tls [+],
ssl ciphers [+],
server capability [+],
null pointer dereference [+],
moxie [+],
mandriva linux [+],
m null [+],
ivan ristic [+],
internet [+],
google [+],
function [+],
darknet [+],
connection windows [+],
character [+],
assessment methodology [+],
tls [+],
zusman [+],
vulnerability research [+],
video [+],
valid certificate [+],
text storage [+],
ssl protocol [+],
ssl implementation [+],
socket [+],
server gated cryptography [+],
rpsa [+],
qt applications [+],
proof of concept [+],
point [+],
peter eckersley [+],
overwrite [+],
observatory [+],
mutt users [+],
mutt [+],
mod [+],
mike zusman [+],
malicious script [+],
mail user agent [+],
linux [+],
leveraging [+],
lan [+],
kde [+],
jesse burns [+],
ios [+],
input validation vulnerabilities [+],
httpd [+],
hat [+],
freebsd security [+],
freebsd [+],
forticlient [+],
file upload [+],
facebook [+],
exploit [+],
electronic frontier foundation [+],
digicert sdn bhd [+],
digicert [+],
dialogue boxes [+],
dialogue [+],
denial of service attack [+],
demand applications [+],
decrypt [+],
cyberoam [+],
cryptographic algorithms [+],
creation vulnerability [+],
connectback [+],
command execution [+],
client [+],
chaos communication congress [+],
caldav server [+],
caldav [+],
browser [+],
barracuda [+],
ban [+],
authentication header [+],
audio [+],
apache [+],
address [+],
Countermeasures [+],
secure sockets layer [+],
x 509 [+],
windows 2000 [+],
whitepaper [+],
weechat [+],
vpn client [+],
update [+],
txt [+],
tricks [+],
translation engine [+],
traffic [+],
tor [+],
tomcat [+],
testing [+],
sslyze [+],
sslsplit [+],
ssl certificate common name [+],
ssl capabilities [+],
sourcefire [+],
socket connection [+],
smart [+],
small linux [+],
service [+],
safer use [+],
risk [+],
report [+],
protocol implementation [+],
portuguese [+],
perl script [+],
perl [+],
null pointer [+],
null [+],
new [+],
network forensics [+],
network address translation [+],
netscape [+],
netcat [+],
module [+],
marlinspike [+],
man in the middle attack [+],
leverage [+],
irssi [+],
irc proxy [+],
iptables [+],
internet information services [+],
interactive tool [+],
http [+],
heap [+],
hardenssl [+],
fetchmail [+],
false positives [+],
exposed [+],
default [+],
compatibility report [+],
comms [+],
code execution [+],
certificates [+],
certificate revocation list [+],
capable [+],
buffer overflow vulnerability [+],
based buffer overflow [+],
attack [+],
application crash [+],
apache tomcat [+],
apache http server [+],
amsn [+],
abu dhabi [+],
ExploitsVulnerabilities [+],
openssl [+],
tcp connections [+],
stunnel [+],
information disclosure vulnerability [+],
vulnerability [+],
vector implementation [+],
tls protocol [+],
security [+],
protocol [+],
wrapper [+],
ssl wrapper [+],
denial of service [+],
certificate [+],
zdi [+],
yahoo [+],
xss [+],
x86 linux [+],
works [+],
weakness [+],
vpn feature [+],
verisign ssl [+],
verisign [+],
validation error [+],
use [+],
uniopc [+],
twitter [+],
tv habits [+],
tool version [+],
tigervnc [+],
thc ssl dos [+],
test network [+],
surfing experience [+],
stops [+],
static web [+],
static [+],
ssl service [+],
ssl servers [+],
ssl connections [+],
ssl certs [+],
ssl certificates [+],
socket layer ssl [+],
sniff [+],
smart way [+],
smart meter [+],
slides [+],
secure socket layer [+],
screw [+],
ruby [+],
remote [+],
qpid [+],
python [+],
proposes way [+],
promiscuous mode [+],
privacy expectations [+],
portwise [+],
pop [+],
phusion [+],
phony [+],
penetration [+],
ngircd [+],
myproxy [+],
mozilla [+],
mitm [+],
microsoft fixes [+],
microsoft [+],
meter [+],
makes [+],
login [+],
linkedin [+],
lets [+],
leaves [+],
launch [+],
keys [+],
keep [+],
issue [+],
implementation flaws [+],
hotmail [+],
hopelessly [+],
homebase [+],
handshake [+],
hacking [+],
hackers [+],
hacker [+],
glsa [+],
flaw [+],
firesheep [+],
firepass [+],
firefox [+],
field validation [+],
extends [+],
exposes [+],
experts [+],
ettercap [+],
edge [+],
dovecot [+],
dos attack [+],
demostration [+],
ddos tool [+],
db service [+],
cryptography [+],
cross site scripting [+],
configuration [+],
comodo [+],
client certificates [+],
cisco ios [+],
check [+],
certs [+],
bugtraq [+],
broken [+],
break [+],
breach [+],
beast [+],
auxiliary modules [+],
auxiliary [+],
automation [+],
authority [+],
administrative interface [+],
Videos [+],
Tools [+],
Newbie [+],
BackTrack [+],
Area [+],
ssldiagnos [+],
application [+],
vpn [+],
ciphers [+],
validation [+],
service vulnerability [+],
win32 [+],
ssl certificate [+],
network security services [+],
record [+],
tool [+],
yassl,
wlan,
web servers,
stack buffer,
sslaudit,
retired,
remote buffer overflow vulnerability,
remote buffer overflow,
mysql,
audit,
Software
-
-
11:22
»
Packet Storm Security Recent Files
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
-
11:22
»
Packet Storm Security Misc. Files
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
-
-
16:13
»
Packet Storm Security Advisories
FreeBSD Security Advisory - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. Various other OpenSSL issues have also been addressed.
-
16:13
»
Packet Storm Security Recent Files
FreeBSD Security Advisory - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. Various other OpenSSL issues have also been addressed.
-
16:13
»
Packet Storm Security Misc. Files
FreeBSD Security Advisory - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. Various other OpenSSL issues have also been addressed.
-
-
14:33
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0532-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.
-
14:33
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0532-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.
-
-
21:38
»
SecDocs
Authors:
Jesse Burns Peter Eckersley Tags:
X.509 SSL Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: The EFF SSL Observatory has collected a dataset of all TLS/HTTPS certificates visible on the public web. We discuss this dataset - what we have learned from it, how you can use it, and how intend to offer a live, continually updated version of it. TLS/SSL is only as good as your mechanism for verifying the other party, and it turns out that with HTTPS and other CA-certified applications of TLS, that mechanism involves trusting a lot of governments, companies and individuals. The SSL observatory is a project to bring more transparency to SSL Certificate Authorities, and help understand who really controls the web's cryptographic authentication infrastructure. The Observatory is an Electronic Frontier Foundation (EFF) project that began by surveying port 443 of all public IPv4 space. At Defcon 2010, we reported the initial findings of the SSL Observatory. That included thousands of valid 'localhost' certificates, certificates with weak keys, CA certs sharing keys and with suspicious expiration dates, and the fact that there are approximately 650 organisations that can sign a certificate for any domain that will be trusted by modern desktop browsers, including some that you might regard as untrustworthy. In this talk we will give an update on new developments in the project, including where to find a copy of our data and how to work with it for your own research; the progress made at fixing some of the vulnerabilities we found; and our design for a new, decentralised version of the SSL Observatory.
-
21:38
»
SecDocs
Authors:
Jesse Burns Peter Eckersley Tags:
X.509 SSL Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: The EFF SSL Observatory has collected a dataset of all TLS/HTTPS certificates visible on the public web. We discuss this dataset - what we have learned from it, how you can use it, and how intend to offer a live, continually updated version of it. TLS/SSL is only as good as your mechanism for verifying the other party, and it turns out that with HTTPS and other CA-certified applications of TLS, that mechanism involves trusting a lot of governments, companies and individuals. The SSL observatory is a project to bring more transparency to SSL Certificate Authorities, and help understand who really controls the web's cryptographic authentication infrastructure. The Observatory is an Electronic Frontier Foundation (EFF) project that began by surveying port 443 of all public IPv4 space. At Defcon 2010, we reported the initial findings of the SSL Observatory. That included thousands of valid 'localhost' certificates, certificates with weak keys, CA certs sharing keys and with suspicious expiration dates, and the fact that there are approximately 650 organisations that can sign a certificate for any domain that will be trusted by modern desktop browsers, including some that you might regard as untrustworthy. In this talk we will give an update on new developments in the project, including where to find a copy of our data and how to work with it for your own research; the progress made at fixing some of the vulnerabilities we found; and our design for a new, decentralised version of the SSL Observatory.
-
-
21:51
»
SecDocs
Authors:
Jesse Burns Peter Eckersley Tags:
X.509 SSL Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: The EFF SSL Observatory has collected a dataset of all TLS/HTTPS certificates visible on the public web. We discuss this dataset - what we have learned from it, how you can use it, and how intend to offer a live, continually updated version of it. TLS/SSL is only as good as your mechanism for verifying the other party, and it turns out that with HTTPS and other CA-certified applications of TLS, that mechanism involves trusting a lot of governments, companies and individuals. The SSL observatory is a project to bring more transparency to SSL Certificate Authorities, and help understand who really controls the web's cryptographic authentication infrastructure. The Observatory is an Electronic Frontier Foundation (EFF) project that began by surveying port 443 of all public IPv4 space. At Defcon 2010, we reported the initial findings of the SSL Observatory. That included thousands of valid 'localhost' certificates, certificates with weak keys, CA certs sharing keys and with suspicious expiration dates, and the fact that there are approximately 650 organisations that can sign a certificate for any domain that will be trusted by modern desktop browsers, including some that you might regard as untrustworthy. In this talk we will give an update on new developments in the project, including where to find a copy of our data and how to work with it for your own research; the progress made at fixing some of the vulnerabilities we found; and our design for a new, decentralised version of the SSL Observatory.
-
-
19:40
»
Packet Storm Security Exploits
F5 FirePass SSL VPN versions 6.0.0 through 6.1.0 and 7.0.0 suffers from a remote SQL injection vulnerability that allows for remote root access.
-
-
19:06
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0429-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.
-
19:06
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0429-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.
-
19:06
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0429-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.
-
-
17:22
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0086-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake.
-
17:22
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0086-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake.
-
17:22
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0086-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake.
-
-
15:58
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0059-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection.
-
15:58
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0059-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection.
-
-
10:54
»
Packet Storm Security Exploits
Barracuda SSL VPN 480 suffers from multiple input validation vulnerabilities that allow for malicious script insertion and cross site scripting attacks.
-
10:54
»
Packet Storm Security Recent Files
Barracuda SSL VPN 480 suffers from multiple input validation vulnerabilities that allow for malicious script insertion and cross site scripting attacks.
-
10:54
»
Packet Storm Security Misc. Files
Barracuda SSL VPN 480 suffers from multiple input validation vulnerabilities that allow for malicious script insertion and cross site scripting attacks.
-
-
10:12
»
Packet Storm Security Recent Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
10:12
»
Packet Storm Security Tools
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
10:12
»
Packet Storm Security Misc. Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
-
8:21
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1444-01 - Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: Digicert Sdn. Bhd. is not the same company as found at digicert.com. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.
-
8:21
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1444-01 - Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: Digicert Sdn. Bhd. is not the same company as found at digicert.com. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.
-
8:21
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1444-01 - Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: Digicert Sdn. Bhd. is not the same company as found at digicert.com. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.
-
-
17:41
»
Packet Storm Security Misc. Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
-
19:00
»
Packet Storm Security Recent Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
19:00
»
Packet Storm Security Tools
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
19:00
»
Packet Storm Security Misc. Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
10:53
»
Packet Storm Security Exploits
THC-SSL-DOS is tool to stress test the SSL handshake by triggering processor intensive RSA_encrypt() calls on the server side. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via a single TCP connection. Windows binary version.
-
10:53
»
Packet Storm Security Exploits
THC-SSL-DOS is tool to stress test the SSL handshake by triggering processor intensive RSA_encrypt() calls on the server side. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via a single TCP connection.
-
10:53
»
Packet Storm Security Recent Files
THC-SSL-DOS is tool to stress test the SSL handshake by triggering processor intensive RSA_encrypt() calls on the server side. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via a single TCP connection.
-
10:53
»
Packet Storm Security Recent Files
THC-SSL-DOS is tool to stress test the SSL handshake by triggering processor intensive RSA_encrypt() calls on the server side. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via a single TCP connection. Windows binary version.
-
10:53
»
Packet Storm Security Tools
THC-SSL-DOS is tool to stress test the SSL handshake by triggering processor intensive RSA_encrypt() calls on the server side. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via a single TCP connection. Windows binary version.
-
10:53
»
Packet Storm Security Tools
THC-SSL-DOS is tool to stress test the SSL handshake by triggering processor intensive RSA_encrypt() calls on the server side. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via a single TCP connection.
-
10:53
»
Packet Storm Security Misc. Files
THC-SSL-DOS is tool to stress test the SSL handshake by triggering processor intensive RSA_encrypt() calls on the server side. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via a single TCP connection.
-
10:53
»
Packet Storm Security Misc. Files
THC-SSL-DOS is tool to stress test the SSL handshake by triggering processor intensive RSA_encrypt() calls on the server side. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via a single TCP connection. Windows binary version.
-
-
20:07
»
Packet Storm Security Advisories
nSense Vulnerability Research Security Advisory - The calendar synchronization feature of iOS fails to validate the SSL certificate provided by the server. Therefore, CalDAV communication can be intercepted by a basic man in the middle attack. As every request contains a HTTP basic authentication header, which contains base64-encoded credentials, it is possible to intercept email account credentials by an attacker that is suitably positioned (e.g. the same LAN, WLAN) or is able to tamper with DNS records pointing to the CalDAV server. The application accepts the untrusted certificate without any warning or prompt, so the attack will go unnoticed by the user.
-
20:07
»
Packet Storm Security Recent Files
nSense Vulnerability Research Security Advisory - The calendar synchronization feature of iOS fails to validate the SSL certificate provided by the server. Therefore, CalDAV communication can be intercepted by a basic man in the middle attack. As every request contains a HTTP basic authentication header, which contains base64-encoded credentials, it is possible to intercept email account credentials by an attacker that is suitably positioned (e.g. the same LAN, WLAN) or is able to tamper with DNS records pointing to the CalDAV server. The application accepts the untrusted certificate without any warning or prompt, so the attack will go unnoticed by the user.
-
20:07
»
Packet Storm Security Misc. Files
nSense Vulnerability Research Security Advisory - The calendar synchronization feature of iOS fails to validate the SSL certificate provided by the server. Therefore, CalDAV communication can be intercepted by a basic man in the middle attack. As every request contains a HTTP basic authentication header, which contains base64-encoded credentials, it is possible to intercept email account credentials by an attacker that is suitably positioned (e.g. the same LAN, WLAN) or is able to tamper with DNS records pointing to the CalDAV server. The application accepts the untrusted certificate without any warning or prompt, so the attack will go unnoticed by the user.
-
-
10:57
»
Packet Storm Security Advisories
Various Qt applications including KSSL (the KDE class library responsible for SSL negotiation), Rekonq, Arora and Psi IM are vulnerable to UI spoofing due to their use of QLabel objects to render externally controlled security critical information. The primary area of concern at this time relates to the named applications SSL certificate dialogue UI however other similar dialogue boxes may also be vulnerable.
-
10:57
»
Packet Storm Security Recent Files
Various Qt applications including KSSL (the KDE class library responsible for SSL negotiation), Rekonq, Arora and Psi IM are vulnerable to UI spoofing due to their use of QLabel objects to render externally controlled security critical information. The primary area of concern at this time relates to the named applications SSL certificate dialogue UI however other similar dialogue boxes may also be vulnerable.
-
10:57
»
Packet Storm Security Misc. Files
Various Qt applications including KSSL (the KDE class library responsible for SSL negotiation), Rekonq, Arora and Psi IM are vulnerable to UI spoofing due to their use of QLabel objects to render externally controlled security critical information. The primary area of concern at this time relates to the named applications SSL certificate dialogue UI however other similar dialogue boxes may also be vulnerable.
-
-
17:14
»
Packet Storm Security Exploits
Browser Exploit Against SSL/TLS, or BEAST, is a proof of concept tool that demonstrates a weakness in the SSL protocol. It allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.
-
17:14
»
Packet Storm Security Recent Files
Browser Exploit Against SSL/TLS, or BEAST, is a proof of concept tool that demonstrates a weakness in the SSL protocol. It allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.
-
17:14
»
Packet Storm Security Misc. Files
Browser Exploit Against SSL/TLS, or BEAST, is a proof of concept tool that demonstrates a weakness in the SSL protocol. It allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.
-
-
7:22
»
Packet Storm Security Recent Files
This report gives general recommendations as to how to configure SSL/TLS in order to provide state of the art authentication and encryption. The options offered by SSL engines grew from the early days since Netscape developed SSL2.0. The introduction of TLS made matters more challenging as servers and clients offer different sets of available options depending on which SSL engine (OpenSSL, NSS, SCHANNEL, etc.) they use. Finding the middle ground has proven difficult especially as the supported protocols and cipher suites are mostly not documented. To make matters more complicated Browsers may not use all functionality offered by the SSL stack, this report will only list functionality used by current Browsers. This report provides an overview of the currently available TLS options across Servers and Clients and allows you to offer support for a wide variety of Browsers an offer "good enough" security.
-
7:22
»
Packet Storm Security Misc. Files
This report gives general recommendations as to how to configure SSL/TLS in order to provide state of the art authentication and encryption. The options offered by SSL engines grew from the early days since Netscape developed SSL2.0. The introduction of TLS made matters more challenging as servers and clients offer different sets of available options depending on which SSL engine (OpenSSL, NSS, SCHANNEL, etc.) they use. Finding the middle ground has proven difficult especially as the supported protocols and cipher suites are mostly not documented. To make matters more complicated Browsers may not use all functionality offered by the SSL stack, this report will only list functionality used by current Browsers. This report provides an overview of the currently available TLS options across Servers and Clients and allows you to offer support for a wide variety of Browsers an offer "good enough" security.
-
-
11:46
»
SecDocs
Authors:
Ivan Ristic Tags:
X.509 SSL Event:
Black Hat USA 2010 Abstract: SSL (TLS) is the technology that protects the Internet, but very little is actually known about its usage in real-life. How are the many Internet SSL servers configured? Which CA certificates do they use? Which protocols and cipher suites are supported? Answers to even these basic questions were either unavailable, or restricted to the small number of organizations who could afford to fund such research. In this talk we will present the first results of the SSL Survey project, which is the most comprehensive SSL and TLS server configuration survey ever undertaken. By using the deep assessment technology developed at SSL Labs for over a year, we scan and analyze every SSL server on the Internet. In this talk, we will present the assessment methodology, the rationale, as well as the results. The findings will be made freely available to the public. In addition, we will also share the raw data with qualified security researchers. As a bonus, during the talk we will also unveil an updated version of the free online SSL assessment tool, which uses the same assessment technology as the SSL survey itself. SSL Labs (https://www.ssllabs.com), funded by Qualys, is a research effort that focuses on SSL and TLS. Its other projects include: SSL threat model, passive SSL fingerprinting, SSL client capability database, SSL server capability database, and SSL usage tracking.
-
11:45
»
SecDocs
Authors:
Ivan Ristic Tags:
X.509 SSL Event:
Black Hat USA 2010 Abstract: SSL (TLS) is the technology that protects the Internet, but very little is actually known about its usage in real-life. How are the many Internet SSL servers configured? Which CA certificates do they use? Which protocols and cipher suites are supported? Answers to even these basic questions were either unavailable, or restricted to the small number of organizations who could afford to fund such research. In this talk we will present the first results of the SSL Survey project, which is the most comprehensive SSL and TLS server configuration survey ever undertaken. By using the deep assessment technology developed at SSL Labs for over a year, we scan and analyze every SSL server on the Internet. In this talk, we will present the assessment methodology, the rationale, as well as the results. The findings will be made freely available to the public. In addition, we will also share the raw data with qualified security researchers. As a bonus, during the talk we will also unveil an updated version of the free online SSL assessment tool, which uses the same assessment technology as the SSL survey itself. SSL Labs (https://www.ssllabs.com), funded by Qualys, is a research effort that focuses on SSL and TLS. Its other projects include: SSL threat model, passive SSL fingerprinting, SSL client capability database, SSL server capability database, and SSL usage tracking.
-
-
23:40
»
Packet Storm Security Recent Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
23:40
»
Packet Storm Security Misc. Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
-
8:35
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1282-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing.
-
8:35
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1282-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing.
-
8:35
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1282-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing.
-
-
18:24
»
Packet Storm Security Recent Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
18:24
»
Packet Storm Security Misc. Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
-
13:46
»
Packet Storm Security Recent Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
13:46
»
Packet Storm Security Misc. Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
-
19:53
»
Packet Storm Security Advisories
iOS's SSL certificate parsing contains a flaw where it fails to check the basicConstraints parameter of certificates in the chain. By signing a new certificate using a legitimate end entity certificate, an attacker can obtain a "valid" certificate for any domain.
-
19:53
»
Packet Storm Security Recent Files
iOS's SSL certificate parsing contains a flaw where it fails to check the basicConstraints parameter of certificates in the chain. By signing a new certificate using a legitimate end entity certificate, an attacker can obtain a "valid" certificate for any domain.
-
19:53
»
Packet Storm Security Misc. Files
iOS's SSL certificate parsing contains a flaw where it fails to check the basicConstraints parameter of certificates in the chain. By signing a new certificate using a legitimate end entity certificate, an attacker can obtain a "valid" certificate for any domain.
-
-
21:45
»
Packet Storm Security Recent Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
21:45
»
Packet Storm Security Misc. Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
-
14:30
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-0959-01 - Mutt is a text-mode mail user agent. A flaw was found in the way Mutt verified SSL certificates. When a server presented an SSL certificate chain, Mutt could ignore a server hostname check failure. A remote attacker able to get a certificate from a trusted Certificate Authority could use this flaw to trick Mutt into accepting a certificate issued for a different hostname, and perform man-in-the-middle attacks against Mutt's SSL connections. All Mutt users should upgrade to this updated package, which contains a backported patch to correct this issue. All running instances of Mutt must be restarted for this update to take effect.
-
14:30
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-0959-01 - Mutt is a text-mode mail user agent. A flaw was found in the way Mutt verified SSL certificates. When a server presented an SSL certificate chain, Mutt could ignore a server hostname check failure. A remote attacker able to get a certificate from a trusted Certificate Authority could use this flaw to trick Mutt into accepting a certificate issued for a different hostname, and perform man-in-the-middle attacks against Mutt's SSL connections. All Mutt users should upgrade to this updated package, which contains a backported patch to correct this issue. All running instances of Mutt must be restarted for this update to take effect.
-
14:30
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-0959-01 - Mutt is a text-mode mail user agent. A flaw was found in the way Mutt verified SSL certificates. When a server presented an SSL certificate chain, Mutt could ignore a server hostname check failure. A remote attacker able to get a certificate from a trusted Certificate Authority could use this flaw to trick Mutt into accepting a certificate issued for a different hostname, and perform man-in-the-middle attacks against Mutt's SSL connections. All Mutt users should upgrade to this updated package, which contains a backported patch to correct this issue. All running instances of Mutt must be restarted for this update to take effect.
-
-
18:15
»
Packet Storm Security Recent Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
18:15
»
Packet Storm Security Misc. Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
-
19:40
»
Packet Storm Security Recent Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
19:40
»
Packet Storm Security Misc. Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
-
18:34
»
Packet Storm Security Recent Files
Whitepaper called SSL and HTTP Exposed. It discusses how to perform an HTTPS stripping attack against the TOR network using sslstrip.py and iptables.
-
18:34
»
Packet Storm Security Misc. Files
Whitepaper called SSL and HTTP Exposed. It discusses how to perform an HTTPS stripping attack against the TOR network using sslstrip.py and iptables.
-
-
13:50
»
Packet Storm Security Recent Files
This application is used to test SSL ciphers/protocols. It has some specific functionality for sip, ftps, pop3 and smtp and also tests for renegotiation. The binaries (in the debug-folder) ships with OpenSSL 1.0c dlls for win32. A separate test-tool enables testing for all possible ciphers allowed by protocols (not just OpenSSL-recognized-ciphers). Now there are also some tests for the Microsoft PCT protocol.
-
13:50
»
Packet Storm Security Misc. Files
This application is used to test SSL ciphers/protocols. It has some specific functionality for sip, ftps, pop3 and smtp and also tests for renegotiation. The binaries (in the debug-folder) ships with OpenSSL 1.0c dlls for win32. A separate test-tool enables testing for all possible ciphers allowed by protocols (not just OpenSSL-recognized-ciphers). Now there are also some tests for the Microsoft PCT protocol.
-
-
8:24
»
Packet Storm Security Recent Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
8:24
»
Packet Storm Security Misc. Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
-
6:15
»
Carnal0wnage
In the previous
post I talked about using the db_service -R to use the information in your database/workspace to throw an auxiliary module at hosts that had port 443 open.
Let's take this one step further...and throw multiple aux modules against the hosts that have port 80 open.
I'm going to use a resource script to do this. The cool thing about resource scripts is that you dont have to do them just at startup. You can do them anytime on the console.
msf auxiliary(options) > resource
Usage: resource path1 path2 ...
Run the commands stored in the supplied files.
In this case i want to run two modules against every port that has 80 open. Here's some code to do it:
set THREADS 10
[ruby] **#replace [ and ] with their respective ""**'
#start with an array to hold our modules we want to run
modules = [
"auxiliary/scanner/http/http_version",
"auxiliary/scanner/http/options",]
#another array for our hosts
hosts = []
framework.db.services.each do |service|
if service.port == 443
hosts end
end
#loop through each module in the list
modules.each do |blah|
self.run_single("use #{blah}")
puts ("\nRunning Auxiliary Module #{blah}")
#for each host with 443 open, set appropriate configs and run the module against it
hosts.each do |rhost|
self.run_single("set RHOSTS #{rhost}")
self.run_single("set RPORT 443") #change to the port above
self.run_single("set SSL TRUE")
self.run_single("run")
end
end
[/ruby] **#replace [ and ] with their respective ""**
Running it:
msf auxiliary(options) > resource /home/user/.msf3/aux_do_dbhosts.rc
resource (/home/user/.msf3/aux_do_dbhosts.rc)> set THREADS 10
THREADS => 10
[*] resource (/home/user/.msf3/aux_do_dbhosts.rc)> Ruby Code (962 bytes)
Running Auxiliary Module auxiliary/scanner/http/http_version
RHOSTS => 192.168.1.10
RPORT => 443
SSL => TRUE
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
RHOSTS => 192.168.1.106
RPORT => 443
SSL => TRUE
[*] 192.168.1.106 nginx/0.6.32 ( 302-http://192.168.1.106/ )
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
RHOSTS => 192.168.1.107
RPORT => 443
SSL => TRUE
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
RHOSTS => 192.168.1.135
RPORT => 443
SSL => TRUE
[*] 192.168.1.135 Apache/2.2.11 (Ubuntu) mod_ssl/2.2.11 OpenSSL/0.9.8g Phusion_Passenger/2.2.15 ( Powered by Phusion Passenger (mod_rails/mod_rack) 2.2.15 )
[*] Auxiliary module execution completed
RHOSTS => 192.168.1.168
RPORT => 443
SSL => TRUE
[*] 192.168.1.168 Apache/2.2.8 (Ubuntu) mod_python/3.3.1 Python/2.5.2 PHP/5.2.4-2ubuntu5.3 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_wsgi/1.3
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
RHOSTS => 192.168.1.229
RPORT => 443
SSL => TRUE
[*] 192.168.1.229 Apache/2.2.9 (Debian) DAV/2 SVN/1.4.2 PHP/5.3.2-0.dotdeb.1 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.2 Perl/v5.8.8 ( Powered by PHP/5.3.2-0.dotdeb.1 )
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Running Auxiliary Module auxiliary/scanner/http/options
RHOSTS => 192.168.1.10
RPORT => 443
SSL => TRUE
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
RHOSTS => 192.168.1.100
RPORT => 443
SSL => TRUE
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
...SNIP...YOU GET THE IDEA...
-CG
thanks to hdm and jcran
-
-
14:13
»
SecDocs
Authors:
Ivan Ristic Tags:
X.509 SSL Event:
Black Hat Abu Dhabi 2010 Abstract: SSL (TLS) is the technology that protects the Internet, but very little is actually known about its usage in real-life. How are the many Internet SSL servers configured? Which CA certificates do they use? Which protocols and cipher suites are supported? Answers to even these basic questions were either unavailable, or restricted to the small number of organizations who could afford to fund such research. In this talk we will present the first results of the SSL Survey project, which is the most comprehensive SSL and TLS server configuration survey ever undertaken. By using the deep assessment technology developed at SSL Labs for over a year, we scan and analyze every SSL server on the Internet. In this talk, we will present the assessment methodology, the rationale, as well as the results. The findings will be made freely available to the public. In addition, we will also share the raw data with qualified security researchers. As a bonus, during the talk we will also unveil an updated version of the free online SSL assessment tool, which uses the same assessment technology as the SSL survey itself. SSL Labs (https://www.ssllabs.com), funded by Qualys, is a research effort that focuses on SSL and TLS. Its other projects include: SSL threat model, passive SSL fingerprinting, SSL client capability database, SSL server capability database, and SSL usage tracking.
-
14:12
»
SecDocs
Authors:
Ivan Ristic Tags:
X.509 SSL Event:
Black Hat Abu Dhabi 2010 Abstract: SSL (TLS) is the technology that protects the Internet, but very little is actually known about its usage in real-life. How are the many Internet SSL servers configured? Which CA certificates do they use? Which protocols and cipher suites are supported? Answers to even these basic questions were either unavailable, or restricted to the small number of organizations who could afford to fund such research. In this talk we will present the first results of the SSL Survey project, which is the most comprehensive SSL and TLS server configuration survey ever undertaken. By using the deep assessment technology developed at SSL Labs for over a year, we scan and analyze every SSL server on the Internet. In this talk, we will present the assessment methodology, the rationale, as well as the results. The findings will be made freely available to the public. In addition, we will also share the raw data with qualified security researchers. As a bonus, during the talk we will also unveil an updated version of the free online SSL assessment tool, which uses the same assessment technology as the SSL survey itself. SSL Labs (https://www.ssllabs.com), funded by Qualys, is a research effort that focuses on SSL and TLS. Its other projects include: SSL threat model, passive SSL fingerprinting, SSL client capability database, SSL server capability database, and SSL usage tracking.
-
-
23:18
»
Packet Storm Security Recent Files
This application is used to test SSL ciphers/protocols. It has some specific functionality for sip, ftps, pop3 and smtp and also tests for renegotiation. The binaries (in the debug-folder) ships with OpenSSL 1.0c dlls for win32. A separate test-tool enables testing for all possible ciphers allowed by protocols (not just OpenSSL-recognized-ciphers). Now there are also some tests for the Microsoft PCT protocol.
-
23:18
»
Packet Storm Security Misc. Files
This application is used to test SSL ciphers/protocols. It has some specific functionality for sip, ftps, pop3 and smtp and also tests for renegotiation. The binaries (in the debug-folder) ships with OpenSSL 1.0c dlls for win32. A separate test-tool enables testing for all possible ciphers allowed by protocols (not just OpenSSL-recognized-ciphers). Now there are also some tests for the Microsoft PCT protocol.
-
-
9:29
»
Packet Storm Security Recent Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
9:29
»
Packet Storm Security Misc. Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
20:40
»
Packet Storm Security Recent Files
SSLSmart is an open source, highly flexible and interactive tool aimed at improving efficiency and reducing false positives during SSL testing. A number of tools allow users to test for supported SSL ciphers suites, but most only provide testers with a fixed set of cipher suites. Further testing is performed by initiating only an SSL socket connection with one cipher suite at a time, an inefficient approach that leads to false positives and often does not provide a clear picture of the true vulnerability of the server. SSLSmart is designed to combat these shortcomings.
-
20:40
»
Packet Storm Security Misc. Files
SSLSmart is an open source, highly flexible and interactive tool aimed at improving efficiency and reducing false positives during SSL testing. A number of tools allow users to test for supported SSL ciphers suites, but most only provide testers with a fixed set of cipher suites. Further testing is performed by initiating only an SSL socket connection with one cipher suite at a time, an inefficient approach that leads to false positives and often does not provide a clear picture of the true vulnerability of the server. SSLSmart is designed to combat these shortcomings.
-
-
10:22
»
Packet Storm Security Recent Files
This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
-
10:22
»
Packet Storm Security Misc. Files
This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
-
-
20:29
»
SecuriTeam
Many routers that provide an HTTPS administrative interface use default or hard-coded SSL keys that can be recovered by extracting the file system from the device's firmware.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
12:58
»
Packet Storm Security Recent Files
This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
-
12:58
»
Packet Storm Security Misc. Files
This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
-
-
17:25
»
Packet Storm Security Recent Files
This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
-
17:25
»
Packet Storm Security Misc. Files
This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
-
-
21:33
»
Packet Storm Security Recent Files
This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
-
21:33
»
Packet Storm Security Misc. Files
This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
-
-
14:55
»
SecuriTeam
Cisco IOS Software contains a vulnerability when the Cisco IOS SSL VPN feature is configured with an HTTP redirect.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
12:28
»
Packet Storm Security Recent Files
This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
-
12:28
»
Packet Storm Security Misc. Files
This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
-
-
17:10
»
Packet Storm Security Recent Files
This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
-
17:10
»
Packet Storm Security Misc. Files
This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
-
-
18:18
»
SecuriTeam
This vulnerability allows remote attackers to decrypt secure socket layer (SSL) communications directed to multiple Sourcefire products.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:00
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-089 - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. The updated packages have been patched to correct these issues.
-
17:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-089 - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. The updated packages have been patched to correct these issues.
-
-
17:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 929-2 - USN-929-1 fixed vulnerabilities in irssi. The upstream changes introduced a regression when using irssi with SSL and an IRC proxy. This update fixes the problem. It was discovered that irssi did not perform certificate host validation when using SSL connections. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Aurelien Delaitre discovered that irssi could be made to dereference a NULL pointer when a user left the channel. A remote attacker could cause a denial of service via application crash. This update also adds SSLv3 and TLSv1 support, while disabling the old, insecure SSLv2 protocol.
-
17:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 929-2 - USN-929-1 fixed vulnerabilities in irssi. The upstream changes introduced a regression when using irssi with SSL and an IRC proxy. This update fixes the problem. It was discovered that irssi did not perform certificate host validation when using SSL connections. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Aurelien Delaitre discovered that irssi could be made to dereference a NULL pointer when a user left the channel. A remote attacker could cause a denial of service via application crash. This update also adds SSLv3 and TLSv1 support, while disabling the old, insecure SSLv2 protocol.
-
9:00
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-076 - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection. OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors. The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash). Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Packages for 2009.0 are provided due to the Extended Maintenance Program.
-
9:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-076 - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection. OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors. The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash). Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Packages for 2009.0 are provided due to the Extended Maintenance Program.
-
-
14:00
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-076 - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection. OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors. The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash). Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products.
-
14:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-076 - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection. OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors. The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash). Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products.
-
20:00
»
Packet Storm Security Tools
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
20:00
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-069 - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. Additionally the NSPR package has been upgraded to 4.8.4 that brings numerous upstream fixes. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides the latest versions of NSS and NSPR libraries and for which NSS is not vulnerable to this attack.
-
20:00
»
Packet Storm Security Recent Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
20:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-069 - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. Additionally the NSPR package has been upgraded to 4.8.4 that brings numerous upstream fixes. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides the latest versions of NSS and NSPR libraries and for which NSS is not vulnerable to this attack.
-
-
7:23
»
remote-exploit & backtrack
Hi Folks,
Been looking at this area for quite some time, watched all the video's and decided to try it. Tried it on a Windows XP Machine, MacBook Pro and finally my Nokia N800. I also tried BT4 on each.
Worked really well, frightening how POP3 passwords just pop up! However, what I haven't been able to do it SSL e.g. Gmail etc.
Before I go any further, I would like to state that this is on my own test network which has both wireless and wired connections. I am using a wireless connection. The end goal is a demostration to a community that are installing an open Wifi network which I have already demonstrated WireShark in action.
My sequence is:
Start ettercap -G
Check Promiscuous Mode is checked, then launch Unified Sniffing, specify wlan0
Scan for Hosts
Add the router to Target 2 and then the computer(s) I want to sniff to Target One.
Start Sniffing
Open MITM and select ARP, then enable Remote Connection sniffing
After a few moments I get the POP passwords etc but nothing SSL.
I note most of the tutorials involve Virtual Machines and they do get SSL info with the same steps above, does this have a bearing on the operation?
I amn't worried about warnings in browsers as I don't intend to implement this, I just want to demo it. Preferably I'd like to run the whole operation with ettercap -G (and on the N800) if possible with the need for SSLStrip etc
Thanks for any info!
ironclaw
-
-
1:37
»
Packet Storm Security Tools
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
1:37
»
Packet Storm Security Recent Files
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
-
-
19:01
»
Packet Storm Security Tools
Harden SSL/TLS hardens the default SSL/TLS settings of Windows 2000,2003,2008,2008R2, XP,Vista,7. It allows you to remotely set SSL/TLS policies allowing or denying certain ciphers/hashes or complete ciphersuites.
-
19:01
»
Packet Storm Security Recent Files
Harden SSL/TLS hardens the default SSL/TLS settings of Windows 2000,2003,2008,2008R2, XP,Vista,7. It allows you to remotely set SSL/TLS policies allowing or denying certain ciphers/hashes or complete ciphersuites.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Hack a Day
Wirevolution