Re: [EXTERNAL] Forum hacked
Posted by Parks, Raymond on Nov 19, 2013; 4:56pm
URL: http://friam.383.s1.nabble.com/Forum-hacked-tp7584291p7584310.html
Exactly. It's astounding what information critical to the security of computer systems can be found through Open-Source Intelligence (OSINT). The CIA has opened an office that does nothing but OSINT.
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
URL: http://friam.383.s1.nabble.com/Forum-hacked-tp7584291p7584310.html
Exactly. It's astounding what information critical to the security of computer systems can be found through Open-Source Intelligence (OSINT). The CIA has opened an office that does nothing but OSINT.
When we red team (authorized adversary-based assessment for defensive purposes), we always start with OSINT. In the past, I've found all sorts of interesting things in open sources. I found the architecture of a DoD defensive system in the Delhi Star, quoted from a speech given by a DoD civilian executive. I found the backup power generation details of a government data center in a USA Jobs posting. I leveraged that with a spreadsheet containing the information about contract costs accessible on the agency's external web-site. The cost of the contract with the generator vendor told me what services the agency was buying and that the generators "phoned home" to the vendor. Thus I knew that the generators had Internet access. I've found the details of control system installations on the web-sites of integrators trying to sell their services to other customers (they had anonymized some but other details I knew about my target/customer allowed me to make the connection). We found the complete details of all software installations, services, and running processes for computers in government networks posted on the web in technical support forums.
It is possible to avoid information exposure, but it's not easy and most folks simply prefer the convenience of using the WWW and ignore their escaping information.
Ray Parks
Consilient Heuristician/IDART Program Manager
V: 505-844-4024 M: 505-238-9359 P: 505-951-6084
NIPR: [hidden email]
SIPR: [hidden email] (send NIPR reminder)
JWICS: [hidden email] (send NIPR reminder)
On Nov 18, 2013, at 9:35 PM, Gillian Densmore wrote:
Password cracking? Hmm- as to how? I can add a little insight into this one. Password cracking is just one tool. So is knowing week points of the audiance in the forums,fake, proxy, and redirecting websites just as a few. This last summer: Live Networks (XBOX live, SkyDrive etc), PSN (the Play Station Network) Blizzard.com, Battle.net(owned and run blizzard), as well as G+, All had Individually, 50K + in SSN, Credit Card Info- three digit security- among the tropies, its my understanding source code for Battle.Net, a conservitve net billion of games between Sony, Blizzard, and Microsft were all stolen in a matter of seconds:
Acording to the group it self (Anonymous) How? Prep, Patiance, fake info, and eye for detail when it came to weeknes not in the passwords when entered where ever there used but in a lots and lots of tools from fake support pages. Waching how people ask support questions.
All that to say: To the degree technology can make a fancy key. Thicker doors, and deeper bunkers. All that will not help as long as there are Sith out there.============================================================On Mon, Nov 18, 2013 at 5:16 PM, Parks, Raymond <[hidden email]> wrote:
The addition of a salt to a password makes rainbow tables much less effective because it makes the table space larger, even trading off chain length for convergence. However, rainbow tables are no longer the thing - with multi-GPU setups, password crackers just brute force passwords. Basically, the sequence is:1. Using a large (20 million word) multiple language (but standard ASCII) dictionary derived from text sources across the WWW, hash the words in that dictionary with variants (leet-speak, other substitutions, plurals, added numbers, 8 for "ate", et cetera), and compare the outputs to the captured password file. Salt is basically a variant that can be accounted for - extra random characters.2. If some passwords are of the type you dislike, then those can be brute-forced almost as fast as rainbow tables can be calculated. Salt is irrelevant in this process, other than making the effective number of bytes longer.In the Ars articles, Step 1 seems to get as much as 90% of self-chosen passwords in a matter of hours. The practitioners in the Ars articles don't go on to Step 2, but I would expect that to take less than a week. If the hash algorithm is captured along with the passwords, then the cracker has the advantage of knowing whether the web-site uses salt. Operating systems, of course, are studied off-line to determine the algorithm and use of salt.
Ray ParksConsilient Heuristician/IDART Program ManagerV: <a href="tel:505-844-4024" value="+15058444024" target="_blank">505-844-4024 M: <a href="tel:505-238-9359" value="+15052389359" target="_blank">505-238-9359 P: <a href="tel:505-951-6084" value="+15059516084" target="_blank">505-951-6084NIPR: [hidden email]SIPR: [hidden email] (send NIPR reminder)JWICS: [hidden email] (send NIPR reminder)
On Nov 18, 2013, at 11:48 AM, cody dooderson wrote:I find passwords really hard to remember. Especially those sites that require numbers, symbols,uppercase, and lower case characters. I personally would rather use a 20 character all lowercase password than an 8 character mixed symbol password. As a result keep a document, in the cloud, with all of my passwords stored in plain text. Many of these passwords I could care less if someone cracked.Also, I was under the impression that salting prevents the use of rainbow tables.============================================================Cody SmithOn Mon, Nov 18, 2013 at 11:28 AM, Parks, Raymond <[hidden email]> wrote:WRT password cracking - Dan Goodin has a good series of articles on password cracking at Ars Technica.TL;DR - Current GPU-based password cracking using 20-million word dictionaries make truly random passwords below 14 characters and nearl all pass-phrases susceptible to cracking in a relatively short time.On a related subject, roughly 75% of websites store passwords as nothing more complicated than simple, unsalted MD5 hashes. This is almost as easy to break as as NTLM.Salt makes the initial crack more difficult, but if the same salt is used for all hashes, then subsequent cracks ignore it.WRT the use of PII - it's sold on various markets, correlated in a "big data" manner with other exposures, and, if enough information is available and the person's credit score is high enough, is used for credit attacks. In some cases, if banking information is correlated, the collection is used for banking attacks. If there is poor correlation but an email or FQDN is in the information, then the data may be used as a target list.Ray ParksConsilient Heuristician/IDART Program ManagerV: <a href="tel:505-844-4024" value="+15058444024" target="_blank">505-844-4024 M: <a href="tel:505-238-9359" value="+15052389359" target="_blank">505-238-9359 P: <a href="tel:505-951-6084" value="+15059516084" target="_blank">505-951-6084NIPR: [hidden email]SIPR: [hidden email] (send NIPR reminder)JWICS: [hidden email] (send NIPR reminder)
On Nov 18, 2013, at 10:12 AM, Owen Densmore wrote:A forum I belong to has been hacked, including personal info as well as passwords.How do they use this information?I presume they try the hash function on all combinations of possible passwords. (Naturally optimized for faster convergence). They see a match, i.e. a letter combination resulting in the given hash of the password.If they crack one password, does that make cracking the rest any easier?And does "salt" simply increase the difficulty, and indeed can it be deduced, as above, by cracking a single password?.. or is it all quite different from this!-- Owen============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
smime.p7s (4K) | Free forum by Nabble | Edit this page |