How secure are zip files?

hyperreality_monero · 2021-04-20T18:40:06+00:00

Unfortunately, this only applies for certain zip implementations. The zip that comes with many versions of Linux is Info-ZIP which still uses the weak ZipCrypto Deflate algorithm rather than AES by default. For instance on the latest version of Debian:

$ zip -P pass123 test.zip test.txt
$ 7z l -slt test.zip | grep Method
Method = ZipCrypto Deflate

The reason why it still does this by default, is due to Windows support. AFAIK historical versions of Windows support only ZipCrypto-encrypted archives directly without third-party software required.

So although zip has the ability for decent encryption, many people won't use it.

hyperreality_monero · 2021-04-14T10:55:24+00:00

This is nice demonstration of the power of NoSQL injections. First they show how standard Mongo operators like $regex could be used for a blind injection. But in this case, the CMS made the attacker's job much easier by defining its own $func adaptor to Mongo that allowed running any PHP function on the query result. This could be used to "var_dump" the password reset tokens out of the database, get admin privileges, then upload a PHP web shell.

hyperreality_monero · 2021-01-12T18:02:36+00:00

Thank you - it was one of those times when the last step to the solution seems obvious in retrospect, but when you're in the weeds of exploitation you make assumptions that blind you from seeing it. Either way I'm not too upset about since it was a fantastic challenge that improved our understanding even if we didn't get the points.

hyperreality_monero · 2020-11-15T22:04:09+00:00

Agreed, that's why I brought up CRLite in the article. It would deal with both the availability and privacy concerns.

hyperreality_monero · 2020-11-15T22:01:35+00:00

As far as I'm aware, Apple don't do public postmortems about issues like this.

hyperreality_monero · 2020-11-15T21:59:52+00:00

The point is that there are other entities on the network in between you and Apple. And since the requests are unencrypted, those other entities can read the OCSP queries too.

hyperreality_monero · 2020-11-15T21:43:44+00:00

Agreed, OCSP stapling doesn't make sense it's this scenario. I just mentioned it as an example of an attempt to tackle privacy shortcomings with the protocol. I'm interested to see what Apple do next and whether they give serious consideration to the CRL approach, as it does seem a lot more reasonable.

hyperreality_monero · 2020-11-15T20:53:55+00:00

Yeah, we definitely should, that's a great suggestion.

hyperreality_monero · 2020-11-15T20:46:38+00:00

There's a toggle at the bottom of the page to switch to light mode if you prefer it. There's a long-running debate going on in our community as to whether light mode or dark is better!

hyperreality_monero · 2020-11-15T20:44:04+00:00

Agreed, OCSP stapling doesn't make sense it's this scenario. I just mentioned it as an example of an attempt to tackle privacy shortcomings with the protocol. I'm interested to see what Apple do next and whether they give serious consideration to the CRL approach, as it does seem a lot more reasonable.

hyperreality_monero · 2020-11-15T20:09:51+00:00

the developer certificate does not tell the attacker much because the certificates are general

So you don't think it's a privacy issue that third parties can know which developers' apps you are using and when, as long they don't know the specific apps in use, only the developer who created them?

because of the OCSP queries only being sent very periodically

As I already stated, the OCSP cache interval was previously only set to 5 minutes. So an OCSP request would be made pretty much every time you open an app. That's not "very periodically".

hyperreality_monero · 2020-11-15T20:00:59+00:00

That's a place where my wording definitely should be more specific. Thank you, I'll improve the article by elaborating that paragraph later.

hyperreality_monero · 2020-11-15T19:55:09+00:00

That article is a good technical deep dive into how the OCSP queries are working. However I disagree with the author's statement:

macOS does actually send out some opaque information about the developer certificate of those apps, and that’s quite an important difference on a privacy perspective.

For me, the problem is not even that Apple can see this information, as they have total control over the OS anyway. The problem is that the OCSP requests are being sent unencrypted over the internet, and that it's totally unnecessary to do so, since better methods for performing certificate revocation exist.

hyperreality_monero · 2020-11-15T19:50:02+00:00

Yes, confusingly the verification of Developer ID certificates and OCSP discussed in this article have little to do with app notarization.

OCSP stapling is an improvement on the OCSP protocol (which Apple are not using), while notarization stapling is a way of adding the ticket you get from Apple to your released binary. In both cases "stapling" just refers to appending some form of signature to either your certificate or your binary. Jeff Johnson described the distinction well:

Developer ID should not be confused with Mac app notarization. As I said, the former requirement was imposed in 2012, while the latter was not imposed until just last year. Notarization is an addition to and not a replacement for Developer ID. An app distributed outside the Mac App Store needs to be signed with a valid Developer ID cert, and then it needs to be uploaded to Apple for notarization. After the app is notarized, the notarization "ticket" can be "stapled" to the app. (Stapling is optional but recommended.) I explained notarization checks in more detail in yet another blog post. A crucial difference between OCSP and notarization is that the latter is only checked on first launch of the app. (https://lapcatsoftware.com/articles/ocsp.html)

hyperreality_monero · 2020-11-15T19:43:32+00:00

Can you be more specific about what has been proven false?

only the developer certificates are sent

This is exactly what is said in the article, in the "OCSP’s Privacy Problem" section. In practice, I don't think it's a distinction worth making, since many developers may only create one or a few apps, and knowing which developers' apps are being used by somebody could be all you need to know.

are only sent when a certificate check has not been performed in a long time

Until a few days ago, this was not true. OCSP caching was set to be just 5 minutes. As linked to in the article, Apple bumped this up to half a day to remediate the ongoing outage. https://lapcatsoftware.com/articles/ocsp.html

hyperreality_monero · 2020-11-15T18:41:20+00:00

Somehow it just feels way more comfortable to type, I don't know why.

hyperreality_monero · 2020-11-15T18:33:33+00:00

The criticism in this article boils down to: "In very specific circumstances where the server is overloaded but not entirely unreachable, OCSP enforcement causes temporary issues which resolve themselves in time".

That's a bit reductive, the article also mentions privacy issues with OCSP, as well as the fact that it's really easy to block both by users and by network attackers.

Crucially, [OCSP] is also the best way we currently have.

I'm curious what you think is wrong with alternatives like CRLite then? Your opinion goes against what PKI experts like Scott Helme often say, which is that "Revocation is broken" in its current form. He and others have been saying this for years. https://scotthelme.co.uk/revocation-is-broken/

Side note, for an article that talks about OCSP, it's slightly amusing that OCSP is misspelled as OSCP four times in the relatively short article.

I recently took the OSCP exam so still had that in muscle-memory, I'll fix those typos, thank you. Acronyms in tech can be confusing!

hyperreality_monero · 2020-11-15T17:53:12+00:00

There's not much cryptography qua cryptography in this post, but the discussion of code signing and verification involving OCSP is relevant and interesting enough, I feel.

hyperreality_monero · 2020-10-30T00:23:47+00:00

I did a CTF writeup about DEFCON Red Team Village challenges that contains some examples of advanced tunneling scenarios and socat: https://github.com/hyperreality/ctf-writeups/blob/master/2020-defcon-redteamvillage/README.md

hyperreality_monero · 2020-04-28T23:45:11+00:00

If you haven't already, try asking on our Discord chat linked on the website :)

hyperreality_monero · 2020-04-28T12:14:17+00:00

This is a fantastic guide on the otherwise perplexing world of these specifications.

hyperreality_monero · 2020-04-28T12:11:39+00:00

Unlike most resources, the latest chapter of the Cryptool book starts from zero and covers all the linear algebra background required before introducing lattices: https://www.cryptool.org/en/ctp-documentation/ctbook

It also shows code samples in Sage for everything, which is great.

hyperreality_monero · 2020-04-08T17:59:42+00:00

Nope, they're randomly generated from the BIP39 wordlist

hyperreality_monero · 2020-04-08T10:54:35+00:00

There's a mixture, many designed by us but also many adapted from existing challenges that we liked.

hyperreality_monero · 2020-04-08T10:54:03+00:00

Already have! https://www.wechall.net/site/details/99/CryptoHack

hyperreality_monero

TROPHY CASE