Telnet is not dead – at least not on ‘smart’ devices

Depending on your age, you either might or might not have used Telnet to connect to remote computers in the past. But regardless of your age, you would probably not consider Telnet for anything you currently use. SSH has become the de facto standard when it comes to remote shell connection as it offers higher security, data encryption and much more besides.

Read more

DNSSEC signing with Knot DNS and YubiKey

Knot DNS 2.1 introduced support for DNSSEC signing using PKCS #11. PKCS #11 (also called Cryptoki) is a standard interface to access various Hardware Security Modules (HSM). Such devices are usually used to improve protection of private key material. The interface is rather flexible and gives the HSM vendors huge amount of freedom, which unfortunately makes its use a bit tricky. There are often surprising differences between individual implementations.

Read more

The most significant attacks addressed by security teams in the Danube region

On March 15, 2016, the concluding conference of the project “Cyber ​​security in the Danube region” (CS Danube) took place. The main objective of the project joined by representatives of security teams and organizations from Croatia, Austria, Slovakia, Serbia and Moldova, as well as our team CSIRT.CZ, was to strengthen the capacity of individual teams and cooperation in cyber security.

Read more

Metal or not metal? That is the question!

This Hamletesque question has haunted our team in connection with Omnia for a few months. Turris Omnia was introduced as a home router in a nicely shaped plastic case and for a long time we did not even think of other options. 5 GHz Wi-Fi connection was intended to be provided by three outside antennas and the “older” Wi-Fi at the 2.4 GHz frequency was supposed to be broadcast, sort of obligatorily, with two internal antennas, more or less for backwards compatibility with older devices.

Read more

Useful tools for malware analysis

In early October, the international project “Cyber ​​Security in the Danube Region” organized training for security teams operating within the region. As sharing of information and knowledge are essential in the field of security, I decided to write a post in which I would like to draw attention of the security community in the Czech Republic to two very interesting free tools.

Read more

Insistent router botnet

Not so long ago, monitoring attackers in our telnet honeypots helped reveal an interesting botnet composed of ASUS brand home routers. A botnet trying to log into our SSH honeypot running on Turris routers most frequently in the last two weeks is a botnet whose IP addresses, according to Shodan, often have one common characteristic: they respond with cookie AIROS_SESSIONID on port 80. This cookie points at AirOS running on Ubiquiti airRouter. According to data from Shodan, about 20% of attacking IP addresses out of a total of about 6500 can be identified as AirOS due to this cookie. Many addresses, however, come from dynamic pools yet unknown to Shodan.

Read more

CSIRT tools

No larger team can work with one data source and one incident management system today(at least we don’t know such team yet). That’s why every team is engaged in the development of their own tools or at least their own upgrade for already existing tools.

Read more