Overview of multiplatform password managers

The news about LastPass hack broke recently. If the user had strong password, the password is not brute-forcable. However dictionary passwords along with passwords that are guessable with mutation and Markov chains can be broken up to length of 12 characters on one GPU even though LastPass’s key derivation function (KDF) using 100000 iterations. This means that if the attacker can crack user’s simple password, the attacker can download the encrypted blob containing passwords from LastPass and use the cracked password to decrypt them. The weakest link here is the password strength.

Read more

Botnet from compromised routers

In the next release of Turris OS, we would like to give our users the possibility to play a more active part in detection of network attacks. The first of the new functions is SSH honeypot which lures the attacker into a virtual environment where we can then observe his activity. This method will be more thoroughly described in a separate blog post planned for the near future. The second addition is less ambitious, but much simpler and still very useful. It is stripped down version of a honeypot which we internally call a “minipot”. In contrast to the normal honeypot which lets any attacker in with any password, our minipot just pretends that there is the possibility of logging in, and collects the supplied user names and passwords.

Read more

Kleptography – a renovated method of how to get to your data is on the increase

We would considerably enjoy it if the cryptography crises limited themselves to one per day. We know, however, that it is only a wishful thinking.

Unintentional exfiltration of keys

The Chinese manufacturer of electronics Lenovo went in his greed so far that he not only pre-installs the display of advertisement on newly installed notegooks but the installed adware of third parties called Superfish even injects javascript into the code of the page being browsed; the goal is to analyze the page and to target the advertisement better. While doing this it does not limit itself only on non-coded HTTP connection.

Read more

Cyber attacks against handicapped

Window-Eyes is the so-called screen reader (reader of screen) for Microsoft Windows which is used by visually handicapped users, above all by totally blind and seriously visually handicapped users. Such software converts the content of the screen, e.g. of web pages, into the form of alternative output, most frequently as voice or Braille.

Read more

Vulnerability of “rom-0“ after half year

In the previous blogposts about the error “rom-0“ I was engaged in the procedure of how to “mend“ a vulnerable router, I analysed the spreading of this error and above all I referred to the web test which we in Laboratories CZ.NIC activated at the address http://rom-0.cz. The last blogpost on this topic attended to the development of number of vulnerable boxes in the Czech Republic and in Slovakia during the first four months from the beginning of our measurings.

Read more

Attacks on the web honeypot

Honeynet operated by the CZ.NIC association certainly does not have to be particularly introduced to the readers of this blog. Besides articles on this blog there are also accessible source codes of operated honeypots which you can see on our GitLab. In today´s article we will focus on attacks caught on the web honeypot Glastopf.

Read more