Security-Protocols

Nate True and The Dev Team has released jailbreak for iPhones and iPod touchs running version firmware 1.1.3. This one is also very similar to the jailbreak which was released earlier this week, only without the issue of your iPhone not working. Do note that this jailbreak requires your iPhone to be running firmware v1.1.2. iPhones running v1.1.1 will need to upgrade to v1.1.2, jailbreak, and then install the “BSD Subsystem” package. The reason for this is because the v1.1.3 jailbreak occurs on the iPhone itself and is therefore platform independent.

This jailbreak does not upgrade the iPhone’s baseband which breaks things like “Locate Me” functionality in Google maps. If your using a valid AT&T account, it is a good idea to upgrade to v1.1.3 and then downgrade to a jailbroken version of v1.1.2.

For the ones who are using an unlocked iPhone, I suggest that you stay away from firmware version 1.1.3 because it will re-lock your iPhone.

I have tested this jailbreak, and it defianlty works as advertised. It does require some patience, but from my experience it didnt have very many issues.

Download here:
http://security-protocols.com/files/Jailbreak-1.1.3.tar.gz

What did the five fingers say to the face? SLAP!

Rick James slaps v1.1.3

Michal Zalewski and his colleague Filipe Almeida have released DOM Checker which is an automated tool for validating browser security policy enforcement. Below is a description of DOM Checker from the page:

The tool features several fairly neat features, including exhaustive hierarchy crawling and side-channel blind write validation to reduce the number of false positives.

DOM Checker had been used to find a number of major security bypass and information disclosure problems in several popular browsers, and we had worked closely with vendors to resolve them (although it’s worth noting that the tool still reports anywhere from 10 to 30 low-risk, design-related information disclosure issues in these programs).

Our hope is that this tool may serve as a framework for ongoing browser security research, and would be integrated by browser vendors with their regression testing and general release QA processes.

Project Page:
http://code.google.com/p/dom-checker/

Access live instance for testing
http://lcamtuf.coredump.cx/dom_checker/

QueFuzz is a small fuzzer that uses libnetfilter_queue to take in packets from iptables. It’s fuzzing engine either randomly fuzzes binary or ASCII protocols or uses a basic fuzzing template to search and replace packet data. QueFuzz has a very short learning curve, unlike many other fuzzing frameworks. It may not be as powerful but you can have it up and running in under a minute.

Unlike other fuzzers QueFuzz is not focused on data generation. It relies on a valid application to generate the data and instead just mutates the network traffic inline and passes it on.

Below is an example:

1. Setup an iptables rule that queues all outgoing packets with a TCP dst port of 21.

iptables -A OUTPUT -p tcp –dport 21 -j QUEUE

2. Start QueFuzz with an FTP template that looks like this

replace USER USERRRRRRRRRRRRRRRRRRRRRRR
replace PASS PAS%nSSSSS%nSSSSS
$./quefuzz -t ftp.fuz

3. Open your FTP client, and connect to your server as normal. QueFuzz takes care of the packet mutation inline, all you have to do is monitor your server with a debugger for any potential crashes.

QueFuzz was created by Chris Rohlf.

QueFuzz Project page:
http://code.google.com/p/quefuzz/

The guys over at OSXCrypt.org have released OSXCrypt-A5.1B which is currently in beta. Below is a brief description of OSXCrypt:

OSXCrypt is a framework, a kernel extension and a command line utility that allows the creation, manipulation and attaching of a TrueCrypt -compatible volume, and in the near future, any kind of disk-based encryption available through a modular architecture.
This product makes use of TrueCrypt, the sources are synced to version 4.3a, read the Release Notes to know more about legal notices.
NOTE! This product is alpha-quality, it may destroy the contents of your hard disks! Although OSXCrypt should be able to work with physical devices (either partitions or whole disks) it has never been tested throughly, if you are concerned, for the time being, we strongly suggest you to use only file-based disk images.

Again, this is beta software so please use it with caution.

Download OSXCrypt:
http://www.osxcrypt.org/download/

OSXCrypt Video:
http://www.osxcrypt.org/download/tutorial/

This is a follow-up to the post I made regarding Apple leaving the AirPort Extreme-N users out to dry. As you can see in the screen-shot above, tommy (whiskey) is my hard-drive which is plugged into my Airport Extreme which will be used for Time Machine backups. So if you have a AirPort Extreme (AEBS) with a hard-drive plugged in via USB and would like to use it with Time Machine, type in the following in Terminal.app:

defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

This will set Time Machine to use a NAS volume like Airport Disk, or any other NAS volume you might have like ReadyNAS. So we basically now have a Time Capsule type of setup. Only thing is that, using your AEBS and Time Machine is not recommend for critical data because the AEBS is known to corrupt hard-drives plugged into it. Apple obviously disabled this feature in Leopard because Time Machine is buggy when backing up over the wire. So I would not use an AirPort based AirDisk for critical data storage until Apple releases a fix for the AEBS, and or Time Machine. Hopefully we will see something when Time Capsule is released.