11/4/2022 0 Comments Security through obscurity![]() ![]()
Continue reading “Security This Week: Racoons In My TLS, Bypassing Frontends, And Obscurity” → Posted in Hackaday Columns, News, Security Hacks, Slider Tagged honeypot, raccoon, security through obscurity, This Week in Security By going through this mathematical dance, the server and client have arrived at a shared value that only they know, while preserving the secrecy of their private keys. ![]() A value raised to a power raised to a power is the same as the value raised to the power of the exponents multiplied together. Exponents have a non-obvious quirk, the power rule. These public keys are exchanged, and each party raises the received key to their own secret key: A^b. ![]() SECURITY THROUGH OBSCURITY MODEach party calculates a public key by raising the shared base to their own private key, mod the shared modulus: A = g^a mod p. The client and server agree on two numeric values, a base g and modulus p, and each party generates a secret key, a and b. If an attacker can make fine-grained timing measurements, he can determine when the pre-master key is trimmed. As that key is part of the input for calculating the master session key, a shortened pre-master key results in a slightly faster calculation of the master key. The central problem is that these older versions of TLS, when using Diffie Hellman (DH), drop leading all-zero bytes in the resulting pre-master key. Raccoon is a flaw in TLS version prior to 1.3, and seems to be a clever bit of work, albeit one with limited real-world application. Raccoon is the next flashy security flaw with a name, cute logo, and a website ( and a PDF). SECURITY THROUGH OBSCURITY SOFTWAREPosted in Security Hacks, Software Hacks Tagged base64, javascript, obfuscation, port knocking, security, security through obscurity ![]() Do you have your own favorite “hidden in plain sight” hack? Be sure to let us know through the Tip Line. If camouflaging data flips your bits, you may want to look at a neat way to embed data right into bash scripts, or conceal a WiFi enabled microcontroller in a USB cable. Be sure to check out the demonstration so you can try it for yourself! It’s a solid reminder that technology can be elevated to a higher stature when put to a noble use. We especially appreciate ’s motivation: Helping those who are vulnerable to protect themselves in any way possible. It’s not only a novel approach to hiding things in plain sight, it’s very cool to use! When the bookmarks are accessed in the proper order, the third bookmark reveals a hidden site. Inspired by port knocking - opening connections to specific network ports in sequence to gain access through a firewall - bookmark knocking requires clicking bookmarks in a specific order to open a link. Bookmarks to gifts, domestic abuse support websites, and other private destinations might be best kept away from prying eyes. Why hide bookmarks to begin with? A browser’s bookmark collection can give away the habits, interests, and needs of the person who put them there. He calls his latest technique “Bookmark Knocking” and he’s made a demonstration available on his Github account. SECURITY THROUGH OBSCURITY PASSWORDhas been researching various ways to password protect and hide browser bookmarks in plain sight. As many prolific geocachers know, hiding things out in the open is a great way to make sure that people overlook them. Have you ever been looking for a screwdriver, USB stick, or your keys, only to find them right where you left them in plain sight? We have. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |