Archive

Archive for December, 2008

Details Released Regarding SSL Fail

December 30th, 2008
1 comment

For the last few months we’ve been watching Alex Sotirov tweet about breaking the internet.  Often these posts were cryptic indications of a timing issue, several times resulting in a setback.  Today, Alex along with several other researchers released details on just what they were trying to break, and evidence that they had accomplished their goal.

Utilizing weaknesses in the MD5 hashing algorithm, the researchers were able to create an intermediate CA certificate whose signature was a collision of a previously requested and signed website certificate (legit).  This effectively allows them to sign any website certificate they wish and have it appear as trusted by all common browsers.  This is some very cool work that includes an extensive and thorough write-up located @ http://www.win.tue.nl/hashclash/rogue-ca/.

Most of you reading this post have no doubt already done the reading, but holy crap…this is some awesomeness.

UPDATE:  SSL Blacklist + FF Extension can alert you to SSL certs with MD5 signatures.

Security News , ,

DC405 Truth Serum Celebration Ale

December 20th, 2008
No comments

Ingredients:

6lbs – DME
3lbs – Coopers IPA
1lb – Liberty Malt
1lb – Crystal Malt
1oz – Saaz Hops
1oz – Columbus Hops

No distinct style, but it does == good times.

Truth Serum

Beer ,

DC405 December Meeting

December 15th, 2008
No comments

This Friday (December 19th, 2008) the Oklahoma City Defcon Group will be holding it’s December meeting.  I know it’s difficult to tear yourself away from the obligatory holiday duties, but if you are able, this should be a great meeting.

Snowrei will be presenting a talk on Hardware Hacking and Proidiot will be presenting a talk on One Time Pad Encryption.  Very cool stuff, come out and hang out with the hackers in the 405.

What: DC405 – December 2008 Meeting
Where: Panera Bread 10600 S Pennsylvania Ave, Oklahoma City, OK
When: Friday, 12/19/2008, 7-9pm

Uncategorized , , , ,

L1pht Blog

December 14th, 2008
1 comment

I’ve come back from static HTML to a CMS.  I can’t find the time to maintain static pages, even with CSS driving most of the appearance.  Another reason for the move is automated RSS feeds for categories.  I didn’t want the skiddies to have to check back for new modules when they could have a handy RSS feed.  So, we’re back with the blog format for now.  I’m not thrilled with the increased chance of pwnage, but I figure screw it.

I will be bringing the L1pht Metasploit modules and other code online by the end of the month.  I swear. ;)

Site News