DOC PREVIEW
CU-Boulder CSCI 6268 - Lecture #23

This preview shows page 1-2-3-4-26-27-28-54-55-56-57 out of 57 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 57 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 57 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 57 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 57 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 57 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 57 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 57 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 57 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 57 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 57 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 57 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 57 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Foundations of Network and Computer SecurityAnnouncementsLay of the LandPassword CrackersPassword Crackers (cont)Slide 6Password Crackers: exampleMaking Things Harder: SaltPassword Crackers: with SaltFighting the Salt: 4096 TablesGetting the /etc/passwd FileShadowed PasswordsLast Example: Ingres Authorization StringsMoralSocial Engineering: PhishingDisguising URLsDisguising URL’s (cont)Digression: Character EncodingsSegue to Web SecurityWe Can’t Hope to Survey all Possible Web Security IssuesTypical Server-Side VulnerabilityJavascriptJavascript (cont)FilteringXSS AttacksXSS VulnerabilitiesPhishing RevisitedSlide 28Where does the info go?Defenses Against PhishingWireless SecurityWireless Security ChallengesIEEE 802.11a/b/gWireless Network ArchitectureSlide 35My Access PointWar DrivingMore War DrivingNext Time You’re in LAWhat’s the Big Deal?MAC FilteringNon-Signalling APsLet’s Use Crypto!WEP ProtocolSlide 45WEP DecryptionGoalsWEP KeysSlide 49Entering WEP KeysGoals Achieved: ;IV repeatsWhat to do with repeated IVs?AuthenticationAltering WEP CiphertextDefeating the WEP Access MechanismSummary: WEP is no goodFoundations of Network and Foundations of Network and Computer SecurityComputer SecurityJJohn BlackLecture #23Nov 22th 2005CSCI 6268/TLEN 5831, Fall 2005Announcements•Today is “Thursday” (weird, I know)•Tomorrow is “Friday”•No class on Thurs•Project #2 is due on Nov 29th •Quiz #3 is due on Dec 1st•Project #3 is due on Dec 8th, last day of classLay of the Land•I normally talk about off-by-ones and format string vulnerabilities and other vulnerabilities–We’re short of time; same theme as buffer overruns•I want to talk about other well-known and highly relevant security issues in the remaining three lecturesPassword Crackers•Unix approach: store one-way hash of password in a public file–Since hash is one-way, there is no risk in showing the digest, right?–This assumes there are enough inputs to make exhaustive search impossible (recall IP example from the midterm)–There are enough 10-char passwords, but they are NOT equally likely to be used•HelloThere is more likely than H7%$$a3#.4 because we’re humanPassword Crackers (cont)•Idea is simple: try hashing all common words and scan for matching digest–Original Unix algorithm for hash is to iterate DES 25 times using the password to derive the DES key•DES25(pass, 064) = digest•Note: this was proved secure by noticing that this is the CBCMAC of (064)25 under key ‘pass’ and then appealing to known CBCMAC results•Why is DES iterated so many times?Password Crackers (cont)•Note: Actually uses a variant of DES to defeat hardware-based approaches•Note: Modern implementations often use md5 instead of this DES-based hash•But we can still launch a ‘dictionary attack’–Take large list of words, names, birthdays, and variants and hash them–If your password is in this list, it will be crackedPassword Crackers: exampleworddigestalabasterxf5yh@ae1&trh23GfhadHj68aan4%417%^^1j2labdGHalbacorealkalinewont4getPasword file/etc/passwdjones:72hadGKHHA%smith:HWjh234h*@!!j!jackl:UwuhWuhf12132^taylor:Hj68aan4%41bradt:&sdf29jhabdjajK22knuth:ih*22882h*F@*8haawirth:8w92h28fh*(Hh98Hrivest:&shsdg&&hsgDGH2Making Things Harder: Salt•In reality, Unix systems always add a two-character “salt” before hashing your password–There are 4096 possible salts–One is randomly chosen, appended to your password, then the whole thing is hashed–Password file contains the digest and the salt (in the clear)–This prevents attacking all passwords in /etc/passwd in parallelPassword Crackers: with Saltworddigestalabasterxf5yh@ae1&trh23GfhadU8&@H**127%^^1j2labdGHalbacorealkalinewont4getPasword file/etc/passwdjones:72hadGKHHA%H7smith:HWjh234h*@!!j!YYjackl:UwuhWuhf12132^a$taylor:Hj68aan4%41y$bradt:&sdf29jhabdjajK22Jaknuth:ih*22882h*F@*8haaU%wirth:8w92h28fh*(Hh98H1&rivest:&shsdg&&hsgDGH2*1Table for Salt Value: A6no matchFighting the Salt: 4096 Tables•Crackers build 4096 tables, one for each salt value–Build massive databases, on-line, for each salt•100’s of GB was a lot of storage a few years ago, but not any longer!•Indexed for fast look-up•Most any common password is found quickly by such a program•Used by miscreants, but also by sysadmins to find weak passwords on their systemGetting the /etc/passwd File•Public file, but only if you have an acct–There have been tricks for remotely fetching the /etc/passwd file using ftp and other vulnerabilities–Often this is all an attacker is after•Very likely to find weak passwords and get on the machine–Of course if you are a local user, no problem–Removing the /etc/passwd from global view creates too many problemsShadowed Passwords•One common approach is to put just the password digests into /etc/shadow–/etc/passwd still has username, userid, groupid, home dir, shell, etc., but the digests are missing–/etc/shadow has only the username and digests (and a couple of other things)–/etc/shadow is readable and writeable for root only•Makes it a bit harder to get a hold of•Breaks some software that wants to authenticate users with their passwords–One might argue that non-root software shouldn’t be asking for user passwords anyhow–BSD does things a little differentlyLast Example: Ingres Authorization Strings•Ingres, 1990–2nd largest database company behind Oracle•Authorization Strings–Encoded what products and privileges the user had purchased•Easier to maintain this way: ship entire product•Easier to sell upgrades: just change the string•Documentation guys–Needed an example auth string for the manualMoral•There’s no defending against stupidity•Social engineering is almost always the easiest way to break in–Doesn’t work on savvy types or sys admins, but VERY effective on the common user–I can almost guarantee I could get the password of most CU students easily•“Hi this is Jack Stevens from ITS and we need to change your password for security reasons; can you give me your current password?”Social Engineering: Phishing•Sending authentic looking email saying “need you to confirm your PayPal account information”–Email looks authentic–URL is often disguised–Rolling over the link might even pop-up a valid URL in a yellow box!–Clicking takes you to attacker’s site, however•This site wants your login infoDisguising URLs•URI spec–Anything@http://www.colorado.edu is supposed to


View Full Document

CU-Boulder CSCI 6268 - Lecture #23

Download Lecture #23
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture #23 and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture #23 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?