I think some of these comments are unfair. What about the intel sidechannel attacks recently? As these thing become more complex (And better defended against the known issues) the ways to hack them get more complex. It takes some real time, money and experience to create new hacks. Its not like the old day's where passwords were stored plaintext and a simple read of a webpage's Javascript to find a hidden URL was enough to get access!
These off the shelf tools require so much stupidity to execute their payloads in the first place, it's not even funny. Windows hides the run button because it's an unidentified executable downloaded from the internet, even if it hasn't detected a virus. Being able to create a backdoor is just one small part of the puzzle. Being able to deploy it in a way that Windows doesn't go "MEEEEEP!" and the user doesn't suspect is harder.Originally Posted by ik9000
Myself I prefer the approach of finding an exploitable service running and remote code execution or something. There are tools for this, obviously, but it's hard to just download a tool and press "hack".
BEEF is one I really do like but, again, you've got to get your target hooked. The real skill in these things is in deploying your mischief, not in the individual tool.
As you say, it's usually a team of people who are sponsored by whoever as you need such a variety and depth of skill to reliably pull off an attack.
Would those be the ones that I seem to remember reading they were told about years ago but didn't do anything about? Complex or not known vulnerabilities should be patched, and not baked into subsequent generations on the hope that the wider world doesn't notice.
Isn't the point about 128 bit AES encryption that it's effectively impossible to hack? I mean that's received wisdom from like 10+ years ago and presumably quantum has long ago hacked that, but the whole point of the arms race of defence and attack is that there is no such thing as ultimate supremacy, in the same way that man cannot build ultimate supremacy over nature either.
AES 128 is a "static key*" cipher with no known vulnerabilities in the encryption itself. However that doesn't guarantee its security. You just attack elsewhere to get the key. E.g. Full disk encryption often uses AES256. One technique to read the disk was to snatch the laptop when it's on and either perform a side channel attack via a port with DMA (direct memory access) or kill its power and boot from a USB key that scans the unencrypted memory for the key. It needed to be stored in RAM to allow encryption/decryption.
Note that that kind of attack has now been mitigated for the vast majority of modern hardware because the encryption is done by hardware and the key is stored in the hardware.
Whilst this chip is referred as "unhackable" what they really mean it that it is unhackable using any known techniques. I'm sure that some far cleverer people than me will come up with a novel way of hacking it.
*referred to as a symmetric cipher
"In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."
The encryption might be impossible to crack, but encryption isn't the be all and end all. Otherwise WEP, WPA and WPA2 wouldn't be breakable. That's not due to the encryption being directly crackable, but due to the implementation allowing a handshake to be captured and for this to be cracked, revealing the key.
HTTPS may be great for security, but the way it is implemented means it can be downgraded to HTTP. You don't have to attack encryption itself a lot of the time.
As for WPA/WPA2 - it still takes a lot to crack these. Just storing the word lists can require PB of storage. The best thing to do is to rent supercomputer time or rent resources off a GPU based Amazon server.
Bitlocker was vulnerable to DMA attacks via Thunderbolt connected drive only about 18 months ago - you could literally dump the decryption key straight out of the memory via Thunderbolt connected drive so still happening
Even the old fashioned cold boot RAM attack by freezing memory chips should still work if the key is stored in RAM when the OS is running or dumped there when in sleep mode etc.
Pretty scary stuff.
My Blog => http://adriank.org
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote