Is it my name or my writing style that bring such silly challenges? Shirley you can't be serious in that you do not understand in linux what constitutes: bind9 Name Server (the basis for all name to number authentication) upon which most RFC's for mail, ftp, ssl, web systems and certs is built). cups Printing openssl SSL which provides encryption for SSH, and SSL for web systems ntp Network TIME Protocol squirrelmail Web based mail system across many different distros? Date: Sun, 18 Jan 2009 17:30:42 -0700 From: phrkonaleash@gmail.com To: plug-discuss@lists.plug.phoenix.az.us Subject: Re: HackFest Security: Patch Procrastinators Anonymous February 7@UAT bind9 is the most prolific DNS server application. It attempts to fill DNS requests. On Sun, Jan 18, 2009 at 5:20 PM, bmike1 wrote: bind9 is a distribution? let's talk about it.... what is it about? what niche does it attempt to fill; does it do so successfully? On Sun, Jan 18, 2009 at 6:40 PM, Lisa Kachold wrote: Catch the Patch Procrastinators Recovery Group Saturday UAT.EDU Noon until 3PM February 7th Various important patches have only recently been released for various distros including Bind9, OpenSSL, cups & NTP for Ubuntu; Redhat5 Avahi (FC 10) and SquirrelMail. So we will demonstrate exploits available for these issues: 1) OpenSSL: (Using Debian) http://www.metasploit.com/users/hdm/tools/debian-openssl/ Brute Forcing Tools Include: http://www.milw0rm.com/exploits/5622 http://metasploit.com/users/hdm/tools/debian-openssl/debian_openssh_key_tester.rb OpenSSL: Examples will also apply to the recent issues with OpenSSL: Several functions inside OpenSSL incorrectly checked the result after calling the EVP_VerifyFinal function, allowing a malformed signature to be treated as a good signature rather than as an error. The issue affected the signature checks on DSA and ECDSA keys used with SSL/TLS for various mail systems and DNS systems built upon OpenSSL also. We will show an easy 'man in the middle' attack to present a malformed SSL/TLS signature from a certificate chain to a vulnerable client, bypassing validation and segway into a discussion of the MD5 Verisign cert issues. 2) NTP Spoofing: (Using Debian) NTP Spoofing has been a staple of DoS and remote root exploits since the 1990's. Usually NTP is selectively allowed to egress DMZ via stateful packet inspection (that will catch spoofed packets) via source and destination (or served via internal NTP daemons). It's common to spoof the NTP servers while sending exploitive packets. A new issue has been identified: http://www.debian.org/security/2009/dsa-1702 A simple exploit using netcat will be demonstrated: http://cybexin.blogspot.com/2009/01/introduction-to-netcat.html 3) Overview of BEef: http://www.bindshell.net/tools/beef We will also look at forensic image from the November Hackfest and discuss ways to protect (arp, VPN/VLAN, Switches, SELINUX) from the inevitable pwnership in a production or users system. We will not discuss squirrelmail, since it's only a XSS issue (similar to 9 out of 10 running versions of Apache httpd). We will not discuss Bind9 because it also relates to the OpenSSL malformed signature. Other PRNG type entropy issues with SSL exist, just waiting to be popularlized, so we will wait for the industry to continue to ignore this and other issues inherent in various protocols. Catch us on FreeNode IRC #PLUGLABS www.Obnosis.com | http://wiki.obnosis.com | http://hackfest.obnosis.com (503)754-4452 PLUG HACKFESTS - http://uat.edu Second Saturday of Each Month Noon - 3PM Windows Live™: Keep your life in sync. Check it out. --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- :-)~MIKE~(-: --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Thanks and best regards, Ryan Rix TamsPalm - The PalmOS Blog (623)-239-1103 <-- Grand Central, baby! Jasmine Bowden - Class of 2009, Marc Rasmussen - Class of 2008, Erica Sheffey - Class of 2009, Rest in peace. _________________________________________________________________ Windows Live™: Keep your life in sync. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_allup_explore_012009