Skip to content

Posts tagged ‘cryptography’

27
Jul

Key iOS Security Updates Patch PDF and Certificate Validation Vulnerabilities (4.3.4 and 4.3.5)

The two latest iOS updates are fairly significant in that they patch two critical vulnerabilities. iOS update 4.3.4 patched a number of bugs including comex’s PDF/FreeType vulnerability used to create the latest JailbreakMe exploit. If you’re a jailbreaker, it’s essential that you run comex’s ‘PDF Patcher 2’ within Cydia, in order to patch the underlying vulnerability. iOS update 4.3.5 released a couple days ago, patches a fairly significant bug in the way iOS validates SSL/TLS certificates. This vulnerability can allow an attacker to intercept and/or modify data protected within an SSL session without the user knowing it. This was possible to due the fact that iOS didn’t validate the basicContstrains parameter of SSL certificates in the chain.

If you’re only an occasional patcher – now is the time.

21
Jan

GPGTools Release Unified Installer for MacGPG/GPGMail

The guys at GPGTools have taken control of the MacGPG2, GPGMail, GPG Keychain Access and GPG Services projects, and have released a single unified installer that installs all of these apps. They are maintaining these tools, which are all 64-bit and Snow Leopard compatible. The package also include Enigmail, a GPG-compatible plugin for Thunderbird (Mozilla’s free email client).

GPG is an open source alternative to PGP’s suite of public key encryption software (PGP Desktop), which allows you to encrypt/decrypt files and emails and create/validate digital signatures.

For more information, check out my tutorial on using GPGMail to send encrypted emails on Mac OS X.

26
Nov

Ravan: Distributed Hash Cracking in JavaScript

The guys over at Attack & Defence Labs have released Ravan, a distributed hash cracker the runs in JavaScript. Users can submit hashes to be cracked, and their browser will then begin brute forcing them based on a user-defined charset. Other users can contribute some CPU power to assist in the cracking process of individual hashes, it’s all handled by the server. This would work particularly well if you have multiple computers, or lots of friends willing to help out in the cracking process. Note that as this is brute force and not dictionary-based, it really comes down to how many hashes per second are being tried.

Current supported hash algorithms are MD5, SHA-1, SHA-256 and SHA-512.

css.php