Tagged "Cybersecurity"

Assessing Modern Operating Systems' IPv6 Fragmentation Handling

IPv6 is the next (current?) generation Internet protocol. It has been designed to overcome many limitations of IPv4 and fix some of the issues and weaknesses. Nevertheless, IPv6 fragmentation presented many vulnerabilities similar to the IPv4 ones in the past: new testing models were presented to check the presence of such problems.

In this work, we demonstrate that IPv6 fragmentation issues are still present today in operating systems because of the weakness of the model used to test their compliance. We also propose a new model that overcomes these limitations.

CVE-2023-41570: Access Control vulnerability in MikroTik REST API

Recently, Mikrotik added a REST server as a new API for managing the router. It is a nice alternative to their proprietary API when automating RouterOS.

However, young software usually contains bugs. Sometimes, these bugs are security-related, and, together with not-so-safe defaults, they may create a vulnerability.

CVE-2023-4809: FreeBSD pf bypass when using IPv6

A few months ago, as part of our investigations on IPv6 security in the NetSecurityLab @ Sapienza University, we discovered a vulnerability that allows attackers to bypass rules in pf-based IPv6 firewalls in particular conditions. Let’s see some details of this vulnerability.

Security assessment of common open source MQTT brokers and clients

Many hobbyists and professionals use common MQTT brokers and libraries, like “Mosquitto”, in their projects. We asked ourselves: are these implementations “safe”? Is there any security issue we can exploit?

My opinion on DoH/DoT

I don’t have a strong opinion on everything. However, in the case of DoH-vs-DoT-vs-DNS, I have a very strong opinion.

And it’s that DoH is harmful and unnecessary. In this post, I’ll explain why.

Windows API - Information disclosure / covert channel

I use open-source software every day. And I try to contribute as much as I can.

However, sometimes weird things happen when writing OSS code. Like finding a security bug in a closed source software.

Full-disk encryption and remote unlock

Do you know that you can unlock your full-disk encrypted GNU/Linux PC remotely? Cool, isn’t it? You can directly use SSH to type the password and unlock your PC.

Let’s ask ourselves: is it secure?

Note on Apple code signing (mobile iOS apps) for newcomers

You want to start developing mobile apps for iOS (native or with ANY framework). You don’t want to mess with bureaucracy and procedures. This time, however, you can’t escape.

DoS (and possible MITM) in Cisco VPN 3000 Concentrator

TL;DR: the Cisco VPN 3000 Concentrator has a bug that allows you to create a DoS (and maybe a MITM) by sending the wrong netmask in IPSec phase 2. You need valid credentials. Apparently there is no workaround or fix. It’s EOL, so maybe you may want to change it :-)

JWT or not?

In a recent web portal project, made with Python and Angular, I faced the amethic doubt: should I use the standard pseudorandom generation of session tokens, or should I use a JWT?

IoT security vs hobbyists' boards

So, you bought your brand new Arduino/Genuino Uno and some nice-but-useless sensor (such as a temperature sensor for your bedroom), and you feel ready to enter the Internet Of Things world. You want to build up a little "cloud" by yourself (by using Apache+PHP in some hosting, or perhaps an MQTT server like RabbitMQ), or maybe use some cloud-ready service.

IPv6 link-local and VPS-cloud services: an hidden threat?

As many IT folks, I have my VPS (for instance, this website is running on it). I use this virtual server mainly to host my blog and some other websites that I own. The main reason why I use a "server" (and not an "hosting solution") is that, in this case, I have complete access to the machine. I like to be able to customize my services from top to bottom, even if it's a simple blog.

Cold case: protocol reverse engineering (part 2)

If you missed the previous post, you can find it here.

Cold case: protocol reverse engineering (part 1)

Some years ago I was asked to do a reverse engineering of an older protocol used in automation systems. The goal was to be able to communicate with some equipment already in-place in some industrial buildings nearby. Let me explain.

Superficie d'attacco (informatico)

La "superficie d'attacco" è l'insieme dei possibili punti di un software/sistema/infrastruttura che sono più o meno accessibili da un eventuale attaccante. E' fondamentale quindi conoscere e gestire la superficie d'attacco della nostra infrastruttura informatica.

Too much confidence in user input: the Gemtek WLTXFSQ-102N case

Yesterday I was having a break from studying for next exam. I had few minutes of free time, so I decided to spend that time going around inside the web interface of Gemtek WiMax/4G router that my ISP installed here. I had a "guest" account, as specified in the router's manual.

HCI-Sec: la sicurezza passa anche dalla Human Interface

Anche se non è immediato, è chiaro che la sicurezza informatica passa anche per la HCI (Human Computer Interaction). Il modo in cui sono progettati i sistemi di sicurezza influenzano in maniera sostanziale l'efficacia dei suddetti.

7 consigli per difendersi da cyberattacchi

Ricordiamoci che "prevenire è meglio che curare", quindi spendere del tempo (e denaro) prima di un attacco è sempre un investimento per evitare di spendere più tempo e denaro ad attacco avvenuto.

Quali sono le soluzioni tecniche che possiamo adottare, in azienda, per ridurre il rischio di ransomware (e di virus in generale)? Riassumiamo:

Cybersecurity - Quello che non abbiamo mai fatto

Dopo i recenti fatti di WannaCry e Samba, ho riflettutto un po' su quello che era (ed è) il mio approccio alla sicurezza informatica, almeno per le infezioni. Ma prima di affrontarlo, riprendiamo un po' di storia.

Inizialmente, il vettore di attacco (ovvero il mezzo con il quale il virus attaccava) era un supporto di memorizzazione fisico: floppy disk, compact-disk, successivamente pennette USB e altri. A seconda se era un virus od un worm (passatemi la generica classificazione), doveva esser lanciato a mano mediante l'inganno dell'utente (ad esempio, facendosi passare per altro) oppure, i secondi, sfruttando delle falle nei sistemi di "protezione".