Nets of Badness

Electronic_eye.png

Evil Machine Learning at it’s Finest, and it’s Detection, thereof. Today’s MustRead!

Permalink

The post Nets of Badness appeared first on Security Boulevard.

from Nets of Badness

Advertisements

Nonce, The Reuse Gambit

TurboTax_HumptyHospitalunderembargountilFeb5at630pm17.jpg

Alas, the WPA assumed ‘secure implementation’ is no more with the discovery (by Dr. Vanhoef) of forced nonce reuse.

‘In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.’ – via Mathy Vanhoef, Ph.D. and Frank Piessens, Ph.D.

The post Nonce, The Reuse Gambit appeared first on Security Boulevard.

from Nonce, The Reuse Gambit

DerbyCon 2017, Jared DeMott’s ‘War Stories on Embedded Security’

Dr. DeMott is the founder of Vulnerability, Discovery & Analysis (VDA) Labs; Dr. Jared DeMott is a former United States National Security Agency and Microsoft Corporation BlueHat Prize winner.

Permalink

The post DerbyCon 2017, Jared DeMott’s ‘War Stories on Embedded Security’ appeared first on Security Boulevard.

from DerbyCon 2017, Jared DeMott’s ‘War Stories on Embedded Security’