C eM|Me

Search this site

cem blag

Subscribe to posts

Certificate Authorities, the problem is in the app

posted Nov 19, 2011 8:43 PM by Carl Mehner   [ updated Nov 19, 2011 9:48 PM ]

If you remember a few years ago, moxie was able to go grab a few wildcard certs, good for any domain (*, *.com, *.*.com, etc...), they were revoked, so he figured out a way to confuse the client into not checking for revocation (by sending a spoofed 'busy, please wait' signal back to the client). But, now it seems that at least one of those revoked certs has been allowed to be renewed via poorly written CA software. Now, he once again has a nice wildcard cert available for use.

This isn't the first sign of poor CA web apps that were written to ease the load on persons running the CAs, or on the people requesting the certificates. You can tell that the so named, 'ComodoHacker' that procured certs for DigiNotar and the Comodo subsidiary used a flaw in the web app. If you look at the private keys that he generated, they have the extra tidbits that CAs inject into the certs Distinguished Name, as well as the revocation server data. If you wanted to steal a cert, wouldn't want it to be un-revoke-able by leaving out any valid revocation information? Would you not want to leave out the unique identifier that allows one looking at the DN to see it was a DigiNotar cert?

CAs either need to really work on shoring up their webapps, or the CA Browser Forum needs to revoke their approval status due to use of vulnerable webapps. (This approval would come from the CAs paying for vulnerability tests with an internal and external perview)

Information Security Awareness Month

posted Oct 4, 2011 11:21 AM by Carl Mehner   [ updated Oct 4, 2011 11:24 AM ]

l33t google of the week

posted Jul 17, 2011 6:07 PM by Carl Mehner

filetype:sql password gmail.com or hotmail.com or yahoo.com

of course you could target this search for a particular domain or person..

or your favorite common password (or even password hash) md5(password) = 5f4dcc3b5aa765d61d8327deb882cf99
filetype:sql +"5f4dcc3b5aa765d61d8327deb882cf99"

Google search of the week

posted Jul 1, 2011 10:42 PM by Carl Mehner

Google indexes a lot of stuff, people put a lot of stuff on the internet. what happens when someone puts a private key on a server without making sure it does not (or could not) get indexed...
filetype:key +"RSA PRIVATE KEY"
also try:
filetype:pem +"RSA PRIVTE KEY"
it is amazing how open some servers are....

cron Monitoring for IP Address Changes and SMSing via Google Voice

posted Aug 13, 2010 3:26 PM by Carl Mehner

In the previous post, i mentioned that I would have some uses for the smsme script that I wrote. Here's a script that checks your external IP address against what you have registered in the DNS system, and alerts you when the address changes.
Also, I've included instructions for creating a user cron job to check every hour on the hour. 

------------------------------------------------------------------------
#!/bin/bash
DNS=`nslookup cem.me 8.8.8.8 | grep 'Address: ' | grep -Eo '[0-9\.]+'`
EXTIP=`wget -q -O - http://checkip.dyndns.org | grep -Eo '[0-9\.]+'`
if [ $DNS != $EXTIP ] ;
  then
    `/home/username/bin/smsme IP CHANGED: $EXTIP`
fi 
------------------------------------------------------------------------

The DNS command goes to Google’s DNS, pipes the output to search for 'Address:' followed by a space, and then pulls out the IP address.
The EXTIP goes to http://checkip.dyndns.org and parses out your IP

To create the cron job, create a new file (crontab.<username>.file) and enter in the text below: 
0 * * * * /home/<username>/bin/checkip.sh

This line says (in the 0 * * * *) part to run on the hour (00), every hour (*), every day (*), every month(*), every day of the week(*) and will run our script that we wrote above (/home/<username>/bin/checkip.sh) make sure you replace the <username> part with your username

#this allows your user to run cron jobs
sudo su
echo <username> >>/etc/cron.allow
exit

#set cron
crontab crontab.username.file

#view to confirm
 crontab -l 

Google Voice and The Linux Command Line

posted Aug 13, 2010 3:16 PM by Carl Mehner

So, my email being sent using the (Ubuntu) Linux was being blocked by the ISP, Gmail, and other mail servers (Exchange) therefore, I decided to find an alternative way to get alerts from my server. Enter Google Voice and their SMS feature. I found that I can send text messages to myself, thus allowing for instantaneous alerting of events. <the following assumes that you are running ubuntu>

first run these commands:

------------------------------------------------------------------------
sudo apt-get install python python-simplejson python-setuptools
wget http://pygooglevoice.googlecode.com/files/pygooglevoice-0.5.tar.gz
tar -zxvf pygooglevoice-0.5.tar.gz
cd pygooglevoice-0.5
sudo apt-get install python python-setuptools
cd ~/
touch bin/smsme
chmod +x bin/smsme
vim bin/smsme 
------------------------------------------------------------------------


Then, open vim and do a ':set paste'
paste in the code below
after pasting press esc and do a ':set paste!'

------------------------------------------------------------------------
#!/usr/bin/python

import sys

from googlevoice import Voice
from googlevoice.util import input

// replace with your g-voice phone number
phone_numb=5555555555

voice = Voice()
voice.login()

text = ' '.join(sys.argv[1:])

voice.send_sms(phone_numb, text)
------------------------------------------------------------------------

make any changes to the code, then do a :wq to exit


Also, you should edit the file in your home directory '.gvoice' and add your username and password (make sure you chmod 600 on that file though..)

Now, you can type in at the command line:
smsme <message>


For Example:
smsme there's a fly in your soup... i mean server. fix it!

You will recieve a message on your phone "there's a fly in your soup... i mean server. fix it!"

Stay tuned for useful uses for this smsme script.

1-6 of 6

Sign in  |  Recent Site Activity  |  Terms  |  Report Abuse  |  Print page  |  Powered by Google Sites