OpenSSL rands (fork-safe)

•

4 gefällt mir•3,053 views

defcon-russia talk about OpenSSL fork-safe vulns.

Technologie Seele & Geist

OpenSSL rands
(fork-safe)
By @ONsec_Lab
Sep 15, 2013

@ONsec_lab
● Security auditors
● Since 2009 year
● Web, sex and rock’
n’roll
http://lab.onsec.ru
/whoami

premise
http://emboss.github.
io/blog/2013/08/21/openssl-
prng-is-not-really-fork-safe/
OpenSSL PRNG Is Not (Really)
Fork-safe
Aug 21st, 2013
Martin Boblet used Eric
Wong’s issues

premise
● About Ruby OpenSSL wrapper (OpenSSL::
Random)
● OpenSSL PRNG must be initialized in the
parent before we fork the child processes
● Every child starts out with exactly the same
PRNG
● PID is the only thing process-specific that is
fed to the PRNG algorithm when requesting
random bytes

premise

Debian!

But...
● Debian guys commented MD_Update call
with UNINITIALISED variable
● We believe that they did the right thing ;)

non-Debian systems
● Vulnerability exists in all system (Debian and
non-Debian also)
● Exploitation possibility depends only from
end-point code (application, not OpenSSL)
● There are two different places for buf:
○ Stack
○ Heap
● Let’s try to hack it!

stack-based PoC (all OS)
https://github.com/ONsec-Lab/Rand-
attacks/blob/master/openssl-1.c
from different
calls to the same
==
from different
stack states to
the same!

heap-based PoC (all OS)
https://github.com/ONsec-Lab/Rand-
attacks/blob/master/openssl-2.c
malloc
allocates
nulled
memory
page

other attacks
● i.e. PHP initialize RAND after fork
● But classic attacks way still available
○ Keep-Alive -> rands on same PID
○ Brute seed by rands
○ Predict rand by seed + offset
● What about entropy of OpenSSL RAND?
○ 128 bytes * 20 (GID*UID) * 32k (PID)
○ Not so little :(

just recommend!
http://lwn.net/Articles/281918/ [2008]
http://research.swtch.com/openssl [2008]
http://mjos.fi/doc/secadv_prng.txt [2001]
Do not be afraid names and brands, such as
OpenSSL

OpenSSL rands (fork-safe)
The end.
follow us:
http://lab.onsec.ru
@ONsec_lab twitter

Weitere ähnliche Inhalte

Ähnlich wie OpenSSL rands (fork-safe)

Thoughts on how Internet Standards - HTTP, TCP/IP, WiFi, Bonjour - can be used in conjunction with Semantic Web technologies to create the Internet of Things. The emphasis of this document is the home / LAN, hence "The Intranet of Things", but the broad themes are universally applicable. Things that are up in the air are marked in read. Everything IMO. Also see http://iotdb.org - a work in progress.

Building Blocks for the Internet of Things @ Home

Building Blocks for the Internet of Things @ Home

Building Blocks for the Internet of Things @ Home

From HTML5 to Hardware - Simonyi Conference Budapest April 15

From HTML5 to Hardware - Simonyi Conference Budapest April 15

From HTML5 to Hardware - Simonyi Conference Budapest April 15

Continuous Integration of Mobile Apps with Docker and Appium

Continuous Integration of Mobile Apps with Docker and Appium

Continuous Integration of Mobile Apps with Docker and Appium

AppSec & OWASP Top 10 Primer By Matt Scheurer (@c3rkah) Cincinnati, Ohio Date: 03/21/2019 Momentum Developer Conference Sharonville Convention Center #momentumdevcon Abstract: Are you testing the security of your web applications, web sites, and web servers? The malicious threat actors on the Internet almost certainly are. We will cover AppSec along with a brief review of the 2017 OWASP Top 10 List. The focus of the presentation is how to get started with AppSec and where to continue learning more. Accompanying the presentation are live demos of Nikto and the OWASP Zed Attack Proxy (ZAP). Bio: Matt Scheurer serves as Chair of the Cincinnati Networking Professionals Association Security Special Interest Group (CiNPA Security SIG) and works as a Systems Security Engineer in the Financial Services industry. He holds a CompTIA Security+ Certification and possesses multiple Microsoft Certifications including MCP, MCPS, MCTS, MCSA, and MCITP. He has presented on numerous Information Security topics as a featured speaker at many local area technology groups and large Information Security conferences all over the Ohio, Indiana, and Kentucky Tri-State. Matt maintains active memberships in a number of professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), Financial Services - Information Sharing and Analysis Center (FS-ISAC), and Information Systems Security Association (ISSA).

AppSec & OWASP Top 10 Primer

AppSec & OWASP Top 10 Primer

AppSec & OWASP Top 10 Primer

ThreatReel Podcast

Hacking Vulnerable Websites to Bypass Firewalls

Hacking Vulnerable Websites to Bypass Firewalls

Hacking Vulnerable Websites to Bypass Firewalls

Introduction to Node.js

Introduction to Node.js

Introduction to Node.js

Lessons I Learned While Scaling to 5000 Puppet Agents

Lessons I Learned While Scaling to 5000 Puppet Agents

Lessons I Learned While Scaling to 5000 Puppet Agents

Technology First 16th Annual Ohio Information Security Conference OISC 2019 #OISC19 The OWASP Top 10 & AppSec Primer By Matt Scheurer (@c3rkah) Dayton, Ohio Date: 03/13/2019 Abstract: Are you testing the security of your web applications, web sites, and web servers? The malicious threat actors on the Internet almost certainly are. We will cover AppSec along with a brief review of the 2017 OWASP Top 10 List. The focus of the presentation is how to get started with AppSec and where to continue learning more. Accompanying the presentation are live demos of Nikto and the OWASP Zed Attack Proxy (ZAP). Bio: Matt Scheurer serves as Chair of the Cincinnati Networking Professionals Association Security Special Interest Group (CiNPA Security SIG) and works as a Systems Security Engineer in the Financial Services industry. He holds a CompTIA Security+ Certification and possesses multiple Microsoft Certifications including MCP, MCPS, MCTS, MCSA, and MCITP. He has presented on numerous Information Security topics as a featured speaker at many local area technology groups and large Information Security conferences all over the Ohio, Indiana, and Kentucky Tri-State. Matt maintains active memberships in a number of professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), Financial Services - Information Sharing and Analysis Center (FS-ISAC), and Information Systems Security Association (ISSA).

OISC 2019 - The OWASP Top 10 & AppSec Primer

OISC 2019 - The OWASP Top 10 & AppSec Primer

OISC 2019 - The OWASP Top 10 & AppSec Primer

ThreatReel Podcast

CMS_HELL (1)

Ähnlich wie OpenSSL rands (fork-safe) (9)

Building Blocks for the Internet of Things @ Home

Building Blocks for the Internet of Things @ Home

Building Blocks for the Internet of Things @ Home

From HTML5 to Hardware - Simonyi Conference Budapest April 15

From HTML5 to Hardware - Simonyi Conference Budapest April 15

From HTML5 to Hardware - Simonyi Conference Budapest April 15

Continuous Integration of Mobile Apps with Docker and Appium

Continuous Integration of Mobile Apps with Docker and Appium

Continuous Integration of Mobile Apps with Docker and Appium

AppSec & OWASP Top 10 Primer

AppSec & OWASP Top 10 Primer

AppSec & OWASP Top 10 Primer

Hacking Vulnerable Websites to Bypass Firewalls

Hacking Vulnerable Websites to Bypass Firewalls

Hacking Vulnerable Websites to Bypass Firewalls

Introduction to Node.js

Introduction to Node.js

Introduction to Node.js

Lessons I Learned While Scaling to 5000 Puppet Agents

Lessons I Learned While Scaling to 5000 Puppet Agents

Lessons I Learned While Scaling to 5000 Puppet Agents

OISC 2019 - The OWASP Top 10 & AppSec Primer

OISC 2019 - The OWASP Top 10 & AppSec Primer

OISC 2019 - The OWASP Top 10 & AppSec Primer

CMS_HELL (1)

Mehr von Ivan Novikov

How to hack. Cyprus meetup

How to hack. Cyprus meetup

How to hack. Cyprus meetup

In the past two years, companies all over the world spent $157 billion on information security products. For comparison, the total expenses of the state government of New York amounted to $150.7 billion in 2016. Just for our amusement, let's imagine a silver bullet with a cost comparable to information security expenses. It would weigh 302.5 tons since silver costs $515.70 per kilogram (actual price on the day this article was written)! Therefore, it is either a really heavy bullet the size of a 10-story building, or it isn't made of silver. I could continue hypothesizing about potential raw materials for such a bullet, but I'd rather discuss the reasons behind such a state of affairs. In short, it is unclear what needs to be protected and from what. I will elaborate on these two problems below.

Where is my silver bullet?!

Where is my silver bullet?!

Where is my silver bullet?!

Data normalization weaknesses

Data normalization weaknesses

Data normalization weaknesses

Lie to Me: Bypassing Modern Web Application Firewalls

Lie to Me: Bypassing Modern Web Application Firewalls

Lie to Me: Bypassing Modern Web Application Firewalls

Distributed computing in browsers as client side attack

Distributed computing in browsers as client side attack

Distributed computing in browsers as client side attack

Yandex rewards. ONsec experience

Yandex rewards. ONsec experience

Yandex rewards. ONsec experience

SSRF workshop

Mehr von Ivan Novikov (7)

How to hack. Cyprus meetup

How to hack. Cyprus meetup

How to hack. Cyprus meetup

Where is my silver bullet?!

Where is my silver bullet?!

Where is my silver bullet?!

Data normalization weaknesses

Data normalization weaknesses

Data normalization weaknesses

Lie to Me: Bypassing Modern Web Application Firewalls

Lie to Me: Bypassing Modern Web Application Firewalls

Lie to Me: Bypassing Modern Web Application Firewalls

Distributed computing in browsers as client side attack

Distributed computing in browsers as client side attack

Distributed computing in browsers as client side attack

Yandex rewards. ONsec experience

Yandex rewards. ONsec experience

Yandex rewards. ONsec experience

SSRF workshop

Kürzlich hochgeladen

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Scaling API-first – The story of a global engineering organization

Scaling API-first – The story of a global engineering organization

Scaling API-first – The story of a global engineering organization

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

HTML Injection Attacks: Impact and Mitigation Strategies

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Kürzlich hochgeladen (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Scaling API-first – The story of a global engineering organization

Scaling API-first – The story of a global engineering organization

Scaling API-first – The story of a global engineering organization

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

HTML Injection Attacks: Impact and Mitigation Strategies

HTML Injection Attacks: Impact and Mitigation Strategies

HTML Injection Attacks: Impact and Mitigation Strategies

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

OpenSSL rands (fork-safe)

1. OpenSSL rands (fork-safe) By @ONsec_Lab Sep 15, 2013

2. @ONsec_lab ● Security auditors ● Since 2009 year ● Web, sex and rock’ n’roll http://lab.onsec.ru /whoami

3. premise http://emboss.github. io/blog/2013/08/21/openssl- prng-is-not-really-fork-safe/ OpenSSL PRNG Is Not (Really) Fork-safe Aug 21st, 2013 Martin Boblet used Eric Wong’s issues

4. premise ● About Ruby OpenSSL wrapper (OpenSSL:: Random) ● OpenSSL PRNG must be initialized in the parent before we fork the child processes ● Every child starts out with exactly the same PRNG ● PID is the only thing process-specific that is fed to the PRNG algorithm when requesting random bytes

7. But... ● Debian guys commented MD_Update call with UNINITIALISED variable ● We believe that they did the right thing ;)

8. non-Debian systems ● Vulnerability exists in all system (Debian and non-Debian also) ● Exploitation possibility depends only from end-point code (application, not OpenSSL) ● There are two different places for buf: ○ Stack ○ Heap ● Let’s try to hack it!

9. stack-based PoC (all OS) https://github.com/ONsec-Lab/Rand- attacks/blob/master/openssl-1.c from different calls to the same == from different stack states to the same!

10. heap-based PoC (all OS) https://github.com/ONsec-Lab/Rand- attacks/blob/master/openssl-2.c malloc allocates nulled memory page

11. other attacks ● i.e. PHP initialize RAND after fork ● But classic attacks way still available ○ Keep-Alive -> rands on same PID ○ Brute seed by rands ○ Predict rand by seed + offset ● What about entropy of OpenSSL RAND? ○ 128 bytes * 20 (GID*UID) * 32k (PID) ○ Not so little :(

12. just recommend! http://lwn.net/Articles/281918/ [2008] http://research.swtch.com/openssl [2008] http://mjos.fi/doc/secadv_prng.txt [2001] Do not be afraid names and brands, such as OpenSSL

13. OpenSSL rands (fork-safe) The end. follow us: http://lab.onsec.ru @ONsec_lab twitter