I have maked a Veracrypt Containment that use AES to encrypt eveything inside. But my question is: Can I securly put the containment file to the public (everybody can acces it) whitout anybody can access the files inside it?
PS. Some information below may help to answer the question:
Background: I'm writing a GPL Python OpenPGP to JSON parser which I'm testing on files generated with GPG 1.4.16.
If given a passphrase, the parser will generate keys using the string-to-key methods and ultimately decrypt messages.
I'm starting off with symmetric encryption messages:
echo "hello" | gpg --s2k-mode=0 --symmetric > symmetric.simples2k.gpg
... and using "foo" as the passphrase.
This generates a packet with a SymmetricKeyEncryptedSessionKeyPacket and a SymmetricEncryptedandIntegrityProtectedDataPacket packet, as expected.
The S2K paramters that GPG created are: Simple S2K (http://ift.tt/1ocZkzF) with SHA1 hash and AES256 symmetric cipher.
Problem: When I derive the key from the passphrase foo using SimpleS2K then attempt to decrypt with AES256, it doesn't decrypt correctly. So part 1 of my investigation is verifying that I'm doing the S2K correctly.
Here's my understanding of how to generate the key from the passphrase foo using SimpleS2K
hashers[1] with 0x00hashers[0] with UTF-8 encoded foo hashers[0] with UTF-8 encoded foo hashers[0].digest plus hashers[1].digest Here's a minimal implementation in Python 3:
import hashlib
hasher_0 = hashlib.sha1()
hasher_1 = hashlib.sha1()
hasher_1.update(bytes([0x0]))
hasher_0.update('foo'.encode('utf-8'))
hasher_1.update('foo'.encode('utf-8'))
key = (hasher_0.digest() + hasher_1.digest())[0:32]
print(' '.join(['{:02x}'.format(x) for x in key]))
Which outputs
0b ee c7 b5 ea 3f 0f db c9 5d 0d d4 7f 3c 5b c2 75 da 8a 33 5a 8c aa 40 39 fd bc 02 c0 1a 64 9c
The full JSON output is here: http://ift.tt/1IDM8Au
Hopefully we can rule out the S2K part and get onto the AES part :)
Thanks!
I'm part of a company that has at least 1000 PC's distributed in different buildings over a radius of 25 miles.
I've been asked to make a program to survey technical information on each PC.
Since not all of them share a LAN connection but all of them have internet access, my solution was to use a gmail account to share the encrypted data.
I've created client/server like services to send the data and retrieve it to the data base through emails, all of them using the same gmail account (to send and receive).
I know that this look a lot like a botnet...actually I think it is, since each client would be able to receive configuration mails from the server to request certain registry entries.
All external IP's are dynamic, the server is internal, the resolution to establish a trusted unattended connection would demand publishing the IP's somewhere, Dynamic DNS has been suggested but in terms of reliability it's just as safe as gmail.
Anyway my question is: will gmail detect all this traffic made on the same account as a botnet and close it? if so, should I use several accounts?
PCI-DSS 3 requirement 6.4.2 calls for
Separation of duties between development/test and production environments.
Based on the guidance text and this, answer to another question, it appears that the purpose of this requirement is to ensure that no one person holds all the access.
While this is easy enough in a large company, does this automatically mean that a 1 person company (or a company small enough to be unable to afford hiring separate DBAs and syadmins for each environment) cannot possibly be PCI-DSS compliant?
I have a website, let's call it www.good.com.
I've been getting a lot of requests to www.good.com under completely different URLs than www.good.com. I suspect this traffic is also causing some site performance issues. I'm running a .NET solution on IIS for reference.
I have a logger that is constantly picking up 404 errors for external hosts. Below are examples of some of the log data:
Original URL: http://ift.tt/1EaQ0tY
Request URL: http://ift.tt/1EaPYlN %911 h%8D%BAX '%C3x5%F0 %DF%E8&peer_id=-SD0100-%E6%B2 Ql%C0 ]=x %8C&ip=192.168.2.23&port=8956&uploaded=1019809319&downloaded=1019809319&left=192985&numwant=200&key=9135&compact=1
Request Path: /announce
Referrer URL: None
User host address: 222.210.108.246
Server: WWW-GOOD-COM-SERVER
User:
IsAuthenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE
User Agent: Bittorrent
I also see other weird requests from all kinds of other domains, like
Almost always the IP involved is from outside the US.
What I don't understand, is why my server is trying to fulfill requests for any of these urls when it is obviously not the host.
I need to know:
I am using a vpn connection successfully for browsing but having trouble for torrents,I am sure that p2p is enabled by vpn company so i must be missing some configuration.I know the host ip address and username password nothing else.So plz let me know the settings
Why does the RFC prohibit the server from sending HSTS to the client over HTTP?
I can see that if a HTTP client responds to that unsecure HTTP response it might cause that site to be inaccessible to the client, but I don't see any reason for the server to have a MUST in the protocol.
Rather the client MUST NOT respond to HSTS in unsecure HTTP responses is the correct approach in my mind. What am I missing?
7.2. HTTP Request Type
If an HSTS Host receives an HTTP request message over a non-secure transport, it SHOULD send an HTTP response message containing a
status code indicating a permanent redirect, such as status code 301
(Section 10.3.2 of [RFC2616]), and a Location header field value
containing either the HTTP request's original Effective Request URI
(see Section 9 ("Constructing an Effective Request URI")) altered as
necessary to have a URI scheme of "https", or a URI generated
according to local policy with a URI scheme of "https".NOTE: The above behavior is a "SHOULD" rather than a "MUST" due to:
* Risks in server-side non-secure-to-secure redirects
[OWASP-TLSGuide].
* Site deployment characteristics. For example, a site that
incorporates third-party components may not behave correctly
when doing server-side non-secure-to-secure redirects in the
case of being accessed over non-secure transport but does
behave correctly when accessed uniformly over secure transport.
The latter is the case given an HSTS-capable UA that has
already noted the site as a Known HSTS Host (by whatever means,
e.g., prior interaction or UA configuration).An HSTS Host MUST NOT include the STS header field in HTTP responses conveyed over non-secure transport.
I apologise if i have posted the question in the wrong forum. i am currently an administrator and have about 150 windows systems running. the previous administrator turned out be be a real nightmare for me before he left. except the windows servers( static ips) the rest of the machines are assigned ip address through a dhcp server. when i look at the dhcp snapin in the active directory i can see system name and mac addresses assigned with ip addresses. if i do a nslookup for the same system it shows a different ip address and name. what i mean is, computer A on my dhcp list is assigned 10.10.10.100 . if i do a nslookup through command prompt for 10.10.10.100 it shows a completely different computer name Z and not A. and the funny thing is if i do a nslookup for computer name Z the ip address turns out to be completely different as well ( not 10.10.10.100)
running os : server 2003 standard sp2
its for most of the pc's in the network. has something been corrupted or have i been ippedd and macked
My Linux Jenkins server was compromised and a Rootkit was installed. I know this since a running process tells me the path Jenkins job is running and it includes a URL with path pointing to a Python script. On a different host I opened that script and found several scripts that attempt to install a Rootkit along with a destination URL to presumably tell them which Rootkit was successful.
I can see some questionable binaries under /tmp. I opened one of those binaries with a de compiler but I'm not sure what to look for.
So, what does one do in this situation to find out more about the attacker and possibly what the intent was?
Asking here since none of the books or articles I've read address those two questions. I do know I have to assume any data on that host was compromised. My goal is to learn more about the attacker and the attack.
Other info, I became aware when the network team noticed GBs of data outgoing from our Linux Jenkins host. They closed the port and we unplugged the host. The ip that the job is getting the Python script from appears to be coming from the US, but nothing more specific according to IP lookups. The destination IP is going to Jinan, China.
At work we suspect a GWT app (that is not in production yet) we own to be vulnerable to CSRF. We have to look at it from a black-box point of view before a third-party security audit will be performed.
Due to the fact that all calls in the app are made through AJAX (with method POST), simply replicating an Ajax call in a malicious way is not achievable thanks to the Same-Origin policy. In fact we know that there is no csrf protection, but since only requests with json bodies are accepted by the server, it feels at first glance that the vulnerability cannot be exploited.
Is there a way to forge a similar request through a browser with a classic form ? My problem is that I cannot replicate the json body of the Ajax call through a form : the app reads the json body of the requests - submitting a classing form requires inputs with key/value pairs which would not be taken into account by the server.
In other words, is it possible, with an html form, to submit a request that just contains json in the body, instead of key-value pairs ? Or is there another attack angle for such cases ?
Thanks !
My query is 'if client and AP both have the PMK available, why do we need a 4 way handshake again to derive some other key(PTK)? why cant we use PMK for further security process?
I have a hidden running process with name of scrncap.exe, my Security Task Manager discovered it and gave it danger rate of 100 to be a virus or malware. from the name it appears to be software to capture the screen activity. does any one have an idea about this file? I have it in the quarantine, image attached
There is a Wordpress blog running on Wordpress 4.0. Anyone having the company webmail can signup to the blog using their Google+ account and submit blog posts. Once posted they will be sent to some moderators and once it is reviewed moderator can post it on the blog. Whenever anew blog post is submitted for review all the moderators will receive a mail saying to review the post.
Now the problem: The moderators are receiving spam mails. Mail says that there is a new blog post to be reviewed. To review goto this link. The link is a normal link. Nothing seems fishy. But the author details are interesting. The authors are not members of the organization and hence they can't create blog posts. So that I cant think of this as a simple spamming trick. How such moderator mails are getting generated?
The authors had an email addresses like name@h.maybebest.com and name@nokiamail.com. What am I supposed to do? Am I hacked?
I have been getting issues with this Cryptowall Locker Virus, is there any permanent solutions to remove this virus from my pc. I have taken help from http://ift.tt/1H3QWhu to remove this virus. They have successful but i got again this virus. please let me know the permanent solution.
I understand that most Routers/Firewalls are able to block IP tables in the network level. IPtables for instance is quite effective.
However, I want an application layer IP block.I have an HAproxy load balancer that load balances traffic to 4 backend apache/nginx web servers. I sometimes encounter scraping and GET request DDoS on my website. I want to be able to quickly(manually) block IP address on the application layer. How do I block an IP address, Apache Allow/Deny, .httaccess? Is there a more effective/easier way to block the IPs? What if I have a huge list to block? I would also appreciate a way of blocking specific. User Agents.
If you, as user, download certain software such as an Anti-Virus program or Photoshop through the official, corresponding website, but use a product key which you did not legitimately purchase (e.g. websites that offer a list of product keys for free), does that harm anything other than the company who made the piece of software?
I don't quite know how those product keys are generated and how people can manage to 'fool' the software. I was wondering if the person who generated those product keys can see which user(s) have used that key and are able to harm them in any way.
Best regards, Ben
I analysed an live camero's net traffic and found that the client uses both TLS1.0 and TLS1.2 in the handshakings while the server only uses TLS1.0.
How can the handshaking uses both TLSV1.0 and TLSV1.2?Is there a reason for doing so?
1.Is TLS1.0 is sufficiently secure?
2.It uses spdy with TLS1.0, can spdy help to make the transferring more secure?
The Russian site sci-hub.org (review here) is capable of breaking the paywall instituted by many journal publishers on viewing their journals. To quote the review,
Now the nice thing: you can do that yourself to access articles from the main journals and publishers directly from their sites. For an example, suppose you want to access The Mathematical Intelligencer journal: http://ift.tt/1FOr4pE. You’ll see that each article costs $39.95 to access, which is way too expensive. So, using the amazing Sci-Hub, we can access it for free just appending “sci-hub.org” after the domain “springer.com”: http://ift.tt/1D4x9AN. Now you’ll notice that you can download every article. Keep in mind that in some cases it will redict you straight to the pdf file, instead of reloading the page with unblocked download links.
This attack on the paywall seems to work for multiple journals, which is good for researchers whose academic libraries don't have access to certain journals, but obviously terrible in the context of the publishers, as their paywalled content is now freely available.
Does anyone have an idea on how this attack on the paywall systems is carried out? Answers citing reputable sources instead of speculating are obviously strongly preferred.
As the title indicates, I'm looking for industry best practices for enabling Windows Remote Management on a mix of Windows Servers (from 2000, 2003, 2008/R2 and 2012) to allow PowerShell to execute commands on a remote server.
What are some security best practices to follow to limit the attack surface should an attacker compromise an internal system?
Is there anything that can be done to harden domain servers which have WinRM enabled?
Thinking in theory here, one idea that comes to mind is only allowing WinRM for a specific service account which has two-factor authentication. A normal domain account password and a rolling security token would lower the chances of this account being hijacked in the event of being compromised.
Can anyone suggest good tools for recovering deleted files from mobile devices?
android devices are pretty easy, but the problem i am having is iPhones... one of my devices is an old iPhone 3g. this one has been defeating me for the last year (most places i look at when i google just say about recovering old back ups) I do not have ANY backups ever of this device... this phone (now my Mp3 player) has been preserved as much as possible as to not overwrite any sectors...
any suggestions? I have linux ubuntu 10.10, kali linux, OSx maverick and windows 7/8 as operating systems.. recovering files on computers and androids are easy. iphones, not so.
once again I only have the iPhone nothing else, so the data has to be ripped from the phone only.
Thank you in advance.