October 2013 Archives

Introducing the Modbus VCR

| No Comments | No TrackBacks
vcr_kimchipenguin.jpgI gave a talk two months or so ago at the Embedded Device Security Conference entitled 'Hacking Your Control System at Level 2'.  I released a silly little tool as part of the talk, one that probably hasn't gotten enough attention, even from me.  That's a shame, because the tool is kind of interesting, and covers ground that we as security people "all know," but that we tend to forget about when we are doing security engagements for industrial customers.

The tool is the Modbus VCR.  It is a plugin for the Ettercap framework which records Modbus/TCP (or really any cyclic traffic) for a period of time between a client and a server and later replays protocol state.  The purpose of the tool is to show a really old, really dumb problem with control systems protocols: the lack of data integrity isn't just about control, it's about status, too.

Cryptography Breakdown

| No Comments | No TrackBacks
brokenlock_fristle.jpgThis week's 'security news that fell through the cracks' is a vulnerability in GnuPG: CVE-2013-4402 is a curious little bug that allows a maliciously-formatted PGP message to consume infinite resources on a computer system.

The idea that there are parsing bugs in OpenPGP messages and keys shouldn't be a terrible surprise.  The specification defining the format for an OpenPGP message is a touch complex, and plenty of implementations get things wrong.

Take the PGPDump utility, which has the sole purpose of parsing OpenPGP messages.  It makes the unfortunate decision to use signed integers throughout its packet parsing, to ill effect.  To see some problems for yourself, run pgpdump on Manual.gpg, a maliciously-crafted document (don't worry, it isn't terribly malicious -- it simply contains a large size in Field 1, which results in pgpdump reporting a negative size for the file stream).  It is meant mostly as an example of why defining complex file formats and implementing the parsing and generation engines in the C language can be a daunting task.

The GnuPG programmers are crazy smart, plenty paranoid, and are way better C coders than i could ever hope to be.  They are humans.  I'm sure they do their best to secure the tool.  We remain hopeful that this little bug will turn a lot of bug-hunters eyes to GnuPG to squash any bugs that might be lingering around the codebase.
creditcard_434pics.jpgA few months ago, I purchased a fun toy: a MSR606 Magstripe writer. As 'tech' goes, it doesn't rank very high: it simply reads and writes magnetic cards of the sort that the typical US credit card/debit card/hotel room key use. I purchased it to explore a potential vulnerability in a sales kiosk that, fortunately, proved to be unexploitable.

The amusement has come from using my own duplicated credit and debit cards.  My wallet currently has a few of these blank, white cards that contain the data from my own credit cards.  I have been using them constantly over the last two months.

The depressing part of this is that I've gotten quite good at using them.  I make it a point to use one in every transaction that requires handing the card over to a human being.  I sometimes get quizzical looks: "What is this?" "A credit card." "Uh..." "It's a Mastercard, the Carte Blanche," I reply, "Just swipe it and it will work."

About this Archive

This page is an archive of entries from October 2013 listed from newest to oldest.

September 2013 is the previous archive.

April 2014 is the next archive.

Find recent content on the main index or look in the archives to find all content.