Profile cover photo
Profile photo
Jens Kubieziel
602 followers
602 followers
About
Communities and Collections
View all
Posts

Post has shared content
Add a comment...

Post has shared content

Post has shared content
Die Chemnitzer Linux-Tage stehen für eine weltoffene und friedliche Kommunikation untereinander. Wir fördern und begrüßen eine offene Gesellschaft, aus der viele neue und gute Ideen hervorgehen.
Wir heißen Gäste aller Nationen herzlich willkommen und freuen uns am 16./17. März 2019 auf ein internationales Publikum zu den 21. Chemnitzer Linux-Tagen.
Add a comment...

Post has shared content
Heißt der Münchener Generalstaatsanwalt vielleicht Alois Eschenberger?

So ein Käse. Ich hab' in den letzen 15 Jahren zusammen mit +Jens Kubieziel und Familie die eine und andere Wurst auf den Grill geworfen.
Wenn Jens extrem sein sollte, dann nur extrem freundlich und gemütlich.

Jemand sollte sich mal um die Münchener Staatsanwaltschaft kümmern, da scheinen mir eher die Rechtsbrecher zu sitzen.
Add a comment...

Post has attachment
Add a comment...

Post has shared content
Heute gibt es eine kurze Information für alle, die die #CLT2018 aktiv mitgestalten wollen: Denn seit gut einer Woche sind Einreichungen für Vorträge und Workshops möglich. Schaut dazu einfach mal auf unserer Seite www.linux-tage.de vorbei, dort findet ihr die Calls. Zeit für Einreichungen ist noch genau zwei Monate, also bis zum 08.01.18
Habt noch eine schöne Woche!
Add a comment...

Post has shared content
Does anybody else share my opinion a smartcard PIN used for login shall never be left in RAM in plaintext? Especially not on a Windows 10 Enterprise system with enabled virtualization based security, credential guard and device guard?

Everything is protected (NTLM hashes, passwords, fingerprints). But your smartcard PIN - that MUST NOT be cached according to policy - stays readable for an attacker. Even GPO and registry settings say "don't cache". The PIN even stays in RAM when the smartcard and the reader are removed, the workstation was locked and unlocked with password/fingerprint again. It stays there for hours and days until you explicitely log out or reboot or more likely windows crashes. It makes no sense to keep the PIN in these cases.
Even after hibernation, power disconnected, battery removed, no smartcard reader attached your PIN is ... still in memory! :-)
Remember the "don't cache" policy?
Guess what? Windows 10 Enterprise stored your PIN to disk during hibernation. in plaintext. Better use some reliable full disk encryption.

Talked to M$. M$ says "this is not a bug, this is a feature due to operational and usability concerns". Operational? The only operational concern that comes to my mind is allowing industrial espionage. Please tell me about other operational concerns. Usability is simple bullsh*t.

To read the PIN just modify Mimikatz - or use the essential parts of it, i.e. by injecting Mimikatz code with JNA or powershell into a running system. Sophos, Symantec, Defender, ESET will not complain. If you got the PIN you also know the reader name and the credential container name. So you can change the PIN to your own (you are the attacker) value and/or use it to sign digital documents and emails (i.e. the CEO: "transfer 10M$ to bank account xyz"), connect to VPNs, remote desktops, file shares, administration tools, databases, protected intranet websites, etc. pp. Everything you can imagine to do with a stolen identity of a domain user. Personal hint: Preferably I would attack sys admins and privileged access users. I heard some guy with a tie talking about "return on investment". Seems to be the right deal.

BTW: the faulty components are part of the so called "Privileged Access Workstation".

M$ says (you fool,) "just use a Class-3 reader". A Class-3 reader is an external smartcard reader with a pinpad and a display. Due to a bug you've to enter the PIN 4 times in a row to see a desktop and cancel a lot of following PIN entry attempts to use your desktop. Hint: simply remove after the 4th PIN, it works like a charm.
Explain that to your CEO. Or to your busy system administrator.

And how many of those Thinkpad T- and X-series users carry an external smartcard reader with them? Most of the time I'm the only one with 2 or 3 additional pinpad readers. (Just in case a colleague forgot his one at home.)

Another guess what? There are ways to get this done in a reasonable manner.

M$ requires a premier support account incident to correct this behaviour because it is NOT a security leak, it is intended by design. I don't have one.

Anybode out there?

PS:
Affected: (some assumptions, some proved): several large companies producing interesting stuff, banks, insurers, ISPs, governments, military, ... didn't care about the tiny thingies.
Photo
Photo
24.08.17
2 Photos - View album
Add a comment...

Post has shared content
Don't try this puzzle

It looks childish, but this puzzle is sadistically difficult. Saying that 95% of people can't solve this is like saying 95% of people can't jump over a skyscraper.

Here is the simplest solution:

apple = 154476802108746166441951315019919837485664325669565431700026634898253202035277999

banana =
36875131794129999827197811565225474825492979968971970996283137471637224634055579

pineapple =
4373612677928697257861252602371390152816537558161613618621437993378423467772036

You need a serious course on number theory to learn how to solve this. So it's easier than jumping over a skyscraper: you can learn to do it. But without some education, it's pretty much impossible.

The trick is to transform the equation into an elliptic curve. An elliptic curve is a kind of curve whose points form a group. That means if you find one point on the curve, you can find more. So if you can find one solution of this puzzle, you can find more.

Umm, but then you still need to find a solution! Luckily there's a small solution where the variables are integers that aren't positive:

apple = 4

banana = -1

pineapple = 11

From this you can turn the crank and get more solutions, but they get bigger and bigger, and the first one where all three variables are positive is the one I showed you.

I got all this from a wonderful Quora post by Alon Amit:

https://www.quora.com/How-do-you-find-the-integer-solutions-to-frac-x-y+z-+-frac-y-z+x-+-frac-z-x+y-4/answer/Alon-Amit

but I heard about that from +David Eppstein, here on G+. So: add David Eppstein to your list of cool people you follow on G+!

The post by Alon Amit is worth reading, because he leads you through the number theory without getting too technical (leaving out lots of juicy details that you'd get in a course on elliptic curves), and he gives some examples of similar problems that are much harder - if you don't know the trick.

#bigness
Photo
Add a comment...

Post has shared content
Today's news just got a bit more interesting. This morning, Donald Trump made a series of tweets about Obama tapping his phones during the election. These tweets have rather surprised experts (and especially members of Congress), since they are either (a) confused ranting based on a Breitbart article about something he actually has the power to know about, or (b) that he just publicly acknowledged that there was a classified FISA warrant to tap the phones of his campaign staff.

Now, there's no law against him admitting this; as Rep. Himes (D-CT) of the House Intelligence Committee notes (https://www.youtube.com/watch?v=8xHlhM-WrDI), he is the ultimate declassification authority and has every right to do this. But what's gotten a lot of people worried – such as Sen. Ben Sasse (R-NE), whose official statement is below – is that while FISA may be one of the most secretive and unaccountable parts of the entire US legal system, its judges do take their legal responsibilities quite seriously, and a wiretap warrant requires a showing of probable cause.

(And especially given post-Watergate laws and post-Watergate sensitivities, walking up to a court and saying "Hi, I want to wiretap a major political party's headquarters during a Presidential election" is going to get you some very dirty looks. The bar for probable cause will not be set low.)

Now, the existence of such a warrant has been rumored for some time – here's some reporting on it from early November, before the election. (https://heatst.com/world/exclusive-fbi-granted-fisa-warrant-covering-trump-camps-ties-to-russia/) It would also explain many things about how the FBI was aware of Flynn's secret conversations with Russian officials.

But there's a difference between rumors and official confirmation – and if President Trump really did just announce its existence, then there is good reason for the public to want to know, as Sen. Sasse says, just what was in the application for this warrant, and how the applying agency established probable cause. Because this means that the investigating agency had solid evidence of criminal collaboration with a foreign power.

Note that this is very different from evidence that they talked to Russians; talking to Russians is fine. Talking to Russian politicians is fine. There are quite a lot of members of the government whose job is nothing but talking to Russian politicians. We're talking about conversations which would be evidence of serious crimes – and given that we're talking about FISA warrants, crimes which jeopardize national security.

Combined with previous reports such as this one (https://nyti.ms/2jFcK0n), a fairly clear picture is emerging: the FBI has been systematically investigating illegal connections between Trump's organization and the Russian government for some time, and back in October had sufficient evidence to get a wiretap warrant in the middle of an election season, which is no small bar. On several occasions since the election (most notably that of NatSec advisor Michael Flynn) administration officials have denied various contacts, only to be immediately contradicted by leaks which appeared to have not only confirmation of such contacts, but details.

What this adds up to is not an investigation of any single individual, but an investigation with solid evidence pointing at the breadth of the senior levels of the Trump organization being directly involved in criminal activities.

It means there's a very, very, large shoe waiting to drop. And I have no idea what will happen when it does; this is a situation literally unprecedented in American history.
Photo
Add a comment...

Post has shared content
Der Versuch, einen größeren Teil der Bevölkerung für Datenschutz zu sensibilisieren, muss Mediengrenzen überschreiten. Mehrfach. Ein interessantes Projekt versucht es als dokumentarischen Film, paralleler Interaktion und nachfolgender Berichterstattung.

Ab 14.2. bei +ARTE.

Projektseite: http://datarush.eu/
Add a comment...
Wait while more posts are being loaded