Mac
Understanding PEAP In-Depth
tl;dr
We reported a long standing PEAP bug in all Apple devices that would allow an attacker to force any Apple device (iOS, macOS or tvOS) to associate with a malicious access point, even if the authentication server (RADIUS) couldn’t prove knowledge of the password. To understand it fully, we go on a deep dive into EAP and MSCHAPv2.
Table of Contents PEAP at a High LevelMSCHAPv2Decrypting the Inner TunnelThe Inner MSCHAPv2 ExchangeByte-Level Description of the MSCHAPv2 ExchangeMSCHAPv2 CalculationsMSCHAPv2 Failure BehaviourThe Apple VulnerabilityApple’s FixDisclosure Timeline & DetailsOriginal Vulnerability Report While prepping for our Defcon talk last year, Michael kept pushing me to implement hostapd-wpe‘s EAP success attack. In this attack, the authentication server will accept any username, then skip the step where it proves knowledge of the password back to the station (because it doesn’t know the password), and instead sends an EAP-success message back to the station. I refused for a long time, because I thought it was a dumb attack that would never work. This is because in MSCHAPv2 the authentication server also proves knowledge of the password back to the station, and if it couldn’t, I assumed the station would just refuse to continue, after all, that’s the whole point.
Is the writing on the wall for general purpose computing ?
The Apple iPad announcement set the interwebs alight, and there is no shortage of people blogging or tweeting about how it will or wont change their lives. I’m going to ignore those topics almost completely to make one of those predictions that serve mainly to let people laugh at me later for being so totally wrong..
Heres my vision..
Its not just the Hipsters and college kids who get iPads, its the execs and CEO’s. They are happy for a short while using it just as an E-Reader, movie watcher and couch based web browser, but the app store keeps growing to support the new form factor. Apps like iWork for iPad (at only $10) means that sooner or later they are relatively comfortable spreadsheeting or document pushing on their iPad.. It doesn’t take too long for them to realize that they don’t have much heavier computing requirements anyway and besides.. the instant on experience is what they always wanted..
80 minutes to Apples Tablet..
In 80 minutes Apple will announce the tablet, and the interwebs is almost bursting with excitement and anticipation..
You absolutely have to give shouts to Apple for being able to create a following like this, anticipation like this, without once ever having officially stated that they were launching the tablet today..
I know lots of people are quick to point out the fan-boyism, but it has to be said, that generating and maintaining that kind of cultish following is near impossible to get right, and AAPL manage to pull it off awesomely..[1]
About:SnowLeopard
Sure it only cost $29, but when you consider the number of people bowing down and thanking our Cupertino overlords you have to consider the following:
If the Emperor was given his new clothes today, #emperors_clothes would be trending on twitter (with ppl thanking the tailors for reduced closet space requirements)
/mh
Apple vs Microsoft as a malware target.. stop saying market share..
I really enjoy listening to Mac Break Weekly.. Leo Laporte is an excellent host and i would tune in just to hear [Andy Ihnatko’s] take on the industry and the (possible) motivations behind certain players moves. (he is sometimes wrong, but always worth listening to). The only time the things ever get a little cringe-worthy is when talk switches to malware and security (although both Andy and Leo for the most part have pretty reasonable balanced views on it).
Apple gets some clue points?
At [DeepSec] last year i had the pleasure of hearing Ivan Krsti? speak. While some of his arguments had (small) holes in them (which the audience were quick to pounce on), he raised the ugly fact that people like me like to ignore.. That some of us spend a lot more time thinking of elaborate ways to break stuff than we do designing less breakable stuff..
I think for most security “breakers” its an argument that sometimes hits hard, and makes you wonder if you should be refocusing your efforts..
Only an idiot will install a beta os on his primary phone..
and i am that idiot…
Developers signed up with Apples Dev Program get to take iPhoneOS3.0 out for a spin, so that the app store can have ver3 apps when the new OS launches.. A quick download (as quick as it gets in South Africa), a prayer (or 10) during install:
and now i too have a phone that can handle cut n paste! (tho admittedly it feels surprisingly fiddly to me at this point).
Open source (and lightning fast) Safari ?
While im into posting mac-links.. Check out [Webkit]
A little while back i mentioned not understanding why anyone would run a closed source browser while a decent open source version existed.. Then i was forced to use Safari while doing some testing, and was impressed by its snappiness.. it impressed me more when it didnt flinch at me opening ans surfing thousands of tabs.. blergh.. suddenly my firefox was losing its sheen!
Applescript for HTTP BruteForcing..
A long time ago i blogged on the joys of using VBS to automate bruteforcing [1|2]when one didnt want to mess about duplicating an applications functionality at the protocol level.. Yesterday i had need to brute-force a web application which tried hard to be difficult and annoying..
Normally i would have used crowbar, Suru or a ugly mangled Python script, but the application was strangely difficult..
i.e. the login process is multi staged, with new cookies being handed out at various stages. 302 redirects are used heavily and then to top it off a healthy dose of JavaScript is sent back in replies that also affect your navigation.. Now all of this can be scripted (obviously) but i figured i would try automating Safari with applescript to get the same effect..
Follow-up (OS X BSOD Win32 Icons)
Of course, Leopard’s new improved ™ finder includes an Itunes’esque “Cover Flow” view (which includes quick view thumbnailing quite impressively)..
Of course, it means you get a better look at the win32 – BSOD :>
Page 1 of 2
Next