The popular hacking tool kit can now be linked to everything from fridges to cars in the search for vulnerabilities.The popular Metasploit hacking kit has been upgraded to tackle today's Internet of Things (IoT) devices, granting researchers the opportunity to scour for bugs in modern vehicles.
Rapid7 Research Director of Transportation security Craig Smith announced on Thursday that the Metasploit framework can now link directly to hardware, permitting users can develop exploits to test their hardware and conduct penetration testing with less time wasted. It is hoped that researchers will no longer have to build multiple tools to test today's modern devices and overcome previous network limitations. "Metasploit condensed a slew of independent software exploits and tools into one framework and now we want to do the same for hardware," Smith says. The open-source penetration testing software, available for free or as an extended, paid-for edition, is over a decade old but is still utilized by thousands of researchers worldwide. The framework currently boasts roughly 1,600 exploits and 3,300 penetration testing modules. Due to the fresh update to the Hardware Bridge API, users are no longer limited to Ethernet network connections. Instead, researchers can build support directly into firmware or create a relay service through a REST API, which is necessary for some hardware tools including Software Defined Radio (SDR) that cannot communicate over Ethernet. "Every wave of connected devices, regardless of whether you're talking about cars or refrigerators, blurs the line between hardware and software. As we like to say, this hardware bridge lets you exit the Matrix and directly affect real, physical things," said Smith. "We're working to give security professionals the resources they need to test and ensure the safety of their products, no matter what side of the virtual divide they are on." The initial release focuses on IoT, with a particular slant towards automotive penetration testing. The bridge now includes modules for testing vehicle Controller Area Network (CAN) buses and users are also offered interactive commands for gathering information on vehicles being tested, such as speed and inbuilt security systems. "If you are in security at an automaker, you are challenged to test things that are not exposed to traditional networks," Smith told Dark Reading. "The hardware bridge allows security teams to add hardware testing to their QA process. It also allows red teams to have a central user interface to all of their hardware tools." Additional modules which target embedded, industrial and hardware devices, including SCADA systems for industrial applications, will be added over time. Rapid7 also plans to add additional BUS systems, such as K-Line, in the future. Rapid7 is asking users of the initial Metasploit release to provide feedback and suggest new automotive features for future versions. By Charlie Osborne for Zero Day | February 3, 2017 -- 10:09 GMT (02:09 PST) | Topic: Security Architecting Microsoft Azure SolutionsLearn Microsoft Azure solution design from architects at Microsoft.
Azure is Microsoft’s cloud computing platform, a growing collection of integrated services—analytics, computing, database, mobile, networking, storage, and web—for moving faster, achieving more, and saving money. In this computer science course, you’ll apply what you already know about implementing solutions on Microsoft Azure to learn solution design skills. At the completion of this course, you will be able to identify tradeoffs and make decisions for designing public and hybrid cloud solutions. This course will help you prepare for the Microsoft Certification Exam 70-534: Architecting Microsoft Azure Solutions. Note: To complete the final assignment in this course, you will need an Azure subscription. You can use your existing Azure account, or sign up for a free Azure trial subscription (a valid credit card is required for verification, but you will not be charged for Azure services). Note that the free trial is not available in all regions. It is possible to complete the course and earn a certificate without completing the final assignment. https://www.edx.org/course/architecting-microsoft-azure-solutions-microsoft-dev205bx-1 You know my passion for learning and sharing knowledge. If you have ever adventured into Azure, you'll need a road-map. This free book is a good start.
https://blogs.msdn.microsoft.com/microsoft_press/2016/09/01/free-ebook-microsoft-azure-essentials-fundamentals-of-azure-second-edition/ https://www.certificate-transparency.org/what-is-ct What is Certificate Transparency?Thanks to modern cryptography, browsers can usually detect malicious websites that are provisioned with forged or fake SSL certificates. However, current cryptographic mechanisms aren’t so good at detecting malicious websites if they’re provisioned with mistakenly issued certificates or certificates that have been issued by a certificate authority (CA) that’s been compromised or gone rogue. In these cases, browsers see nothing wrong with the certificates because the CA appears to be in good standing, giving users the impression that the website they’re visiting is authentic and their connection is secure. One of the problems is that there is currently no easy or effective way to audit or monitor SSL certificates in real time, so when these missteps happen (malicious or otherwise), the suspect certificates aren’t usually detected and revoked for weeks or even months. What’s more, these types of SSL missteps are occurring with increasing frequency. Over the past few years there have been numerous instances of misissued certificates being used to spoof legitimate sites, and, in some case, install malicious software or spy on unsuspecting users. In one case, a prominent Dutch CA (DigiNotar) was compromised and the hackers were able to use the CA’s system to issue fake SSL certificates. The certificates were used to impersonate numerous sites in Iran, such as Gmail and Facebook, which enabled the operators of the fake sites to spy on unsuspecting site users. In another case, a Malaysian subordinate certificate authority (DigiCert Sdn. Bhd.), mistakenly issued 22 weak SSL certificates, which could be used to impersonate websites and sign malicious software. As a result, major browsers had to revoke their trust in all certificates issued by DigiCert Sdn. Bhd. (Note: DigiCert Sdn. Bhd. is not affiliated with the U.S.-based corporation DigiCert, Inc.) More recently, a large U.S.-based CA (TrustWave) admitted that it issued subordinate root certificates to one of its customers so the customer could monitor traffic on their internal network. Subordinate root certificates can be used to create SSL certificates for nearly any domain on the Internet. Although Trustwave has revoked the certificate and stated that it will no longer issue subordinate root certificates to customers, it illustrates just how easy it is for CAs to make missteps and just how severe the consequences of those missteps might be. In many cases, mistakenly issued certificates have been used by hackers for malicious attacks that have dire consequences, but the fallout after mitigation can be far ranging and harmful, too. Eventually, the Dutch CA’s certificates were revoked and the CA was shut down. The revocation and closure caused a ripple effect throughout the Netherlands as people were denied access to government and private sites that were provisioned with the CA’s SSL certificates. Certificate Transparency to the RescueCertificate Transparency aims to remedy these certificate-based threats by making the issuance and existence of SSL certificates open to scrutiny by domain owners, CAs, and domain users. Specifically, Certificate Transparency has three main goals:
Certificate Transparency satisfies these goals by creating an open framework for monitoring the TLS/SSL certificate system and auditing specific TLS/SSL certificates. This open framework consists of three main components, which are described below. Certificate LogsCertificate logs are simple network services that maintain cryptographically assured, publicly auditable, append-only records of certificates. Anyone can submit certificates to a log, although certificate authorities will likely be the foremost submitters. Likewise, anyone can query a log for a cryptographic proof, which can be used to verify that the log is behaving properly or verify that a particular certificate has been logged. The number of log servers doesn’t have to be large (say, much less than a thousand worldwide), and each could be operated independently by a CA, an ISP, or any other interested party.MonitorsMonitors are publicly run servers that periodically contact all of the log servers and watch for suspicious certificates. For example, monitors can tell if an illegitimate or unauthorized certificate has been issued for a domain, and they can watch for certificates that have unusual certificate extensions or strange permissions, such as certificates that have CA capabilities. A monitor acts much the same way as a credit-reporting alert, which tells you whenever someone applies for a loan or credit card in your name. Some monitors will be run by companies and organizations, such as Google, or a bank, or a government. Others will be run as subscription services that domain owners and certificate authorities can buy into. Tech-savvy individuals can run their own monitors. AuditorsAuditors are lightweight software components that typically perform two functions. First, they can verify that logs are behaving correctly and are cryptographically consistent. If a log is not behaving properly, then the log will need to explain itself or risk being shut down. Second, they can verify that a particular certificate appears in a log. This is a particularly important auditing function because the Certificate Transparency framework requires that all SSL certificates be registered in a log. If a certificate has not been registered in a log, it’s a sign that the certificate is suspect, and TLS clients may refuse to connect to sites that have suspect certificates. An auditor could be an integral component of a browser’s TLS client, a standalone service, or a secondary function of a monitor. Anyone can create an auditor, although it’s likely that CAs will run the bulk of all auditors because they are an efficient way to gain insight into the operational integrity of all CAs. Altogether, these components create an open framework that lets anyone observe and verify newly issued and existing SSL certificates in nearly real time. Note: Auditors and monitors also communicate with each other to exchange information about logs. This communication path, known as gossip, helps auditors and monitors detect forked logs. Fewer Missteps, Safer BrowsingWhen implemented, Certificate Transparency helps guard against several types of certificate-based threats, including misissued certificates, maliciously acquired certificates, and rogue CAs. These threats can increase financial liabilities for domain owners, tarnish the reputation of legitimate CAs, and expose Internet users to a wide range of attacks such as a website spoofing, server impersonation, and man-in-the-middle attacks. The Certificate Transparency framework aims to curb these certificate-based threats by bringing public scrutiny and openness to the SSL certificate system. Through its open framework of publicly run monitors and auditors, Certificate Transparency provides several benefits that are lacking or absent in the current SSL certificate system:
In most cases, the Certificate Transparency system can detect suspect certificates or CAs in a few hours instead of a few days, a few weeks, or a few months.
Although Certificate Transparency relies on existing mitigation mechanisms to address harmful certificates and CAs--for example, certificate revocation--the shortened detection time will speed up the overall mitigation process when harmful certificates or CAs are discovered.
Certificate Transparency is founded on an open framework that supports public observation and verification of newly issued and existing TLS/SSL certificates, which gives any interested party the opportunity to observe and verify the health and integrity of the TLS/SSL system--domain owners, CAs, and users alike. As a focused solution, Certificate Transparency strengthens the chains of trust that extend from CAs all the way down to individual servers, making HTTPS connections more reliable and less vulnerable to interception or impersonation. But what’s more, as a general security measure, Certificate Transparency helps guard against broader Internet security attacks, making browsing safer for all users. |
Author: <see article>
These links serve as tributes to those who have written them. Please find contributor details in the links provided Archives
April 2024
Categories |