Lost+Found: Android memories and real-time cuckoos
Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H's radar over the last seven days: Android memory dump analysis, OCSP performance, 1Password security, Python crypto cracking, real-time cuckoo, Hack In The Box slides, Certificate Pinning, and the reason Linode was hacked.
- The powerful open source tool Volatility, which starred in Frank Boldewin's CSI: Internet "A trip into RAM" being used to analyse Windows memory dumps, will soon be able to analyse Android apps.
- Hardly anyone knows it, but almost everyone is using it: when browsing HTTPS pages, a browser will often contact an OCSP responder to verify the validity of the certificate. Netcraft has now investigated the performance and availability of responders over a four-month period. The result? OCSP has little effect on the duration of a connection though at one stage six per cent of requests to a StartCom responder were failing.
- The encryption on 1Password's password safe isn't quite as secure as promised. Thanks to a clever optimisation by "atom" it is possible to use the oclHashcat cracker to test passwords at a rate of 3 million passwords per second. This is a considerably higher rate than you would expect when using PBKDF2, but no risk to a really good master password.
- Anyone reading the book Hacking Secret Ciphers with Python is killing two birds with one stone. Not only do you learn how to crack crypto texts but you also get to learn Python programming from scratch. The author, Al Sweigart, will donate the proceeds of the book to the EFF, Creative Commons, and the Tor Project. Those who want to take a look first can download the entire book as a free PDF.
- Version 0.6 of the malware analysis sandbox Cuckoo has been released and now gives the results of its analysis in real-time. The developers have also fixed a number of bugs in the sandbox.
- More than just aircraft were hacked at the Hack in The Box (HITB) security conference. Now the slides of all the presentations are available to browse and consider from the comfort of your own home.
- Microsoft's Enhanced Mitigation Experience Toolkit (EMET) has introduced SSL Certificate Pinning in its latest beta for version 4 . With this function, users can select a number of trusted root CAs whose certificates will be trusted. This can help protect from fraudulent certificates that were issued after a CA hack or with the blessing of a government.
- After the successful hack of hosting company Linode, it has become clear that the attackers were targeting the servers of Nmap developer Gordon "Fyodor" Lyon. He has restored the repositories from uncompromised backups.