Re: [pakgrid] Security Breach Analysis - Your Input Required

 

I have gone through your entire report and it was interesting to note that critical operations such as CA were running on windows machines. People who *know* state of security of a windows machine, would NEVER trust it to be deployed for such a task. Let me say, quite humbly, that people running this operation need a bit of further training on security. What I can't believe is that there was NO antivirus software installed and that the software was not patched which should be a bare minimum for such an operation. * For such a critical system, one would not rather depend on an anitvirus alone. A more elaborate network and host based IDS should be in place. * The only recommended operating systems for such critical tasks are OpenBSD or FreeBSD or a Linux machine at the least. The advantage is that you can customize such a system for CA operation by turning off all the unnecessary software. The windows run a lot of bloatware which increases possible points of intrusion on systems running this operating system [sic]. * I will be foolish to use my IP addresses to make intrusion attempts into a system. I would rather *own* another machine, may be in another country, which in this case may be Iran, and then launch my attacks from that owned machine. So, attacks originating from IP addresses located in Iran does not necessarily mean that attackers are also located within that geographical territory. If I would want to intercept communications in a country xyz, I would rather own some zombies in that country xyz and that launch attacks from those owned machined. * The certificates obtained by the attackers could only be used against advanced users who know certificates and security. Novice and normal users can normally be lured to use a locally made fake certificate singed by your own CA in which case browsers normally give an initial warning and if the user agrees, they let the user to go on using that certificate for the session. * Currently, only gmail encrypts the entire email communication as a free service. Hotmail and yahoo only encrypt the initial login session. The sent and received emails are still in cleartext and could be intercepted without need of any fake certificates. Therefore, only gmail could be a possible target IF email interception was the goal of the attackers. Best wishes -- Muhammad Farooq-i-Azam --- On Thu, 9/8/11, qureshi ahmed <saffafali@gmail.com> wrote: From: qureshi ahmed <saffafali@gmail.com> Subject: [pakgrid] Security Breach Analysis - Your Input Required To: pakgrid@yahoogroups.com Date: Thursday, September 8, 2011, 9:05 AM HI!   I am analysing security breach, and trying to figure out the severe flaw. below is the link where you can find the incident report( it is not very detailed) . Section 4.4 describes the network infrastructure and some design flaws.   http://www.diginotar.nl/Portals/7/Persberichten/Operation%20Black%20Tulip%20v1.0a.pdf   From my understanding, the severe security flaw could be the poor authentication mechanism with week password (which actually allows the hacker to gain full control of the domain) , beside other design flaws. I will really appreciate your inputs inorder to understand and conclude my analysis.   Best Regards Syed Affaf Ahmed Qureshi

__._,_.___

Reply to sender | Reply to group | Reply via web post | Start a New Topic

Messages in this topic (5)

Recent Activity:

• New Members 12

Visit Your Group

MARKETPLACE

A bad score is 598. A bad idea is not checking yours, at freecreditscore.com.

---

Stay on top of your group activity without leaving the page you're on - Get the Yahoo! Toolbar now.

Switch to: Text-Only, Daily Digest • Unsubscribe • Terms of Use

.

__,_._,___