Incremental Backups of Crypto Containers

If you want to backup your crypto containers, you have mainly two choices:
1.) Open the container on your machine and one on the backup server and than you can start with an incremental backup.
2.) You always transfer the whole crypto container.
From a security point of view it’s not acceptable to open a container on a remote host which is perhaps even not owned by you and of course you don’t want to backup a 1GB container after you’ve just added a small *.txt
Here, I’ll demonstrate how to do incremental backups of crypto containers without even once open them :)


# backup.sh
echo "Creating patch"
bsdiff disk_of_last_change.tc disk_to_work_with.tc patch.patch
echo "Move patch to server"
mv patch.patch serverSide
cd ./serverSide
echo "Use patch"
bspatch disk_on_the_server.tc disk_on_the_server.tc patch.patch
cd ../
echo "cleanup"
rm ./serverSide/patch.patch
rm disk_of_last_change.tc
cp disk_to_work_with.tc disk_of_last_change.tc

Unfortunately, this is not as fast as it could be, even if it’s much faster than transfering the whole container all the time but I also found a quiet strange way on how to improve the speed of the whole process. You can just use base64 encoding and the normall diff instead of using bsdiff because you can work much faster on plain text files than on binary files. Here’s how an example could look like:

# backup64.sh
#
# run once:
# base64 disk_to_work_with.tc > disk_of_last_change_64.tc
base64 disk_to_work_with.tc > disk_to_work_with_64.tc
echo "Creating patch"
diff disk_of_last_change_64.tc disk_to_work_with_64.tc > patch64.patch
echo "Move patch to server"
mv patch64.patch ./serverSide/
cd ./serverSide
echo "Use patch"
patch disk_on_the_server_64.tc patch64.patch
cd ../
echo "cleanup"
#rm disk_of_last_change.tc
#rm disk_of_last_change_64.tc
rm ./serverSide/patch64.patch
mv disk_to_work_with_64.tc disk_of_last_change_64.tc
base64 -d disk_of_last_change_64.tc > disk_to_work_with.tc

As you’ll see, the patches are slightly bigger than the ones with bsdiff but I think you can accept that when you get such a huge performance improvement by using the base64 version.

I know that I didn’t really explain everything but don’t hesitate to ask me if there are any questions :)

Long time ago, I posted a guide on how to make John the Ripper able to crack MD5 hashes (http://www.disenchant.ch/blog/teaching-john-the-ripper-how-to-crack-md5-hashes/106). In that posting where some errors and also it’s not up to date so I made a small shell script which downloads, patches and compile JtR 1.7.3.4 for you automatically

wget http://www.openwall.com/john/g/john-1.7.3.4.tar.gz
tar xvf john-1.7.3.4.tar.gz
wget http://www.openwall.com/john/contrib/john-1.7.3.4-jumbo-1.diff.gz
gunzip john-1.7.3.4-jumbo-1.diff.gz
cp john-1.7.3.4-jumbo-1.diff ./john-1.7.3.4
cd ./john-1.7.3.4
patch -p1 < john-1.7.3.4-jumbo-1.diff
cd ./src/
make clean linux-x86-any

This patched John the Ripper can attack the following formats:
DES/BSDI/MD5/BF/AFS/LM/NT/XSHA/PO/raw-MD5/IPB2/raw-sha1/md5a/hmac-md5/KRB5/bfegg/nsldap/ssha/openssha/oracle/MYSQL/mysql-sha1/mscash/lotus5/DOMINOSEC/NETLM/NETNTLM/NETLMv2/NETHALFLM/mssql/mssql05/epi/phps/mysql-fast/pix-md5/sapG/sapB/md5ns/HDAA

I hope you enjoy it :)

Reactivation of the blog

Quiet a lot of people asked me to write again blog postings and even if I failed already a few times because of the time it takes to write these postings, I’ll try it once more and hope to provide all my readers again with valuable information on the topic of security.

Since a few days, the new iPhone OS 3.0 is available but in Switzerland Tethering is afaik not officially supported by either Swisscom, Orange or Sunrise. bench-artwork.ch has the solution for this and provides configurations for all three big provider. You can find all the information here (it’s in german).

PS: For all Linux users like me, this is also very helpful.

Firefox Security Tool Kit – FSTK v4.0

There’s a new version of the Firefox Security Tool Kit (FSTK) online :)
Download and/or Install the FSTK v4.0 now

You’ll find more information on the FSTK here but the Extensions have changed.

At this point I also wish to thank Kaspar Brand (the developer of Cert Viewer Plus) for letting me know, that there where some licensing problems.

Swiss Cyber Storm II

The last weekend, I was in Rapperswil (Switzerland) for a quiet special event. There, the “Swiss Cyber Storm II” took place, organized by Compass Security. The SCSII is a hacking wargame contest, where hackers, IT security specialists, computer scientists etc. try to solve security related tasks and get points for them. For example there was a crypto attack on Lsrunase.exe, JavaScript Malware analysis, ORACLE DB hacking, DECT sniffing and much more. It was a two day event but the second day wasn’t as productive as on the first. Anyway, I was quiet successful :) At the end of the first day, I was on the 1. rank from about 150 people participating. On the 2. and 3. ranks was a team (CrypTom and allotria) so I decided to also form a team for the second day and my team-partner was Baboo, who’s also a student at the Bern University of Applied Sciences. At the end we made the 2. rank which I would say is a really good result :)

Thanks a lot at this point to Compass Security for the great event.

Here you’ll see the final ranking:
scs2_final_ranking

PS: Baboo and me had to create a new user called Disenchant_and_Baboo for the second day. As you can see, my user of the first day (Disenchant) is at the end of the second day still on rank 11 :P

Too long ago, I wrote a posting about Certified Secure Web (CSW) and announced to post more information on the specific certifications CSWD and CSWT. Because of the official web site is now also available in English it doesn’t make sense to copy&paste it into my blog. You’ll find it at https://www.certifiedsecureweb.com/.

If there are any questions about CSW, don’t hesitate to ask :)

Happy New Year

I know, I’m a bit late but I really like to wish all of you out there a happy new year :)

Myself, I was visiting London with my girlfriend during new year’s eve and we really enjoyed it (everything beside waiting 2.5 hours in the cold to see a 10min firework).

london

PS: Next time I will also visit the OWASP guys in London but I wanted also my girlfriend to have some holidays and not just hear me talking to people on how to break stuff ;)

Certified Secure Web

Hi everyone out there, I know that it was a long time since I wrote my last blog posting but as most of you know, time is always rare. Anyway, I’ll try to write more in the feature, especially because there is really stuff, I think it’s worth to write about. So today I’d like to talk about one big project, I was involved during about the last year at my workplace at Dreamlab Technologies, it’s the CSW certification.

You might ask yourself now: What the hell is CSW? CSW is short for Certified Secure Web, which is a security certification framework for the web. Actually we’ve got two certification types, the CSWT where T is short for Technology which means certification of web applications and we’ve got also a CSWD, which’s thought to stand for Developers. Before I go more into more details, I have to say that the CSW certification framework is thought to be open and not just for Dreamlab Technologies. We’re only a part of the CSW, the real certification is done by an independent party which is in our case a backend, built of educational organizations like for example universities, combined with partners like us. So this is not just poor advertising, we’re really looking for people/companies who’re interested in this all over the world.

Normally I would say, go to https://www.certifiedsecureweb.com/, where you can find all the information you need but unfortunately, the site is still only available in German, even if the English version is afaik ready.

So, what is CSW: “Certified Secure Web is an initiative to increase the overall security of web applications and also to provide a certification for Technology (Applications) and Developers.” (A free translation of the text on the CSW website, from German into English). It’s based on the OSSTMM by ISECOM, the Threat Classification of the WASC and on different resources, provided by the OWASP. With these different resources we think, that we can really provide a certification, which is worth the paper it’s printed on, even if we know that also the CSW certification can’t be perfect at all. Something which is also special on CSW is, that we don’t want to say that an application is secure and “hacker safe” (oops, sorry guys ;) ) but we would like to certify a security baseline for web applications and help companies getting a more secure application.

I could go on with this for hours but I think it’s better to write my next two postings directly on CSWT and CSWD because it will say much more on what we’d like to achieve and in which way.

For specific questions or if you’d like to get involved, please just contact me or leave a comment :)

… and of course merry Christmas and a happy new year ;)

Many of my readers will know, that example.com, example.net and example.org are reserved for use in documentation, according to RFC 2606. If you surf to any of these sites, there will be just the same information I wrote before and also a link to the RFC 2606. So it’s quiet interesting, why according to my statistics, example.com has a link on it, pointing to my website. I don’t no why this happened but it’s quiet interesting an if somebody can tell me what happened, I’m glad to know.

Here’s a proof (even if it only a line of text :P ):