Ag3nt47 Security – iMessage encryption stumps US federal agents

A recent investigation conducted by US Drug Enforcement Administration agents has been temporarily derailed after they failed to decrypt messages the targets exchanged via Apple’s iMessage system.

According to an internal DEA note that was leaked to Cnet, the encryption used for the messaging system makes it “impossible to intercept iMessages between two Apple devices,” regardless of the cell phone service providers.

Another problem for law enforcement is these iMessages “are not captured by pen register, trap and trace devices, or Title III interceptions,” which could end up with investigators missing crucial exchanges.

iMessages between an Apple device and a non-Apple device are transmitted as SMS messages and can sometimes be intercepted, and more easily if the intercept is placed on the non-Apple device, adds the memo.

As Dallas De Atley, manager of the platform security team at Apple, shared last year at Black Hat, the iMessage encryption is based on unique identifiers embedded in the hardware, uses a hardware encryption engine, and supports full AES and SHA encryption.

Law enforcement isn’t exactly helpless in cases such as these, as they can get a court order and demand Apple to help them intercept and decrypt the messages.

Still, there is a big push by federal authorities to set legislation that will make all similar communications accessible to them when legally requested.

Ag3nt47 Security – Have Ida Run A Colorize Script On Startup

Description: In this video I show how to set up so that you can load a binary in IDA Pro and have a script that colors calls and interesting operations run at start up. This will save you time if you are opening binaries in IDA a lot. It took me a while to find this feature and I hope that it helps. Also BTdubsteps… this video is not edited and I get a bit distracted a few times. So dealwithit.gif.

Link to my modified script mentioned in the video: http://pastebin.com/djTKtt8S

Ag3nt47 Security – Shmoocon 2013 – Identity Based Internet Protocol

Description: David Pisano
The Identity-Based Internet Protocol (IBIP) Network project is experimenting with a new enterprise oriented network architecture using standard IPv6 to encode user and host identity (ID) information into the IP address. Our motivation is to increase our security posture by leveraging identity, reducing our threat exposure, enhancing situational understanding of our environment, and simplifying network operations. Our current implementation uses credentials from the Common Access Card (CAC) and from the computer’s Trusted Platform Module (TPM) to establish a host and user ID and IP address. A registration process (built on top of 802.1x) that occurs between the host and a RADIUS server. After validating the credentials, the RADIUS server then automatically configures the edge router, fronting the host, with appropriate access privileges so that no IP address spoofing (or impersonation) is permitted. Hosts that are client machines do not have their IP addresses advertised, making them unreachable or hidden from reconnaissance initiated by other clients. Servers have their IP addresses advertised as usual. A unique IPv6 extension header was conceived to enable return traffic to hidden clients. Access controls are created and deployed from the RADIUS server without human intervention, enforcing established policies.

David earned a B.S. in Applied Networking and Systems Administration and an M.S. in Networking and Systems Administration from Rochester Institute of Technology. He is a contributor to The Honeynet Project. Professionally, David is active in research in the fields of network engineering and network security. His interests include data visualization and data correlation. David has coauthored multiple peer-reviewed papers in the fields of networking and cyber security.

Ag3nt47 Security – Shmoocon 2013 – Mainframed The Secrets Inside That Black Box

Description: Phil Young
The mainframe is not legacy, far from it. Not only is it not legacy, but the majority of fortune 100 companies run a current and up to date mainframe OS. Airline, insurance, financial, power and oil industries, governments and three letter agencies, worldwide, run them, yet no one in the community knows how to properly tackle these ‘iron beasts’. Be it a lack of access by the security community or the false notion that mainframes are dead, there is a distinct gap between the IT security world and the mainframe world. This presentation aims to help close this gap by talking about common security pitfalls on the mainframe and how you can take advantage of, or secure against, them. After this talk you’ll be able to talk intelligently about mainframes, use SHODAN to find mainframes, enumerate and brute force users, crack the password database with John the Ripper and run netcat. Since mainframes are a big world, I will also show you how you can run your own mainframe at home on whatever old laptop you’ve got laying around using opensource software so that you too can get your hands dirty!

Ever since he saw the movie TRON, Phil has been fascinated with computers, mainframes especially. Throughout his career he’s had the chance to review mainframe security at various large organizations. He has worked in IT security for 9 years but ever since he learned you could emulate your own mainframe he’s been knee deep in JCL, print queues and OMVS. Some people build toy trains, others model airplanes, but Phil’s hobby is mainframe security. He has given a talk about mainframe security at BSidesLV, has been interviewed for podcasts and maintains a blog about mainframe security research.