unix, cryptography & security

11.01.2011 Security vulnerability in Freeconet VoIP platform

After quite a long time without updates, I'm publishing article about security problems of Freeconet VoIP operator. The vulnerability gives attacker full control over VoIP calls made from Freeconet network to the outside. This includes DoS, eavesdropping and advanced man-in-the-middle attacks on voice conversations.

I've also released VOIPROX tool which exploits Freeconet vulnerability. Read the article (sorry, Polish language only) and download the tool from projects section.

UPDATE 11.01.2011: The vulnerable functionality of Freeconet platform was disabled. Exploitation shouldn't be possible now.

28.05.2007 Etherbat 1.0.0 released!

Finally I had a time to write some documentation and release Etherbat, a tool for Ethernet topology discovery. I gave a talk about it on Confidence 2007 and the presentation is available in papers section.

The official Etherbat homepage:

There are two things I want to mention. First, after my talk one guy asked about frames with the same source and destination MAC addresses (a call them SA=DA frames). Etherbat uses this kind of frame in one of tests. The question was about the ability of remote hosts to send this frame. My answer was: "No problem, I have tested it". However, as some of you know I'm Linux user. I didn't tested Windows behavior, which is (surprise!) different than Linux. Windows loops back outgoing frames destined to machine's own MAC address.

This behavior results in incorrect topology being detected by Etherbat. But SA=DA frame is required only in step 5 of test A (see tests description). This step is skipped for some topologies and switch type combinations, so Etherbat could give valid results even if there are Windows machines. However, I've added warning message when this unreliable step is performed.

I don't like above solution, but I don't see better way to do it in current Etherbat mode of operation. However, this problem vanishes in 3 remote hosts mode, which is the first item on Etherbat TODO list.

And the second thing. Etherbat isn't the first tool for Ethernet topology discovery as I thought previously. I've realized that after Confidence 2007 when I was preparing to write Etherbat documentation. I was thinking on how to call the technique used by Etherbat. I've typed "Ethernet topology discovery" in Google to see if that term is not taken. It was :-) See Etherbat homepage for details.

15.02.2007 Confidence 2007.

I will talk about my recent findings in the field of Ethernet networks. The talk summary is available on the conference site.

23.08.2006 DSL talk, multispoof FAQ.

For those interested in security problems in DSL infrastructure of Telekomunikacja Polska I've uploaded audio recording from my last presentation. Hopefully, slides will be easier to understand now.

Multispoof page has FAQ section now.

16.05.2006 CONFidence 2006.

I've added my presentation about security problems in DSL infrastructure of Telekomunikacja Polska. As always it can be found in papers section.

If you are interested in modem emulator presented on the conference, please mail me directly.

26.02.2006 SSL presentation available.

You can find my talk from Noc Linuksożerców in the papers section.

9.02.2006 Two talks.

I will speak at Noc Linuksożerców "Sys V" (25-26.02.2006) and CONFidence 2006 (13-14.05.2006), both in Kraków.

My first speak will be about insecurity of SSL certyficates used with internal domains. At the second conference I will talk about my experiences with one, big company which name begins with a letter T -- of course security related ;-).

9.11.2005 Multispoof 0.7.2 released.

This release fix compilation errors on Redhat 9 (and probably others systems which doesn't ship libpcap as shared library). 0.7.2 tarball is available on the multispoof project page.

19.10.2005 Multispoof finally available!

As I promised on CONFidence 2005, I've released multispoof. It is available in the projects section. For those of you who don't want to install it there is also LiveCD distribution. Feel free to download, but remember to play nice ;-)

Also, I've uploaded my M.Sc. thesis. It's about mac spoofing, its detection and prevention techiques (actually multispoof is a software part of it). You can find it in papers section.

18.08.2005 CONFidence talk.

In the middle of October I will speak at CONFidence conference in Kraków, Poland. My talk is about mac spoofing, its detection and prevention techniques.

UPDATE: Slides are available in papers section.

29.07.2005 Up again.

The disk of machine hosting crashed and there was some downtime. Hopefully, I had backup of the site on my laptop.

From other news, I've defended my master's thesis. I'll put it online soon. For now, I've added document about Fault Tolerance in Computer Networks, which was written by me and my friend Michał Słociński long time ago. It's quite old, but maybe someone will be interested. You can find it in the papers section.

16.05.2005 New presentation: multispoof.

I've added presentation about multispoof, a software project for my thesis. You can find presentation in papers section.

15.05.2005 New website design.

Thanks goes to foobar.

24.04.2005 New papers.

I've added two papers. First about fingerprinting and its relation to my thesis (multispoof). Second, older presentation about PPTP protocol for securing ethernet networks.
Added notice about cryptoboot project - I won't work on this code anymore.

24.02.2005 Site created.