Tagged "Cybersecurity"

IPv6 is the next (current?) generation Internet protocol. It has been designed to overcome many limitations of IPv4 and fix some of the issues and weaknesses. Nevertheless, IPv6 fragmentation presented many vulnerabilities similar to the IPv4 ones in the past: new testing models were presented to check the presence of such problems.

In this work, we demonstrate that IPv6 fragmentation issues are still present today in operating systems because of the weakness of the model used to test their compliance. We also propose a new model that overcomes these limitations.

Recently, Mikrotik added a REST server as a new API for managing the router. It is a nice alternative to their proprietary API when automating RouterOS.

However, young software usually contains bugs. Sometimes, these bugs are security-related, and, together with not-so-safe defaults, they may create a vulnerability.

A few months ago, as part of our investigations on IPv6 security in the NetSecurityLab @ Sapienza University, we discovered a vulnerability that allows attackers to bypass rules in pf-based IPv6 firewalls in particular conditions. Let’s see some details of this vulnerability.

Many hobbyists and professionals use common MQTT brokers and libraries, like “Mosquitto”, in their projects. We asked ourselves: are these implementations “safe”? Is there any security issue we can exploit?

I don’t have a strong opinion on everything. However, in the case of DoH-vs-DoT-vs-DNS, I have a very strong opinion.

And it’s that DoH is harmful and unnecessary. In this post, I’ll explain why.

I use open-source software every day. And I try to contribute as much as I can.

However, sometimes weird things happen when writing OSS code. Like finding a security bug in a closed source software.

Do you know that you can unlock your full-disk encrypted GNU/Linux PC remotely? Cool, isn’t it? You can directly use SSH to type the password and unlock your PC.

Let’s ask ourselves: is it secure?

You want to start developing mobile apps for iOS (native or with ANY framework). You don’t want to mess with bureaucracy and procedures. This time, however, you can’t escape.

TL;DR: the Cisco VPN 3000 Concentrator has a bug that allows you to create a DoS (and maybe a MITM) by sending the wrong netmask in IPSec phase 2.

In a recent web portal project, made with Python and Angular, I faced the amethic doubt: should I use the standard pseudorandom generation of session tokens, or should I use a JWT?

So, you bought your brand new Arduino/Genuino Uno and some nice-but-useless sensor (such as a temperature sensor for your bedroom), and you feel ready to enter the Internet Of Things world.

As many IT folks, I have my VPS (for instance, this website is running on it).

If you missed the previous post, you can find it here.

Some years ago I was asked to do a reverse engineering of an older protocol used in automation systems.

La "superficie d'attacco" è l'insieme dei possibili punti di un software/sistema/infrastruttura che sono più o meno accessibili da un eventuale attaccante.

Yesterday I was having a break from studying for next exam.

Anche se non è immediato, è chiaro che la sicurezza informatica passa anche per la HCI (Human Computer Interaction).

Ricordiamoci che "prevenire è meglio che curare", quindi spendere del tempo (e denaro) prima di un attacco è sempre un investimento per evitare di spendere più tempo e denaro ad attacco avvenuto.

Quali sono le soluzioni tecniche che possiamo adottare, in azienda, per ridurre il rischio di ransomware (e di virus in generale)? Riassumiamo:

Dopo i recenti fatti di WannaCry e Samba, ho riflettutto un po' su quello che era (ed è) il mio approccio alla sicurezza informatica, almeno per le infezioni. Ma prima di affrontarlo, riprendiamo un po' di storia.

Inizialmente, il vettore di attacco (ovvero il mezzo con il quale il virus attaccava) era un supporto di memorizzazione fisico: floppy disk, compact-disk, successivamente pennette USB e altri. A seconda se era un virus od un worm (passatemi la generica classificazione), doveva esser lanciato a mano mediante l'inganno dell'utente (ad esempio, facendosi passare per altro) oppure, i secondi, sfruttando delle falle nei sistemi di "protezione".