Aurora

There is a lot of buzz about the Aurora zero day exploit. It takes advantage of a vulnerability in Microsoft’s Internet Explorer. Users visit a malware web page. Hackers then gain control of their system through the use of a back door. The name Aurora comes from the file path where malware binary files are downloaded to the target computer.

This hack was specifically focused on Internet Explorer version 6. It was sent to a few people in around thirty companies. This was not a widespread attack. Google was one of the high profile target companies under attack. Google has reported that only two accounts were compromised at their company.

Microsoft is releasing an emergency patch today. McAfee has updated their Stinger virus removal tool. This version is being called Aurora Stinger. It seems like McAfee is generating a lot of hype regarding this exploit. Although they are combating a real vulnerability, from the outside it looks like a big publicity drive.

Hacking for Dummies

I broke down and read Hacking for Dummies. It was a surprisingly good read. To be a hacker, you need to think like a thief. This is the hacker mentality? Hacking is like testing software. You can go further than a tester by broadcasting your findings to the world. This makes you a Hacktivist.

Put up a fake contest web site. Then promote it. Ask users to create an account on the web site. You can collect a lot of good passwords that way. It is a good practice to disable broadcasting of your SSID on a wireless network. Did you know that passive monitoring can find your access point even if you are not broadcasting the SSID?

When you conduct tests for port scanning, you should scan the first 65535 ports on the computer. This might produce false positives for holes. Note also that the port scan itself might cause a Denial of Service. Be sure to test your firewall from both inside and outside your network. You never know when an attack is going to come from within.

Here are some methods to prevent Denial of Service attacks. Apply patches, including patches to firmware. Set up your router to block malformed traffic. Block ICMP and disable SNMP. Do not put sensitive information on your web servers. That way hackers can’t get your info even if they compromise your network.

Factoring a 768-bit RSA Number

Last month a team completed a multi-year effort to factor a 768-bit number. The number was one from an old RSA Challenge list. A 22 page paper was written on the subject. The team consisted of Thorsten Kleinjung and associates. This is a record for factoring integers. Their conclusion is that 768-bit RSA numbers are no longer recommend for encryption.

Let us put this into perspective. 10 years ago a team factored a 512-bit number. Factoring a 768-bit number is a few thousand times more difficult then that. Factoring a 1024-bit number will be around a thousand times more difficult than factoring a 768-bit one. The researchers estimate that 1024-bit number factorization will occur some time in the next decade. However it won’t occur as soon as the next 5 years.

The techniques used in the factorization involved heavy math. But one idea they used was that of a sieve. They report that sieving is easy. Conducting work in parallel does create some challenges. Clients must do a lot of communication with servers. Trouble arises when one machine or a network connection goes down.

A square root step significantly reduced the solution space. Many large primes were generated to help the factorization process. Some steps required a terabyte of memory. They ran their jobs on up to 80 different machines. In total the factorization took 10^20 computations. The techniques were chosen using some experience and a lot of luck.

I am amazed at the multi-year commitment by the team to complete the factorization. However this does not mean I no longer trusting 768-bit encryption. Congrats to the Kleinjung team. This is good stuff.