FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

Verisign Provides Open Source Implementation of Merkle Tree Ladder Mode

By: Burt Kaliski
A digital blue tree on a gradient blue background.

The quantum computing era is coming, and it will change everything about how the world connects online. While quantum computing will yield tremendous benefits, it will also create new risks, so it’s essential that we prepare our critical internet infrastructure for what’s to come. That’s why we’re so pleased to share our latest efforts in this area, including technology that we’re making available as an open source implementation to help internet operators worldwide prepare.

In recent years, the research team here at Verisign has been focused on a future where quantum computing is a reality, and where the general best practices and guidelines of traditional cryptography are re-imagined. As part of that work, we’ve made three further contributions to help the DNS community prepare for these changes:

  • an open source implementation of our Internet-Draft (I-D) on Merkle Tree Ladder (MTL) mode;
  • a new I-D on using MTL mode signatures with DNS Security Extensions (DNSSEC); and
  • an expansion of our previously announced public license terms to include royalty-free terms for implementing and using MTL mode if the I-Ds are published as Experimental, Informational, or Standards Track Requests for Comments (RFCs). (See the MTL mode I-D IPR declaration and the MTL mode for DNSSEC I-D IPR declaration for the official language.)

About MTL Mode

First, a brief refresher on what MTL mode is and what it accomplishes:

MTL mode is a technique developed by Verisign researchers that can reduce the operational impact of a signature scheme when authenticating an evolving series of messages. Rather than signing messages individually, MTL mode signs structures called Merkle tree ladders that are derived from the messages to be authenticated. Individual messages are authenticated relative to a ladder using a Merkle tree authentication path, while ladders are authenticated relative to a public key of an underlying signature scheme using a digital signature. The size and computational cost of the underlying digital signatures can therefore be spread across multiple messages.

The reduction in operational impact achieved by MTL mode can be particularly beneficial when the mode is applied to a signature scheme that has a large signature size or computational cost in specific use cases, such as when post-quantum signature schemes are applied to DNSSEC.

Recently, Verisign Fellow Duane Wessels described how Verisign’s DNSSEC algorithm update β€” from RSA/SHA-256 (Algorithm 8) to ECDSA Curve P-256 with SHA-256 (Algorithm 13) β€” increases the security strength of DNSSEC signatures and reduces their size impact. The present update is a logical next step in the evolution of DNSSEC resiliency. In the future, it is possible that DNSSEC may utilize a post-quantum signature scheme. Among the new post-quantum signature schemes currently being standardized, though, there is a shortcoming; if we were to directly apply these schemes to DNSSEC, it would significantly increase the size of the signatures1. With our work on MTL mode, the researchers at Verisign have provided a way to achieve the security benefit of a post-quantum algorithm rollover in a way that mitigates the size impact.

Put simply, this means that in a quantum environment, the MTL mode of operation developed by Verisign will enable internet infrastructure operators to use the longer signatures they will need to protect communications from quantum attacks, while still supporting the speed and space efficiency we’ve come to expect.

For more background information on MTL mode and how it works, see my July 2023 blog post, the MTL mode I-D, or the research paper, β€œMerkle Tree Ladder Mode: Reducing the Size Impact of NIST PQC Signature Algorithms in Practice.”

Recent Standardization Efforts

In my July 2023 blog post titled β€œNext Steps in Preparing for Post-Quantum DNSSEC,” I described two recent contributions by Verisign to help the DNS community prepare for a post-quantum world: the MTL mode I-D and a public, royalty-free license to certain intellectual property related to that I-D. These activities set the stage for the latest contributions I’m announcing in this post today.

Our Latest Contributions

  • Open source implementation. Like the I-D we published in July of this year, the open source implementation focuses on applying MTL mode to the SPHINCS+ signature scheme currently being standardized in FIPS 205 as SLH-DSA (Stateless Hash-Based Digital Signature Algorithm) by the National Institute of Standards and Technology (NIST). We chose SPHINCS+ because it is the most conservative of NIST’s post-quantum signature algorithms from a cryptographic perspective, being hash-based and stateless. We remain open to adding other post-quantum signature schemes to the I-D and to the open source implementation.
    We encourage developers to try out the open source implementation of MTL mode, which we introduced at the IETF 118 Hackathon, as the community’s experience will help improve the understanding of MTL mode and its applications, and thereby facilitate its standardization. We are interested in feedback both on whether MTL mode is effective in reducing the size impact of post-quantum signatures on DNSSEC and other use cases, and on the open source implementation itself. We are particularly interested in the community’s input on what language bindings would be useful and on which cryptographic libraries we should support initially. The open source implementation can be found on GitHub at: https://github.com/verisign/MTL
  • MTL mode for DNSSEC I-D. This specification describes how to use MTL mode signatures with DNSSEC, including DNSKEY and RRSIG record formats. The I-D also provides initial guidance for DNSSEC key creation, signature generation, and signature verification in MTL mode. We consider the I-D as an example of the kinds of contributions that can help to address the β€œResearch Agenda for a Post-Quantum DNSSEC,” the subject of another I-D recently co-authored by Verisign. We expect to continue to update this I-D based on community feedback. While our primary focus is on the DNSSEC use case, we are also open to collaborating on other applications of MTL mode.
  • Expanded patent license. Verisign previously announced a public, royalty-free license to certain intellectual property related to the MTL mode I-D that we published in July 2023. With the availability of the open source implementation and the MTL mode for DNSSEC specification, the company has expanded its public license terms to include royalty-free terms for implementing and using MTL mode if the I-D is published as an Experimental, Informational, or Standards Track RFC. In addition, the company has made a similar license grant for the use of MTL mode with DNSSEC. See the MTL mode I-D IPR declaration and the MTL mode for DNSSEC I-D IPR declaration for the official language.

Verisign is grateful for the DNS community’s interest in this area, and we are pleased to serve as stewards of the internet when it comes to developing new technology that can help the internet grow and thrive. Our work on MTL mode is one of the longer-term efforts supporting our mission to enhance the security, stability, and resiliency of the global DNS. We’re encouraged by the progress that has been achieved, and we look forward to further collaborations as we prepare for a post-quantum future.

Footnotes

  1. While it’s possible that other post-quantum algorithms could be standardized that don’t have large signatures, they wouldn’t have been studied for as long. Indeed, our preferred approach for long-term resilience of DNSSEC is to use the most conservative of the post-quantum signature algorithms, which also happens to have the largest signatures. By making that choice practical, we’ll have a solution in place whether or not a post-quantum algorithm with a smaller signature size is eventually available. β†©οΈŽ

The post Verisign Provides Open Source Implementation of Merkle Tree Ladder Mode appeared first on Verisign Blog.

RansomwareSim - A Simulated Ransomware

By: Zion3R

Overview

RansomwareSim is a simulated ransomware application developed for educational and training purposes. It is designed to demonstrate how ransomware encrypts files on a system and communicates with a command-and-control server. This tool is strictly for educational use and should not be used for malicious purposes.

Features

  • Encrypts specified file types within a target directory.
  • Changes the desktop wallpaper (Windows only).
  • Creates&Delete a README file on the desktop with a simulated ransom note.
  • Simulates communication with a command-and-control server to send system data and receive a decryption key.
  • Decrypts files after receiving the correct key.

Usage

Important: This tool should only be used in controlled environments where all participants have given consent. Do not use this tool on any system without explicit permission. For more, read SECURE

Requirements

  • Python 3.x
  • cryptography
  • colorama

Installation

  1. Clone the repository:

    git clone https://github.com/HalilDeniz/RansomwareSim.git

  2. Navigate to the project directory:

    cd RansomwareSim

  3. Install the required dependencies:

    pip install -r requirements.txt

ο“– My Book

Running the Control Server

  1. Open controlpanel.py.
  2. Start the server by running controlpanel.py.
  3. The server will listen for connections from RansomwareSim and the Decoder.

Running the Simulator

  1. Navigate to the directory containing RansomwareSim.
  2. Modify the main function in encoder.py to specify the target directory and other parameters.
  3. Run encoder.py to start the encryption process.
  4. Follow the instructions displayed on the console.

Running the Decoder

  1. Run decoder.py after the files have been encrypted.
  2. Follow the prompts to input the decryption key.

Disclaimer

RansomwareSim is developed for educational purposes only. The creators of RansomwareSim are not responsible for any misuse of this tool. This tool should not be used in any unauthorized or illegal manner. Always ensure ethical and legal use of this tool.

Contributing

Contributions, suggestions, and feedback are welcome. Please create an issue or pull request for any contributions.

  1. Fork the repository.
  2. Create a new branch for your feature or bug fix.
  3. Make your changes and commit them.
  4. Push your changes to your forked repository.
  5. Open a pull request in the main repository.

Contact

For any inquiries or further information, you can reach me through the following channels:



Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware

By: Newsroom
Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.8), a memory corruption vulnerability in Office's

Researchers Unveil GuLoader Malware's Latest Anti-Analysis Techniques

By: Newsroom
Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. "While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process," Elastic Security Labs

How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography

By: The Hacker News
Phishing attacks are steadily becoming more sophisticated, with cybercriminals investing in new ways of deceiving victims into revealing sensitive information or installing malicious software. One of the latest trends in phishing is the use of QR codes, CAPTCHAs, and steganography. See how they are carried out and learn to detect them. Quishing Quishing, a phishing technique resulting from the

LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique

By: Newsroom
The stealer malware known asΒ LummaC2Β (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts. The method is designed to "delay detonation of the sample until human mouse activity is detected," Outpost24 security researcher Alberto MarΓ­nΒ saidΒ in a technical

Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking

By: Newsroom
Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit calledΒ RandstormΒ that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms. "Randstorm() is a term we coined to describe a collection of bugs, design decisions, and API changes that, when brought in contact with each other, combine

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

By: Newsroom
An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads,

CryptoChat - Beyond Secure Messaging

By: Zion3R


Welcome to CryptChat - where conversations remain truly private. Built on the robust Python ecosystem, our application ensures that every word you send is wrapped in layers of encryption. Whether you're discussing sensitive business details or sharing personal stories, CryptChat provides the sanctuary you need in the digital age. Dive in, and experience the next level of secure messaging!

  1. End-to-End Encryption: Every message is secured from sender to receiver, ensuring utmost privacy.
  2. User-Friendly Interface: Navigating and messaging is intuitive and simple, making secure conversations a breeze.
  3. Robust Backend: Built on the powerful Python ecosystem, our chat is reliable and fast.
  4. Open Source: Dive into our codebase, contribute, and make it even better for everyone.
  5. Multimedia Support: Not just text - send encrypted images, videos, and files with ease.
  6. Group Chats: Have encrypted conversations with multiple people at once.

  • Python 3.x
  • cryptography
  • colorama

  1. Clone the repository:

    git clone https://github.com/HalilDeniz/CryptoChat.git

  2. Navigate to the project directory:

    cd CryptoChat

  3. Install the required dependencies:

    pip install -r requirements.txt

bind the server to. --port PORT The port number to bind the server to. -------------------------------------------------------------------------- $ python3 client.py --help usage: client.py [-h] [--host HOST] [--port PORT] Connect to the chat server. options: -h, --help show this help message and exit --host HOST The server's IP address. --port PORT The port number of the server." dir="auto">
$ python3 server.py --help
usage: server.py [-h] [--host HOST] [--port PORT]

Start the chat server.

options:
-h, --help   show this help message and exit
--host HOST  The IP address to bind the server to.
--port PORT  The port number to bind the server to.
--------------------------------------------------------------------------
$ python3 client.py --help
usage: client.py [-h] [--host HOST] [--port PORT]

Connect to the chat server.

options:
-h, --help   show this help message and exit
--host HOST  The server's IP address.
--port PORT  The port number of the server.

secret key for encryption. (Default=mysecretpassword) -------------------------------------------------------------------------- $ python3 clientE.py --help usage: clientE.py [-h] [--host HOST] [--port PORT] [--key KEY] Connect to the chat server. options: -h, --help show this help message and exit --host HOST The IP address to bind the server to. (Default=127.0.0.1) --port PORT The port number to bind the server to. (Default=12345) --key KEY The secret key for encryption. (Default=mysecretpassword)" dir="auto">
$ python3 serverE.py --help
usage: serverE.py [-h] [--host HOST] [--port PORT] [--key KEY]

Start the chat server.

options:
  -h, --help   show this help message and exit
  --host HOST  The IP address to bind the server to. (Default=0.0.0.0)
  --port PORT  The port number to bind the server to. (Default=12345)
  --key KEY    The secret key for encryption. (Default=mysecretpassword)
--------------------------------------------------------------------------
$ python3 clientE.py --help
usage: clientE.py [-h] [--host HOST] [--port PORT] [--key KEY]

Connect to the chat server.

options:
  -h, --help   show this help message and exit
  --host HOST  The IP address to bind the server to. (Default=127.0.0.1)
  --port PORT  The port number to bind the server to. (Default=12345)
  --key KEY    The secret key for encr   yption. (Default=mysecretpassword)
  • --help: show this help message and exit
  • --host: The IP address to bind the server.
  • --port: The port number to bind the server.
  • --key : The secret key for encryption

Contributions are welcome! If you find any issues or have suggestions for improvements, feel free to open an issue or submit a pull request.

If you have any questions, comments, or suggestions about CryptChat, please feel free to contact me:



Caracal - Static Analyzer For Starknet Smart Contracts

By: Zion3R


Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts.

Features

  • Detectors to detect vulnerable Cairo code
  • Printers to report information
  • Taint analysis
  • Data flow analysis framework
  • Easy to run in Scarb projects

Installation

Precompiled binaries

Precompiled binaries are available on our releases page. If you are using Cairo compiler 1.x.x uses the binary v0.1.x otherwise if you are using the Cairo compiler 2.x.x uses v0.2.x.

Building from source

You need the Rust compiler and Cargo. Building from git:

cargo install --git https://github.com/crytic/caracal --profile release --force

Building from a local copy:

git clone https://github.com/crytic/caracal
cd caracal
cargo install --path . --profile release --force

Usage

List detectors:

caracal detectors

List printers:

caracal printers

Standalone

To use with a standalone cairo file you need to pass the path to the corelib library either with the --corelib cli option or by setting the CORELIB_PATH environment variable. Run detectors:

caracal detect path/file/to/analyze --corelib path/to/corelib/src

Run printers:

caracal print path/file/to/analyze --printer printer_to_use --corelib path/to/corelib/src

Scarb

If you have a project that uses Scarb you need to add the following in Scarb.toml:

[[target.starknet-contract]]
sierra = true

[cairo]
sierra-replace-ids = true

Then pass the path to the directory where Scarb.toml resides. Run detectors:

caracal detect path/to/dir

Run printers:

caracal print path/to/dir --printer printer_to_use

Detectors

Num Detector What it Detects Impact Confidence Cairo
1 controlled-library-call Library calls with a user controlled class hash High Medium 1 & 2
2 unchecked-l1-handler-from Detect L1 handlers without from address check High Medium 1 & 2
3 felt252-overflow Detect user controlled operations with felt252 type, which is not overflow safe High Medium 1 & 2
4 reentrancy Detect when a storage variable is read before an external call and written after Medium Medium 1 & 2
5 read-only-reentrancy Detect when a view function read a storage variable written after an external call Medium Medium 1 & 2
6 unused-events Events defined but not emitted Medium Medium 1 & 2
7 unused-return Unused return values Medium Medium 1 & 2
8 unenforced-view Function has view decorator but modifies state Medium Medium 1
9 unused-arguments Unused arguments Low Medium 1 & 2
10 reentrancy-benign Detect when a storage variable is written after an external call but not read before Low Medium 1 & 2
11 reentrancy-events Detect when an event is emitted after an external call leading to out-of-order events Low Medium 1 & 2
12 dead-code Private functions never used Low Medium 1 & 2

The Cairo column represent the compiler version(s) for which the detector is valid.

Printers

  • cfg: Export the CFG of each function to a .dot file
  • callgraph: Export function call graph to a .dot file

How to contribute

Check the wiki on the following topics:

Limitations

  • Inlined functions are not handled correctly.
  • Since it's working over the SIERRA representation it's not possible to report where an error is in the source code but we can only report SIERRA instructions/what's available in a SIERRA program.


Post-Quantum Cryptography: Finally Real in Consumer Apps?

By: The Hacker News
Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping them up tonight.Β  Today, many rely on encryption in their daily lives to protect their fundamental digital privacy and security, whether for messaging friends and family, storing files and photos, or
❌