Category Archives: security

Fortifying a Galaxy Nexus with stock-ish image and root access

In this post I will describe my recipe to have a Samsung Galaxy Nexus (codename “maguro”) using a rooted factory image, capable of getting OTA updates without loosing root access and with a locked bootloader, keeping the user data safe … Continue reading

Posted in android, linux, security | Tagged , , , , , , , , | 2 Comments

mini-howto: add google authenticator to a new device

Note: For this to work you need to have google authenticator working on a rooted device. Google authenticator stores user data in a sqlite database, so we can just get the key from there and move it on a different … Continue reading

Posted in android, gadgets, linux, minipost, security | Tagged , , , | Leave a comment

Disable Apache2 weak and medium ciphers for PCI compliance

A few days ago we had an external vulnerability scan by an Approved Scanning Vendor (ASV) to pass PCI DSS, in the report we saw these two vulnerabilities also reported by our Nessus scan: The remote service supports the use … Continue reading

Posted in linux, security | Tagged , , , , , , , , , | Leave a comment

WiFite patch for WLAN/JAZZTEL networks WEP & WPA cracking

I have made a quick patch for wifite r67, which adds support to crack WLAN and JAZZTEL networks in Spain, both WEP and WPA versions. The WPA keys are computed statically using the already known algorithms and the guessed key … Continue reading

Posted in linux, security, wireless | Tagged , , , , , , , | 12 Comments

From APK to readable java source code in 3 easy steps

Android applications are packed inside a APK file, which is just a ZIP file containing among other things a compact Dalvik Executable (.dex) file. First step is to extract the “classes.dex” file from the APK: $ unzip program.apk classes.dex Archive: … Continue reading

Posted in android, linux, security | Tagged , , , , , , , , , | 25 Comments

Encrypted ~Maildir?

I’ve been thinking on encrypting user’s Maildir on a new mail server, however I can’t find a good solution for that. Anybody has come with a solution to encrypt user’s Maildir which is not vulnerable to plaintext attacks by sending … Continue reading

Posted in linux, security | Tagged | Leave a comment

Capturar les credencials d'un roadwarrior sense usar un rogue AP

Un atac molt típic en entorns de hotspot que utilitzen un portal captiu (x ej: chillispot o nocat) és montar un rogue AP, es a dir, un punt d’accés que publique el mateix SSID que la xarxa legítima però controlat … Continue reading

Posted in linux, security, wireless | Leave a comment

WEP Cracking amb aircrack-ng

Fa un any parlàvem de com trencar la encriptació WEP amb aircrack, actualment està disponible aircrack-ng: aircrack next generation, un fork del aircrack original que inclou noves funcionalitats per auditar xarxes sense fils. Han muntat un wiki i un fòrum … Continue reading

Posted in linux, security, wireless | 13 Comments

Presentacions de la BlackHat Europe 2006

Les presentacions de la BlackHat Europe 2006 estan on-line aquí, hi ha material molt interessant, sobre tot m’ha agradat moltíssim la presentació de Philippe Biondi i Fabrice Desclaux Silver Needle in the Skype que recomano llegir a tots els usuaris … Continue reading

Posted in security, wireless | Leave a comment

Vunerabilitat a les connexions wireless de Windows

Un cop més, Micro$oft demostra com una mala implementació de la gestió de les connexions wireless pot arribar a comprometre un sistema. Podem accedir a un equip amb windows que estigui configurat per connectar-se automàticament a una xarxa wifi, només … Continue reading

Posted in minipost, security, wireless | Leave a comment