#qi-hardware IRC log for Tuesday, 2016-12-27

--- Tue Dec 27 201600:00
kyakfound this http://routersecurity.org/bugs.php while persuading a collegue of mine to wipe out the vendor firmware08:16
kyakand use openwrt or derivatives instead08:16
kyakall related news are put together for convenience :)08:17
whitequarkhm, where's joerg09:43
wpwrakwhitequark: he's traveling these days. he may still notice (eventually) then you write something here, though.11:36
whitequarkahh 33c311:36
whitequarkthen he probably already knows11:36
eintopf33c3 I wish I would be there11:37
wpwraknaw, visiting a friend. not 33c311:37
wpwrakkyak: someone should make a horror movie with this :)11:46
kyakwpwrak: and the horror part starts when a guy tries to install openwrt --)12:37
wpwrakkyak: ah, you're planning the sort of movie where the heroes die, too :)13:05
kyak^)13:25
DocScrutinizer51whitequark: not 33C313:46
DocScrutinizer51what's up?13:48
whitequarkDocScrutinizer51: https://twitter.com/josephfcox/status/81346006572226969714:13
DocScrutinizer51sorry, not going to visit shitty twitter on N90014:14
DocScrutinizer51prolly wou.dn"t work amyway14:17
whitequarkDocScrutinizer51: then https://mobile.twitter.com/josephfcox/status/81346006572226969714:17
whitequarkbut anyway the link was https://motherboard.vice.com/read/global-travel-booking-systems-open-to-fraud-and-abuse14:17
DocScrutinizer51well thats german news :)14:18
DocScrutinizer51our TV journalists found it together with Mhackers'14:19
DocScrutinizer51basically brute force cracking of a 'pw' alike 6digit transaction number afaik14:20
DocScrutinizer51they prolly should inastall fail2ban ;)14:21
DocScrutinizer51funny hack but no real big thing in my book14:22
whitequarkits like BGP15:02
whitequarkanyone can hijack anyone's flights15:02
DocScrutinizer51well, as long as you cam brute force crack the 6charr(?) transaction token, yes. Under same premise i can root 60 percent all computers on this globe15:06
DocScrutinizer51you 'only' need family name of a customer. rough time window of transaction, and then bruteforce the transaction token. pretty 'insecure' eh? No, they just should throttle bruteforce e.g. by fail2ban15:15
whitequarkDocScrutinizer51: but that's true, you can intercept 60% (actually might be more than 60%) of traffic with a fake BGP advertisement15:16
whitequarkand if you know a rough timewindow then you don't even need to bruteforce the entire token15:16
DocScrutinizer51nfc what's that BGP thing15:16
DocScrutinizer51what they told in TV they simply bruteforce cracked the transaction ID15:17
DocScrutinizer51which is... cracking for kindergarden15:18
wpwrakkids today ...15:36
DocScrutinizer51yeah, they just repeated it in TV: the hackers brute force cracked the 6char reference ID with a known customer name. So how does that differ from bruteforcing the root password of any arbitrary server?15:41
whitequarkDocScrutinizer51: who even uses passwords anymore? good luck bruteforcing my ssh key15:43
DocScrutinizer51add reasonable throttling like fail2ban and everything banana15:43
DocScrutinizer51meh15:43
DocScrutinizer51good luck clickbaiting me into this nonissue15:43
DocScrutinizer51poor implementation of an otherwise perfectly secure concept15:50
DocScrutinizer51of course the IDs need to be true random, and auth needs rate limit, just lie any arbitrary other auth system. That they do call it reference ID and not password is a communication failure, not an IT design failure15:52
DocScrutinizer51Nohl is making up big news to give ARD reporters a topic to cover C3 in news15:54
DocScrutinizer51pretty dishonest15:55
eintopf:o the channel is alive16:03
eintopfbtw: my tft power supply with the replaced elkos still works16:04
--- Wed Dec 28 201600:00

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!