home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.misc      General topics about computers not cover      21,759 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 21,459 of 21,759   
   Lawrence =?iso-8859-13?q?D=FFOlivei to All   
   Introducing ... The Smishbox   
   02 Oct 25 09:38:17   
   
   From: ldo@nz.invalid   
      
   This SMS gateway box has a lot of legitimate users, facilitating   
   communication with all kinds of remote industrial equipment over the   
   cellular network   
   .   
      
   However, it also has a few security flaws. And various of the   
   treacherous-miscreant persuasion have been exploiting those flaws to   
   turn some of these boxes into sources of unwanted SMS fraudulent spam   
   phishing attacks -- “smishing”, in short.   
      
   This part is slightly puzzling, though:   
      
       While the password was encrypted, the file also included the   
       secret encryption key used and an IV (initialization vector),   
       allowing an attacker to obtain the plaintext password and then   
       gain full administrative access.   
      
   An IV cannot be kept confidential. It is a random quantity used to   
   initialize the encryption/decryption algorithm, so it obviously cannot   
   be encrypted to begin with. Nevertheless, its use does improve the   
   security of the encryption, because it avoids the situation where the   
   same plaintext repeated twice gives rise to the same encrypted   
   bitstream, making it easier for an attacker to spot patterns in the   
   message.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca