Sunday, October 21, 2012

Apple parts ways with hacker famous for iPhone jailbreaking



Nicholas Allegra, who was hired last year after gaining fame at JailBreakMe, was let go after not responding to an e-mail offering to extend his employment.

Apple's experiment with employing a hacker 
famous for jailbreaking the iPhone has ended.

Nicholas Allegra, also known as Comex, was 
hired at Apple after gaining fame with the 
JailBreakMe,a Web site that simplified the 
process of removing Apple-installed 
protections from the phone -- a practice Apple 
opposes.When Apple hired him as an intern in 
August 2011, Allegra was a high-profile member 
of the jailbreaking community, regularly 
publicizing security vulnerabilities in 
Apple's iOS software.

However, Apple ended the 20-year-old Brown 
University student's employment last week, Allegra revealed today.
"So... no point in delaying. As of last week, after about a year, I'm no longer associated with Apple," he tweeted this afternoon. 

"As for why? Because I forgot to reply to an email," he wrote in a follow-up tweet.

Tuesday, October 16, 2012

Wireless Encryption - WEP, WPA, and WPA2

This a very basic description of the differences between Encryption Security Methods used by Entry Level Wireless Hardware (802.11b/g).

WEP

Each packet of the Encryption has 24bits Initialization vector. Which unfortunately done in plaintext.

40bits (encryption)+ 24bits(init. vector)=64bits Encryption.

104bit(encryption)+ 24bits(init. vector)=128bits Encryption.

WEP uses RC4 stream encryption, for a fresh key stream for each packet.

The Init Vector & the key are combined to get per-packet key which is used to generate RC4 keys stream.

The RC4 is one of the major culprits in the security issues.

Part of the weakness of RC4 has to do with the combo of Init. Vector and Plain Text chipper.

24 bit Init vector is finishing a cycle of 2 in the power of 24 in about hour and then repeats. 

Repeating Init Vector plus knowledge about the plaintext language, makes guessing the plaintexts simpler.

WPA

It is an interim solution that is used now until 802.11i comes out.

It still using RC4, but the Key was changed to TKIP.

TKIP basically works by generating a sequence of WEP keys based on a master key, and re-keying periodically before enough volume of info. could be captured to allow recovery of the WEP key. TKIP changes the Key every 10,000 packets, which is quick enough to combat statistical methods to analyze the cipher. 

TKIP also adds into the picture the Message Integrity Code (MIC). The transmission’s CRC, and ICV (Integrity Check Value) is checked. If the packet was tampered with. WPA will stop using the current keys and re-keys.

Probably in mid 2005 release of 802.11i happened).

The Big Change is Advance Encryption Standard (AES).

802.11i changed WPA RC4 usage to employ AES.

Referred to as WPA2 the main difference for regular user would be.

WPA uses (as describe above) TKIP/MIC Encryption.


WPA2 uses AES-CCMP Encryption

AES aka the Rijndael algorithm is a secure, fast symmetric cipher that is easily implemented in hardware.

AES has its own mechanism for dynamic key generation. It's also resistant to statistical analysis of the cipher text.

Counter-Mode/CBC-MAC Protocol (CCMP) called the Advanced Encryption
Standard (AES).