Thread: Maemo 5 as a vulnerability / "hacking" victim
View Single Post
fasza2's Avatar
fasza2 is offline fasza2
2011-06-15 , 22:34
Posts: 187 | Thanked: 96 times | Joined on Sep 2010 @ London, UK
#31
Originally Posted by momcilo View Post
You may want to check the openvpn page on that topic. But you can not eliminate the server as a factor.
I don't want to neglect that possibility, I just want to look at the topic from Maemo's(the client's) angle. If the server is compromised the client is as well, there is no question about that. The whole idea is what can be done client side to enhance security.

Originally Posted by momcilo View Post
A lot depends on the actual configuration of vpn server. In addition, there may be weaknesses in implementation as well as cryptography.
Of course, although my implementation is quite safe from passive attacks due to very low traffic.

Originally Posted by momcilo View Post
Please be more specific, because I am not sure if you are referring to the session establishment, or later integrity checks, when data are actualy sent?
I meant kind of meant both, but more of the latter; does HMAC auth protect the client from DoS and portscan by dropping non-authenticated packets before processing?

Originally Posted by momcilo View Post
By this you mean chroot-ing the openvpn client itself?
Yes exactly, to create a chroot jain in case server or another client get compromised. Is it possible client side only assuming server is a win box?

Originally Posted by momcilo View Post
The posted exploit does not recover username/passwords from within browser. It basically replaces legitimate login page.

The attacker poses as a default router, by producing massive number of arp messages in order to confuse the victim about default gateways actual ARP address.

The attacker itself is configured to forward any incoming traffic to the legitimate router. The sslstrip is used in-between to replace unencrypted HTML login pages, with ones that can be used to log username/passwords.

Once the username/password is recovered, the information is used to create a legitimate session, so victim firmly belives it is secure, since the SSL is established and locker is visible.
I did get that, very clever actually. But the question was wether or not it's possible to obtain passwords using keylogger for another browsing instance, IM account and whatnot. Lets assume user wanders(via phishing or DNS spoof) to a site that has a keylogger script.

Thx for responding btw
 

The Following User Says Thank You to fasza2 For This Useful Post: