Security Log 001
> Backdoor in Telia backend controlling home routers in Lithuania
Multiple vulnerabilities had been discovered in a backend service that can control user’s home router (and for example change its wi-fi password). Not only Telia can read your wi-fi password in a plaintext, but the connection between the router and the backend is flawed. It uses deprecated libraries and protocols that are not secure anymore. When the router connects to the backend, it does not check the server fingerprint or does nothing else to detect a MITM attack. It even utilizes a hardcoded password to make the connection.
As the researcher reported on the linked site, Telia’s answer seems to almost threaten the researcher for reporting these bugs. As of now (June 2020, 9 months after reporting those issues to Telia), none of these problems were solved.
> Mozila and Chromium browsers will enforce 398-day validity for certificates
Certificates issued after 01 September 2020 will have to have a maximum validity time of 398 days. If they will be issued with a longer validity time, browsers will consider them misissued, therefore not valid.
At least in Firefox, this behavior will only apply to certificates, for which their root certificates were added to the browsers by the browser’s developers, therefore it won’t affect self-signed certificates used within intranets [1].
> Ata Hakçıl password lists and their analysis
Computer engineer Ata Hakçıl is conducting a research of quiet long password list. The password lists can be found on Github. But the valuable work is their statistical analysis. How many passwords use special characters, how many passwords end with a digit. In his research he found that only 8.83% of passwords from his wordlist are unique. There is also a comparison of his wordlists and the famous rockyou.txt list. Definitely worth your time going through the data.
> Information leakage in SSH clients can draw attention of attackers
Leakage in the initial key exchange message of the SSH protocol can draw attention of potential attackers to commit a MITM attack, because they can detect whether the client stores a host key for a target server. When SSH client connects to a server for the first time, it ask a user to confirm server fingerprint match, then stores it and rechecks on every connection. If it does not match, client warns the user that the fingerprint does not match. The attacker will therefore know whether the client asks the user to check the fingerprint and because a lot of users do not check the fingerprint, it can lead to a successful MITM attack.