Software Integrity Blog

Author Archive

Mantej Singh Rajpal

mrajpal

Mantej Singh Rajpal is a senior security consultant at Synopsys. He specializes in reverse engineering and cryptography. Mantej is listed on the Twitter, Pinterest, and Hack the Pentagon (DoD) Halls of Fame. He holds a Bachelor's Degree in Computer Science from UC Riverside and a Master's in Computer Science from NYU. Mantej's Words of Security Wisdom: Don't roll out your own crypto. You will get it wrong.


Posts by Mantej Singh Rajpal:

 

Attacks on TLS vulnerabilities: Heartbleed and beyond

Over the past few years, we’ve seen a variety of TLS vulnerabilities steadily surface. In general, we brand each one as “just another TLS vulnerability,” but the intricacies of each are rather distinct, though not horribly convoluted. Let’s walk through a few together.  2014: Heartbleed and POODLEHeartbleed affects the OpenSSL library’s implementation of a TLS extension—the TLS heartbeat. A TLS heartbeat works as follows: The client (or server) sends some amount of data in a heartbeat request to its peer to verify the peer’s presence or keep the connection alive. The peer then echoes the data back to the sender to verify that the peer is reachable and alive. If you want the nitty-gritty details of the heartbeat extension, feel free to read the IETF’s description. Exploitation of Heartbleed, a faulty heartbeat implementation, can allow an attacker to read up to 64 KB of memory at a time from a peer running a vulnerable version of OpenSSL. Here’s how:

Continue Reading...

Posted in Software Architecture & Design | Comments Off on Attacks on TLS vulnerabilities: Heartbleed and beyond

 

KRACK: Examining the WPA2 protocol flaw and what it means for your business

The KRACK vulnerability allows an active adversary to interfere in the conversation between a client and a Wi-Fi access point. What does this mean for you?

Continue Reading...

Posted in Data Breach Security, Software Architecture & Design | Comments Off on KRACK: Examining the WPA2 protocol flaw and what it means for your business

 

Forging a SHA-1 MAC using a length-extension attack in Python

SHA-1 (Secure Hash Algorithm 1) is broken. It has been since 2005. And yet, that hasn’t stopped its continued use. For example, until early 2017 most internet browsers still supported SHA-1. As though to confirm that SHA-1 was really, truly dead, researchers from CWI Amsterdam and Google announced at the end of February 2017 they had performed a successful collision attack against SHA-1.

Continue Reading...

Posted in Software Architecture & Design, Web Application Security | Comments Off on Forging a SHA-1 MAC using a length-extension attack in Python