How does BLE secure connection ensure man in the middle protection?

I understand BLE secure connection pairing mode is improvement over Legacy Pairing. The issue with legacy pairing was intial TK value can easily be bruteforce by an attacker.

In contrast, in secure connection, both device start by generating ECDH key pair and exchange public key.

Since BLE doesn’t use certificate for public key, how would a device know if the public key actually belong to the entity it wants to communicate with.

I know later in pairing, there is confirmation check but that’s similar idea to legacy pairing, just sequence is changed.

Help to secure my connection to my company VPN (Cisco AnyConnect)!

I’ve been searching about VPN for more than an hour, and all the answers I found on this site or others are either confusing or contradicting.

My issue is that I usually access my company VPN through Cisco AnyConnect Secure Mobility client from my home computer. A colleague told me that they can “monitor” my home computer when the Cisco client is connected.

Some in the community say that a VPN is a 2-way connection: if you can access anything on your work computer then they can access anything on your home computer. HOW? I thought that I am the client and they are the server (the Cisco software is called client after all..). And if this is true, in what capacity they can access my computer? Screen grabs? Full drives access? Full admin privilege on my computer? Network traffic?

Some say that if they got split-tunneling then they can access your computer. How can I know if split-tunneling is activated?

In case they can access my computer, HOW can I stop them? How can I protect my important files/folders/drives?

Please, try to simplify the networking-specific explanations as possible.

Connection Information To perform the requested action – Is there an easy way to fix this?

It’s been about one year since I created my last WordPress website. I’m using GVO as my host and was able to install WordPress without any problems but when I try to change themes or add plugins I get this message.

Connection Information To perform the requested action, WordPress needs to access your web server. Please enter your FTP credentials to proceed. If you do not remember your credentials, you should contact your web host.

When I enter my ftp information, wordpress says that I have the wrong username/pw or it says that the folder wp-content doesn’t exist.

Is there an easy way to fix this problem in 2020 that doesn’t require having to go into the websites code?

I’ve noticed the same messages with my other GVO websites so I’m also wondering if it’s an issue with their server?

Thank you,

Jeremy

What does “connection” mean in context of request smuggling

I recently read about request smuggling. This is a very interesting attack that I didn’t know about. A vulnerability to this was recently discovered at Slack, disclosed responsibly and a bounty was awarded.

The linked article says:

When the front-end server forwards HTTP requests to a back-end server, it typically sends several requests over the same back-end network.

Request smuggling uses the fact that multiple requests go over one connection.

My question is: What is this connection? I’m a newbie at networking. I know that there are multiple layers to a connection: IP, TCP, SSL. Can you please explain what is the layer at which this connection exists?

Update: If someone could include an example, preferably in Python, of how one would send multiple requests on the same connection, that’d be helpful.

Is my understanding how of a secure connection is made using PKI correct? [duplicate]

My understanding as as follows:

Client requests a secure connection with a Website’s Server

Server provides a certificate with the address of the server and public key of the server encrypted with a Certificate Authority’s (CA’s) private key.

Client then decrypts that certificate with the public key of the CA which is packed with the OS/browser and verifies it is an authentic certificate from the CA which has not been decommissioned. The client now knows we can trust the server.

Client then provides their public key encrypted with the server’s public key.

The two can now communicate securely with the data sent from the client being encrypted with the public key of the server and decrypted by the server with the private key of the server and with the data sent from the server being encrypted with the public key of the client and decrypted by the client with the private key of the client.

Since the private keys are kept private and not distributed even if some malicious agent gets hold of the encrypted data traffic since it was encrypted with the public key they cannot decrypt any of it unless they have somehow got hold of one of the private keys.

Is this understanding correct?

ARP spoofing, no connection on target device

since a few days i’m interested in sniffing/spoofing. I’m running Kali as a Host and MITMf (0.9.8).

My command ist:

python mitmf.py --arp --spoof --gateway X.X.X.1 --target X.X.X.2 -i wlan0 

Everything runs with no error. The Target Device has internet connection and can connect to every HTTPS website like google, youtube and so on. But if the target device wants to connect to a HTTP site, it doesn’t load, like there is no connection.

IP forwarding is enabled.

Does someone know, where the issue could be?

Queries on large database kill connection to the server, works with LIMIT

I’m trying to run queries on a large-ish database without killing the connection to the server.

I’m using Postgres 12.1 on a mac with 16gb of memory, and about 40gb of free disk. The database is 78gb according to pg_database_size with the largest table being 20gb according do pg_total_relation_size.

The error I get (from the log), regardless of which non-working query I run, is:

server process (PID xxx) was terminated by signal 9: Killed: 9 

In VS code the error is "lost connection to server".

Two examples that don’t work are:

UPDATE table SET column = NULL WHERE column = 0; 
select columnA from table1 where columnA NOT IN ( select columnB from table2 ); 

I can run some of the queries (the above one, for example) by adding a LIMIT of, say, 1,000,000.

I suspected that I was running out of disk due to temp files, but in the log (with log_temp_files = 0), I can’t see any temp files being written.

I tried increasing and decreasing work_mem, maintenance_work_mem, shared_buffers, and temp_buffers. None worked, the performance was about the same.

I tried dropping all indexes, which brought down the “cost” on some of the queries, but they still killed the connection to the server.

What could be my problem and how can I troubleshoot this further?

Additionally, I read that temp files from timed-out queries are stored in pqsql_tmp. I checked the folder, and it does not have files of significant size. Could the temp files be stored somewhere else?


The log file for running a failed query looks like:

2020-02-17 09:31:08.626 CET [94908] LOG:  server process (PID xxx) was terminated by signal 9: Killed: 9 2020-02-17 09:31:08.626 CET [94908] DETAIL:  Failed process was running: update table         set columnname = NULL         where columnname = 0;  2020-02-17 09:31:08.626 CET [94908] LOG:  terminating any other active server processes 2020-02-17 09:31:08.626 CET [94919] WARNING:  terminating connection because of crash of another server process 2020-02-17 09:31:08.626 CET [94919] DETAIL:  The postmaster has commanded this server process to roll back the current transaction and exi$   2020-02-17 09:31:08.626 CET [94919] HINT:  In a moment you should be able to reconnect to the database and repeat your command. 2020-02-17 09:31:08.626 CET [94914] WARNING:  terminating connection because of crash of another server process 2020-02-17 09:31:08.626 CET [94914] DETAIL:  The postmaster has commanded this server process to roll back the current transaction and exi$   2020-02-17 09:31:08.626 CET [94914] HINT:  In a moment you should be able to reconnect to the database and repeat your command. 2020-02-17 09:31:08.629 CET [94908] LOG:  all server processes terminated; reinitializing 2020-02-17 09:31:08.698 CET [94927] LOG:  database system was interrupted; last known up at 2020-02-17 09:30:57 CET 2020-02-17 09:31:08.901 CET [94927] LOG:  database system was not properly shut down; automatic recovery in progress 2020-02-17 09:31:08.906 CET [94927] LOG:  invalid record length at 17/894C438: wanted 24, got 0 2020-02-17 09:31:08.906 CET [94927] LOG:  redo is not required 

Bluetooth LE with Secure Connection and static passkey: This is a bad idea, right?

I am currently looking into how to protect a BLE connection from active attacks (man-in-the-middle) if one of the devices neither has a display nor a keyboard.

Lemberg Solutions suggests this:

Alternatively, the passcode can be shipped together with the devices (on paper or as part of an online purchase), and the user should then manually input it to each separate device.

This can only mean that one device (device A) (most likely one without a keyboard and without a display) has a passkey embedded in the device somewhere. So it is static. This static passkey is also used by the other device (device B) (e.g. entered using keyboard input, via camera, …). The same passkey will be used every time BLE pairing is established with device A.

Am I understanding their suggestion correctly?

My understanding of Secure Connections with passkey is, that each device does the following for each bit of the passkey:

  • create a nonce
  • calculate a confirmation value using: nonce, passkey[i], SK
  • exchange the confirmation values with the other device (send own, receive other)
  • exchange the nonces (send own, receive other)
  • check that the confirmation value of the other device is correct If one of the checks fails, the connection is dropped.

In the case of a man-in-the-middle attack, the attacker can figure out the passkey by “brute-forcing” each bit. After all, there are only two possibilities for each bit.

This is not harmful for the current connection, because the attacker is “too late” to use the passkey. And it is not harmful if a different passkey is used for the next connection. But this is fatal if another connection is made using the same passkey (which is going to happen if a static passkey is used).

So, after the attacker listened to the pairing attempt, she interrupts the connection (e.g. right after the last set of nonces was transmitted). Now she only has to wait until the next connection attempt is made. She can now hijack the whole connection.

Is my assessment of this situation correct and the static passkey is a bad idea or am I overlooking something?