Friday, March 3, 2017

CVE-2008-5161:SSH Server CBC Mode Ciphers Enabled

CBC Ciphers has been declared weak but remain present in many of the servers.

Mostly ssh kept it in the default setting in its config.

https://www.suse.com/security/cve/CVE-2008-5161/

If you are paranoid user you can edit /etc/ssh/sshd_config and/or /etc/ssh/ssh_config
and remove cbc ciphers from the Cipher list.
Posted by at No comments:

Tuesday, February 28, 2017

SHA-1 is no more secured and path to deprecation

Now its final SHA-1 is no more secured and path to deprecation!!


Look at the google announcement:
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

It has been finally proven that the SHA-1 usage in certificates are vulnerable and need to be deprecated.

If you have any certificates you can find what algorithm it uses:
test-vm:~>/usr/bin/openssl x509 -in MyCACert.pem -noout -text | grep "Signature Algorithm"
Signature Algorithm: sha256WithRSAEncryption
Signature Algorithm: sha256WithRSAEncryption

You can also connect to the webserver and see that on the browser security overview.


Just a brief:

What is SHA-2?

SHA-2 (Secure Hash Algorithm 2). The algorithms are collectively known as SHA-2, named after their digest lengths (in bits): SHA-256, SHA-384, and SHA-512

Use Cases?

The SHA-2 hash function is implemented in widely used security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME, and IPsec

Timeline:

SHA-1 should be deprecated by January 2017. (Posting this blog after the period. Idiot ...)
Posted by at No comments:
Labels: , ,

Sunday, February 26, 2017

Bash Shell and simple way to pass and parse arguments

I was searching of some simple way to take arguments without using third party parser.
Using third party parser with all permutation and combination makes the shell script bigger.

For eg: ./example -a "arg1" -b "-arg2"

I have seen people writing while with case or using getopt. Examples of such are in abandon (so not giving here).

lets get into the code

 #!/bin/bash
function usage()
{
  echo "Usage: $0 -a "arg1" -b "arg2"
  exit 0
}

 [ $# -eq 0 ] && usage
#add all your options or flags
for ((i=1;i<=$#;i++));
do
  [ ${!i} = "--help" ] || [ ${!i} = "-h" ] && usage
  [ ${!i} = "-a" ] && ((i++)) && A=${!i} && continue
  [ ${!i} = "-b" ] && ((i++)) && B=${!i} && continue
  echo "Wrong argument ${!i} provided. Run with -h"
  usage && exit 0
done

 #======Write your program having all the args =====
echo "You have provided $A and $B"

Posted by at No comments:
Labels: ,
Subscribe to: Comments (Atom)