Lessons from the Hookers.nl breach: cracking 57% of the passwords in three days

Dutch website Hookers.nl — used by prostitutes, escorts and their customers — had been hacked. The site’s user database was stolen and is actively being traded in the underground, and sold for about 2 Euros. The dump contains data of — among others — employees of Dutch governmental intuitions like the department of defense, foreign affairs and law enforcement. Since data is now within virtually anyone’s reach, we expect scams to blackmail users soon.

Hookers.nl publicly stated that passwords were not stolen. Strictly speaking this is true: the database does not contain plain text passwords but hashed passwords. Scattered Secrets was able to crack 57% of the password hashes in three days. This is our story.

Door |2024-07-25T14:36:27+00:00oktober 31, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Lessons from the Hookers.nl breach: cracking 57% of the passwords in three days

EFAIL: which is vulnerable? PGP, S/MIME or your mail client?

What is EFAIL?

EFAIL is a recent attack on PGP en S/MIME email encryption (EFAIL).

EFAIL exploits remote content resolving built into most email clients (like for example images and CSS rules) to get (parts) of a previously encrypted email.

What EFAIL basically does, is that it takes a previously encrypted email (for which the attacker does not have the private key) and embeds this encrypted email into a new email in a special way. The email is then sent to the recipient for decryption. The attacker however designed the email in a way that the decrypted content of the original email gets embedded into the URL for a remote resource (for example an image). If the email client is configured to automatically resolve external content (for example download images), the content of the email gets sent to the remote server as a URL request. If the remote server is under control of the attacker, or if the URL is sent via HTTP, the attacker can access the URL and therefore has access to the plain text content of the original email.

Door |2024-02-17T12:37:32+00:00mei 31, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor EFAIL: which is vulnerable? PGP, S/MIME or your mail client?

Harakiri – exploitation of a mail handler

If you’re a penetration tester, you’ve been there: that customer that certainly knows what they’re doing. The one that makes their stuff secure by the less-is-more concept.

In an assignment of all internet facing systems of this customer we had to dig deeper to find something. After extensive testing of their web applications, we weren’t happy enough and wanted more. Scanning the full perimeter was already done and didn’t present us any useful vulnerabilities. Time to go deeper!

Door |2024-02-19T05:19:30+00:00oktober 19, 2017|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Harakiri – exploitation of a mail handler

Encrypted email and archiving requirements

Even though we believe that email encryption at the gateway level is the easiest way to encrypt your email, in certain situations, desktop to desktop encryption (using Outlook for example) might still be preferred. For example the email infrastructure might be completely outsourced and regulatory requirements demand that the external company should have no access to the contents of sensitive emails.

Door |2024-08-26T14:51:18+00:00februari 7, 2017|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Encrypted email and archiving requirements

Waarom Jan zijn e-mail niet versleutelt?

Hoewel er al jaren wordt geroepen dat e-mail zijn beste tijd heeft gehad, is e-mail nog altijd springlevend. E-mail wordt voor alles en nog wat gebruikt en bevat vaak privacy gevoelige informatie of andere informatie die een zekere mate van beveiliging vereist. Nu is het zo dat er al jaren oplossingen bestaan om e-mail te versleutelen. De vraag is dan ook waarom dit zo weinig wordt toegepast.

Door |2024-02-17T06:32:32+00:00oktober 14, 2014|Artikel, Nederlands|Reacties uitgeschakeld voor Waarom Jan zijn e-mail niet versleutelt?
Ga naar de bovenkant