tls – SNI leakage prevention with proxy

In TLS 1.2 / HTTP(S) context, plaintext target hostname could potentially leak in 3 different ways:

  • In DNS query prior to TCP/TLS/HTTPS connection.
  • In TLS handshake, ClientHello message, in SNI extension.
  • In HTTP Host header.

DNS leakage can be prevented by using e.g. DoH/DoT.
HTTP Host header leakage is prevented through TLS encryption.
This leaves us with SNI leakage to address.

Which proxy types prevent leaking plaintext SNI and how?

Please note I’m asking explicitly about proxies, not ESNI, domain fronting or other similar means.

attack prevention – Do modern routers drop malformed IP packets

A packet with a forged source address isn’t malformed; it’s well formed syntactically. So no router would drop it as “malformed”.

If the forged source address violates ingress or egress filtering rules – for example, if you send a packet with a 192.168.x.y source address to the outside interface of a NAT device which uses 192.168.x on the inside – then the router will drop it.

If the forged source address is just some random device on the Internet, then the router will process it normally. If “process it normally” means sending some data larger than the request packet back out to the forged source, then that’s what’s called an amplification attack.

Any suggestions for online training about web security and hacking prevention

ttps://www.webhostingtalk.com/”http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>


Any suggestions for online training about web security and hacking prevention | Web Hosting Talk
‘);
var sidebar_align = ‘right’;
var content_container_margin = parseInt(‘350px’);
var sidebar_width = parseInt(‘330px’);
//–>






  1. Question Any suggestions for online training about web security and hacking prevention


    Hello,

    I was wondering if you can suggest any good free or not expensive training+certification

    about this matter.












https://www.webhostingtalk.com/
Similar Threads


  1. Replies: 8


    Last Post: 02-05-2015, 03:04 PM


  2. Replies: 19


    Last Post: 05-03-2002, 01:48 PM


  3. Replies: 2


    Last Post: 05-01-2002, 10:57 PM


https://www.webhostingtalk.com/
Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  








spam prevention – NO SUBJECT EMAILS in GMAIL

spam prevention – NO SUBJECT EMAILS in GMAIL – Web Applications Stack Exchange

JWT token security – public key forgery prevention

Question on securing JWT token integrity, given the following scenario:

  1. Client sends a JWT to server signed with Client’s private key
  2. Server caches public key, but uses http (and not https) to retrieve the public key to validate that JWT is signed by the client.
  3. Attacker intercepts the http connection, changes the public key to the attacker’s public key, and sends a JWT to the server with the attacker’s signature on it – misrepresenting the message as if it were sent from the Client.

Is there a way out of this?
Thanks

attack prevention – Should I have another domain name for my company internal tools

My company has a domain name that we use to serve our customers, say company.com for the main website, app.company.com for the web application and api.company.com. These are all public domains that our customers connect to use our services.

Besides this we also have another set of tools that are used only internally by our employees (customer management software, ticket management, bi, etc). I’ve clustered everything inside a single subdomain internal.company.com. This means that we have domains like tickets.internal.company.com or bi.internal.company.com.

Even though we don’t publicize these domains, since they all have a TLS certificate it’s quite easy to find them only. As a matter of fact, search through the logs I can find lots of exploit crawlers trying to access /.env, /wp-admin and so on. We always try to keep everything up-to-date, but leaving things out in the open (specially the BI tools, since they can download lots of data) scares me.

I’m thinking about buying a new domain just for these internal tools, something that is unrelated to the name of the company. I think this would at least make it harder for a targeted attack, since the attacker would have to know this domain name (thus having someone inside the organization providing this information to him).

I could force everyone to use a VPN to connect to a local network and then provide the service there, but I’m trying to avoid the hassle of having to help every non-technical employee how to use a VPN.

Am I being too paranoid? Does having a separate domain actually helps mitigate some of the threats or it would actually make any significant difference?

PS: The internal tools range from open source projects installed on our servers to services completely developed inside the company.

sql injection – What are the best testing tools for SQLI to start learning sqli attacks and learn their prevention methods?

sql injection – What are the best testing tools for SQLI to start learning sqli attacks and learn their prevention methods? – Information Security Stack Exchange

tls – DNS hijacked router and HTTPS prevention

tls – DNS hijacked router and HTTPS prevention – Information Security Stack Exchange

performance – Monte Carlo Tree Search Optimization and Loss Prevention

I’m working on a implementation of Monte Carlo Tree Search in Swift.

It’s not bad, but it could be better! I’m principally interested in making my algorithm:

  1. faster (more iterations/second)
  2. prioritize moves that prevent instant losses (you’ll see…)

Here is the main driver:

final class MonteCarloTreeSearch {
    var player: Player
    var timeBudget: Double
    var maxDepth: Int
    var explorationConstant: Double
    var root: Node?
    var iterations: Int

    init(for player: Player, timeBudget: Double = 5, maxDepth: Int = 5, explorationConstant: Double = sqrt(2)) {
        self.player = player
        self.timeBudget = timeBudget
        self.maxDepth = maxDepth
        self.explorationConstant = explorationConstant
        self.iterations = 0
    }
    
    func update(with game: Game) {
        if let newRoot = findNode(for: game) {
            newRoot.parent = nil
            newRoot.move = nil
            root = newRoot
        } else {
            root = Node(game: game)
        }
    }

    func findMove(for game: Game? = nil) -> Move? {
        iterations = 0
        let start = CFAbsoluteTimeGetCurrent()
        if let game = game {
            update(with: game)
        }
        while CFAbsoluteTimeGetCurrent() - start < timeBudget {
            refine()
            iterations += 1
        }
        print("Iterations: (iterations)")
        return bestMove
    }
    
    private func refine() {
        let leafNode = root!.select(explorationConstant)
        let value = rollout(leafNode)
        leafNode.backpropogate(value)
    }
    
    private func rollout(_ node: Node) -> Double {
        var depth = 0
        var game = node.game
        while !game.isFinished {
            if depth >= maxDepth { break }
            guard let move = game.randomMove() else { break }
            game = game.update(move)
            depth += 1
        }
        let value = game.evaluate(for: player).value
        return value
    }
    
    private var bestMove: Move? {
        root?.selectChildWithMaxUcb(0)?.move
    }
    
    private func findNode(for game: Game) -> Node? {
        guard let root = root else { return nil }
        var queue = (root)
        while !queue.isEmpty {
            let head = queue.removeFirst()
            if head.game == game {
                return head
            }
            for child in head.children {
                queue.append(child)
            }
        }
        return nil
    }
}

I built this driver with a maxDepth argument because playouts/rollouts in my real game are fairly long and I have a access to a decent static evaluation function. Also, the BFS findNode method is so that I can reuse parts of the tree.

Here’s what a node in the driver looks like:

final class Node {
    weak var parent: Node?
    var move: Move?
    var game: Game
    var untriedMoves: (Move)
    var children: (Node)
    var cumulativeValueFor: Double
    var cumulativeValueAgainst: Double
    var visits: Double

    init(parent: Node? = nil, move: Move? = nil, game: Game) {
        self.parent = parent
        self.move = move
        self.game = game
        self.children = ()
        self.untriedMoves = game.availableMoves()
        self.cumulativeValueFor = 0
        self.cumulativeValueAgainst = 0
        self.visits = 0
    }
    
    var isFullyExpanded: Bool {
        untriedMoves.isEmpty
    }
    
    lazy var isTerminal: Bool = {
        game.isFinished
    }()
    
    func select(_ c: Double) -> Node {
        var leafNode = self
        while !leafNode.isTerminal {
            if !leafNode.isFullyExpanded {
                return leafNode.expand()
            } else {
                leafNode = leafNode.selectChildWithMaxUcb(c)!
            }
        }
        return leafNode
    }
    
    func expand() -> Node {
        let move = untriedMoves.popLast()!
        let nextGame = game.update(move)
        let childNode = Node(parent: self, move: move, game: nextGame)
        children.append(childNode)
        return childNode
    }
    
    func backpropogate(_ value: Double) {
        visits += 1
        cumulativeValueFor += value
        if let parent = parent {
            parent.backpropogate(value)
        }
    }
    
    func selectChildWithMaxUcb(_ c: Double) -> Node? {
        children.max { $0.ucb(c) < $1.ucb(c) }
    }

    func ucb(_ c: Double) -> Double {
        q + c * u
    }
    
    private var q: Double {
        let value = cumulativeValueFor - cumulativeValueAgainst
        return value / visits
    }
    
    private var u: Double {
        sqrt(log(parent!.visits) / visits)
    }
}

extension Node: CustomStringConvertible {
    var description: String {
        guard let move = move else { return "" }
        return "(move) ((cumulativeValueFor)/(visits))"
    }
}

I don’t think there’s anything extraordinary about my node object? (I am hoping, though, that I can do something to/about q so that I might prevent an “instant” loss in my test game…


I’ve been testing this implementation of MCTS on a 1-D variant of “Connect 4”.

Here’s the game and all of it’s primitives:

enum Player: Int {
    case one = 1
    case two = 2
    
    var opposite: Self {
        switch self {
        case .one: return .two
        case .two: return .one
        }
    }
}

extension Player: CustomStringConvertible {
    var description: String {
        "(rawValue)"
    }
}

typealias Move = Int

enum Evaluation {
    case win
    case loss
    case draw
    case ongoing(Double)
    
    var value: Double {
        switch self {
        case .win: return 1
        case .loss: return 0
        case .draw: return 0.5
        case .ongoing(let v): return v
        }
    }
}

struct Game {
    var array: Array<Int>
    var currentPlayer: Player
    
    init(length: Int = 10, currentPlayer: Player = .one) {
        self.array = Array.init(repeating: 0, count: length)
        self.currentPlayer = currentPlayer
    }
    
    var isFinished: Bool {
        switch evaluate() {
        case .ongoing: return false
        default: return true
        }
    }

    func availableMoves() -> (Move) {
        array
            .enumerated()
            .compactMap { $0.element == 0 ? Move($0.offset) : nil}
    }
    
    func update(_ move: Move) -> Self {
        var copy = self
        copy.array(move) = currentPlayer.rawValue
        copy.currentPlayer = currentPlayer.opposite
        return copy
    }
    
    func evaluate(for player: Player) -> Evaluation {
        let player3 = three(for: player)
        let oppo3 = three(for: player.opposite)
        let remaining0 = array.contains(0)
        switch (player3, oppo3, remaining0) {
        case (true, true, _): return .draw
        case (true, false, _): return .win
        case (false, true, _): return .loss
        case (false, false, false): return .draw
        default: return .ongoing(0.5)
        }
    }
    
    private func three(for player: Player) -> Bool {
        var count = 0
        for slot in array {
            if slot == player.rawValue {
                count += 1
            } else {
                count = 0
            }
            if count == 3 {
                return true
            }
        }
        return false
    }
}

extension Game {
    func evaluate() -> Evaluation {
        evaluate(for: currentPlayer)
    }
    
    func randomMove() -> Move? {
        availableMoves().randomElement()
    }
}

extension Game: CustomStringConvertible {
    var description: String {
        return array.reduce(into: "") { result, i in
            result += String(i)
        }
    }
}

extension Game: Equatable {}

While there are definitely efficiencies to be gained in optimizing the evaluate/three(for:) scoring methods, I’m more concerned about improving the performance of the driver and the node as this “1d-connect-3” game isn’t my real game. That said, if there’s a huge mistake here and a simple fix I’ll take it!

Another note: I am actually using ongoing(Double) in my real game (I’ve got a static evaluation function that can reliably score a player as 1-99% likely to win).


A bit of Playground code:


var mcts = MonteCarloTreeSearch(for: .two, timeBudget: 5, maxDepth: 3)
var game = Game(length: 10)
// 0000000000
game = game.update(0) // player 1
// 1000000000
game = game.update(8) // player 2
// 1000000020
game = game.update(1) // player 1
// 1100000020
let move1 = mcts.findMove(for: game)!
// usually 7 or 9... and not 2
print(mcts.root!.children)
game = game.update(move1) // player 2
mcts.update(with: game)
game = game.update(4) // player 1
mcts.update(with: game)
let move2 = mcts.findMove()!

Unfortunately, move1 in this sample “playthru” doesn’t try to prevent the instant win-condition on the next turn for player 1?! (I know that orthodox Monte Carlo Tree Search is in the business of maximizing winning not minimizing losing, but not picking 2 here is unfortunate).

So yeah, any help in making all this faster (perhaps through parallelization), and fixing the “instant-loss” business would be swell!

Can an Intrusion Prevention System (e.g. Snort) prevent CSRF and XSS attacks?

Intrusion Prevention System is a broad term. It basically says only that it is a system to prevent intrusions and does not imply a specific technical implementations. Therefore a variety of systems which somehow had the goal to prevent intrusion, were marketed as IPS when the term was hot. Therefore a generic statement about the capabilities of IPS to solve a specific problem cannot be made.

As for systems like Snort or Suricata: These basically try to match pattern in the network traffic using predefined fixed signatures. They are capable of parsing HTTP traffic and do basic analysis on it. These capabilities can be used to create custom pattern to detect specific and pre-known CSRF and XSS attacks. These are not enough for a more generic approach – simply because such attacks cannot be generically detected with simple string matches and regular expressions in the first place.

Additionally Suricata and Snort are not capable to analyse HTTPS traffic by their own. This means they must be strategically placed in the network so that they get the unencrypted traffic for analysis.

DreamProxies - Cheapest USA Elite Private Proxies 100 Cheap USA Private Proxies Buy 200 Cheap USA Private Proxies 400 Best Private Proxies Cheap 1000 USA Private Proxies 2000 USA Private Proxies 5000 Cheap USA Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive.com Proxies-free.com New Proxy Lists Every Day Proxies123.com Best Quality USA Private Proxies