null Bangalore Meeting on 19th September 2009 – An Update

// September 24th, 2009 // Meets

First of all we are getting a fantastic response for the NULL meets. On an average we are getting about 15 people in the room.

TALKS

We had one amazing talk + demo + code
1. SSL Cipher Enumeration by Gursev

Gursev started his talk with basics of SSL handshake and then explained why certain tools being used for enumeration are not sufficient. Tools such as SSLDigger, Nessus and OpenSSL just connect and get the version of SSL being used. Sometimes SSLv2 is allowed only to inform users about using SSLv3. This implies that we are bound to get some false positives by just relying on the tools.

Among reasons on why we should do an audit of SSL being used we mentioned that as part of most compliance requirements minimum SSL version should be 3 and minimum cipher strength should be 128 bit.

His tools of choice for the talk+demo were Wireshark, Ruby specifically the interactive ruby prompt. He also covered a typical real world scenario of using these tools behind two types of proxies. He used Fiddler and Paros to demo this.

The most informative part for me personally was they way he built his ruby script to first just connect to a web server on port 443. Then wrote code to show all the supported versions on the server and how we can use the program to force the server to send only a certain combination for our testing. Also any doubts I had about the differences in SSLv3 and TLSv1 were clarified.

He was awesome to put all this up on his blog. Please read the full text here.

http://gursevkalra.blogspot.com/2009/09/ruby-and-openssl-based-ssl-cipher.html

MISC

1. KV Prashant and Shashidhar have taken the initiative to bring something similar to COPTECH to Bangalore.
2. People discussed about attending certain conferences and the value in doing so. Also the online security conference on SecurityTube was discussed as well.
3. Due to popular demand Gursev has agreed to do a more comprehensive talk on cryptography in the near future.
4. The next talk is on Web 2.0 Security by KV Prashanth on 3rd October. I still need to co-ordinate with Sundar of OWASP to send a reminder for that.
5. We need to discuss about trying out ISACA office as a venue once we have more number of people turning up for the meets.

Lastly I would like to apologise for the delay in posting the update about the meeting. First a holiday and then fever contributed to the delay. Ideally a couple more people along with me who don’t mind spending an hour or so would ensure that the updates/reminders don’t get delayed. Please send me an email off-list.

Leave a Reply