Free online tools for Xmas

admin — Tue, 02 Dec 2014 09:33:08 +0000

Talsion, like all computer security companies with a citizen’s perspective, must provide tools to enhance the security of all information systems. Thus, in December 2014, we chose to reopen a new version of the yaunbug.fr platform. For the occasion, its name was changed to mecanic.talsion.com. This new online platform will allow any user to perform operations in order to determine the external aspects of the configuration of the computer systems for which he or she is responsible.

Far from online tools absorbed by advertising, being paid by an unintended and disturbing embarrassment, the mecanic.talsion.com site is provided free to all our customers and all Internet users, without any external advertising to our group.

Yaunbug.fr, created in 2009, was based on internal development. The mecanic.talsion.com website will see the year 2015 bring the complete overhaul of the code in order to be in line with the new standards and secure development practices used within our company. Thus, the PHP code used previously will be replaced with python code, which is the pivotal language of all our research and development today.

We have also chosen to integrate MAXMIND technology, which provides a more precise location of IP addresses that may be requested by platform users.

It is important to note that our customers can also access an advanced version of this technology. Therefore, it will be possible to check if a server is easily accessible on the Internet or if a mail server has not been placed on a blacklist by third parties in order to combat spam.

Dissymmetry in computer security

admin — Tue, 04 Nov 2014 11:08:43 +0000

Computer security for companies is based on the training of users, defense technologies, and the internal organization of security. However, these aspects are very expensive and require significant human resources.

Today, many software technologies are embedded within hardware platforms that are no longer up-to-date because the equipment is obsolete. Therefore, many companies have been forced to build emergency alternative solutions with the arrival of Poddle and Heartbleed.

In fact, modern computing is built on complex software bricks that were not subject to code auditing or are deliberately weakened and vulnerable.

In this modern aspect, the digital over-dependence of our companies and the arrival of all-communicating has introduced some previously unknown threats

It is easy to see that a fierce dissymmetry exists between defense methods and computer attack tools at the level of all stakeholders in the digital world.

Since 2013, our company has chosen to respond by going beyond the consulting world in order to create new defenses and innovative missions improving our customers’ security in the long term.

After the incursion test, Tacio was the first new generation technological brick aimed at defending the exchange of data. This solution was based on the experience and analysis of deficiencies discovered during the practice of our profession.

It was designed to provide a low surface of attack and maximum resilience to computer attackers while staying within a reasonable cost.

The Tacio solution fits into our dynamic of rupture and will be subject to the necessary commercialization certifications in accordance with our country’s laws.

Nosql, Python and password

admin — Sat, 18 Oct 2014 09:23:25 +0000

The latest news around the “so-called” compromise of Google accounts calls for some modernization in research and development structured around two axes:

Complexity analysis of a set of passwords accumulated for more than 10 years,
The aggregation of passwords in order to build a knowledge base built on the statistical use of passwords that are actually used.

Our requirements consisted of the following primitives:

Accepting a file as input containing a set of passwords to be analysed, structured in the form of one password per line encoded in latin-1 or utf-8,
Implementing clean-up mechanisms of the analysed entries to normalize penetration test dictionaries,
Integrating the extraction of a “copy” of the original file on the basis of their occurrences,
Creating an analysis of the complexity of different “unit” passwords encountered in the analyzed files: length, set of characters used, and number of occurrences,

During the PassMAID development phase, we relied on publicly available lists of passwords (more than 100 million entries).

The “challenge” of the PassMaid project is not induced by password analysis operations completed in Python, but it lies at the storage level of the various entries for the analysis operations and also in building the knowledge base. The large volume of data to process and store pointed us towards the use of a NoSQL database.

After some evaluations, we chose the Redis database under the BSD license. This technology is particularly suitable for the storage of a large number of low complexity entries, especially when the principle of durability is not required: in fact, Redis maintains the set of stored data in RAM (150 MB per million stored entries). This feature allows for not introducing a noticeable difference between reading and writing operations while providing good performance for analysis operations.

The file to be analyzed is read line-by-line and clean-up operations are performed on each of the recovered entries, so as to preserve only the data that is considered valid. If an entry is considered to be invalid because it was excluded by one of the various active filters, it is ignored.

To ensure the consistency of data throughout the analysis, each entry is converted to unicode and then stored in the database using UTF-8 coding, because Redis does not accept the storage of character strings in unicode format.

Password backup is carried out using two “sorted set” objects: the first for the storage of temporary data relative to the analyzed file, and the second for management of the knowledge base.

This data type represents the “password / number of occurrence” association. In addition, the primitives associated with this type of data allow us to perform password classification operations with a low processing cost. Thus, a single “ZINCRBY” instruction is necessary to verify the presence of a password in the database and add it if necessary.

To date, the storage capacity limit of the knowledge base corresponds to the maximum number of entries that can be inserted into a “sorted set” object: 2^32 – 1 elements, or more than 4 billion unique entries (4,294,967,295). This capability can be extended by using a dynamic number of “sorted sets.”

To increase the file analysis speed submitted in entry, Redis offers the possibility of using a “pipeline” to overcome the RTT (Round Trip Time) between two network requests: the pipeline allows multiple queries to be sent to the database without having to wait for responses, and then reads all the responses.

Another approach consists of distributing the analysis execution between several processes through the use of the Python “multiprocessing” module.

In the case of a “local” execution where the same machine performs the analysis and storage of data, using several process has proven to be more effective than using a pipeline. This solution offers us a gain of more than three minutes on the analysis of a “RockYou” type of file.

The global statistics obtained are as follows:

[+] Global statistics
**********************

	[-] Total entries:    14,344,390

	[-] Analyzed password entries:    14,331,467
	[-] Excluded password entries:    12,923

	[-] Unique passwords:    14,330,630

The analyzed “RockYou” file contained 14,344,390 entries, of which 12,923 were excluded by the various filters enabled during the execution (default configuration of the script). Among the non-excluded entries, 14,330,630 were unique entries. Redundant entries are due to backslash clean-up operations.

The distribution of unique entries in terms of length is as follows:

[+] Password lengths (for unique entries)
*****************************************

	[-] 1:           46 password(s) [ 00.0003 % ]
	[-] 2:          339 password(s) [ 00.0024 % ]
	[-] 3:        2,472 password(s) [ 00.0172 % ]
	[-] 4:       18,099 password(s) [ 00.1263 % ]
	[-] 5:      259,533 password(s) [ 01.8110 % ]
	[-] 6:    1,948,796 password(s) [ 13.5988 % ]
	[-] 7:    2,507,212 password(s) [ 17.4955 % ]
	[-] 8:    2,966,487 password(s) [ 20.7003 % ]
	[-] 9:    2,190,663 password(s) [ 15.2866 % ]
	[-] 10:   2,012,917 password(s) [ 14.0463 % ]
	...
        ...

We found that the vast majority of passwords (approximately 80%) have a length between 6 and 10 characters.

The following statistics highlight the composition of various identified passwords and the most frequently encountered entries during the analysis.

	[*] Top 10 passwords
	---------------------------------------------------

		[-] \                  11 appearance(s)
		[-] asdfghjkl;'        05 appearance(s)
		[-] 1234567890-=\      04 appearance(s)
		[-] ojkiyd0y'          04 appearance(s)
		[-] iydotgfHdF'j       04 appearance(s)
		[-] J'ADENKHYA         04 appearance(s)
		[-] iyd0y'             04 appearance(s)
		[-] iydgmv0y'          04 appearance(s)
		[-] ohv's,k            04 appearance(s)
		[-] zhane'             03 appearance(s)

	[*] Charset analysis (for unique entries)
	------------------------------------------

		[-] lowercase / numbers:
                       6,082,774 password(s) [ 42.4460 % ]
		[-] lowercase:                    
                       3,771,685 password(s) [ 26.3190 % ]
		[-] numbers:
                       2,347,074 password(s) [ 16.3780 % ]
		[-] lowercase / ascii_special / numbers: 
                           415,202 password(s) [ 02.8973 % ]
		...
		...

The analysis of these results indicates that 40% of the analyzed passwords consisted of lowercase letters and numbers, 26% had only lowercase letters, and 16% consisted of only numbers.

Our PassMAID tool is available free by simple request at tools@talsion.com, for anyone with a legitimate reason to use it and hold it in compliance with Article 323-3-1 of the French criminal code.

Tacio, our digital safe

admin — Mon, 15 Sep 2014 10:35:42 +0000

After 9 months of development focusing on implementing advanced security concepts to harden each application brick and the heart of the Tacio solution.

We chose to provide Tacio technology with its own identity attached to a logo specifically created for it. Therefore, we proposed a set of concepts combining the concept of security with our solution. For example:

data exchange protection,
data storage protection,
hardening of the applications,
countermeasures against piracy,
data theft resistance,
traceability of exchanges,
encrypted virtual private networks,
a tribal circle/seal,

Therefore, as a result of a long meeting on the security of information systems, our graphic designer was able to offer us the Tacio logo below, which will equip all of the different Tacio solution security components before the end of the year.

Tacio, with its secure time stamp abilities and different levels of information storage, is one of the only solutions available in 2014 that offers a viable alternative to electronic strong boxes that are available from many computer data protection solution suppliers.

Verdana versus Roboto

admin — Mon, 11 Aug 2014 06:36:45 +0000

After more than 10 years of good and loyal service, we have replaced the Verdana font provided by the Microsoft Corporation with the Roboto font released by Google for use in all of our work documents.

This standardization of our graphic charter allows us to have better visibility within our documents so that our security audit reports are most suitable for reading both on a computer screen and from a printed report.

In addition, the Roboto font is based on the Apache license, which allows us to use it without any major constraints on any project or computer penetration tool.

Below, you can see two texts written with the different fonts. The first one uses Verdana font and the second is Roboto.

Verdana

Roboto

The choice of the Roboto font results from the evaluation of many fonts. We wanted to make them professional while remaining more human and making our documents easier to read.

Therefore, only the Roboto police allowed us to reconcile our editorial constraints and new electronic information reading media.

Pycharm and computer security

admin — Mon, 21 Jul 2014 06:37:50 +0000

For us, Eclipse was one of the flagship tools from our developments in Python, because it remains fast and flexible and is uses multiple languages. However, the latest developments in the PyCharm Professional Edition solution have changed our perception of the ideal tool.

In fact, PyCharm was transformed by drastically increasing processing speed and natively integrating many bricks, facilitating the development of computer security tools in Python.

Therefore, the last version of PyCharm 3.4.1 is based on version integration under various protocols like Git or even the use of development help tools, especially those based on PEP8.

One of the key features in our use of PyCharm features is “remote debugging,” which allows us to simply and transparently integrate development within the very different and exotic operating systems of our development platforms.

We also discovered that the tool’s learning curve was very fast for novice users in Python. Therefore, a junior engineer in computer security can master and customize the tool in less than a week, which is not the case for the majority of development environments.

In addition, PyCharm natively supports GAE, SqlAlchemy, Pyramid, Web2py, Cython, Wxpython, PyQt, and PyGTK. So it allows us to support ourselves during our Python code audits on intelligent bricks, facilitating the understanding of software and audited libraries during our computer security missions.

Zero Cloud

admin — Sun, 22 Jun 2014 12:44:36 +0000

The cloud is applicable to many companies, but not for Talsion Defense. We have chosen to not position ourselves within this dynamic. Thus, we are in charge of our own business architecture that is deployed in one of the Interxion company’s ISO 27001 datacenters and on servers that are inside the same walls as our business.

Therefore, we have chosen to apply the following points:

0% cloud technology,
0% of customer data (Report, CDRom) archived outside our internal network,
0% permanent connections between our network and our datacenters,
0% link between our company’s internal network and the Internet,
0% server virtualization outside pylabs (expected before the start of 2015).

This last point is a security challenge for our business that goes against the current technology virtualization that was ongoing with our previous MARS architecture.

To win this challenge, we chose to focus our efforts on ARM technology. This approach brings us extreme server density, while keeping part of the usual flexibility related to the world of virtualization. In addition, this focus enhances information system security and isolation of each application.

Talsion, the name of a star

admin — Thu, 15 May 2014 12:40:22 +0000

We found out with pleasure that one of our consultant gave the name of our company to a star in a spatial conquest simulator: Galactic Civilization III, published by Stardock.

Galactic Civilization III is a new style of platform using API and security guidelines from the Steam solution. Steam provides a large amount of ready-to-use technologies to accelerate and secure video game development. Thus, Steam Guard allows for the activation of dual authentication on the platform and ensures a better level of security by sending a security code to each Steam user’s email inbox.

This platform’s players are choice targets, because they may have ships or rare precious objects or artifacts (in their game inventory), which can be resold for thousands of euros on the Internet.

The Steam Guard approach, although limited, allows for reducing the risk of identity theft within the platform of online games to some extent. However, by coupling the use of a Gmail mailbox with a Steam account, an additional level of security can be ensured. In fact, Google technology can send an SMS containing an authentication code to one of the services offered by Google during a user’s logon.

A new talent

admin — Fri, 18 Apr 2014 10:18:46 +0000

Since April 2014, a new collaborator and partner has strengthened our team. This is Jimika, who will be responsible for the management of the company’s commercial position. She will also be responsible for the history of all of our customers and partners specializing in computer security.

Jimika has more than 15 years of professional experience, strengthened by diplomas ranging from the school of commerce to financial expertise. Thus, she will enliven our client network and will be responsible for our new offering, the “incursion test,” that will be able to replace the black-box penetration test.

Our new colleague, through her role as a partner, will bring insight so that the Talsion defense position and the new needs of our clients are in perfect harmony. This approach facilitates the creation of new high security missions to strengthen our clients’ information system level of defense, especially due to the constant evolution of computer penetration testing and research in computer security.

In fact, the year 2014 will see the arrival of a set of new technological positioning and will drastically increase our customers’ level of safety. This new direction will be in line with international security issues, particularly following the Snowden case.

Therefore, Jimika will be in charge of articulating the full commercial potential of our creations to commercialize new technologies and new security audits that remain one of our society’s major challenges today.

Nemesis‭ & ARM

admin — Sat, 08 Mar 2014 10:01:06 +0000

At the end of march 2014, we ended the portage of the “identification & topology” portion of our Nemesis framework on ARM technology, so we reduced Nemesis’s electricity consumption by 70%.

This approach allowed us to model our libraries and conventional tools on a new hardware platform, combining low electricity consumption with an extreme reduction in the amount of congestion in our technologies during the administration of a mission in the field.

During the complete portage of our technology, we are able to obtain one of the most economic energy-related computer penetration tools in the field of information systems security.

According to tests performed internally on a complete architecture made up of more than 80 processors and 40 Gigs of RAM, we achieve a consumption of about 40 A (200 Watts), or the equivalent power of a single traditional Intel-processor based server.