Talsion Systems, the value of our creations

admin — Tue, 28 Apr 2015 12:51:56 +0000

For 4 years now, we have been building innovative security solutions providing new avenues of protection for each of our customers.

Today this direction is valued within our company through the creation of a specific segmentation to communicate about each of the products we have created in our company.

Therefore, six new products have been introduced in our company’s catalog in 2015.

Talsion Filtering Proxy, a white list reverse proxy that is custom configured for each of our customers.
Talsion Activity Detector, a brick that facilitates piracy detection within a corporate network.
Talsion Virtual Safe, a high security virtual safe linking the software and hardware solutions. A beta version will be available in September 2015.
Talsion Network Gate, a gateway to the traditional or encrypted network feed using strong authentication with several vectors.
Talsion File Share, a customizable file exchange hub for creating exchange protocol mutualization.
Talsion Event Manager, a centralization solution of logs based on Elastic Search technology, to centralize all of the security bricks that we have created, as well as the events from the operating systems and applications.

Each of these products was created within our company and is based on specific developments and open source tested bricks.

These solutions are designed with the highest security requirement levels in order to guarantee the separation of powers, encryption of private information, and feeds.

This orientation is reinforced by the implementation of a specific centralized logging of events that may occur during the use of the solution.

Talsion Hosting, when hosting becomes security

admin — Thu, 12 Mar 2015 09:12:17 +0000

We have just received the first server intended for one of our customers to integrate our new Talsion Hosting platform.

We have chosen to capitalize our expertise around Dell products to build a solution that is supported and sustainable over time.

A [u]sphere node is now hosted on the servers, including 3.5 GB of cache, two Intel Hexacore processors with a speed between 2.8 and 3.0 GHz and 48 to 64 GB of RAM depending on the needs of the hosted architecture.

Beyond the performance of the chassis, the hard drives are based on SSD technology and integrate automatic encryption of media (SED). This technology reduces the risk in the case of data theft. Upon request, this possibility can be strengthened by encrypting the hard disk software based on GELI, LUKS, Truecrypt, or BitLocker.

We also have just received our new Giga network cards consisting of 6 copper ports that are able to carry our Dell servers to 16 Ethernet ports in order to perform specific operations.

In addition, we have chosen an ISO27001 data center a few kilometers from our office, so we can intervene in less than 20 minutes, to curb incidents directly on our equipment and servers.

Each server is equipped with dual power supplies and dual network attachment, in order to limit the risk of failures or production mishaps.

Talsion Hosting and [u] sphere are a direct result of our know-how and the security focuses that we usually offer to our customers following the completion of a penetration test that revealed computer faults.

Therefore, we treat all of the following hardening topics in Talsion Hosting: Application, Network, Physical, Organizational and System; that can find defects in an application’s security or a service directly in contact with the Internet network.

Questions of students

admin — Sat, 28 Feb 2015 09:08:55 +0000

We present below some mission types, in order to respond to the questions of students who are interested in a computer security consultant’s missions. These questions often come up during the discussions they have during their computer security internships.

Auditing the security of a SAP transaction website

Customer’s needs: the agent for the mission wanted to audit the security of a SAP-based transaction website. This solution used a means of authentication based on specific material calculators. The database architecture was based on an Oracle platform and the entire solution was outsourced to a third-party company. It provided the maintenance, development, and security of the application in a partially shared environment.

Results of the mission: the audit highlighted flaws in the processing of user sessions, so a disruption in the Oracle database operation was possible.

ROI for the customer: this audit allowed our customer to increase his security level; therefore, the solution publisher could amend its application as a result.

Defining a transactional platform quickly

Customer’s needs: to define the security level of a transactional platform before being quickly put into production and to obtain technical advice facing the software solution publisher.

Results of the mission: during this consultancy mission following the penetration test, we highlighted serious weaknesses revealing significant gaps in programming with the solution publisher.

ROI for the customer: our mission helped the customer discover vulnerabilities in an application that was already in production with one of its subsidiaries and secure a new deployment by a modification in the application’s source code and the installation of an application filtering solution (reverse proxy filtering).

Audit the security of an ATM machine

Customer’s needs: to audit the security of an ATM before it is put into production. This ATM machine is made by a company that edits centralization software and provides cash deposit systems.

Results of the mission: during this penetration test we were able to analyze the protocol used by the ATM machine and the centralization software. Therefore, we were able to perform a “proof of concept”: HelloOtto software. This application allowed us to freeze financial deposits or perform fictitious ones.

ROI for the customer: This approach enabled the agent on the mission to get a modification to his application, free of charge, in order to take into account the flaws discovered during our audit. An important development in the architecture and isolation of different bricks was also made.

Obtaining the security level of an electronic signature solution

Customer’s needs: to get a clear picture of the security level of an electronic signature solution that allows people to sign and authenticate transactions completed online. The entire solution is hosted by a third party, and it is based on a proprietary solution.

Results of the mission: this analysis allowed us to validate the security level of the chip used to hold certificates, but the penetration test also revealed the possibility of bypassing user authentication and downloading a certificate before the official customer takes possession of it.

ROI for the customer: our customer was able to take advantage of a free portal change by the publisher, and the mission’s agent, with full knowledge, was able to decrease the maximum allocated amount for any transaction signed with this technology.

Evaluating the porosity of the internal network and SWIFT applications

Customer’s needs: to evaluate the porosity of the internal network and SWIFT applications as much at the AIX systems level as at the Windows platforms.

Results of the mission: With a single employee’s rights, this penetration test allowed the SWIFT transaction application’s SSO authentication to be broken and all kinds of operations to be performed on the targeted system. In addition, it was possible for us to take control of all the AIX and Windows network.

ROI for the customer: this mission allowed the release of a budget to establish a place where the infrastructure’s critical areas can be isolated, to create systems hardening procedures, and to control deviant behaviors.

Feel free to contact us at stage@talsion.com, if you’re looking for an internship in computer security in 2016.

New year 2015

admin — Wed, 28 Jan 2015 11:55:20 +0000

A new year has begun, with important developments in the organization of our company to create independent legal entities for each of our businesses. This reorganization, which is primarily legal in nature, allows us to separate certain operations.

Auditing and penetration testing, at the heart of our historical expertise, are now performed by Talsion Defense. Since January, our vision of computer security has been strengthened by two new operations:

The customized development of adapted software, based on the Python language, to create highly secure applications and websites. These developments combine the concepts of cryptography, strong authentication, and resistance to hacking. All of this expertise is handled by Talsion Systems.

Along with the creation of solutions that meet our customers’ needs, in 2015, Talsion Systems will offer some new products, such as Webgrinder, Netbuoy, and Tacio.

An introduction to the various products created by Talsion Systems follows:

Webgrinder (Talsion Filtering Proxy) is a technology created within our company that performs customized filtering solutions on application feeds directed to Internet sites. This technology is based solely on white lists in the image of firewalls and strong concepts of user context management.

Netbuoy (Talsion Activity Detector) is a multi-agent system based on Kibana visualization technology and on software buoy created specifically by our company, in order to detect certain abnormal behaviors within a computer network or a virtual environment. This technology is already available to our long-time customers.

Tacio (Talsion Virtual Safe), our virtual safe, is at the end of development the first prototype’s arrival scheduled for late September 2015.

This software orientation is reinforced by the new hosting operation in a secure architecture, in order to provide a very high level of tolerance to crashes, as well as computer attacks, ranging from physical intrusion to the traditional computer intrusion to denial-of-service attacks.

Beyond the approach consisting of setting up an enclosure of protection, we have built an organization to detect, identify, and contain threats that may occur within the platforms that we host. All of this new dynamic is handled by Talsion Hosting.

Our client’s systems are hosted in our bays within a Parisian data-centre, in accordance with standard ISO 27001. This base is strongly enhanced by the addition of specific bricks.

These strategic orientations are based on the know-how and expertise that we have acquired during 10 years of building the Talsion Defence information system and strengthening the security of our customers.

Free online tools for Xmas

admin — Tue, 02 Dec 2014 09:33:08 +0000

Talsion, like all computer security companies with a citizen’s perspective, must provide tools to enhance the security of all information systems. Thus, in December 2014, we chose to reopen a new version of the yaunbug.fr platform. For the occasion, its name was changed to mecanic.talsion.com. This new online platform will allow any user to perform operations in order to determine the external aspects of the configuration of the computer systems for which he or she is responsible.

Far from online tools absorbed by advertising, being paid by an unintended and disturbing embarrassment, the mecanic.talsion.com site is provided free to all our customers and all Internet users, without any external advertising to our group.

Yaunbug.fr, created in 2009, was based on internal development. The mecanic.talsion.com website will see the year 2015 bring the complete overhaul of the code in order to be in line with the new standards and secure development practices used within our company. Thus, the PHP code used previously will be replaced with python code, which is the pivotal language of all our research and development today.

We have also chosen to integrate MAXMIND technology, which provides a more precise location of IP addresses that may be requested by platform users.

It is important to note that our customers can also access an advanced version of this technology. Therefore, it will be possible to check if a server is easily accessible on the Internet or if a mail server has not been placed on a blacklist by third parties in order to combat spam.

Dissymmetry in computer security

admin — Tue, 04 Nov 2014 11:08:43 +0000

Computer security for companies is based on the training of users, defense technologies, and the internal organization of security. However, these aspects are very expensive and require significant human resources.

Today, many software technologies are embedded within hardware platforms that are no longer up-to-date because the equipment is obsolete. Therefore, many companies have been forced to build emergency alternative solutions with the arrival of Poddle and Heartbleed.

In fact, modern computing is built on complex software bricks that were not subject to code auditing or are deliberately weakened and vulnerable.

In this modern aspect, the digital over-dependence of our companies and the arrival of all-communicating has introduced some previously unknown threats

It is easy to see that a fierce dissymmetry exists between defense methods and computer attack tools at the level of all stakeholders in the digital world.

Since 2013, our company has chosen to respond by going beyond the consulting world in order to create new defenses and innovative missions improving our customers’ security in the long term.

After the incursion test, Tacio was the first new generation technological brick aimed at defending the exchange of data. This solution was based on the experience and analysis of deficiencies discovered during the practice of our profession.

It was designed to provide a low surface of attack and maximum resilience to computer attackers while staying within a reasonable cost.

The Tacio solution fits into our dynamic of rupture and will be subject to the necessary commercialization certifications in accordance with our country’s laws.

Nosql, Python and password

admin — Sat, 18 Oct 2014 09:23:25 +0000

The latest news around the “so-called” compromise of Google accounts calls for some modernization in research and development structured around two axes:

Complexity analysis of a set of passwords accumulated for more than 10 years,
The aggregation of passwords in order to build a knowledge base built on the statistical use of passwords that are actually used.

Our requirements consisted of the following primitives:

Accepting a file as input containing a set of passwords to be analysed, structured in the form of one password per line encoded in latin-1 or utf-8,
Implementing clean-up mechanisms of the analysed entries to normalize penetration test dictionaries,
Integrating the extraction of a “copy” of the original file on the basis of their occurrences,
Creating an analysis of the complexity of different “unit” passwords encountered in the analyzed files: length, set of characters used, and number of occurrences,

During the PassMAID development phase, we relied on publicly available lists of passwords (more than 100 million entries).

The “challenge” of the PassMaid project is not induced by password analysis operations completed in Python, but it lies at the storage level of the various entries for the analysis operations and also in building the knowledge base. The large volume of data to process and store pointed us towards the use of a NoSQL database.

After some evaluations, we chose the Redis database under the BSD license. This technology is particularly suitable for the storage of a large number of low complexity entries, especially when the principle of durability is not required: in fact, Redis maintains the set of stored data in RAM (150 MB per million stored entries). This feature allows for not introducing a noticeable difference between reading and writing operations while providing good performance for analysis operations.

The file to be analyzed is read line-by-line and clean-up operations are performed on each of the recovered entries, so as to preserve only the data that is considered valid. If an entry is considered to be invalid because it was excluded by one of the various active filters, it is ignored.

To ensure the consistency of data throughout the analysis, each entry is converted to unicode and then stored in the database using UTF-8 coding, because Redis does not accept the storage of character strings in unicode format.

Password backup is carried out using two “sorted set” objects: the first for the storage of temporary data relative to the analyzed file, and the second for management of the knowledge base.

This data type represents the “password / number of occurrence” association. In addition, the primitives associated with this type of data allow us to perform password classification operations with a low processing cost. Thus, a single “ZINCRBY” instruction is necessary to verify the presence of a password in the database and add it if necessary.

To date, the storage capacity limit of the knowledge base corresponds to the maximum number of entries that can be inserted into a “sorted set” object: 2^32 – 1 elements, or more than 4 billion unique entries (4,294,967,295). This capability can be extended by using a dynamic number of “sorted sets.”

To increase the file analysis speed submitted in entry, Redis offers the possibility of using a “pipeline” to overcome the RTT (Round Trip Time) between two network requests: the pipeline allows multiple queries to be sent to the database without having to wait for responses, and then reads all the responses.

Another approach consists of distributing the analysis execution between several processes through the use of the Python “multiprocessing” module.

In the case of a “local” execution where the same machine performs the analysis and storage of data, using several process has proven to be more effective than using a pipeline. This solution offers us a gain of more than three minutes on the analysis of a “RockYou” type of file.

The global statistics obtained are as follows:

[+] Global statistics
**********************

	[-] Total entries:    14,344,390

	[-] Analyzed password entries:    14,331,467
	[-] Excluded password entries:    12,923

	[-] Unique passwords:    14,330,630

The analyzed “RockYou” file contained 14,344,390 entries, of which 12,923 were excluded by the various filters enabled during the execution (default configuration of the script). Among the non-excluded entries, 14,330,630 were unique entries. Redundant entries are due to backslash clean-up operations.

The distribution of unique entries in terms of length is as follows:

[+] Password lengths (for unique entries)
*****************************************

	[-] 1:           46 password(s) [ 00.0003 % ]
	[-] 2:          339 password(s) [ 00.0024 % ]
	[-] 3:        2,472 password(s) [ 00.0172 % ]
	[-] 4:       18,099 password(s) [ 00.1263 % ]
	[-] 5:      259,533 password(s) [ 01.8110 % ]
	[-] 6:    1,948,796 password(s) [ 13.5988 % ]
	[-] 7:    2,507,212 password(s) [ 17.4955 % ]
	[-] 8:    2,966,487 password(s) [ 20.7003 % ]
	[-] 9:    2,190,663 password(s) [ 15.2866 % ]
	[-] 10:   2,012,917 password(s) [ 14.0463 % ]
	...
        ...

We found that the vast majority of passwords (approximately 80%) have a length between 6 and 10 characters.

The following statistics highlight the composition of various identified passwords and the most frequently encountered entries during the analysis.

	[*] Top 10 passwords
	---------------------------------------------------

		[-] \                  11 appearance(s)
		[-] asdfghjkl;'        05 appearance(s)
		[-] 1234567890-=\      04 appearance(s)
		[-] ojkiyd0y'          04 appearance(s)
		[-] iydotgfHdF'j       04 appearance(s)
		[-] J'ADENKHYA         04 appearance(s)
		[-] iyd0y'             04 appearance(s)
		[-] iydgmv0y'          04 appearance(s)
		[-] ohv's,k            04 appearance(s)
		[-] zhane'             03 appearance(s)

	[*] Charset analysis (for unique entries)
	------------------------------------------

		[-] lowercase / numbers:
                       6,082,774 password(s) [ 42.4460 % ]
		[-] lowercase:                    
                       3,771,685 password(s) [ 26.3190 % ]
		[-] numbers:
                       2,347,074 password(s) [ 16.3780 % ]
		[-] lowercase / ascii_special / numbers: 
                           415,202 password(s) [ 02.8973 % ]
		...
		...

The analysis of these results indicates that 40% of the analyzed passwords consisted of lowercase letters and numbers, 26% had only lowercase letters, and 16% consisted of only numbers.

Our PassMAID tool is available free by simple request at tools@talsion.com, for anyone with a legitimate reason to use it and hold it in compliance with Article 323-3-1 of the French criminal code.

Tacio, our digital safe

admin — Mon, 15 Sep 2014 10:35:42 +0000

After 9 months of development focusing on implementing advanced security concepts to harden each application brick and the heart of the Tacio solution.

We chose to provide Tacio technology with its own identity attached to a logo specifically created for it. Therefore, we proposed a set of concepts combining the concept of security with our solution. For example:

data exchange protection,
data storage protection,
hardening of the applications,
countermeasures against piracy,
data theft resistance,
traceability of exchanges,
encrypted virtual private networks,
a tribal circle/seal,

Therefore, as a result of a long meeting on the security of information systems, our graphic designer was able to offer us the Tacio logo below, which will equip all of the different Tacio solution security components before the end of the year.

Tacio, with its secure time stamp abilities and different levels of information storage, is one of the only solutions available in 2014 that offers a viable alternative to electronic strong boxes that are available from many computer data protection solution suppliers.

Verdana versus Roboto

admin — Mon, 11 Aug 2014 06:36:45 +0000

After more than 10 years of good and loyal service, we have replaced the Verdana font provided by the Microsoft Corporation with the Roboto font released by Google for use in all of our work documents.

This standardization of our graphic charter allows us to have better visibility within our documents so that our security audit reports are most suitable for reading both on a computer screen and from a printed report.

In addition, the Roboto font is based on the Apache license, which allows us to use it without any major constraints on any project or computer penetration tool.

Below, you can see two texts written with the different fonts. The first one uses Verdana font and the second is Roboto.

Verdana

Roboto

The choice of the Roboto font results from the evaluation of many fonts. We wanted to make them professional while remaining more human and making our documents easier to read.

Therefore, only the Roboto police allowed us to reconcile our editorial constraints and new electronic information reading media.

Pycharm and computer security

admin — Mon, 21 Jul 2014 06:37:50 +0000

For us, Eclipse was one of the flagship tools from our developments in Python, because it remains fast and flexible and is uses multiple languages. However, the latest developments in the PyCharm Professional Edition solution have changed our perception of the ideal tool.

In fact, PyCharm was transformed by drastically increasing processing speed and natively integrating many bricks, facilitating the development of computer security tools in Python.

Therefore, the last version of PyCharm 3.4.1 is based on version integration under various protocols like Git or even the use of development help tools, especially those based on PEP8.

One of the key features in our use of PyCharm features is “remote debugging,” which allows us to simply and transparently integrate development within the very different and exotic operating systems of our development platforms.

We also discovered that the tool’s learning curve was very fast for novice users in Python. Therefore, a junior engineer in computer security can master and customize the tool in less than a week, which is not the case for the majority of development environments.

In addition, PyCharm natively supports GAE, SqlAlchemy, Pyramid, Web2py, Cython, Wxpython, PyQt, and PyGTK. So it allows us to support ourselves during our Python code audits on intelligent bricks, facilitating the understanding of software and audited libraries during our computer security missions.