Information Security News
The Guardian roiled security professionals everywhere on Friday when it published an article claiming a backdoor in Facebook's WhatsApp messaging service allows attackers to intercept and read encrypted messages. It's not a backdoor—at least as that term is defined by most security experts. Most would probably agree it's not even a vulnerability. Rather, it's a limitation in what cryptography can do in an app that caters to more than 1 billion users.
At issue is the way WhatsApp behaves when an end user's encryption key changes. By default, the app will use the new key to encrypt messages without ever informing the sender of the change. By enabling a security setting, users can configure WhatsApp to notify the sender that a recently transmitted message used a new key.
Critics of Friday's Guardian post, and most encryption practitioners, argue such behavior is common in encryption apps and often a necessary requirement. Among other things, it lets existing WhatsApp users who buy a new phone continue an ongoing conversation thread.
I started to play with a nice reconnaissance tool that could be helpful in many cases - offensive as well as defensive. IVRE  (DRUNK in French) is a tool developed by the CEA, the Alternative Energies and Atomic Energy Commission in France. Its a network reconnaissance framework that includes:
I deployed this tool and feed it with attacker" />
Very useful to find compromized hosts which delivermalware! The web interface provides a powerful search feature. Examples:
Getting more knowledge about your attackers is always good. IVRE can help you in this way. This is avery powerful framework that will help you to build your own small Shodan. Happy hunting!
Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant