cyberstorm.mu is promoting Signal

“Going further and beyond” –  That’s the motto of cyberstorm.mu. Indeed, there are many people everywhere calling themselves professionals where the fact is that they are merely wearing a mask showing off in the public. I would also claim that no one is perfect in the field of It and Security, however, acceptance of oneself and move on to another stage is the real goal.

photo credits: cyberstorm.mu
photo credits: cyberstorm.mu

What and why Signal? I posted an article yesterday to elaborate on the application. Well, cyberstorm.mu is not only promoting Signal but many free and open source security software such as Tor, Bitcoins and many others to liberate each and everyone from this sick society where governments are spying on your personal stuff. I made some research on Signal and conclude that this is indeed amazing!

With the help of Logan, member, and contributor of cyberstorm.mu, I made an audit of the Signal code and noticed that some improvements can be made on one of the libraries. A remote hacker can probe the memory and harvest the sensitive information.

The logic  – Data (an example could be cryptographic keys) in memory is not always needed because someone can look for ways to exploit the data. An analogy is that it’s like washing your keyboard after entering your password so that people cannot collect your fingerprints to steal it. In other words, a code execution can be done at the memory level to penetrate your system. To mitigate this attack, zeroing buffers which contained sensitive information is an exploit mitigation technique. Let me take an example: Imagine you are a hacker and you can see what is in the RAM of your victim. Then you can see passwords and everything else. Then it’s better to delete them if they are not going to be used or rather fill it in with wrong passwords to trick the hackers.

In a technical term, the idea is to overwrite the variable when you are about to get rid of it so that other programs cannot detect what was there. The key is not to have the secret data present in the memory longer than necessary. However, what you overwrite might matter, but what is overwritten is the key to keep it secret. So let’s see how to put Zeroes in RAM to erase what was there before. Keep in mind, it has nothing to do with overflows.

Do check out the pull requests and commit at https://github.com/WhisperSystems/libaxolotl-c/pulls

Nitin J Mutkawoa https://tunnelix.com

Blogger at tunnelix.com | Founding member of cyberstorm.mu | An Aficionado Journey in Opensource & Linux – And now It's a NASDAQ touch!

You May Also Like

More From Author