Attacks on EAP-AKA’ protocol (5g)

I’m doing research on authentication protocols and I’m analyzing the EAP-AKA’ protocol described in RFC 5448 that is one of the three protocols adopted in 5G. I would like to know if there are any known attacks to this protocol as I can’t find anything among the common research portals.

network – How do I write my own authentication protocol and add that to OpenWrt?

Stack Exchange Network


Stack Exchange network consists of 177 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Visit Stack Exchange

ssh – Why do only some applications generate “MobaXterm X11 proxy: Unsupported authorisation protocol” error?

This question is related to How to fix “MobaXterm X11 proxy: Unsupported authorisation protocol”, but the answer there did not work for me.

I use MobaXterm to ssh from a Windows PC to a Linux PC, and I know that MobaXterm has a X11 server which allows GUI applications spawned in the Linux environment to appear in the Windows environment (sorry if my terminology is clunky).

I want to run baobab because I want to analyze disk space hogs. I guess I need to run sudo baobab because otherwise baobab reports permission errors and isn’t useful.

Problem/question: if I run baobab the gui appears, but if I run sudo baobab, I get this error:

$ sudo baobab
(sudo) password for user:
MobaXterm X11 proxy: Unsupported authorisation protocol
Unable to init server: Could not connect: Connection refused

(baobab:219372): Gtk-WARNING **: 13:54:54.003: cannot open display: localhost:10.0

I get the same result with firefox vs sudo firefox.

What is the problem, and how do I work around it?

I’ve already tried the xauth add suggestion at the linked post. Display port 10 was already listed to begin with, but I added a new entry anyway, and it didn’t make any difference:

$ xauth list
linxbox/unix:1  MIT-MAGIC-COOKIE-1  090ae067d5c16d139a64536f9c5d758e
linxbox/unix:2  MIT-MAGIC-COOKIE-1  3e67e02956713af7560d0ecb34e159b4
linxbox/unix:12  MIT-MAGIC-COOKIE-1  473351e10715668bf13345d24835671f
linxbox/unix:11  MIT-MAGIC-COOKIE-1  5f005e7a67371788e58f9a605132a3cf
linxbox.company.com:1  MIT-MAGIC-COOKIE-1  090ae02bd5676d099134536f9c5d758e
linxbox/unix:10  MIT-MAGIC-COOKIE-1  988522a45f0b77bf4567ceb132f4e0d8

AWS EC2 Linux 2 configuration for new PayID protocol

Hi, my first post here.
SEMrush

I’m new to Apache. Tried to learn as much as I can on my own, but have hit a brick wall.
PayID is a new universal payment protocol just released – more details at payid dot org. The objective is to enable sending of a variety of payments using just one human-readable address, of the form user$example.com.

I don’t want to run a full PayID server, just serve my own domain which I set up on an AWS EC2 AMI Linux 2 t2.micro instance.
Installed Apache 2.4 and ran Certbot to get SSL certificates for example.com and www.example.com. It happily serves my index.html page in a browser over the internet. SSL Labs gives both version of the domain A+. TLS 1.2 is the only HTTPS protocol accepted by my site. I also installed Node.js (latest stable version) and NVM.

I tried to follow Matt Hamilton’s example: https://dev.to/hammertoe/static-serving-payid-address-1eac
Edited httpd.conf along the lines he shows (only showing the non-standard sections here):

<VirtualHost InstancePublicIP:80>
    DocumentRoot "/var/www/html/example.com"
    ServerName "example.com"
    ServerAlias "www.example.com"
RewriteCond %{SERVER_NAME} =example.com (OR)
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} (END,NE,R=permanent)
</VirtualHost>

<VirtualHost InstancePublicIP:443>
    DocumentRoot "/var/www/html/example.com"
    ServerName example.com
    ServerAlias www.example.com

    Header always set Strict-Transport-Security "max-age=63072000; preload"

    SSLEngine on
    SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-$
    SSLHonorCipherOrder     off
    SSLSessionTickets       off

    SSLCertificateFile "/etc/letsencrypt/live/example.com/fullchain.pem"
    SSLCertificateKeyFile "/etc/letsencrypt/live/example.com/privkey.pem"

    ErrorDocument 404 /404.html

    # PayID
    RewriteEngine On
    RewriteCond "%{HTTP_ACCEPT}" "application/xrpl-mainnet+json"
    RewriteRule ^(.+) /.pay/$1.json (L)
   
</VirtualHost>

Code (ApacheConf):

And in /var/www/html/example.com/.pay I have a file payme.json:

{
  "addresses": (
    {
      "paymentNetwork": "XRPL",
      "environment": "MAINNET",
      "addressDetailsType": "CryptoAddressDetails",
      "addressDetails": {
        "address": "rVcktW*********************************"
      }
    }
  ),
  "payId": "payme$example.com"
  }

Code (JavaScript):

Permissions are set to 755 for the .pay folder and 644 for the json file.

The HTTP to HTTPS rewrite seems to work. PayID mandates use of HTTPS, so it shouldn’t be trying to access port 80 anyway.

The problem is that Xumm, an app that is happy to send XRP to PayID addresses, will not recognise my payme$example.com address, whereas it recognises Matt’s address and others. I also tried on a crypto exchange that uses PayID – still no joy, so it’s not the Xumm app at fault.

There is a PayID validator site: https://payidvalidator.com/
Entering my address yields the following result:

Validation Results
Score 0%
HTTP Status Code
Value
404
Result
Fail
Message
-
Header Check / Access-Control-Allow-Origin
Value
Result
Fail
Message
The header could not be located in the response.
Header Check / Access-Control-Allow-Methods
Value
Result
Fail
Message
The header could not be located in the response.
Header Check / Access-Control-Allow-Headers
Value
Result
Fail
Message
The header could not be located in the response.
Header Check / Access-Control-Expose-Headers
Value
Result
Fail
Message
The header could not be located in the response.

Code (markup):

It’s a pretty comprehensive disaster! I must be doing something very wrong. Any help appreciated!

 

Snort automatic protocol detection

Does Snort have the "automatic protocol detection" function like Suricata? I read that Snort 3 has "Autodetect services for portless configuration" feature. Does it mean that this function is absent in Snort 2? Or they are completely different functions?

Why chord protocol (peer – to – peer) maintains a finger table instead of entire membership list (using SWIM)?

Chord uses finger table for querying and it takes O(log(N)) to get the result. But why not maintain the entire membership list and get result in O(1) ?

rest – How to abstract the communication protocol used to communicate between different microservices?

I would like to implement a microservice which can support both REST and SOAP, and will use the protocol based on the client preference (or what the client is already using).

I have been thinking of a way to do that, I thought of header which will be set by the client to specify the protocol to be used, I am not sure if this is the right way to do it.

protocol – How are we so sure that the bitcoin network is connected?

how do we ascertain that the bitcoin network (…) is one connected graph

Problems paying people.


The senders and recipients in transactions are people who make contact using non-bitcoin protocols – for example HTTP websites, SMTP email, chat, in-person, by phone.

Therefore if the Bitcoin network were fragmented we should expect that pretty soon a person whose wallet is in one fragment would experience difficulty paying someone whose wallet was in a different fragment.

This would occur because different fragments would have different head blocks in their blockchain and pretty soon miners in one fragment would not be able to process transactions whose inputs were from a block they don’t have.

I would expect Bitcoin discussion fora would gradually become filled with the wailings and gnashings of a horde of frustrated, angry and bewildered Bitcoin users.

I mean, more than the fora normally are 🙂

After this became known, I would expect at least one or two whales to succumb to the temptation to double-spend massively. If so it seems superficially it would be a huge crisis for Bitcoin.

In practice, since this has not happened yet, I guess it would take some massive splitting of the Internet (e.g. Putin turns on his Russian Internet isolation switch for sufficiently long).

When there is a hard-fork (e.g. BCH) something a little similar happens, people who own n BTC before the split now own n BTC + n BCH. In the case of Bitcoin network fragmentation, someone who owned n BTC before would now own n BTC in fragment A and n BTC in fragment B. Although this might make them happy, potential recipients would worry about the consequences in an eventual remerger of those fragments.

bluetooth – Protocol to transmit audio from a smartwatch to Android

I’m currently currently trying to program a diy smartwatch. On my phone I’d like to run some kind of offline voice recognition like Mozilla’s DeepSpeech and on my smartwatch I’d like to run a program that takes the microphone input of the watch and send it to my phone so that I can use it with my voice recognition library.

So far so good, but I’m having a hard time finding the right protocol for transmitting the audio. The easiest way for me would be to create a serial connection over Bluetooth and send the audio over that, but that doesn’t sound like a very efficient solution. Ideally I would like to utilize Bluetooth Low Energy to get the most out of my battery, but I looked at the list of GATT characteristics and couldn’t find anything related to audio, microphones, voice recognition or the like.

I’m also thinking about making my smartwatch act as a Bluetooth Microphone, but it sounds like a lot of work to prevent Android to from taking over the microphone for use by the whole system and in addition to that I think it might be very problematic to quickly create such a connection and then drop it again because I only want to send audio when I really intend to send a voice command. I guess this could be done over A2DP?

But there are soo many other protocols. I’m just completely overwhelmed and don’t know what I should take a closer look at, for example:

File Transfer Profile (FTP)
Cordless Telephony Profile (CTP)
Generic Audio/Video Distribution Profile (GAVDP)
Hands-Free Profile (HFP)
Headset Profile (HSP)
Intercom Profile (ICP)

The smartwatch is powered by an ESP32 which unfortunately appears to only have a limited Bluetooth API supporting GAP, GATT, A2DP, AVRC, SPP and HFP.

I guess the actual question is, what would be a sane way of sending short audio recordings from an ESP32 powered Bluetooth smartwatch to a custom Android app?

(I don’t want to use use proprietary services like the Google Voice Assistent btw. It would however be interesting to know what protocol is being used for WearOS <-> Android communication when it comes to speech recognition.)

I have set Chrome’s default protocol handler for web calender to calender.google.com and yet ical files open Outlook

I have set the default protocol handler in Chrome for Web calender to calender.google.com and yet whenever I click on .ics files in Windows explorer (Win10) they try to fire up Outlook. Is there a way to fix this? See Screenshot below.

e.g. For email the workflow works correctly: If I click on a mailto link it does open in Gmail’s web browser in Chrome.

Of course, I can import the .ics files manually, and that does work. I would just like to automate this.

enter image description here