The lead article/editorial in Bruce Schneier’s latest CryptoGram (http://www.schneier.com/crypto-gram.html) points out the foolishness in warning people to beware of terrorists taking pictures.  Millions of people take billions of pictures every year for legitimate or innocent reasons, and the major terrorist attacks have not involved terrorists walking around taking photographs of the targets.  It doesn’t make sense to try and protect yourself by raising an alarm about an activity that is probably (*extremely* probably) not a threat.

Rather ironically, the second piece talks about the fact that your laptop may be searched when you fly to another country, and the advisability of laptop encryption.  Leaving aside privacy and legality concerns, Schneier is for encryption.

Now, I don’t fly as much as some, but more than many.  Since I’m a security researcher, I’ve got all kinds of materials on my laptop that would probably raise all kinds of flags.  I’ve got files with “virus,” “malware,” “botnet,” and all kinds of other scary terms in the filenames.  (I’ve got a rather extensive virus zoo in one directory.)  Nobody at immigration has ever turned a hair at these filenames, since nobody at immigration has ever asked to look at my laptop.  (Even the security screeners don’t ask me to turn it on as much as they used to, although they do swab it more.)

I’m not arguing that people shouldn’t encrypt materials on their laptops: it’s probably a good idea for all kinds of reasons.  However, unless I’m very fortunate in my travels (and, from my perspective, I tend to have a lot more than my fair share of travel horror stories), the risk of having immigration scan your laptop is not one of them.

2007 was the brazilian Christmas for laptops, definitely. Finally the prices are reasonable in retail stores, now one can buy a basic laptop for about R$1.600,00 (about US$950). That’s expensive for a 256MB / 512MB Celeron PC, but hey, that’s much better than feeding the parallel market of “contrabando”.

As a side effect, more Muni Wi-Fi and similar initiatives are emerging in the last few months. The last one came to my attention yesterday: Wi-Fi in Copacabana beach.

Sounds cool, huh? Caipirinhas, lots of hot girls in fio dental, and Wi-Fi (you geek!). Don’t do it, man.

Burglars in Brazil are smart, so be a ninja with your laptop in Brazil. Let your Targus bag at home, it looks like “hey I have a laptop, please steal it from me Mr. Bag Guy”. Be a ninja with other gadgets like iPods, digital cameras and cell phones too. Nothing in your belt too, Mr. Batman.

Wi-Fi in malls is relatively safe, just take care when you’re leaving the place, looking back is always good. Airports are safer, but take care in your way to the hotel, when you’re waiting for a taxi. Recently a gang was arrested, they were specialized in laptops. You know, it’s easy to know you have a laptop because people help burglars a lot: suits and backpacks (specially Targus and other mainstream brands) don’t mix.
Another tip: the vast majority of hotspots in Brazil are associated to Vex, so purchasing some credits before you leave your country in a safe network would be interesting. Another tip, actually a homework before you leave your country: backup your data, protect your HD with a password if available, encrypt the file system, have your VPN set.

Via: Praia de Copacabana deve ter rede Wi-Fi até junho (FolhaOnline 01/02/2007)

A frequent source ‘A’ sending updated NSA-Affiliated IP resources to Cryptome’s Web site has reported the following new information:

Certain privacy/full session SSL email hosting services have been purchased/changed operational control by NSA and affiliates within the past few months, through private intermediary entities.

Reportedly the following services are controlled:

Hushmail - based in Canada,
Guardster - based in USA,
and
SAFe-mail.net - based in Israel.

Link here: NSA Controls SSL Email Hosting Services

Update 22nd Dec: Guardster Team has posted its response on 21st Dec to Cryptome:

We can assure you that we do not cooperate with the NSA or any other government agency anywhere in the world. We invite whomever is making this statement to provide proof, rather than making a baseless accusation.
….

Response from Safe-mail.net Team (24th Dec) is the following:

1. We never had any contacts, direct or indirect, with the NSA or any other
government agency anywhere in the world.
2. All software we use is in-house development.
3. We have never shared our technology with any other party.
….

Update 30th Dec: Hushmail Team has posted its response yesterday to Cryptome’s Web site:

Hush Communications Corporation, the company that provides the Hushmail.com email service, is not owned, wholly or in part, by any government agency.

Additionally, ‘More info on industry Windows security software’ has been released:

Zone Alarm, Symantec, MacAfee: All facilitate Microsoft’s NSA-controlled remote admin access via IP/TCP ports 1024 through 1030; ie will allow access without security flag. Unknown whether or not software port forward routing by these same programs will defeat NSA access.

The post released in Cryptome.org on 1st Nov informed about the future updates with details related to this issue and this is the first piece of information.

To the new readers: Cryptome: NSA has access to Windows Mobile smartphones

Researchers from the Netherlands have predicted that the next president will be Paris HiltonOprah WinfreyAl Gore… well actually they don’t know, but what they do know is that they can created PDFs, or any other file format that allows storing random bits inside of it without affecting it, that all share the same MD5 value 3D515DEAD7AA16560ABA3E9DF05CBC80.

More details on the research can be found at their Predicting the winner of the 2008 US Presidential Elections using a Sony PlayStation 3 paper.

If someone missed this:

Rogue Nodes Turn Tor Anonymizer Into Eavesdropper’s Paradise reporting about very interesting finding of Swedish IT security consultant Dan Egerstad.

The original blog entry here: Time to reveal…

Mr. Stefan Esser of Hardened-PHP Project has informed that exploit codes of Month of PHP Bugs are not part of his Web site any more.

The reason for this is a new law in germany that is official since today. This new law renders the creation and distribution of software illegal that could be used by someone to break into a computer system or could be used to prepare a break in.

This list includes PoC exploits too, sees Mr. Esser.
But we know that The Internet remembers many things.

SecureWorks have posted analysis of another Trojan that used to to steal SSL/TLS encrypted data transfered from the victimized PC.

A single attack by a single variant compromises more than 5200 hosts and 10,000 user accounts on hundreds of sites.

• Steals SSL data using advanced Winsock2 functionality
• State-of-the-art, modularized Trojan code
• Spread through IE browser exploits
• Undetected for weeks, months by many AV vendors
• Customized server/database code to collect sensitive data
• Customer interface for on-line purchases of stolen data
• Accounts compromised by stealing data primarily from infected home PCs
• Accounts at top financial, retail, health care, and government services affected
• Data’s black market value at least $2 million

Full article is here.

Websense has posted a nice malware analysis showing how easy security software can be bypassed by malicious software.

Before performing it’s primary objective, this malware first disarms any antivirus or firewall it can:

The file is packed with a custom packer/protector, which we had never encountered before. Here is a brief description of the packer and what it does to prevent analysis.

The protected application doesn’t run in a Virtual Machine (default configuration). Once this problem is fixed, it generates 1372 (!) exceptions in the loader to thwart debuggers, tracers, emulators, and so forth.

There is a CRC to prevent patching of the protection code; therefore, the protector will never call the original entry point if the code has been patched, or if a software breakpoint is found in the routine.

One of the first things the malware does is to scan for security applications in memory. It uses a few different techniques, including looking for Windows Name, Process Name

It kills several antivirus products, if they are found in memory, as well as some firewall products.

Lowers the computer sound volume, in order to prevent the users from hearing a warning sound generated by antivirus programs.

Full analysis is here.

Is a longer password a better one? Most people will answer this with an unconditional “yes”. In fact, we’ve successfully conditioned our users to choose long and complex passwords and in some cases force them to do that using password enforcement policies. It came to a point where even a web site that helps me search for a cheap airline fare (where the most sensitive information in my account is the latest list of searches I did) forces me to a password scheme that look like it came from the NSA Orange Book.

My bank, on the other hand, lets me choose a four number password without complaining. Are they missing something? Shouldn’t they be forcing me to an eight-character-minimum-one-digit-one-letter password like just about everyone else on the internet? No. In fact, I think my bank is one of the few sites that actually did the threat analysis and understands the problem at hand.

Many of you have seen the following picture:

http://www.syslog.com/~jwilson/pics-i-like/kurios119.jpg

Putting a strong security measure in the wrong place doesn’t help security; in fact, it usually weakens it, as our users find ways to circumvent it altogether. The fact that I have dozens of different passwords that are impossible to remember means that my browser remembers everything for me. In fact, most of my passwords are easy to discover: they are stored in my browser, in my digital wallet and handwritten in notes on my desk. All you need is to gain access to one of these and you can pretty much impersonate me on the web - but you won’t gain access to my bank account - because that password is easy enough to remember and I never needed to write it down or store it.

Wait, am I telling you that a short, simple password is a good thing? Yes, that’s exactly what I’m saying. Lets analyze the threat: The web site is trying to protect me against someone who does not know my password and needs to perform a brute-force attack in order to guess it. But if we assume my username has 10 tries to get the right password before it’s locked for 24 hours (this is a mild assumption, usually we have less tries and we get locked for a longer time), a simple 4 letter password will take 62 years to crack on the average. Even a 4 digit PIN will take more than a full year to guess - that is, assuming the bank doesn’t view the logs to see something strange has been happening (thousands of wrong password attempts in a row). There is no feasible way for an attacker to brute force even the most trivial passwords (with the exception of ‘1234′, everyone’s favorite luggage combination) since after a handful of passwords the attack will be flagged; we have actually solved the brute force problem completely, and yet some sites still force me to use long and complex passwords for a problem that should have been fixed elsewhere .

Don’t even get me started on guessing the username: some banks for some reason think that usernames should be complex too.

Why does that happen? People are lazy, and tend to stick with known patterns. Long passwords were good in the 1980s when UNIX had a world-viewable password file encrypted with a weak cypher. But did anyone stop and think if this axiom is still true in this day and age? My bank did. I hope others will follow.

In a non-operational NANOG discussion about Google bandwidth uses, several statements were made. It all started from the following post by Mark Boolootian:

> Cringley has a theory and it involves Google, video, and oversubscribed backbones:
> http://www.pbs.org/cringely/pulpit/2007/pulpit_20070119_001510.html

In the discussion, the following statement was made by Rodrick Brown:

> The following comment has to be one of the most important comments in
> the entire article and its a bit disturbing.
>
> “Right now somewhat more than half of all Internet bandwidth is being
> used for BitTorrent traffic, which is mainly video. Yet if you
> surveyed your neighbors you’d find that few of them are BitTorrent
> users. Less than 5 percent of all Internet users are presently
> consuming more than 50 percent of all bandwidth.”

From there it went down-hill with discussion of the future, with the Venice project (streaming P2P for TV), etc. being mentioned. Some points were raised about how ISPs currently fight P2P technologies and may fight these new worlds of functionality, denying what the users want rather than work with them, citing as we have seen above that today, a very small percentage of Internet users account for about 50% of all Internet traffic. That of course, will increase dramatically in the future — it is where the users want to go.

The ISPs inhibit this progress, just like in my opinion a bad security “guy” or “gal” would try to prevent functionality from their users as part of their security strategy, rather than work with their users and enable functionality first.

In this discussion, Randy Bush (who I have had my share of strong disagreements with in the past) said the following, which is admirable:

> the heavy hitters are long known. get over it.
>
> i won’t bother to cite cho et al. and similar actual measurement
> studies, as doing so seems not to cause people to read them, only to say
> they already did or say how unlike japan north america is. the
> phenomonon is part protocol and part social.
>
> the question to me is whether isps and end user borders (universities,
> large enterprises, …) will learn to embrace this as opposed to
> fighting it; i.e. find a business model that embraces delivering what
> the customer wants as opposed to winging and warring against it.
>
> if we do, then the authors of the 2p2 protocols will feel safe in
> improving their customers’ experience by taking advantage of
> localization and proximity, as opposed to focusing on subverting
> perceived fierce opposition by isps and end user border fascists. and
> then, guess what; the traffic will distribute more reasonably and not
> all sum up on the longer glass.

It has been a long time since I bowed before Mr. Bush’s wisdom, but indeed, I bow now in a very humble fashion.

Thing is though, it is equivalent to one or all of the following:
-. EFF-like thinking (sticking to the moral high-ground or (at times!) impractical concepts. Stuff to live by.
-. (very) Forward thinking (not yet possible for people to get behind - by people I mean those who do this daily), likely to encounter much resistence until it becomes mainstream a few years down the road.
-. Not connected with what can currently happen to affect change, but rather how things really are which people can not yet accept.

As Randy is obviously not much affected when people disagree with him (much the same as me), nor should he be, I am sure he will preach this until it becomes real. With that in mind, if many of us believe this is a philosophical as well as a technological truth — what can be done today to affect this change?

The service providers are not evil — they do this out of operational necessity and business needs. How can this change or shown to be wrong?

Some examples may be:
-. Working with network gear vendors to create better equipment built to handle this and lighten the load.
-. Working on establishing new standards and topologies to enable both vendors and providers to adopt them.
-. Presenting case studies after putting our money where our mouth is, and showing how we made it work in a live network.

Staying in the philosophical realm is more than respectable, but waiting for FUSSP-like wide-adoption or for sheep to fly is not going to change the world, much.

For now, the P2P folks who in most cases are not eveel “Internet Pirates”, are mostly allied whether in name or in practice with illegal activities. The technology isn’t illegal and can be quite good for all of us to save quite a bit of bandwidth rather than waste it (quite a bit of redundancy there!).

So, instead of fighting progress and seeing it [P2P technology] left in the hands of the “pirates” and the privacy folks trying to bypass the Firewall of [insert evil regime here], why not utilize it?

How can service providers make use of all this redundancy among their top talkers and remove the privacy advocates and warez freaks from the picture, leaving that front with less technology and legitimacy while helping themselves?

This is a pure example of a problem from the operational front [realm] which can be floated to research and the industry, with smarter solutions than port blocking and QoS.

It’s about progress and how change is affected and feared, not about who is evil. It is about who will step up and make a difference, and whether business today is smart enough to lead the road rather than adapt after the avalanche has already fallen.

Gadi Evron,
ge@linuxbox.org.

The amazing Steven Murdoch did some traffic analysis on Tor, trying to detect machines behind the annonymizing network. Tor itself seems as secure as it had ever been, see comment below.
“By requesting timestamps from a computer, a remote adversary can find out the precise speed of its system clock. As each clock crystal is slightly different, and varies with temperature, this can act as a fingerprint ofthe computer and its location.”

ftp://ftp.fortunaty.net/video/23c3/wmv/timeskew2-t2s1.wmv
http://events.ccc.de/congress/2006/Fahrplan/events/1513.en.html

Anyone remember CAIDA’s study on the crystals for detecting machines through NATs?
http://www.caida.org/publications/papers/2005/fingerprinting/KohnoBroidoClaffy05-devicefingerprinting.pdf

Another good lecture on traffic analysis at CCC, which was an introduction by George Danezis:
http://events.ccc.de/congress/2006/Fahrplan/attachments/1185-DanezisTAIntro.pdf

Gadi Evron,
ge@linuxbox.org.

Other presentations I enjoyed, which I just noticed online:
PDF George Danezis, Introducing Traffic Analysis

WMV Georg Wicherski, Automated Botnet Detection and Mitigation

WMV Gadi Evron, Fuzzing in the Corporate World (yes, mine)

WMV Ilja van Sprundel, Unusual Bugs

PDF Ilja van Sprundel, Unusual Bugs

WMV Michael Steil, Inside VMware

More here [mirror]. All mirrors, etc. can be found here. I hope everything becomes available soon.

Gadi Evron,
ge@linuxbox.org.

Recently, I stumbled upon http://www.hispasec.com/laboratorio/cajamurcia_en.htm which nicely showed how a Trojan horse can, utilizing a key stroke capture and screenshot capture, grab a user’s PIN, fairly easily, and wondered why are they taking this approach when the PINs can be easily retrieved by sniffing the data sent by the user to the banking site, even though they are “encrypted”.

Image based keyboard (or virtual keyboards) were invented to make life harder for banking or phishing Trojan horses (specifically key-stroke loggers or key loggers), some even suggested they be used specifically to avoid these Trojan horses. The bad guys adapted to this technology and escalated. Now the Trojan horses take screenshots of where the mouse pointer is to determine what number they clicked on. Thing is, it is often unnecessary as in most implementations of this technique that we looked into (meaning, not all) it was flawed.

Instead of sending the remote image and waiting for the key-stroke information to be sent back to the server (the technique which the screenshots for pointer location on-click described above was used) some banks send the PIN in cleartext, while others encrypt them, one such example is cajamurcia. Even when the encryption is used, banks tend to implement it badly making it easy to recover the PIN from the encrypted form.

I investigated a bit more on how cajamurcia handles such PIN strokes (with virtual keyboards) and I noticed something strange, they take the timestamp of their server (cajamurcia) and send it to you - this already posses a security problem - and this timestamp is then used to encrypt the PIN you entered.

This would have been a good idea if the timestamp was not sent back to the server, making it hard or semi-hard to guess the timestamp used to encrypt the data, but at the same time making it harder for the server to know what timestamp was provided to the client (unless they store it inside their session information). Anyhow, as it is sent back to the server, we have everything we need to decrypt the data (PIN).

PoC:

A request to the server would look like:
(more…)

As reported on Bugtraq list last Friday:

However, it seems that the encryption keys are hardcoded directly in the EXE file. So, they are easily recoverable and all these CFG files can be easily compromised.

This case is related to encryption level of configuration files (.CFG) when installing several workstations at the same time with centralised management tools. SafeGuard Easy is for encrypting hard drives.
Company’s response entitled as Statement on SafeGuard Easy Articles regarding Configuration File Vulnerability is located here [2-p PDF]:
(more…)

I remember when I was first introduced to DES. It was in some computer magazine whose name I can’t recall and it went something like “the DES algorithm is so powerful, that even if you could run several DES brute force attempts per second, the sun will die and our galaxy will be destroyed before you can try all the DES combinations. It made sense – 2^56 is a very big number, more than the measly 5-10 billion years our sun has to live. Back then there was also speculation on how the NSA could break it. It was a well-documented fact that the NSA made some subtle changes to the DES algorithm and the popular assumption was that they put in a ‘back door’ so that their supercomputer can break it. There had to be an NSA backdoor, since there were mathematical proofs on the impossibility of breaking DES in a reasonable time (like, within the age of the universe) or reasonable amount of money (lets say, within the entire worth of the world’s economy). Who can argue with a mathematical proof that contains a lot of exponents and relies on bullet proof analogies?

Almost a decade later I learned cryptology from Eli Biham, the inventor of differential cryptology. He spent a full lecture on the DES design and algorithm and we were all quite convinced that its 16 rounds and mysterious S-box design was unbreakable. Biham finished the lecture by saying “…and next week, I’ll tell you how DES is broken” and indeed the following week he taught us differential cryptanalysis. The method was unpractical and mostly theoretical, so it didn’t really “break” DES, but it showed the first weakness and I started losing faith in the whole “the world will end before…” jive.

It was only a few years after, that DES collapsed. It wasn’t with smart differential cryptology, though. It wasn’t even by finding the ’secret NSA backdoor’ everybody was looking for in the 80s. In fact, many were shocked to discover the NSA change to the S-boxes actually made DES more resistance to differential cryptanalysis attacks. They didn’t want the algorithm to be weakened by other means, possibly because they could brute-force it way back then.
DES was broken because something unexpected happened. The processing power of a super computer from the 70s is weaker than the average PC sold at Walmart. In fact, a $500 PC running a standard operating system can try hundreds of thousands of DES combinations per second, while allowing its operator to play Solitaire. It’s not difficult to get hold of thousands or even tens of thousands of PCs (think a medium-size corporation after 5pm or a university during summer vacation) and you’ve got about a billion DES brute-force attempts per second. The sun will come up tomorrow, and the DES encrypted message will be broken by that time.

If I was to go back in time and tell a computer science professor that in 30 years an average person will have access to a processing power that is a billion times that of a super computer, I would be committed on the spot (or worse – sent to the social sciences department). Yes, I admit that it’s hard to anticipate something like that – keeping with the flawed analogies that would be like me telling you that in 30 years we’ll all be living in mansions like Bill Gates while paying 1/10 of the rent we pay today.

On the other hand, just because we can’t grasp something doesn’t make it impossible. I made that mistake myself, when 8 years ago I argued passionately that Windows vulnerabilities are impossible to exploit. I gave a very detailed reasoning. I thought I knew a lot about security. Two years later, David Litchfield gave a step-by-step explanation on how to exploit buffer overflows on Windows. Reading back what I wrote then, makes me want to get into the time machine again, visit the young me and hit myself with the clue stick (and tell the astonished me that whatever stupid thing I write will be saved forever and can be pulled by a search engine in less than a second. After that, I should probably give myself the lottery winning numbers and a travel brochure).

I figured people stopped making outrageous claims about what’s ‘impossible’ in computer security, and then I stumbled upon this. My favorite quote (attributed to Jon Callas, the CTO of PGP corporation):

[…] consider a cluster of [grain sized] computers, so many that if you covered the earth with them, they would cover the whole planet to the height of 1 meter. The cluster of computers would crack a 128-bit key on average in 1,000 years.

Really Jon? Sure, it can be backed up by the ‘exponential growth’ problem and by looking at the results of various distributed cracking projects. But will an encrypted message sent by a Coca Cola executive containing the secret formula and encrypted by a 128-bit PGP key survive brute force attacks 5 years from now? 10 years? 20? 30? Would you wager $23B a year on that? I wouldn’t.

Don’t get me wrong, brute force should not be the primary concern of someone securing their system from attack. It’s much easier to find an unpatched network vulnerability, or run a social-engineering attack to get what’s needed. But 2005 was an amazing year for cryptanalysis, with weaknesses found in major hashing algorithms and Chinese crypto experts leap-frogging what we thought was possible in some fields.

My advice? Whenever someone describes ‘impossible’ in terms of planets, atoms or large exponents ask them to give it to you in writing. 10 years later go back to them with a “what were you thinking?”. With some luck, they’ll be rich and famous and you could shame them in public. I’m saving mine for Jon Callas. Modern cryptographic systems are essentially unbreakable? Yeah, and 640k should be enough for anybody.