We’ll break down the technical baggage that led to the new FREAK SSL flaw & the security ramifications of top executives using personal email accounts…

Plus why just need to stop hiding file extensions. Plus some great feedback & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

FREAK attack, new SSL flaw

• To really understand this vulnerability we need to go back to the early days of encryption on the internet
• In the 80s, the US government imposed restrictions of the export of cryptographic technology
• The idea was to prevent other countries from having access to strong cryptography that the NSA could not easily break
• The law restricted the export of symmetric crypto over 40 bits, and asymmetric over 512 bits
• Use of stronger crypto inside the US and a few other countries was allowed
• So, when Netscape invented SSL, they had to have a way to support this weaker “export” crypto
• So the web servers that served SSL would negotiate a 40 bit DES encrypted session using a 512 bit RSA key, if the user’s browser did not support stronger crypto
• This is one of the historic reasons that OpenBSD was always built and released from Canada, to avoid the crypto export restrictions
• The restrictions on strong cryptography export from the US were changed in 1996, allowing the world to upgrade to better crypto
• This new attack takes advantage of the fact that this code was never removed from the servers or browsers
• An attacker in a MitM position, can modify the initial request sent from the client (which isn’t protected by SSL/TLS yet), to request export grade crypto, instead of strong crypto
• The server sees the request for the old crypto, and unless export crypto has specifically been disabled, accepts the connection with the weak key
• The client should notice this, and refuse to complete the connection without strong crypto, but due to bugs in OpenSSL and Apple’s
• It also turns out, since generating these keys used to be relatively expensive, most web servers like Apache, only do it upon restart, so a long running server will use the same key until Apache is restarted
• The attacker could then factor the weak key, and decrypt the session. In the experiments, the keys were cracked in 7.5 hours using Amazon EC2 instances with high end GPUs at a cost of around $100
• A researcher project from the University of Michigan found that 36.7 percent of browser-trusted sites still support export crypto, and could be vulnerable to this attack
• Many sites still seem to have export crypto enabled, especially government websites, but also large CDNs like Akamai have had it enabled (until the last few days where they have started to disable it). This was likely to continue to support older browsers
• “In practice, I don’t think this is a terribly big issue, but only because you have to have many “ducks in a row”: 1) find a vulnerable server that offers export cipher suites; 2) it should reuse a key for a long time; 3) break key; 4) find vulnerable client; 5) attack via MITM (easy to do on a local network or wifi; not so easy otherwise),” said Ivan Ristic of Qualys (which runs SSLLabs.com)
• Mozilla’s guide to configuring the crypto algorithms for your web server
• Make sure your SSL Ciphers’s directive contains !EXPORT (and !DES, !MD5, !LOW etc)
• Additional Coverage – Cryptography Engineering: Factoring the NSA for Fun and Profit
• The MITM attack works as follows:
• In the client’s Hello message, it asks for a standard ‘RSA’ ciphersuite.
• The MITM attacker changes this message to ask for ‘export RSA’.
• The server responds with a 512-bit export RSA key, signed with its long-term key.
• The client accepts this weak key due to the OpenSSL/SecureTransport bug.
• The attacker factors the RSA modulus to recover the corresponding RSA decryption key.
• When the client encrypts the ‘pre-master secret’ to the server, the attacker can now decrypt it to recover the TLS ‘master secret’.
• From here on out, the attacker sees plaintext and can inject anything it wants.
• Additional Coverage – Threat Post
• Additional Coverage – Researcher’s Site, covers many TLS attacks

Hilory Clinton uses private email instead of government account to conduct all business at the US State Department

• “Hillary Rodham Clinton exclusively used a personal email account to conduct government business as secretary of state, State Department officials said, and may have violated federal requirements that officials’ correspondence be retained as part of the agency’s record.”
• “Mrs. Clinton did not have a government email address during her four-year tenure at the State Department. Her aides took no actions to have her personal emails preserved on department servers at the time, as required by the Federal Records Act.”
• “It was only two months ago, in response to a new State Department effort to comply with federal record-keeping practices, that Mrs. Clinton’s advisers reviewed tens of thousands of pages of her personal emails and decided which ones to turn over to the State Department. All told, 55,000 pages of emails were given to the department. “
• “It is very difficult to conceive of a scenario — short of nuclear winter — where an agency would be justified in allowing its cabinet-level head officer to solely use a private email communications channel for the conduct of government business,” said Jason R. Baron, a former director of litigation at the National Archives and Records Administration.
• “Under federal law, however, letters and emails written and received by federal officials, such as the secretary of state, are considered government records and are supposed to be retained so that congressional committees, historians and members of the news media can find them. There are exceptions to the law for certain classified and sensitive materials.”
• “How many emails were in Mrs. Clinton’s account is not clear, and neither is the process her advisers used to determine which ones related to her work at the State Department before turning them over.”
• It is not clear where the private email was hosted
• There are obvious security implications to government business being conducted on email hosted by large public providers such as Gmail, Yahoo, Outlook/live or Hotmail
• There are even larger security concerns related to bespoke private email hosting
• It is unclear if any encryption was ever involved in the emails in question
• This same concern can be seen in private companies, where some emails must be kept for 7+ years for legal reasons, yet some employees routinely use a private email address
• The other concern with using a private email address is that, when an employee (or Secretary of State) leaves the company, they do not cease to have access to their old emails that may contain privileged informations, and any new emails sent to that address are not redirected to the person now in that role
• House committee subpoenas Clinton emails in Benghazi probe

Why we should stop hiding file extensions

• An interesting article over at TheStack discusses common problems with user interfaces
• In addition to discussing a number of other issues:
• Web browsers turning into dumb TV type appliances (hiding the protocol prefix, hiding the URL bar)
• The tablet-ification of the web (not everyone is using a tablet, responsive designs are only useful when they don’t reduce functionality for non-tables)
• The scroll bar – Apple has inverted the way the scrollbar works, while this new design may feel more natural if you are using a touch screen or a trackpad, it doesn’t make sense for a desktop
• But the big one, is the default in many popular operating systems to hide file extensions
• This has been a security issue since someone discovered (15 years ago) that if you name a file porn.jpg.exe on windows, people will click on it thinking it is a picture
• “Windows users still need to activate extension visibility manually – even though email-transmitted viruses depend most on less-savvy users who will never do this”
• This is even more of an issue since we have moved away from 8.3 and “long file names”
• In the age of interoperability with other file systems, we now have files that have extensions longer than 3 characters
• Thankfully we no longer have to call our pages something.htm instead of .html

Feedback:

• ZFS grandfather problem and disk hang

• PFsense Limiter Question for Allan

• Securing a Ubuntu 14.04 web server

• AppArmor

Round Up:

• Fraud Comes to Apple Pay
• ThreatPost reviews “CSI: Cyber” with live chatlog
• Google confirms it wants to be a wireless carrier
• Amazon will be conducting reboots on EC2 to apply critical Xen patch
• How a $100,000 Kick Started project that gets $500,000 in funding can fail
• Google changes requirement for full storage encryption from requirement to ‘strong recommendation’ for Android manufacturers
• Why SSDs are obsolete
• All versions of Android before 5.0 vulnerable to root expliot