crypto – Jupiter Broadcasting

Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database.
The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to Reuters in separate interviews. Microsoft declined to discuss the incident.

How I Socially Engineer Myself Into High Security Facilities

A few months ago, a client had hired me to test two of their facilities. A manufacturing plant, plus data center and office building nearby.
I scour profiles of employees who work at these facilities, and cross-reference them to other social media sites.
This is not an advanced investigation. I’m not a private investigator and I don’t have the resources of the NSA. But I can do a lot of damage with simple methods.
X could have saved the company a lot of heartache by simply verifying that I was who I claimed to be.
I’ve been doing this job for a couple years now, and almost every job is a variant of this story. Very rarely do I go through an entire assessment without some sort of social engineering.

Crippling crypto weakness opens millions of smartcards to cloning

Yubico not aware of any security breaches due to this issue

Millions of smartcards in use by banks and large corporations for more than a decade have been found to be vulnerable to a crippling cryptographic attack. That vulnerability allows hackers to bypass a wide range of protections, including data encryption and two-factor authentication.

At this time, we are not aware of any security breaches due to this issue. We are committed to always improving how we protect our customers and continuously invest in making our products even more secure.

Feedback

Workaround for the WPA2 exploit – from Jonathan
SNAPs for… Windows?
Server Layout for Linux System with LXC – There is an interesting project kind of related to this idea called CloudABI – CloudABI for FreeBSD
IT Land before time COMPUTERS THAT NEVER WERE Software Emulator for the Cardboard Illustrative Aid to Computationn

Round Up:

The post Cloudy with a chance of ABI | TechSNAP 342 first appeared on Jupiter Broadcasting.

Patch Your S3it | TechSNAP 338

chris — Tue, 26 Sep 2017 23:40:04 +0000

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Distrustful U.S. allies force spy agency to back down in encryption fight

Some ISO delegates said much of their skepticism stemmed from the 2000s, when NSA experts invented a component for encryption called Dual Elliptic Curve and got it adopted as a global standard.
In 2007, mathematicians in private industry showed that Dual EC could hide a back door, theoretically enabling the NSA to eavesdrop without detection. After the Snowden leaks, Reuters reported that the U.S. government had paid security company RSA $10 million to include Dual EC in a software development kit that was used by programmers around the world.

Viacom exposes crown jewels to world+dog in AWS S3 bucket blunder

Researchers found a wide-open, public-facing misconfigured AWS S3 bucket containing pretty much everything a hacker would need to take down the company’s IT systems.
“The contents of the repository appear to be nothing less than either the primary or backup configuration of Viacom’s IT infrastructure,” Vickery revealed today.
The Amazon-hosted bucket could be accessed by any netizen stumbling upon it, and contained the passwords and manifests for Viacom’s servers, as well as the access key and private key for the corporation’s AWS account. Some of the data was encrypted using GPG, but that wouldn’t be an issue because the bucket also contained the necessary decryption keys.

Equifax sends customers to wrong website, not theirs, for help

The credit management company Equifax has been sending customers to a fake “phishing” website for weeks, potentially causing them to hand over their personal data and full financial information to hackers.
After the data breach was revealed earlier this month, Equifax established the domain www.equifaxsecurity2017.com to handle incoming customer questions and complaints. This website is not connected to Equifax’s main website.
On Wednesday, a user reached out to Equifax on Twitter asking for assistance. The responding tweet sent the user to www.securityequifax2017.com, which is an impostor site designed to look like the Equifax splash page.

FinFisher government spy tool found hiding as WhatsApp and Skype

This week (21 September), experts from cybersecurity firm Eset claimed that new FinFisher variants had been discovered in seven countries, two of which were being targeted by “man in the middle” (MitM) attacks at an ISP level – packaging real downloads with spyware.
When a target of surveillance was downloading the software, they would be silently redirected to a version infected with FinFisher, research found.
When downloaded, the software would install as normal – but Eset found it would also be covertly bundled with the surveillance tool.

Feedback

Stored passwords & Amazon Fire Stick

+Hey Dan. What is a good and inexpensive tape backup drive for LTO tapes? What works for you best? Thx!

Round Up:

Apache Struts Vulnerability: More Than 3,000 Organizations At Risk Of Breach

Facebook re-licenses React under MIT license after developer backlash

The post Patch Your S3it | TechSNAP 338 first appeared on Jupiter Broadcasting.

One Key to Rule Them All | TechSNAP 263

chris — Thu, 21 Apr 2016 10:41:52 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This week, the FBI says APT6 has pawned the government for the last 5 years, Unaoil: a company that’s bribing the world & Researchers find a flaw in the visa database.

All that plus a packed feedback, roundup & more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

FBI says APT6 has pwning the government for the last 5 years

The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard
The official advisory is available on the Open Threat Exchange website
The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years. This comes months after the US government revealed that a group of hackers, widely believed to be working for the Chinese government, had for more than a year infiltrated the computer systems of the Office of Personnel Management, or OPM. In the process, they stole highly sensitive data about several millions of government workers and even spies.
In the alert, the FBI lists a long series of websites used as command and control servers to launch phishing attacks “in furtherance of computer network exploitation (CNE) activities [read: hacking] in the United States and abroad since at least 2011.” Domains controlled by the hackers were “suspended” as of late December 2015, according to the alert, but it’s unclear if the hackers have been pushed out or they are still inside the hacked networks.
Looks like they were in for years before they were caught, god knows where they are,” Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, and who has reviewed the alert, told Motherboard. “Anybody who’s been in that network all this long, they could be anywhere and everywhere.
“This is one of the earlier APTs, they definitely go back further than 2011 or whatever—more like 2008 I believe,” Kurt Baumgartner, a researcher at the Russian security firm Kaspersky Lab, told me. (Baumgartner declined to say whether the group was Chinese or not, but said its targets align with the interest of a state-sponsored attacker.)
Kyrk Storer, a spokesperson with FireEye, confirmed that the domains listed in the alert “were associated with APT6 and one of their malware backdoors,” and that the hackers “targeted the US and UK defense industrial base.” APT6 is ”likely a nation-state sponsored group based in China,” according to FireEye, which ”has been dormant for the past several years.”
Another researcher at a different security company, who spoke on condition of anonymity because he wasn’t authorized to speak publicly about the hacker’s activities, said this was the “current campaign of an older group,” and said there “likely” was an FBI investigation ongoing. (Several other security companies declined to comment for this story.) At this point, it’s unclear whether the FBI’s investigation will lead to any concrete result. But two years after the US government charged five Chinese military members for hacking US companies, it’s clear hackers haven’t given up attacking US targets.

Unaoil: the company that bribed the world

After a six-month investigation across two continents, Fairfax Media and The Huffington Post are revealing that billions of dollars of government contracts were awarded as the direct result of bribes paid on behalf of firms including British icon Rolls-Royce, US giant Halliburton, Australia’s Leighton Holdings and Korean heavyweights Samsung and Hyundai.
A massive leak of confidential documents, and a large email, has for the first time exposed the true extent of corruption within the oil industry, implicating dozens of leading companies, bureaucrats and politicians in a sophisticated global web of bribery.
The investigation centres on a Monaco company called Unaoil.
Following a coded ad in a French newspaper, a series of clandestine meetings and midnight phone calls led to our reporters obtaining hundreds of thousands of the Ahsanis’ leaked emails and documents.
The leaked files expose as corrupt two Iraqi oil ministers, a fixer linked to Syrian dictator Bashar al-Assad, senior officials from Libya’s Gaddafi regime, Iranian oil figures, powerful officials in the United Arab Emirates and a Kuwaiti operator known as “the big cheese”.
Western firms involved in Unaoil’s Middle East operation include some of the world’s wealthiest and most respected companies: Rolls-Royce and Petrofac from Britain; US companies FMC Technologies, Cameron and Weatherford; Italian giants Eni and Saipem; German companies MAN Turbo (now know as MAN Diesal & Turbo) and Siemens; Dutch firm SBM Offshore; and Indian giant Larsen & Toubro. They also show the offshore arm of Australian company Leighton Holdings was involved in serious, calculated corruption.
The leaked files reveal that some people in these firms believed they were hiring a genuine lobbyist, and others who knew or suspected they were funding bribery simply turned a blind eye.
The files expose the betrayal of ordinary people in the Middle East. After Saddam Hussein was toppled, the US declared Iraq’s oil would be managed to benefit the Iraqi people. Today, in part one of the ‘Global Bribe Factory’ expose, that claim is demolished.
It is the Monaco company that almost perfected the art of corruption.
It is called Unaoil and it is run by members of the Ahsani family – Monaco millionaires who rub shoulders with princes, sheikhs and Europe’s and America’s elite business crowd.
How they make their money is simple. Oil-rich countries often suffer poor governance and high levels of corruption. Unaoil’s business plan is to play on the fears of large Western companies that they cannot win contracts without its help.
Its operatives then bribe officials in oil-producing nations to help these clients win government-funded projects. The corrupt officials might rig a tender committee. Or leak inside information. Or ensure a contract is awarded without a competitive tender.
On a semi-related note, another big story for you to go read:
How to hack an Election from someone who has done it, more than once

Researchers find flaw in Visa database

No, not that kind of Visa, the other one.
Systems run by the US State Department, that issue Travel Visas that are required for visitors from most countries to be admitted to the US
This has very important security considerations, as the application process for getting a visa is when most security checks are done
Cyber-defense experts found security gaps in a State Department system that could have allowed hackers to doctor visa applications or pilfer sensitive data from the half-billion records on file, according to several sources familiar with the matter –- though defenders of the agency downplayed the threat and said the vulnerabilities would be difficult to exploit.
Briefed to high-level officials across government, the discovery that visa-related records were potentially vulnerable to illicit changes sparked concern because foreign nations are relentlessly looking for ways to plant spies inside the United States, and terrorist groups like ISIS have expressed their desire to exploit the U.S. visa system, sources added
After commissioning an internal review of its cyber-defenses several months ago, the State Department learned its Consular Consolidated Database –- the government’s so-called “backbone” for vetting travelers to and from the United States –- was at risk of being compromised, though no breach had been detected, according to sources in the State Department, on Capitol Hill and elsewhere.
As one of the world’s largest biometric databases –- covering almost anyone who has applied for a U.S. passport or visa in the past two decades -– the “CCD” holds such personal information as applicants’ photographs, fingerprints, Social Security or other identification numbers and even children’s schools.
“Every visa decision we make is a national security decision,” a top State Department official, Michele Thoren Bond, told a recent House panel.
Despite repeated requests for official responses by ABC News, Kirby and others were unwilling to say whether the vulnerabilities have been resolved or offer any further information about where efforts to patch them now stand.
State Department documents describe CCD as an “unclassified but sensitive system.” Connected to other federal agencies like the FBI, Department of Homeland Security and Defense Department, the database contains more than 290 million passport-related records, 184 million visa records and 25 million records on U.S. citizens overseas.
“Because of the CCD’s importance to national security, ensuring its data integrity, availability, and confidentiality is vital,” the State Department’s inspector general warned in 2011.

Feedback:

Round Up:

The post One Key to Rule Them All | TechSNAP 263 first appeared on Jupiter Broadcasting.

PLAID Falls Out of Fashion | TechSNAP 239

chris — Thu, 05 Nov 2015 07:53:43 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

CISA provides no solutions, just new excuses. The new Australian smartcard system is a total disaster & why Google’s URLs are so crazy.

Plus some great questions, our answers, a rockin’ round up & much, much more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

CISA: “Cybersecurity Information (Over)Sharing Act“

On Tuesday afternoon, the Senate voted 74 to 21 to pass a version of CISA that roughly mirrors legislation passed in the House earlier this year, paving the way for some combined version of the security bill to become law.
CISA is designed to stem the rising tide of corporate data breaches by allowing companies to share cybersecurity threat data with the Department of Homeland Security, who could then pass it on to other agencies like the FBI and NSA.
But privacy advocates and civil liberties groups see CISA as a free pass that allows companies to monitor users and share their information with the government without a warrant, while offering a backdoor that circumvents any laws that might protect users’ privacy.
The version of CISA passed Tuesday, in fact, spells out that any broadly defined “cybersecurity threat” information gathered can be shared “notwithstanding any other provision of law.”
Critics of CISA say the devil is in the details, or rather in the raft of amendments that may be added to the bill before it’s passed. The Center for Democracy & Technology (CDT), a nonprofit technology policy group based in Washington, D.C., has published a comprehensive breakdown of the proposed amendments and their potential impacts.
CDT says despite some changes made to assuage privacy concerns, neither CISA as written nor any of its many proposed amendments address the fundamental weaknesses of the legislation. According to CDT, “the bill requires that any Internet user information volunteered by a company to the Department of Homeland Security for cybersecurity purposes be shared immediately with the National Security Agency (NSA), other elements of the Intelligence Community, with the FBI/DOJ, and many other Federal agencies – a requirement that will discourage company participation in the voluntary information sharing scheme envisioned in the bill.”
On the surface, efforts to increase information sharing about the latest cyber threats seem like a no-brainer.
If only there were an easier way, we are told, for companies to share so-called “indicators of compromise”
In practice, however, there are already plenty of efforts — some public, some subscription-based — to collect and disseminate this threat data.
How Krebs’ Sees it: the biggest impediment to detecting and responding to breaches in a more timely manner comes from a fundamental lack of appreciation.
The most frustrating aspect of a legislative approach to fixing this problem is that it may be virtually impossible to measure whether a bill like CISA will in fact lead to more information sharing that helps companies prevent or quash data breaches.
Rather than encouraging companies to increase their own cybersecurity standards, the professors wrote, “CISA ignores that goal and offloads responsibility to a generalized public-private secret information sharing network.”
CISA Security Bill Passes Senate With Privacy Flaws Unfixed
Additional Coverage: ThreatPost

Australian PLAID Crypto, ISO Conspiracies, and German Tanks

PLAID (Protocol for Lightweight Authentication of ID), the Australian ‘unbreakable’ smart card identification protocol has been recently analyzed in this scientific paper
Technically, the protocol is a disaster. In addition to many questionable design choices, we found ways for tracing user identities and recover card access capabilities. The attacks are efficient (few seconds on ‘home’ hardware in some cases), and involve funny techniques such as RSA moduli fingerprinting and… German tanks. See this entry on Matt Green’s crypto blog for a pleasant-to-read explanation.
PDF: Unpicking PLAID: A Cryptographic Analysis of an ISO-standards-track Authentication Protocol
“when a reader queries the card, the reader initially transmits a set of capabilities that it will support (e.g., ‘hospital’, ‘bank’, ‘social security center’). If the PLAID card has been provisioned with a matching public key, it goes ahead and uses it. If no matching key is found, however, the card does not send an error — since this would reveal user-specific information. Instead, it fakes a response by encrypting junk under a special ‘dummy’ RSA public key (called a ‘shill key’) that’s stored within the card. And herein lies the problem.”
“You see, the ‘shill key’ is unique to each card, which presents a completely new avenue for tracking individual cards. If an attacker can induce an error and subsequently fingerprint the resulting RSA ciphertext — that is, figure out which shill key was used to encipher it — they can potentially identify your card the next time they encounter you.”
“To distinguish the RSA moduli of two different cards, the researchers employed of an old solution to a problem called the German Tank Problem. As the name implies, this is a real statistical problem that the allies ran up against during WWII. The problem can be described as follows: Imagine that a factory is producing tanks, where each tank is printed with a sequential serial number in the ordered sequence 1, 2, …, N. Through battlefield captures you then obtain a small and (presumably) random subset of k tanks. From the recovered serial numbers, your job is to estimate N, the total number of tanks produced by the factory.”
But the story behind PLAID’s standardization is possibly even more disturbing. PLAID was pushed into ISO with a so-called “fast track” procedure. Technical loopholes made it possible to cut off from any discussion the ISO groups responsible for crypto and security analysis. Concerns from tech-savvy experts in the other national panels were dismissed or ignored.
The author of the post contacted ISO and CERT Australia before going public with our paper, but all we got was a questionable and somewhat irate response (PDF) by PLAID’s project editor (our reply here). Despite every possible evidence of bad design, PLAID is now approved as ISO standard, and is coming to you very soon inside security products which will advertise non-existing privacy capabilities.
The detailed story of PLAID in the paper is worth a read, and casts many doubts on the efficacy of the most important standardizing body in the world. It is interesting to see how a “cryptography” product can be approved at ISO without undergoing any real security scrutiny.
A Few Thoughts on Cryptographic Engineering: Attack of the Week: Unpicking PLAID
Bruce Schneier: Amateurs Produce Amateur Cryptography

Unguessable URLs for security and privacy

This post on Bruce Schneier’s blog talks about how Google uses unguessable URLs to protect the photos you post
Additional Coverage — The Verge: Google secures photos using public but unguessable URLs
If you look at some of your private photos in “Google Photos”, you can right click on a photo, and copy the source URL
That is a public URL, that anyone can access, if you share it
The photos are available to anyone who types in the right string of characters
The key is that that string of characters, is very long
“So why is that public URL more secure than it looks? The short answer is that the URL is working as a password. Photos URLs are typically around 40 characters long, so if you wanted to scan all the possible combinations, you’d have to work through 1070 different combinations to get the right one, a problem on an astronomical scale.”
“There are enough combinations that it’s considered unguessable, It’s much harder to guess than your password”
The same applies to facebook photos. If I have access to someone else’s photo, but the person I want to share it with does not (even have a facebook account), I can copy the source URL, rather than the facebook viewer URL, and share it with them
Because traffic to and from Google Photos, and Facebook, is encrypted with HTTPS, someone cannot get the URLs of those photos by sniffing your traffic
They could get the data from your browser history, or in other ways if your machine was compromised, but in those cases they’d have access to the photos anyway
The only real problem here is that it can be hard to ‘revoke’ access to a photo. If you give this unguessable but public URL to someone, they can share it as much as they want, completely outside of your control
Also, because CDNs and caches are used, even if you delete a photo, it might still be accessible by that URL, if someone already knows it
Schneier notes: “It’s a perfectly valid security measure, although unsettling to some”

Feedback:

Complicate FreeNAS box or Combine with Linux?
Encrypting Windows Workstations. Want to use Bitlocker, but some machines don’t have a TPM chip.
Connecting 2 FreeNAS over the internet
PHP-FPM 100% CPU Load
Book Review: “FreeBSD Mastery: ZFS”
Buy your copy at: https://www.zfsbook.com/

Round up:

The post PLAID Falls Out of Fashion | TechSNAP 239 first appeared on Jupiter Broadcasting.

National Security Breaking Agency | TechSNAP 236

chris — Thu, 15 Oct 2015 18:03:54 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

How the NSA might be breaking Crypto, fresh zero day exploit against Flash with a twist & Keylogging before computers.

Plus a great batch of your questions, a rocking round-up & much more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

How might the NSA be breaking crypto?

“There have been rumors for years that the NSA can decrypt a significant fraction of encrypted Internet traffic. In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a “computing breakthrough” that gave them “the ability to crack current public encryption.” The Snowden documents also hint at some extraordinary capabilities: they show that NSA has built extensive infrastructure to intercept and decrypt VPN traffic and suggest that the agency can decrypt at least some HTTPS and SSH connections on demand. However, the documents do not explain how these breakthroughs work, and speculation about possible backdoors or broken algorithms has been rampant in the technical community.”
“Yesterday at ACM CCS, one of the leading security research venues, we and twelve coauthors presented a paper that we think solves this technical mystery.”
PDF: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
“The key is, somewhat ironically, Diffie-Hellman key exchange, an algorithm that we and many others have advocated as a defense against mass surveillance. Diffie-Hellman is a cornerstone of modern cryptography used for VPNs, HTTPS websites, email, and many other protocols. Our paper shows that, through a confluence of number theory and bad implementation choices, many real-world users of Diffie-Hellman are likely vulnerable to state-level attackers.”
“If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. There seemed to be no reason why everyone couldn’t just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes. But there was a very important detail that got lost in translation between the mathematicians and the practitioners: an adversary can perform a single enormous computation to “crack” a particular prime, then easily break any individual connection that uses that prime.”
“For the most common strength of Diffie-Hellman (1024 bits), it would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year.”
“Would this be worth it for an intelligence agency? Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous. Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections.”
“Based on the evidence we have, we can’t prove for certain that NSA is doing this. However, our proposed Diffie-Hellman break fits the known technical details about their large-scale decryption capabilities better than any competing explanation. For instance, the Snowden documents show that NSA’s VPN decryption infrastructure involves intercepting encrypted connections and passing certain data to supercomputers, which return the key. The design of the system goes to great lengths to collect particular data that would be necessary for an attack on Diffie-Hellman but not for alternative explanations, like a break in AES or other symmetric crypto. While the documents make it clear that NSA uses other attack techniques, like software and hardware “implants,” to break crypto on specific targets, these don’t explain the ability to passively eavesdrop on VPN traffic at a large scale.”
“8.4% of Alexa Top 1M HTTPS domains allow DHE_EXPORT, of which 92.3% use one of the two most popular primes”
“After a week-long precomputation for each of the two top export-grade primes (see Table 1), we can quickly break any key exchange that uses them. Here we show times for computing 3,500 individual logs; the median is 70 seconds.”
“Our calculations suggest that it is plausibly within NSA’s resources to have performed number field sieve precomputations for at least a small number of 1024-bit Diffie-Hellman groups. This would allow them to break any key exchanges made with those groups in close to real time. If true, this would answer one of the major cryptographic questions raised by the Edward Snowden leaks: How is NSA defeating the encryption for widely used VPN protocols?”
If the NSA has precomputed just one DH 1024 group, they would be able to compromise 37% of the HTTPS traffic to the top 1 million sites using an active downgrade attack. If they have precomputed the ten most popular DH 1024 groups, that number increases to 56%
When applied to VPNs, the single most popular DH 1024 group would comprise 66% of all traffic. For SSH, the number is 25%. For both VPN and SSH, the top 10 does not increase the likelihood of compromise, this suggests that outside of a specific very popular 1024 bit group, most other sites do not reuse the same group as others.
“we performed a scan in which we mimicked the algorithms offered by OpenSSH 6.6.1p1, the latest version of OpenSSH. In this scan, 21.8% of servers preferred the 1024-bit Oakley Group 2, and 37.4% preferred a server-defined group. 10% of the server-defined groups were 1024-bit, but, of those, near all provided Oakley Group 2 rather than a custom group”
Recommendations from the paper:
- Transition to elliptic curves: Transitioning to elliptic curve Diffie-Hellman (ECDH) key exchange with appropriate parameters avoids all known feasible cryptanalytic attacks
- Increase minimum key strengths: Server operators should disable DHE_EXPORT and configure DHE ciphersuites to use primes of 2048 bits or larger.
- Avoid fixed-prime 1024-bit groups: For implementations that must continue to use or support 1024-bit groups for compatibility reasons, generating fresh groups may help mitigate some of the damage caused by NFS-style precomputation for very common fixed groups.
- Don’t deliberately weaken crypto: Our downgrade attack on export-grade 512-bit Diffie-Hellman groups in TLS illustrates the fragility of cryptographic “front doors”. Although the key sizes originally used in DHE_EXPORT were intended to be tractable only to NSA, two decades of algorithmic and computational improvements have significantly lowered the bar to attacks on such key sizes.
“Prior to our work, Internet Explorer, Chrome, Firefox, and Opera all accepted 512-bit primes, whereas Safari allowed groups as small as 16 bits. As a result of our disclosures, Internet Explorer, Firefox, and Chrome are transitioning the minimum size of the DHE groups they accept to 1024 bits, and OpenSSL and Safari are expected to follow suit.”
Additional information from the researchers site WeakDH.org
Sysadmin’s guide to securing your servers

https://www.onlinemeetingnow.com/register/?id=pmsy0fu2ck&inf_contact_key=c3de960e4fc660a9c3744ecc74a608bdde91a80fc9d58288c71bfd6d9c0209ad

Fresh Zero Day exploit against fully patched Adobe Flash

Just last week, we were commenting on how quiet things have been on the Adobe Flash front
Sorry for jinxing it for everyone
This zero day exploit even affects Flash version 19.0.0.207 which was released on Tuesday
Adobe expects to release a patch that fixes the Zero day some time next week
“Attackers are exploiting a previously unknown vulnerability in fully patched versions of Adobe’s Flash Player so they can surreptitiously install malware on end users’ computers”
“So far, the attacks are known to target only government agencies as part of a long-running espionage campaign carried out by a group known as Pawn Storm, researchers from antivirus provider Trend Micro said in a blog post published Tuesday. It’s not unusual for such zero-day exploits to be more widely distributed once the initial element of surprise wanes. The critical security flaw is known to reside in Flash versions 19.0.0.185 and 19.0.0.207 and may also affect earlier versions. At this early stage, no other technical details are available”
“In this most recent campaign of Pawn Storm, several Ministries of Foreign Affairs received spear phishing e-mails. These contain links to sites that supposedly contain information about current events, but in reality, these URLs hosted the exploit”
In this wave of attacks, the emails were about the following topics:
- “Suicide car bomb targets NATO troop convoy Kabul”
“Syrian troops make gains as Putin defends air strikes”
“Israel launches airstrikes on targets in Gaza”
“Russia warns of response to reported US nuke buildup in Turkey, Europe”
“US military reports 75 US-trained rebels return Syria”
The most startling thing here is that you would not expect government employees to get such news via email, so they should know better than to fall for emails with these subjects or follow links with such headlines.
“It’s worth noting that the URLs hosting the new Flash zero-day exploit are similar to the URLs seen in attacks that targeted North Atlantic Treaty Organization (NATO) members and the White House in April this year.”
It will be interesting to see if any of the exploit kits manage to pick up this Zero-day before the patch is released
This attack is currently focused on the government, and the attackers likely want to keep their zero-day to themselves
Once a fix is released, I would expect the regular malware authors to reverse engineer the fix to find the exploit, and see this added to the regular exploit kits
Additional Coverage: Krebs

Keylogging before computers: How Soviets used IBM Selectric keyloggers to spy on US diplomats

“A National Security Agency memo that recently resurfaced a few years after it was first published contains a detailed analysis of what very possibly was the world’s first keylogger—a 1970s bug that Soviet spies implanted in US diplomats’ IBM Selectric typewriters to monitor classified letters and memos.”
“The electromechanical implants were nothing short of an engineering marvel. The highly miniaturized series of circuits were stuffed into a metal bar that ran the length of the typewriter, making them invisible to the naked eye. The implant, which could only be seen using X-ray equipment, recorded the precise location of the little ball Selectric typewriters used to imprint a character on paper. With the exception of spaces, tabs, hyphens, and backspaces, the tiny devices had the ability to record every key press and transmit it back to Soviet spies in real time.”
“The Soviet implants were discovered through the painstaking analysis of more than 10 tons’ worth of equipment seized from US embassies and consulates and shipped back to the US. The implants were ultimately found inside 16 typewriters used from 1976 to 1984 at the US embassy in Moscow and the US consulate in Leningrad. The bugs went undetected for the entire eight-year span and only came to light following a tip from a US ally whose own embassy was the target of a similar eavesdropping operation.”
“”Despite the ambiguities in knowing what characters were typed, the typewriter attack against the US was a lucrative source of information for the Soviets,” an NSA document, which was declassified several years ago, concluded. “It was difficult to quantify the damage to the US from this exploitation because it went on for such a long time.” The NSA document was published here in 2012. Ars is reporting the document because it doesn’t appear to have been widely covered before and generated a lively conversation Monday on the blog of encryption and security expert Bruce Schneier.”
“When the implant was first reported, one bugging expert cited in Discover magazine speculated that it worked by measuring minute differences in the time it took each character to be imprinted. That theory was based on the observation that the time the Selectric ball took to complete a rotation was different for each one. A low-tech listening device planted in the room would then transmit the sounds of a typing Selectric to a Soviet-operated computer that would reconstruct the series of key presses.”
“In fact, the implant was far more advanced and worked by measuring the movements of the “bail,” which was the term analysts gave to the mechanical arms that controlled the pitch and rotation of the ball.”
“In reality, the movement of the bails determined which character had been typed because each character had a unique binary movement corresponding to the bails. The magnetic energy picked up by the sensors in the bar was converted into a digital electrical signal. The signals were compressed into a four-bit frequency select word. The bug was able to store up to eight four-bit characters. When the buffer was full, a transmitter in the bar sent the information out to Soviet sensors.”
“There was some ambiguity in determining which characters had been typed. NSA analysts using the laws of probability were able to figure out how the Soviets probably recovered text. Other factors which made it difficult to recover text included the following: The implant could not detect characters that were typed without the ball moving. If the typist pressed space, tab shift, or backspace, these characters were invisible to the implant. Since the ball did not move or tilt when the typist pressed hyphen because it was located at the ball’s home position, the bug could not read this character either.”
“The implants were also remarkable for the number of upgrades they received. Far from being a static device that was built once and then left to do its job, the bugs were constantly refined.”
“There were five varieties or generations of bugs. Three types of units operated using DC power and contained either eight, nine, or ten batteries. The other two types operated from AC power and had beacons to indicate whether the typewriter was turned on or off. Some of the units also had a modified on and off switch with a transformer, while others had a special coaxial screw with a spring and lug. The modified switch sent power to the implant. Since the battery-powered machines had their own internal source of power, the modified switch was not necessary. The special coaxial screw with a spring and lug connected the implant to the typewriter linkage, and this linkage was used as an antenna to transmit the information as it was being typed. Later battery-powered implants had a test point underneath an end screw. By removing the screw and inserting a probe, an individual could easily read battery voltage to see if the batteries were still active.”
“The devices could be turned off to avoid detection when the Soviets knew inspection teams were in close proximity. Newer devices operated by the US may have had the ability to detect the implants, but even then an element of luck would have been required, since the infected typewriter would have to be turned on, the bug would have to be turned on, and the analyzer would have to be tuned to the right frequency. To lower this risk, Soviet spies deliberately designed the devices to use the same frequency band as local television stations.”
I thought this was an interesting example of how espionage works and how hard it can be to detect

Feedback:

2gbps with direct connections?
- ifconfig lagg0 create
- ifconfig lagg0 laggproto roundrobin laggport igb0 laggport igb1
- ifconfig lagg0 192.168.101.1/24
VLAN Basics
PHP-FPM Tweaking
Remote PC power on
- APC AP7900 is $600+, but can be cheap on ebay

Round Up:

The post National Security Breaking Agency | TechSNAP 236 first appeared on Jupiter Broadcasting.

Ripping me a new Protocol | TechSNAP 221

chris — Thu, 02 Jul 2015 19:05:26 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Amazon has a new TLS implementation & the details look great, we’ll share them with you. The technology that powers the NSA’s XKEYSCORE you could have deployed yourself.

Some fantastic questions, a big round up & much, much more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Amazon releases s2n, a new TLS implementation

s2n (signal2noise) is a brand new implementation of the TLS protocol in only ~6000 lines of code
It has been fully audited, and will be re-audited once per year, paid for by Amazon
It does not replace OpenSSL, as it only implements the TLS protocol (libssl) not the crypto primitives and algorithms (libcrypto). s2n can be built against any of the various libcrypto implementations, including: OpenSSL, LibreSSL, BoringSSL, and the Apple Common Crypto framework
The API appears to be very easy to use, and prevent many common errors
The client side of the library is not ready for use yet
Features:
- “s2n encrypts or erases plaintext data as quickly as possible. For example, decrypted data buffers are erased as they are read by the application.”
- “s2n uses operating system features to protect data from being swapped to disk or appearing in core dumps.”
- “s2n avoids implementing rarely used options and extensions, as well as features with a history of triggering protocol-level vulnerabilities. For example there is no support for session renegotiation or DTLS.”
- “s2n is written in C, but makes light use of standard C library functions and wraps all memory handling, string handling, and serialization in systematic boundary-enforcing checks.”
- “The security of TLS and its associated encryption algorithms depends upon secure random number generation. s2n provides every thread with two separate random number generators. One for “public” randomly generated data that may appear in the clear, and one for “private” data that should remain secret. This approach lessens the risk of potential predictability weaknesses in random number generation algorithms from leaking information across contexts. “
One of the main features is that, instead of having to specify which set of crypto algorithms you want to prefer, in what order, as we have discussed doing before for OpenSSL (in apache/nginx, etc), to can either use ‘default’, which will change with the times, or a specific snapshot date, that corresponds to what was the best practise at that time
Github Page
Additional Coverage – ThreatPost
It will be interesting to see how this compares with the new TLS API offered by LibreSSL, and which direction various applications choose to go.

How the NSA’s XKEYSCORE works

“The NSA’s XKEYSCORE program, first revealed by The Guardian, sweeps up countless people’s Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from fiber optic cables that make up the backbone of the world’s communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers.”
“XKEYSCORE allows for incredibly broad surveillance of people based on perceived patterns of suspicious behavior. It is possible, for instance, to query the system to show the activities of people based on their location, nationality and websites visited. For instance, one slide displays the search “germansinpakistn,” showing an analyst querying XKEYSCORE for all individuals in Pakistan visiting specific German language message boards.”
“The sheer quantity of communications that XKEYSCORE processes, filters and queries is stunning. Around the world, when a person gets online to do anything — write an email, post to a social network, browse the web or play a video game — there’s a decent chance that the Internet traffic her device sends and receives is getting collected and processed by one of XKEYSCORE’s hundreds of servers scattered across the globe.”
“In order to make sense of such a massive and steady flow of information, analysts working for the National Security Agency, as well as partner spy agencies, have written thousands of snippets of code to detect different types of traffic and extract useful information from each type, according to documents dating up to 2013. For example, the system automatically detects if a given piece of traffic is an email. If it is, the system tags if it’s from Yahoo or Gmail, if it contains an airline itinerary, if it’s encrypted with PGP, or if the sender’s language is set to Arabic, along with myriad other details.”
You might expect some kind of highly specialized system to be required to do all of this, but that is not the case:
“XKEYSCORE is a piece of Linux software that is typically deployed on Red Hat servers. It uses the Apache web server and stores collected data in MySQL databases. File systems in a cluster are handled by the NFS distributed file system and the autofs service, and scheduled tasks are handled by the cron scheduling service. Systems administrators who maintain XKEYSCORE servers use SSH to connect to them, and they use tools such as rsync and vim, as well as a comprehensive command-line tool, to manage the software.”
The security of the system is also not as good as than you might imagine:
“Analysts connect to XKEYSCORE over HTTPS using standard web browsers such as Firefox. Internet Explorer is not supported. Analysts can log into the system with either a user ID and password or by using public key authentication.”
“When systems administrators log into XKEYSCORE servers to configure them, they appear to use a shared account, under the name “oper.” Adams notes, “That means that changes made by an administrator cannot be logged.” If one administrator does something malicious on an XKEYSCORE server using the “oper” user, it’s possible that the digital trail of what was done wouldn’t lead back to the administrator, since multiple operators use the account.”
“There appears to be another way an ill-intentioned systems administrator may be able to cover their tracks. Analysts wishing to query XKEYSCORE sign in via a web browser, and their searches are logged. This creates an audit trail, on which the system relies to assure that users aren’t doing overly broad searches that would pull up U.S. citizens’ web traffic. Systems administrators, however, are able to run MySQL queries. The documents indicate that administrators have the ability to directly query the MySQL databases, where the collected data is stored, apparently bypassing the audit trail.”
The system is not well designed, and could likely have been done better with existing open source tools, or commercial software designed to classify web traffic
“When data is collected at an XKEYSCORE field site, it is processed locally and ultimately stored in MySQL databases at that site. XKEYSCORE supports a federated query system, which means that an analyst can conduct a single query from the central XKEYSCORE website, and it will communicate over the Internet to all of the field sites, running the query everywhere at once.”
Your traffic is analyzed and will probably match a number of classifiers. The most specific classifier is added as a tag to your traffic. Eventually (3-5 days), your actual traffic is deleted to make room for newer traffic, but the metadata (those tags) are kept for 30-45 days
“This is done by using dictionaries of rules called appIDs, fingerprints and microplugins that are written in a custom programming language called GENESIS. Each of these can be identified by a unique name that resembles a directory tree, such as “mail/webmail/gmail,” “chat/yahoo,” or “botnet/blackenergybot/command/flood.””
“One document detailing XKEYSCORE appIDs and fingerprints lists several revealing examples. Windows Update requests appear to fall under the “update_service/windows” appID, and normal web requests fall under the “http/get” appID. XKEYSCORE can automatically detect Airblue travel itineraries with the “travel/airblue” fingerprint, and iPhone web browser traffic with the “browser/cellphone/iphone” fingerprint.”
“To tie it all together, when an Arabic speaker logs into a Yahoo email address, XKEYSCORE will store “mail/yahoo/login” as the associated appID. This stream of traffic will match the “mail/arabic” fingerprint (denoting language settings), as well as the “mail/yahoo/ymbm” fingerprint (which detects Yahoo browser cookies).”
“Sometimes the GENESIS programming language, which largely relies on Boolean logic, regular expressions and a set of simple functions, isn’t powerful enough to do the complex pattern-matching required to detect certain types of traffic. In these cases, as one slide puts it, “Power users can drop in to C++ to express themselves.” AppIDs or fingerprints that are written in C++ are called microplugins.”
All of this information is based on the Snowden leaks, and is from any years ago
“If XKEYSCORE development has continued at a similar pace over the last six years, it’s likely considerably more powerful today.”
Part 2 of Article

[SoHo Routers full of fail]

Home Routers that still support RIPv1 used in DDoS reflection attacks

RIPv1 is a routing protocol released in 1988 that was deprecated in 1996
It uses UDP and so an attacker can send a message to a home router with RIP enabled from a spoofed IP address, and that router will send the response to the victim, flooding their internet connection
““Since a majority of these sources sent packets predominantly of the 504-byte size, it’s pretty clear as to why they were leveraged for attack purposes. As attackers discover more sources, it is possible that this vector has the potential to create much larger attacks than what we’ve observed thus far,” the advisory cautions, pointing out that the unused devices could be put to work in larger and more distributed attacks.”
“Researchers at Akamai’s Prolexic Security Engineering and Research Team (PLXsert) today put out an advisory about an attack spotted May 16 that peaked at 12.9 Gbps. Akamai said that of the 53,693 devices that responded to RIPv1 queries in a scan it conducted, only 500 unique sources were identified in the DDoS attack. None of them use authentication, making them easy pickings.”
Akamai identified Netopia 2000 and 3000 series routers as the biggest culprits still running the vulnerable and ancient RIPv1 protocol on devices. Close to 19,000 Netopia routers responded in scans conducted by Akamai, which also noted that more than 5,000 ZET ZXv10 and TP-Link TD-8000 series routers collectively responded as well. Most of the Netopia routers, Akamai said, are issued by AT&T to customers in the U.S. BellSouth and MegaPath also distribute the routers, but to a much lesser extent.

Home Routers used to host Malware

Home routers were found to be hosting the Dyre malware
Symantec Research Paper of Dyre
Affected routers include MikroTik and Ubiquiti’s AirOS, which are higher end routers geared towards “power user” and small businesses
“We have seen literally hundreds of wireless access points, and routers connected in relation to this botnet, usually AirOS,” said Bryan Campbell, lead threat intelligence analyst at Fujitsu. “The consistency in which the botnet is communicating with compromised routers in relation to both distribution and communication leads us to believe known vulnerabilities are being exploited in the firmware which allows this to occur.”
“Campbell said it’s not clear why so many routers appear to be implicated in the botnet. Perhaps the attackers are merely exploiting routers with default credentials (e.g., “ubnt” for both username and password on most Ubiquiti AirOS routers). Fujitsu also found a disturbing number of the systems in the botnet had the port for telnet connections wide open.”

Feedback:

ZFS with 4K drives?
ZFS Replication Between FreeNAS and Linux
Splitting a pool
DNS Transfer Email Downtime Followup
FreeBSD Mastery: ZFS — Not just about ZFS

Round Up:

The post Ripping me a new Protocol | TechSNAP 221 first appeared on Jupiter Broadcasting.

E3 Pre-Show | Tech Talk Today 5

chris — Mon, 09 Jun 2014 10:01:37 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Microsoft’s big announcement is moments away, and we round up the expectations and potential surprises from the event. Plus Popcorn time gives users a built in VPN, Crypto ransomware for Android and more!

Direct Download:

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a Tech Talk Today supporter on Patreon:

Show Notes:

Headlines

How to Watch Microsoft\’s E3 Show Live, and What to Expect

Microsoft\’s E3 event is its biggest opportunity to distinguish the Xbox One from the PlayStation 4 and help close the gap on Sony\’s sales lead. Still, with a newly-appointed CEO and Phil Spencer now heading the company\’s Xbox division, there\’s no telling what Microsoft has in store

\’Popcorn Time\’ Gives Users Anonymity With a Free Built-In VPN

One of the Popcorn Time forks has included a free VPN option in its software, allowing users to hide their IP-addresses from the public, This feature is a response to copyright trolls, who regularly send settlement requests to users who pirate movies via BitTorrent.

“WARNING Your phone is locked!” Crypto ransomware makes its debut on Android

Security researchers have documented another first in the annals of Android malware: a trojan that encrypts photos, videos, and documents stored on a device and demands a ransom for them to be restored.

Google Chrome overtakes Microsoft\’s Internet Explorer as most-used US web browser

A report released by Adobe Digital Index (ADI) analyzing the market share of web browsers has shown Google\’s freeware is up 6 percent year-over-year, trouncing Internet Explorer – once a lone internet leader – which is sitting at 30.9 percent.

Support Tech Talk Today creating DAILY PODCASTS

Feedback:

Twitter / jphilipz: @ChrisLAS please add rss feeds

Unfilter Shirt: Unfilter Episode 100 Shirt! | Teespring

Hosts:

Guest:

Twitter Nunes

Chris:

The post E3 Pre-Show | Tech Talk Today 5 first appeared on Jupiter Broadcasting.

SSL Heartbreak | TechSNAP 157

chris — Thu, 10 Apr 2014 17:43:12 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We break down the critical flaw in OpenSSL, and explain why the Heartbleed catastrophe impacts so many systems we use. the timeline of events, and more.

Plus your great questions, our answers, and much much more.

On this week’s TechSNAP!

Thanks to:

Direct Download:

RSS Feeds:

— Show Notes: —

Critical flaw in OpenSSL discloses usernames, passwords and possibly encryption keys

Two separate groups of researchers discovered a disastrous flaw in OpenSSL, the cryptographic library that protects almost all information on the Internet.
The flaw is in the rarely used OpenSSL feature ‘heartbeat’ which allows the client to send a block of data to the server and have it returned to the client, keeping the connection and session alive
The flaw stems from a missing security check, where the software assumes that the ‘length’ of the data send by the client matches the length the client included in the header. When the actual length of the data sent by the client is less than that size, the software returns a larger chunk of memory that intended, disclosing the contents of segments of memory that were recently freed
This flaw allows an attacker to send a malformed request and in response get up to a 64kb chunk of memory from the server that may contain sensitive information
There are a number of proof-of-concept tools out there, and when used against an HTTPS server, they often return the HTTP headers of recent requests, which can include POST data (usernames, password, private emails) as well as cookies and other data that could be used for session hijacking
There also exists the possibility that by brute forcing this exploit an attacker may get some or all of the private key used to decrypt data sent to the server over TLS. In the common case of sessions that lack the newer PFS (Perfect Forward Secrecy) feature, if an attacker managed to compromise the private key, they would be able to decrypt all traffic that was ever encrypted to that key
It is possible that even PFS sessions may be compromised, if the flaw also leaks the temporary tokens used to make PFS sessions unique
People I’ve talked to have managed to compromise data from their own servers using only very basic tools, including capturing the admin username and password for a router and hijacking a web forum session
Because of the risk that the private key for the SSL certificate was compromised, the proper course of action after patching all of the servers and applications, is to re-key the certificate (generate a new private key, and get a fresh certificate signed), and then revoke the old certificate. It is unclear how well the root CAs will handle the load caused by this, or how the CRL and/or OCSP infrastructures will handle the mass revocation of keys
Luckily, the root CA keys are not likely to have been compromised, as they will not have been on servers exposed to the Internet
OpenSSL provides SSL/TLS for protocols such as HTTPS (encrypted HTTP, used for online banking, logging in to services including gmail and facebook), IMAP/SMTP and POP3 (encryption for email delivery. This affects all email, and especially the usernames and passwords used to access email), chat servers (IRC and XMPP), many types of VPN (SSL VPNs like OpenVPN) and much more
The flaw was originally discovered by Neel Mehta of Google Security, and around the same time was independently discovered by Riku, Antti and Matti at Codenomicon. The fix was written by Adam Langley agl@chromium.org and Bodo Moeller bmoeller@acm.org
OpenSSL versions 1.0.1 through 1.0.1f (including 1.01-beta) are vulnerable. 1.0.2-beta1 is also vulnerable. Versions 1.0.0 and 0.9.8 are not affected. All users of 1.0.1 are encouraged in the strongest terms to upgrade to OpenSSL 1.0.1g (or 1.0.2-beta2).
Questions are being raised about the fumbling of the responsible disclosure. It seems some companies like CloudFlair and CacheFly were notified as much as a week before anyone else.
Amazon appears to have not been given any advanced warning – A later post describes steps customers should take
Also, the security officers of major open source projects including all of the BSDs, Debian/Ubuntu, Suse etc, received absolutely no advanced warning, just the initial security advisory.
It appears that RedHat has approximately 2 days warning because one of the OpenSSL developers is also on their security team
The researchers at Codenomicon notified the National Cyber Security Centre Finland (NCSC-FI) and tasked them with coordinating the disclosure to OpenSSL, operating system vendors (which should have included the various BSD and Linux projects), appliance and service vendors (Amazon, Cisco, CloudFlare etc)
The issue appears to be that while the responsible disclosure was being organized, someone leaked the information and forced OpenSSL to issue the advisory. This was followed quickly by the publishing of the heartbleed.com website (by the researchers at Codenomicon) and the CloudFlare blog post.
It is unclear why CloudFlare was notified, but Amazon and most open source operating systems were not
CloudFlare Blog Post features a very long comment thread
Long thread discussing the issue on the Open Source Software Security list
Insight on the FreeBSD security process
Timeline:
- 2012-01-03 – OpenSSL 1.0.1-beta1 is available
- 2012-03-14 – OpenSSL 1.0.1 is released, first GA version with heartbeat support
- (sometime prior to 2014-04-05): Researchers at Codenomicon and Google discover the flaw. The flaw is reported to NCSC-FI (CERT) and OpenSSL
- 2014-04-07 05:56 – Huzaifa Sidhpurwala (RedHat) add a bug to Red Hat bugzilla
- 2014-04-07 06:10 – Huzaifa Sidhpurwala sends a mail to linux distros list with no details but an offer to request them privately
- 2014-04-07 11:34 – Timestamp on RedHat OpenSSL 1.0.1g build
- 2014-04-07 ??:?? – Information about the bug leaks, forces OpenSSL to issue advisory immediately
- 2014-04-07 16:53 – Fix is committed to OpenSSL git
- 2014-04-07 17:27 – OpenSSL releases advisory
- 2014-04-07 18:00 – CloudFlare posts blog entry (claiming they were notified a week ago)
- 2014-04-07 19:00 – Heartbleed.com is published
- 2014-04-09 – The planned disclosure of the bug was to happen here
Vulnerable:
- Debian Wheezy (stable) (OpenSSL 1.0.1e-2+deb7u4)
- Ubuntu 12.04.4 LTS (OpenSSL 1.0.1-4ubuntu5.11)
- CentOS 6.5 (OpenSSL 1.0.1e-15)
- Fedora 18 (OpenSSL 1.0.1e-4)
- OpenBSD 5.3 and 5.4 (OpenSSL 1.0.1c 10 May 2012)
- FreeBSD 10.0 (OpenSSL 1.0.1e 11 Feb 2013)
- NetBSD 5.0.2 (OpenSSL 1.0.1e)
- OpenSUSE 12.2 (OpenSSL 1.0.1c)
Not Vulnerable:
- Debian Squeeze (oldstable) (OpenSSL 0.9.8o-4squeeze14)
- SUSE Linux Enterprise Server
- FreeBSD 8.4 (OpenSSL 0.9.8y 5 Feb 2013)
- FreeBSD 9.2 (OpenSSL 0.9.8y 5 Feb 2013)
- FreeBSD Ports – OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)
It is not clear how many appliances are vulnerable, but many consumer grade appliances are likely to be vulnerable and unlikely to receive a fix. If the only solution for these devices is to throw them in the trash and replace them, the issue remains that it would likely take 2-12 months for fresh embedded devices to make it to stores where users could buy new ones
Analysis:
- Reddit conspiracy theory – Suggest PHK was right. Did the NSA/GCHQ pay someone to insert this flaw in OpenSSL?
- Bruce Schneier – Heartbleed is a catastrophic bug in OpenSSL
- Theo de Raadt – OpenSSL has mitigation counter measures to break the operating systems ability to mitigate such attacks
- Ted Unangst – Why this didn’t have to happen
- Ted Unangst – Fixing the mitigation counter measures
- Brian Krebs – heartbleed exposes web traffic
- Brian Krebs – heartbleed, what can you do?
- Elastica – Video explaing heartbleed
- Sean Cassidy – Diagnosis of Heart Bleed
- Matthew Green – Attack of the week: OpenSSL Heartbleed
- Matthew Sullivan – Hijacking user sessions with the Heartbleed vulnerability
- EFF – Possibile evidence that HeartBleed was used by Intelligence Agencies last year
- [RETRACTED] Errata Security – Why heartbleed doesn’t leak private keys
- The Hacker News OpenSSL Game
- List of sites that were vulnerable
- XKCD
Canada Halts Online Tax-Filing Services
The Heartbleed Hit List: The Passwords You Need to Change Right Now
Additional Coverage – The Register
Additional Coverage – Washington Post
Additional Coverage – ThreatPost
IDS Signature for detecting heartbleed
What you should know about heartbleed
Critical crypto bug exposes Yahoo Mail, other passwords Russian roulette-style
FreeBSD Security Advisory

Feedback:

Round Up:

The post SSL Heartbreak | TechSNAP 157 first appeared on Jupiter Broadcasting.

Talkin’ Tox | LINUX Unplugged 30

chris — Tue, 04 Mar 2014 17:06:42 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Two developers from the TOX project, an open source secure Skype killer join us to discuss their new project, the future, and how they hope to become your new messaging system.

Plus getting more battery life out of a Linux laptop, the Steam problem, and your feedback.

Thanks to:

Direct Download:

RSS Feeds:

Show Notes:

FU

Tox

NaCl (pronounced \”salt\”) is a new easy-to-use high-speed software library
for network communication, encryption, decryption, signatures, etc. NaCl\’s goal is to provide all of the core operations needed to build higher-level cryptographic tools.

Mailsack:

The post Talkin' Tox | LINUX Unplugged 30 first appeared on Jupiter Broadcasting.

Cryptocrystalline | BSD Now 16

chris — Fri, 20 Dec 2013 10:53:55 +0000

We\’ll be showing you how to do a fully-encrypted installation of FreeBSD and OpenBSD. We also have an interview with Damien Miller – one of the lead developers of OpenSSH – about some recent crypto changes in the project. If you\’re into data security, today\’s the show for you. The latest news and all your burning questions answered, right here on BSD Now – the place to B.. SD.

Thanks to:

iXsystems: This is what 80 cores and 1TB of RAM looks like!

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Secure communications with OpenBSD and OpenVPN

Starting off today\’s theme of encryption…
A new blog series about combining OpenBSD and OpenVPN to secure your internet traffic
Part 1 covers installing OpenBSD with full disk encryption (which we\’ll be doing later on in the show)
Part 2 covers the initial setup of OpenVPN certificates and keys
Parts 3 and 4 are the OpenVPN server and client configuration
Part 5 is some updates and closing remarks

FreeBSD Foundation Newsletter

The December 2013 semi-annual newsletter was sent out from the foundation
In the newsletter you will find the president\’s letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored
The president\’s letter alone is worth the read, really amazing
Really long, with lots of details and stories from the conferences and projects

Use of NetBSD with Marvell Kirkwood Processors

Article that gives a brief history of NetBSD and how to use it on an IP-Plug computer
The IP-Plug is a \”multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger).\”
Really cool little NetBSD ARM project with lots of graphs, pictures and details

Experimenting with zero-copy network IO

Long blog post from Adrian Chad about zero-copy network IO on FreeBSD
Discusses the different OS\’ implementations and options
He\’s able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn\’t stopping there
Tons of details, check the full post

Interview – Damien Miller – djm@openbsd.org / @damienmiller

Cryptography in OpenBSD and OpenSSH

Full disk encryption in FreeBSD & OpenBSD

Shows how to install both FreeBSD and OpenBSD with full disk encryption
We\’ll be using geli and bioctl and doing it step by step

News Roundup

OpenZFS office hours

Our buddy George Wilson sat down to take some ZFS questions from the community
You can see more info about it here

License summaries in pkgng

A discussion between Justin Sherill and some NYCBUG guys about license frameworks in pkgng
Similar to pkgsrc\’s \”ACCEPTABLE_LICENSES\” setting, pkgng could let the user decide which software licenses he wants to allow
Maybe we could get a \”pkg licenses\” command to display the license of all installed packages
Ok bapt, do it

The post Cryptocrystalline | BSD Now 16 first appeared on Jupiter Broadcasting.