The Electronic Frontier Foundation's Kurt Opsahl -- a brillliant digital civil liberties attorney who has been suing the US government and the NSA over spying since 2006 -- took to the stage at the 30th Chaos Communications Congress in Hamburg this week to explain in clear and simple language the history of NSA spying. Kurt lays out the tortured legal history of American bulk surveillance, showing how an interlocking set of laws, policies, lies and half-truths have been used to paper over an obviously, grossly unconstitutional program of spying without court oversight or particular suspicion.
If you're mystified by the legal shenanigans that led up to the Snowden and Manning leaks, this is where you should start. And even if you've been following the story closely, Opsahl gives badly needed coherence to the disjointed legal struggle, connecting the dots and revealing the whole picture.
30c3: Through a PRISM, Darkly - Everything we know about NSA spying
Sunday's Snowden leaks detailing the Tailored Access Operations group -- the NSA's exploit-farming, computer-attacking "plumbers" -- and the ANT's catalog of attacks on common computer equipment and software -- were accompanied by a lecture by Jacob Appelbaum at the 30th Chaos Communications Congress. I have seen Jake speak many times, but this talk is extraordinary, even by his standards, and should by watched by anyone who's said, "Well, they're probably not spying on me, personally;" or "What's the big deal about spies figuring out how to attack computers used by bad guys?" or "It's OK if spies discover back-doors and keep them secret, because no one else will ever find them."
Read the rest
Yesterday in Hamburg, Glenn Greenwald gave an astounding, must-watch keynote address to the gathered hackers at the 30th Chaos Communications Congress, or 30C3 (Greenwald starts at 4:36). Greenwald excoriated the press for failing to hold the world's leaders to account, describing what he did with the Snowden leaks as challenge to the journalistic status quo as well as the political status quo. This is a leaping-off point for an extended riff on the active cooperation between the press and the national security apparatus, an arrangement calculated to give the appearance of oversight on surveillance activities without any such oversight (for example, BBC reporter expressed shock when he said that the role of the press should be to root out lies from senior spies, saying that generals and senior officials would ever lie to the public).
Read the rest
Starbug, the Chaos Computer Club hacker who broke the fingerprint biometric security on the Iphone, has given an interview [German] to CT Magazine detailing the hack, and released a new video showing how he did it.
Read the rest
Dawn is breaking over last day of the annual Chaos Communication
Read the rest
Congress in Hamburg, Germany. CCC is the meeting of the Chaos Computer
Club (also CCC), a group of German hackers hanging out together
Here's a video of Ang Cui and Michael Costello's Hacking Cisco Phones talk at the 29th Chaos Communications Congress in
Berlin Hamburg. Cui gave a show-stealing talk last year on hacking HP printers, showing that he could turn your printer into a inside-the-firewall spy that systematically breaks vulnerable machines on your network, just by getting you to print out a document.
Cui's HP talk showed how HP had relied upon the idea that no one would ever want to hack a printer as its primary security. With Cisco, he's looking at a device that was designed with security in mind. The means by which he broke the phone's security is much more clever, and makes a fascinating case-study into the cat-and-mouse of system security.
Even more interesting is the discussion of what happened when Cui disclosed to Cisco, and how Cisco flubbed the patch they released to keep his exploit from working, and the social issues around convincing people that phones matter.
We discuss a set of 0-day kernel vulnerabilities in CNU (Cisco Native Unix), the operating system that powers all Cisco TNP IP phones. We demonstrate the reliable exploitation of all Cisco TNP phones via multiple vulnerabilities found in the CNU kernel. We demonstrate practical covert surveillance using constant, stealthy exfiltration of microphone data via a number of covert channels. We also demonstrate the worm-like propagation of our CNU malware, which can quickly compromise all vulnerable Cisco phones on the network. We discuss the feasibility of our attacks given physical access, internal network access and remote access across the internet. Lastly, we built on last year's presentation by discussing the feasibility of exploiting Cisco phones from compromised HP printers and vice versa.
We present the hardware and software reverse-engineering process which led to the discovery of the vulnerabilities described below. We also present methods of exploiting the following vulnerabilities remotely.
Hacking Cisco Phones [29C3]
Yesterday's keynote at the 28th Chaos Computer Congress (28C3) by Meredith Patterson on "The Science of Insecurity" was a tour-de-force explanation of the formal linguistics and computer science that explain why software becomes insecure, and an explanation of how security can be dramatically increased. What's more, Patterson's slides were outstanding Rageface-meets-Occupy memeshopping. Both the video and the slides are online already.
Hard-to-parse protocols require complex parsers. Complex, buggy parsers become weird machines for exploits to run on. Help stop weird machines today: Make your protocol context-free or regular!
Protocols and file formats that are Turing-complete input languages are the worst offenders, because for them, recognizing valid or expected inputs is UNDECIDABLE: no amount of programming or testing will get it right.
A Turing-complete input language destroys security for generations of users. Avoid Turing-complete input languages!
Patterson's co-authors on the paper were her late husband, Len Sassaman (eulogized here) and Sergey Bratus.
LANGSEC explained in a few slogans