As you know, Apple just said no to the FBI's request for a backdoor in the iPhone, bringing more public attention to the already hot discussion on encryption, civil liberties, and whether “those in authority” should have the ability to see private content and communications -- what's referred to as “exceptional access.”
"We know of no case where such an addition of exceptional access capabilities has not resulted in weakened security." Read the rest
An Indian certificate authority in the Microsoft root of trust has been caught issuing fake Google subdomain certificates that would allow nearly undetectable eavesdropping on "secure" connections to services like Google Docs. Read the rest
In Analyzing Forged SSL Certificates in the Wild [PDF] a paper authored by researchers at CMU and Facebook, we learn that "a small but significant percentage" of HTTPS connections are made using forged certificates generated by adware and malware. Disturbingly, some of this malware may be working by attacking anti-virus software and stealing its keys, and the authors also speculate that anti-virus authors may be giving their keys out to governments in order to allow police to carry out man-in-the-middle attacks.
The researchers used a technique to detect forged-cert connections that has post-Heartbleed applications, since it would allow sites to discover whether their visitors are being man-in-the-middled through keys stolen before Heartbleed was widely known. This all points to a larger problem with HTTPS, which has been under increased scrutiny since Heartbleed, but whose defects were well understood within the security community for a long time. I co-wrote this editorial for Nature with Ben Laurie in 2012 describing a system called "Certificate Transparency" that makes it easier to audit and remediate problems with SSL certificates, which Google is now adding to Chrome. Read the rest
I wrote yesterday about Dan Kaminsky's excellent thoughts on BitCoin, and wished aloud for comparable work from Ben Laurie. It turns out such work exists: here's Ben's critique of BitCoin, and here's his proposal for an alternative. Both are short, clear, excellent reads. Read the rest
Ever since BitCoin appeared, I've been waiting for two security experts to venture detailed opinions on it: Dan Kaminsky and Ben Laurie. Dan has now weighed in, with a long, thoughtful piece on the merits and demerits of BitCoin as a currency and as a phenomenon.
Read the rest
Bitcoin’s fundamental principle of fraud management is one of denial. If we drop our wallet on the street, the U.S. government is not going to compensate us for our lost cash. Bitcoin attempts to make the same deal, to the point where it calls its stores of keys, “wallets.” If we drop our wallet on the street — heck, if someone picks it out of our pockets — the money’s gone.
There have been bitcoin thefts. A few years ago, I tried to break Bitcoin, and failed quite gloriously. The system and framework itself is preternaturally sound. But it too is built on the foundation of buggy technologies we call the internet, and so Bitcoin must experience failures from the code around it. Hackers don’t care whose code they broke on their way to bitcoin, any more than pickpockets care that they’re exploiting the manufacturer of one’s jeans or leather wallet. So they break the server below the money, or the web interface above it. They still win.
At least, that’s the theory. Reality is more complicated. Of all the millions of dollars of purloined bitcoin that’s floating around out there, not one Satoshi of it has been spent. That’s because while most other stolen property becomes relatively indistinguishable from its legitimate brethren, everybody knows the identity of this particular stolen wealth, and can track it until the end of time.
OpenSSL maintainer and Google cryptographer Ben Laurie and I collaborated on an article for Nature magazine on technical systems for finding untrustworthy Certificate Authorities. We focused on Certificate Transparency, the solution that will shortly be integrated into Chrome, and also discuss Sovereign Keys, a related proposal from the Electronic Frontier Foundation. Both make clever use of cryptographic hashes, arranged in Merkle trees, to produce "untrusted, provable logs."
In 2011, a fake Adobe Flash updater was discovered on the Internet. To any user it looked authentic. The software’s cryptographic certificates, which securely verify
the authenticity and integrity of Internet connections, bore an authorized signature. Internet users who thought they were applying a legitimate patch unwittingly turned their computers into spies. An unknown master had access to all of their data. The keys used to sign the certificates had been stolen from a ‘certificate authority’ (CA), a trusted body (in this case, the Malaysian Agricultural Research and Development Institute) whose encrypted signature on a website or piece of software tells a browser program that the destination is bona fide. Until the breach was found and the certificate revoked, the keys could be used to impersonate virtually any site on the Internet.
Secure the Internet (PDF) Read the rest
The TOR team have discovered a fake certificate in the wild. The certificate, issued by a US company called Cyberoam, was used in an attempt to trick a user in Jordan into believing that her/his connection to the TOR website, was private and secure, though in fact it was being spied upon by a Cyberoam device. Cyberoam makes "deep packet inspection" software, used in mass surveillance of Internet traffic, and as TOR's Runa Sandvik and OpenSSL's Ben Laurie investigated the matter, they discovered that all Cyberoam devices share a common vulnerability related to their handling of certificates. The company was notified of this on June 30, and told that the vulnerability would be made public today.
Read the rest
Last week, a user in Jordan reported seeing a fake certificate for torproject.org. The user did not report any errors when browsing to sites such as Gmail, Facebook, and Twitter, which suggests that this was a targeted attack. The certificate was issued by a US company called Cyberoam. We first believed that this incident was similar to that of Comodo and DigiNotar, and that Cyberoam had been tricked to issue a fake certificate for our website.
After a bit of research, we learned that Cyberoam make a range of devices used for Deep Packet Inspection (DPI). The user was not just seeing a fake certificate for torproject.org, his connection was actually being intercepted by one of their devices. While investigating this further, Ben Laurie and I found a security vulnerability affecting all Cyberoam DPI devices.
Cryptographer Ben Laurie, celebrated BitCoin skeptic, has written a short, provocative paper called An Efficient Distributed Currency, which proposes a distributed (but not decentralized) alternative. Kevin Marks is excited: "In effect you're doing an end run around Gresham's law, in the same way that the Brazilian Real did - and not how the US Govt is doing with dollar coins." (sidebar: holy cats, that Brazil story is awesome).
Read the rest
We need an efficient way to agree the total state of the system (that is, what
coins exist, who has possession of them and the transaction history1 ).
First, we view the state as a map of coins to purses. This can be represented as
a list of coins, each with the number of the purse it is in. I call this a snapshot.
A snapshot can be hashed by forming an ordered list of the coins and building
a Merkle tree from them. I call this a snapshot hash. Clients can now efficiently
query the current state and check that the results match an agreed snapshot
hash (I will come to how it is agreed later).
A transaction is a change in the state, which can be thought of as a transition
from one snapshot to another. Only two transitions are legal.
First, creation of a new coin. This manifests itself by a new coin record appearing, assigning the coin to some purse.
Second, movement of a coin from one purse to another. This is simply a change
to the appropriate coin record.
Ben Laurie is a respected cryptographer (he maintains OpenSSL and is in charge of security research for Google) and he's skeptical of BitCoin, a virtual, cryptography-based currency that has attracted a lot of attention. Ben has written three posts describing his objection to "proof-of-work" as a basis for a virtual currency, and they're great reading, as are the followups from his readers. I don't have the crypto chops to have a strong opinion one way or another on this, and in situations like that, watching people a lot smarter than me arguing is my best strategy for getting smarter myself:
Also, for what its worth, if you are going to deploy electronic coins, why on earth make them expensive to create? That's just burning money - the idea is to make something unforgeable as cheaply as possible. This is why all modern currencies are fiat currencies instead of being made out of gold.
Bitcoins are designed to be expensive to make: they rely on proof-of-work. It is far more sensible to use signatures over random numbers as a basis, as asymmetric encryption gives us the required unforgeability without any need to involve work. This is how Chaum's original system worked. And the only real improvement since then has been Brands' selective disclosure work.
If you want to limit supply, there are cheaper ways to do that, too. And proof-of-work doesn't, anyway (it just gives the lion's share to the guy with the cheapest/biggest hardware).
Bitcoin, Bitcoin 2, Bitcoin is Slow Motion Read the rest
Security expert Ben Laurie has a scorching indictment of the "Verified by Visa" program used by British banks. This system is basically the perfect system for phishers and identity thieves, and conditions honest people to behave in foolish ways that leave them vulnerable to having their life's saving taken off of them.
"Frame inline displays the VbV authentication page in
the merchant’s main window with the merchant’s
header. Therefore, VbV is seen as a natural part of the
purchase process. It is recommended that the top
frame include the merchant’s standard branding in a
short and concise manner and keep the cardholder
within the same look and feel of the checkout process."
Or, in other words: Please ensure that there is absolutely no way for your customer to know whether we are showing the form or you are. In fact, please train your customer to give their “Verified by Visa” password to anyone who asks for it.
Craziness. But it gets better - obviously not everyone is pre-enrolled in this stupid scheme, so they also allow for enrolment using the same inline scheme. Now the phishers have the opportunity to also get information that will allow them to identify themselves to the bank as you. Yes, Visa have provided a very nicely tailored and packaged identity theft scheme. But, best of all, rather like Chip and PIN, they push all blame for their failures on to the customer
More Banking Stupidity: Phished by Visa Read the rest
Scott Amron's "Cash Money Clip" is an interesting take on money clips: a dollar bill with a steel plates stuck to it, one over a neodymium disc magnet. I'm a big fan of carrying cash in a clip (I gave up fat wallets in the back pocket and lower-back pain in favor of a small card-wallet and a cash-clip years ago) but I've never really trusted magnetic clips. It's cool to be able to stick teaspoons, small change and bits of metal to your front pocket, but your coins get stuck to 'em and you run the risk of demagnetizing your credit-cards if you absently stick your cash in the same pocket as your card-wallet.
Still, this is just too much fun -- and Amron will also sell you a kit so you can convert your own currency to a money clip (you could probably do this without the kit just by shopping around for metal and magnets, too!).
Update: Regarding demagnetizing a card, Ben Laurie sez, "Mythical, apparently. You can't hurt much, even with a rare earth magnet, apart from CRTs.
I've seen this demonstrated with:
a) Credit cards (hotel room keys are a low risk way of trying this yourself).
Apparently to demag a credit card you need an oscillating magnetic source." Read the rest
Nick Mathewson from the Tor project (a free tool that helps with anonymity and privacy online) says:
Read the rest
I guess you've really arrived when botnet spammers start using your name to trick hapless users into install their malware.
Around this morning, people started getting Spam with subject lines like "What you do online is at risk" and "Careful, you.re being watched" and "You are being watched online."
The message contents tell people to download Tor.
As always, you can find the real Tor software at https://tor.eff.org/. All legitimate Tor packages are signed; you can find instructions for verifying the signatures here [ Link ].
Ben Laurie has funny comments here [ Link ]; f-secure has a writeup here [ Link ].
Boing Boing reader Norman Shetler says,
Read the rest
An interesting side-note on the debate around Stephen Soderbergh's movie "Bubble." While it's certainly a commendable experiment to release a film on three different platforms simultaneously, bypassing age-old, rigid marketing techniques, I was surprised to see that the DVD of Bubble is listed as being Region 1 encoded.
While this is obviously (and thankfully) not an issue for most people with a keen eye on international DVD releases, it still uses (and thereby supports) a technology which essentially was created to keep us (non-Americans) from watching films released on DVD in the United States.
This whole region-coding thing is a disaster from a cultural POV, considering how many films are released exclusively in the US, and there are LOTS of them (including a substantial amount of European films), and if some of the bigwigs in Hollywood had their say, we wouldn't even be allowed to buy them in the first place (never mind that you are not allowed to openly sell them here, not even on ebay).
Additionally, there's the whole issue of computer DVD-drives -- only being able to switch the regions up to five times before it's locked. WTF is that about?
From a marketing standpoint I understand the idea of implementing a region code. But since multi-region players are freely available in Europe (even though, to the best of my knowledge, they aren't allowed to be marketed as such) why bother? Will the eventual European release cover all countries? Will the DVD be available day-and-date over here as well?
One of the most exciting things about Skype is its encryption -- when you use AIM or other IM and VoIP applications, chances are that your communications are in the clear and therefore easily eavesdropped-upon (especially on public WiFi networks).
Skype offers encryption by default, but the scrambling system has been a secret until now. It's a truism in security that a security system that is kept secret is a not secure. As Bruce Schneier says, "Anyone can design a security system so clever that he can't think of a way of breaking it," so public review of security (through which other skilled practitioners investigate the system for flaws and vulnerabilities) is critical to achieving robust security.
Now Skype has done a limited review of its crypto, paying an independent lab to review the security measures in place. The lab has given it a clean bill of health, which is encouraging news. Still, this seems to me to be only one step in the right direction.
After all, what if there is a flaw in the security that eludes both Skype and its sole evaluator? Previously, this has meant that attackers have been able to evade the crypto with impunity, without users or developers even knowing that there is a bug that needs fixing -- a true fool's paradise.
A much better answer would be for Skype to disclose its code -- either under a free software license or simply for peer-review. That way every interested party could review and verify Skype's security claims. Read the rest