[SecurityRatty] tag: easy

Lego Safe

Fri, 21 Nov 2008 10:07:38 +0000

You might think that a Lego safe would be easy to open. Maybe just remove a few bricks and you're in. But that's not the case with this thing, the cutting edge of Lego safe technology. The safe weighs 14 pounds and has a motion detecting alarm so it can't be moved without creating a huge ruckus.

America's Next Top Hash Function Begins

Wed, 19 Nov 2008 23:00:00 +0000

You might not have realized it, but the next great battle of cryptography began this month. It's not a political battle over export laws or key escrow or NSA eavesdropping, but an academic battle over who gets to be the creator of the next hash standard.

Hash functions are the most commonly used cryptographic primitive, and the most poorly understood. You can think of them as fingerprint functions: They take an arbitrary long data stream and return a fixed length, and effectively unique, string. The security comes from the fact that while it's easy to generate the fingerprint from a file, it's infeasible to go the other way and generate a file given a fingerprint.

Originally created to make digital signatures more efficient, hashes are now used to secure the very fundamentals of our information infrastructure: in password logins, secure web connections, encryption key management, virus and malware scanning, and almost every cryptographic protocol in current use. Without cryptographic hash functions, the internet would simply not work. At the same time, there isn't a good theory of hash functions. Unlike encryption algorithms, there are no secret keys involved; this makes it harder to mathematically define exactly what hash functions are.

The National Institute of Standards and Technology, NIST, is holding a competition to replace the SHA family of hash functions. "SHA" stands for "Secure Hash Algorithm." It was developed by the NSA in 1993 to replace the commercial MD4 and MD5 algorithms, and has been updated several times since then. All the SHA algorithms are very similar, and have been increasingly under attack, so NIST wants to replace them.

The competition is important because, unlike other technological standards, committee design — balancing the interests of diverse constituents — isn't conducive to good security. Security is best when it's designed by expert teams and then subjected to public review. And cryptography is best when it's chosen by competition.

In 1997, NIST held a competition for a block cipher to replace DES. Fifteen candidates and three-and-a-half years later, Rijndael became the new Advanced Encryption Standard — AES. NIST is doing the same thing for what it's calling SHA-3 (not, for some unexplained reason, the Advanced Hash Standard or AHS).

The deadline was October 31, and NIST received 64 submissions. This isn't surprising — I predicted 80 — as most of the 15 AES submitters were professors, whose students at the time have become professors themselves, with their own students. (If NIST does a stream cipher competition in another ten years, they should expect about 256 submissions.) These submissions came from academia, from industry, and from hobbyists. CIO magazine recently interviewed one of the submitters, who is 15. Twenty-eight submissions have been made public by the submitters, and six of those have been broken.

NIST is going through all the submissions right now, making sure they are complete and proper. Their goal is to publish all accepted submissions by the end of November, in advance of the First Hash Function Candidate Conference, to be held in Belgium right after the Fast Software Encryption workshop in February.

The group expects to quickly make a first cut of algorithms — hopefully to about a dozen — and give the community a year of cryptanalysis before making a second cut in 2010. After another year of cryptanalysis, NIST will choose a winner in 2011. Expect a final standard by 2012.

My advice for software developers is to let the process run its course. While it's tempting to use the new cool algorithms in your designs, it's far too soon to trust any of them. This process is likely to result in all sorts of new research results in hash function security, and some real cryptanalytic surprises. Give the community a few years to figure out which ones are good and which aren't.

I've previously called this sort of thing a cryptographic demolition derby: The last one left standing wins. But that's only partially true. Certainly all the groups will spend the next few years trying to cryptanalyze each other, but in the end there will be a bunch of unbroken algorithms. NIST will select one based on performance and features.

NIST has stated that the goal of this process is not to choose the best standard but to choose a good standard. I think that's smart; in this process, the best is the enemy of the good. While there's no rush to choose a new standard — the SHA-2 algorithms will remain secure for the foreseeable future — we don't want to analyze the candidates forever.

Personally, I was part of a group of eight cryptographers that submitted Skein to the competition. A decade ago, writing Twofish and participating in the AES process was the most fun I had ever had in cryptography. These next few years promise to be even more fun.

---

Bruce Schneier is chief security technology officer of BT. His new book is Schneier on Security.

Oregon Woman Loses $400,000 to Nigerian E-Mail Scam

Tue, 18 Nov 2008 09:20:02 +0000

An Oregon woman who is out $400,000 after falling for a well-known Internet scam says she wasn't a sucker or an easy mark.

They didn't go away you know....

Fri, 14 Nov 2008 03:02:00 +0000

Listening to a discussion on CNN the day after President elect Obama won the U.S. Presidential race, made me think about what the terrorists may be thinking.

It really is fairly easy for the average citizen to push these thoughts out of their mind, but we should always keep it somewhere in our minds - close enough to recall it when necessary.

Bill Clinton was "tested" early in his Presidency as was the U.K.'s new Prime Minister - Gordon Brown. In PM Brown's case it came 72 hours after the Election in Britain. How long may we wait to see something here..or overseas, but definitely aimed at inflciting U.S. casualties?

Bottom line - we should always remian alert and open to the idea that something could happen and we can not afford to drop our guard and think "they have gone". Terrorists have great amounts of patience. They conduct surveillance right under the noses of their intended victims. As the old saying goes; "we have to be successful every single time - they only have to be lucky once".

Credit for Researchers

Thu, 13 Nov 2008 16:40:18 +0000

Computer security researchers are much like scientific researchers in several ways. We build on the research of those who come before us, we sometimes rediscover the same things independently, and other times we forget where we learned things and sometimes claim them as our own. We also occasionally take an engineer’s approach and implement research discovered by others and not credit them as it’s the implementation into a tool that matters to us.

The latest Microsoft patch MS08-68 is a great example. It is a problem with NTLM authentication where the attacker can force a client to authenticate to him and the credentials, while not exposed in cleartext, can be relayed to another server or brute forced to obtain the cleartext. This is a very classic crypto protocol vulnerability. It’s not the crypto algorithms that are the problem, but the protocol implementation.

Microsoft recently fixed the problem, perhaps due to the availability of exploit code, the availability of an easy to use Metasploit implementation, or perhaps Microsoft’s changed tolerance for vulnerabilities. We can sum it up as a change in the threat space that made it worth fixing. But make no mistake, this is a very old problem.

News reports have been citing Sir Dystic’s SMBrelay tool, which was published in March, 2001, as the first knowledge of this vulnerability. Eric Shultze who worked at MSRC in 2001 just yesterday is quoted as saying, “I have been holding my breath since 2001 for this patch.” Obviously it is a long time coming. But this wasn’t the first publication of the problem. In 2000, one of my collegues on the research team at @stake, Christian Rioux (aka Dildog) published the telnet NTLM authentication vulnerability.

Rioux’s advisory has a great description of the credential relay and cracking weaknesses. I have talked to him and he says he discovered these problems independently, but he didn’t find them first. Dominique Brezinski published exactly these NTLM vulnerabilities in the SMB protocol in 1996 in a paper titled, “A Weakness in CIFS Authentication”. The earliest reference I can find on the paper on the net is here where it is included in another paper published in 1997. Such is the ad-hoc world of independent security research of 12 years ago which still continues today.

It seems ridiculous that a field like security research, which is so important to the running of modern society is so ad-hoc. Shouldn’t we know who discovered a vulnerability? Shouldn’t all researchers and engineers know about it? More importantly if someone implements a tool that takes advantage of a vulnerability shouldn’t they credit the discoverer? Don’t get me wrong. Implementation takes a lot of work and sometimes makes all the difference in makeing people aware of a security problem. After all when I was at the L0pht our slogan was, “Making the theoretical, practical”. I still think researchers should get credit when credit is due.

The security community has gotten better at documentating our research but I still see instances of independent discovery, misplaced credit, and tools giving no credit to researchers. I hate to say it but getting a bit more academic is in order. Credit is the currency of a researcher and placing it well will reward the right people and we will all benefit.

Trust No One

Tue, 11 Nov 2008 12:46:12 +0000

Its easy to say what were all securing our systems and data against. But isnt easy to say exactly who we need to secure against, nor who presents the biggest threat to our business. Certainly, the ...

Silent Break-Ins: How Technology Compromises Physical Security Too

Tue, 11 Nov 2008 12:17:53 +0000

I could have used this technique last night — I got home to my apartment in Oakland at 11:30, only to realize I’d left my keys in Sacramento. Two hours later a locksmith finally came and charged me $100 to let me in my own apartment. Expensive? Maybe, but comparable to other services, and compared to the havoc that a lock-breaker could wreak if he was trying to use his talents for crime rather than service, it’s a small price.

It’s kind of frightening to see how quickly a skilled lock-picker can jimmy a lock and get in. But new technology makes it even simpler — apparently all you need is a good telephoto lens to break in to someone’s house — just wait till they leave their keys out on a table, snap a picture, and take it to an unethical key maker, and wha-la, a perfect replica:

“We built our key duplication software system to show people that their keys are not inherently secret,” said Stefan Savage, the computer science professor from UC San Diego’s Jacobs School of Engineering who led the student-run project. “Perhaps this was once a reasonable assumption, but advances in digital imaging and optics have made it easy to duplicate someone’s keys from a distance without them even noticing.”

Professor Savage presents this work on October 30 at ACM’s Conference on Communications and Computer Security (CCS) 2008, one of the premier academic computer security conferences.

Read the full article here.

Hardware Drive Encryption Becomes Manageable

Mon, 10 Nov 2008 06:51:53 +0000

Regulatory compliance requirements and other best security practices are driving enterprises more consistently towards use of hard drive encryption, but it's not always an easy decision., Software encryption products can impose a performance burden and key management can be problematic. The answer, argues Seagate, is hardware encryption built into the drive. Integration into McAfee's Endpoint Encryption products makes key management more organized and secure, and no CPUs are burdened in the encryption or decryption of the data. Seagate also has announced they are now shipping 320GB and 500GB self-encrypted drives up to 7200RPM. Dell will be shipping notebooks with these drives. The drives come factory pre-loaded with management software. Early this year headlines were had with the revelation, by researchers at Princeton, of a theoretical attack that could recover software encryption keys even from a notebook that had been shut off. It's actually silly James Bond stuff that real people shouldn't worry about, but it did demonstrate the real point that the keys exist in memory and there are ways they can be gotten. Attacks on the live system that gain control of it, through malware for example, could still gain access to any data to which the compromised user has access. With hardware-encrypted drives, at least the private key is secure and the Princeton attack is prevented. Notebooks with drives like these in a managed environment really do make it easier to feel secure about notebooks, even if they have sensitive data on them. Combine them with other best practices, like multi-factor authentication, and you've given yourself the best chance to succeed in security. One day we'll use products like this and nothing less will be acceptable.

DIY Phishing Pages With Command and Control Interfaces

Thu, 06 Nov 2008 03:31:43 +0000

The day when DIY phishing pages start coming with manuals is the day when consciously or subconsciously a phisher is lowering down the entry barriers into phishing for yet another time. A much more user-friendly compared to the old-fashioned -- yet effective -- rock phish directory listing, a recently released command and control interface for Rapidshare phishing campaigns aims to empower its users with easy dynamic link generation for their campaigns.

What they've managed to achieve is another trust factor since Rapidshare generates a second dynamic link upon clicking on the original one. The script not only generates a dynamically looking link, but also, actually logs in the victim into their account in order to avoid suspicion whereas it still logs all the accounting data.

Scammers also tend to be ironic every then and now. For instance, in this particular case, one of the users finds it ironic that the Rapidshare phishing page is hosted at Rapidshare itself. Is the script actually working? It appears so at least going through a misconfigured accounting data dump left by one of the phishers.

Related posts:
Phishing Pages for Every Bank are a Commodity
DIY Phishing Kits
DIY Phishing Kit Goes 2.0
DIY Phishing Kits Introducing New Features
209 Host Locked
209.1 Host Locked
66.1 Host Locked

Check It Out! FAIR Public Training December 10-12

Wed, 05 Nov 2008 12:32:53 +0000

There’s been quite a few people talking about what sorts of strategies make sense for security and security departments in a downturn. And they’re all very good - but there’s one thing that I’d like to add.

One easy, inexpensive way to actually increase your effectiveness in 2009 is to, right now, make a quick review your risk management processes. As you take a look at how you’re using risk in your organization, I’d ask you to make sure that those processes are providing value for the energy you’re spending. If they’re not - if you’re not successfully using risk within security and with the other lines of business that you serve - then I’d like to invite you to come take advantage of RMI’s public training session for 2008, held in Columbus Ohio on December 10-12. >A brochure is here<.

For three days and $1,995 - you’ll get real answers to many of the commonly voiced frustrations RMI hears concerning risk & risk management. Answers around measurement, application, communicating risk to other lines of business, heck, basic answers as to what risk is and how to get consistent, defensible values that actually mean something.

Not to mention - Strengthening your Risk Management processes increases your ability to manage risk, which reduces the amount of risk you actually face.

NEW TO THE PUBLIC STUFF!

I’m personally excited because this is the first time that our public training we’ll feature measurement “calibration” exercises and include excel tools to take home and use for quantitative FAIR analysis. These are benefits we’ve only previously reserved for private client workshops.

I know that FAIR can help you and your organization, but as the sales guys always say, “don’t take my word for it”. Here’s something we recently received (unsolicited) from the CSO of one of the 10 largest banks in the US, who has had several of his analysts receive this same basic training:

I would like to also add my deep appreciation for what FAIR and RMI has brought to (us) and how we go about the business of risk analysis. We have had some great conversations around risk with the lines of business that have ended very favorably for us.

More information can be found on RMI’s website here: http://www.riskmanagementinsight.com/12_2008_training.html

Thanks.

Oh and tomorrow, we’ll talk a little bit about quantitative and qualitative risk.