October 1, 2014

Presentation on how to break Tor removed from Black Hat schedule

Tor project logo(LiveHacking.Com) – A highly anticipated briefing about a low-cost technique for de-anonymising Tor users has been removed from the Black Hat 2014 talk schedule for as-yet unknown reasons. The talk, which would have presented a method on how to identify Tor users, was cancelled at the request of attorneys for Carnegie Mellon University in Pittsburgh, where the speakers work as researchers.

The spokesperson for the conference, which is running in Las Vegas on August 6-7, said that a Carnegie Mellon attorney informed Black Hat that one of the speakers could not give the Tor talk because the material he would reveal has not been approved for public release by the university or by the Software Engineering Institute (SEI).

The Onion Router (TOR) Project network was originally developed with the US Naval Research Laboratory as part of an investigation into privacy and cryptography on the Internet. Tor re-directs Internet traffic through a set of encrypted relays to conceal a user’s location or usage from anyone monitoring their network traffic. Using Tor makes it more difficult for online activity to be traced including “visits to Web sites, online posts, instant messages, and other communication forms.”

According to Roger Dingledine, one of the original Tor developers, the project did not “ask Black Hat or CERT to cancel the talk. We did (and still
do) have questions for the presenter and for CERT about some aspects of the research, but we had no idea the talk would be pulled before the announcement was made.” He went on to say that the project encourages research on the Tor network along with responsible disclosure of all new and interesting attacks. “Researchers who have told us about bugs in the past have found us pretty helpful in fixing issues, and generally positive to work with,” he added.

Security researcher Alexander Volynkin was scheduled to give the talk titled ‘You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget’ at the Black Hat conference. It would have outlined ways that individuals can try to find the original source of Tor traffic without the need for large amounts of computing power.

NSA denies it knew about Heartbleed, says it is in the national interest for it to disclose vulnerabilities

odniIt looks like the ramifications of the Heartbleed bug in OpenSSL will be felt for quite a while to come. While security analysts are asking if the NSA had prior knowledge of the bug, cyber criminals are at work stealing data from sites which haven’t patched their servers and changed their SSL certificates. The Canadian Revenue Agency has said that the Heartbleed bug was the reason why an attacker was able to steal 900 social insurance numbers, and British parenting website Mumsnet said that username and password data used to authenticate users during log in was accessed before the site was able to patch its servers.

As for the NSA, the Director of National Intelligence has issued a statement saying that the NSA was not aware of the Heartbleed vulnerability until it was made public. The statement went on to say that the Federal government relies on OpenSSL the same as everyone else to protect the privacy of users of government websites and other online services.

However, what is even more important is that the statement categorically says that had the NSA, or any other of the agencies and organizations which make up the U.S. intelligence community, found the bug they would have reported it to the OpenSSL project.

“If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL,” said the statement issued by the ODNI Public Affairs Office. The statement also said that when Federal agencies discover a new vulnerability “it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose.”

The Office of the Director of National Intelligence also said that in response to the President’s Review Group on Intelligence and Communications Technologies report that it had reinvigorated an interagency process for deciding when to share vulnerabilities.  According to the report, “The US Government should take additional steps to promote security, by (1) fully supporting and not undermining efforts to create encryption standards; (2) making clear that it will not in any way subvert, undermine, weaken, or make vulnerable generally available commercial encryption; and (3) supporting efforts to encourage the greater use of  encryption technology for data in transit, at rest, in the cloud, and in storage.” Such a statement is important following the accusations that the NSA tried (and succeeded) in weakening certain encryption standards.

The report also says that, “US policy should generally move to ensure that Zero Days are quickly blocked, so that the underlying vulnerabilities are patched on US Government and other networks. In  rare instances, US policy may briefly authorize using a Zero Day for high priority intelligence collection, following senior, interagency review involving all appropriate departments.”

This “rare” use of zero-day vulnerabilities was reiterated by the ODIN statement. “Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.”

Heartbleed bug exposes OpenSSL’s secrets, patches available

heartbleedA serious security bug has been found in the ubiquitous OpenSSL encryption library that allows data to be stolen in its unencrypted form. According to the heartbleed.com website, which was set up expressly to inform system admins about the potential dangers, the Heartbleed bug can be exploited from the Internet and it allows an attacker to read up to 64k of the server’s memory at one time. By reading the memory an attacker can gain access to “the secret keys used to identify the service providers and to encrypt the traffic” along with “the names and passwords of the users and the actual content.” It means that attackers can eavesdrop communications that should have been otherwise encrypted.

A patched version of OpenSSL has already been published. According to the release notes, “a missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory” on a connected client or server. The OpenSSL project publicly thanked Neel Mehta of Google Security for discovering this bug and Adam Langley with Bodo Moeller for preparing the fix. It is recommended that all OpenSSL 1.0.1 users should upgrade to OpenSSL 1.0.1g. Those unable to immediately upgrade should recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. OpenSSL 1.0.0 and OpenSSL 0.9.8 are not vulnerable.

Heartbleed isn’t a design flaw in the SSL/TLS protocol specification but rather a bug in OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520).

Because the bug can expose the keys used for encrypting the connection, attackers are able to decrypt any past and future traffic to the encrypted connection since the primary keys have been exposed. Unfortunately to remedy the problem, not only does the server require patching but all the compromised keys need to be revoked and new keys reissued. It also means that users who have used an encrypted service (say a web mail service, online shopping or cloud service) will need to change their passwords as potentially the connection used to log in was not secure.

One very worrying aspect of this bug is not only the widespread use of OpenSSL, but also that the first vulnerable version was published two years ago. If this bug has been previously found (but not disclosed) by cyber criminals or government run security agencies then the last two years worth of encrypted traffic should be deemed as exposed. Even if it wasn’t found but the traffic was recorded then there are probably lots of state level agencies working right now to siphon off keys from around the net before things are revoked and changed.

Another NSA backdoor found in RSA’s products

rsa-squareAccording to research performed by a group of professors from Johns Hopkins, the University of Wisconsin and the University of Illinois, the security company RSA used a second security tool developed by the NSA which reduced the time needed to crack secure Internet communications.

At the end of last year is was revealed that the NSA paid RSA $10 million to use the Dual Elliptic Curve random number generator in its products. It has since come to light that the Dual Elliptic Curve algorithm had a built-in flaw which made it easier for the NSA to decrypt data that was encrypted with a random number generated by the Dual Elliptic Curve generator.

According to research seen by Reuters, the team of academic researchers have discovered that a second NSA tool, known as the “Extended Random” extension for secure websites, could reduce the time needed to crack a version of RSA’s Dual Elliptic Curve software by tens of thousands of times.

The company is reported to have told Reuters that it had not intentionally weakened security on any product and noted that Extended Random was not widely adopted. RSA also said that the Extended Random functionality has been removed from its software.

“We could have been more skeptical of NSA’s intentions,” said RSA Chief Technologist Sam Curry. “We trusted them because they are charged with security for the U.S. government and U.S. critical infrastructure.”

The researchers were able to demonstrate the weakness of the Dual Elliptic Curve random number generator by decrypting TLS connections made using the RSA Share library in several seconds.

Following the release of documents by former NSA contractor Edward Snowden, a presidential advisory group reported that the NSA’s practice of subverting cryptography standards should stop.

The possibility of a back door in the Dual Elliptic Curve random number generator was first mooted back in 2007. Recent research shows that when the NSA’s default parameters are replaced with new values, the current popular cryptography libraries are still vulnerable. According to the report’s authors, “The RSA BSAFE implementations of TLS make the Dual EC back door particularly easy to exploit compared to the other libraries we analyzed. ”

The research concludes that the Extended Random extension allows a client to request longer TLS random numbers from the server, a feature that, if it enabled, would speed up the Dual EC attack by a factor of up to 65,000.

BlackBerry 10 sending email passwords in plain text

blackberry-logoGerman researcher Frank Rieger has discovered that BlackBerry is transmitting user names and passwords from its internal servers to external email servers in plain text when BlackBerry 10 users setup email accounts using the BlackBerry 10 email Discovery Service.

The problem, which Rieger is calling a backdoor which could be used by the NSA, is that when a BlackBerry 10 user configures a new email account the smartphone sends the email credentials to an internal server at BlackBerry which in turn contacts the user’s email server. If the user’s email server isn’t configured to force the use of SSL/TLS then the BlackBerry server defaults to plain text (without trying an encrypted connection). The result is that the user credentials are send by BlackBerry’s internal server to the user’s email server in plain text.

There are two concerns here. One is that BlackBerry’s internal servers used for the Discovery Service hasn’t been configured to use SSL/TLS at all times and only fall back to plain text if no alternative is available (or maybe better still to reject accounts without SSL/TLS). The other worry is that BlackBerry is storing user credentials for external mail services on its servers without notifying the user.

Although BlackBerry initially denied any such actions by its servers, it has now acknowledged that this does happen and suggests that its customers should use the advanced options during account setup to bypass the discovery service. It also has tried to reassure its customers that the credentials are only used during the setup process and that they are not stored by BlackBerry afterwards. According to BlackBerry when the credentials are sent from the BlackBerry 10 smartphone to its internal servers TLS is used, but it has neglected to comment on the configuration of the discovery service software and why its uses plain text.

As a result of Frank’s findings security firm Risk Based Security has reached out to its clients and various contacts, including the FBI warning them of the potential privacy and security issue.

In Brief: Microsoft, Google and Mozilla all block digital certificate issued by intermediate certificate authority of TURKTRUST

turktrust_logo(LiveHacking.Com) –  Microsoft, Google and Mozilla have all removed the trust of certificates issued by an intermediate certificate authority (CA) linking back to TURKTRUST Inc. What has happened is that TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org), the first of which was used to issue a fraudulent digital certificate for *.google.com.

Intermediate CA certificates carry the same authority as CA, so anyone who has one can use it to create a certificate for any website. Fraudulent certificate can be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

“TURKTRUST told us that based on our information, they discovered that, in August 2011, they had mistakenly issued two intermediate CA certificates to organizations that should have instead received regular SSL certificates,” wrote Google.

Google is also considering an update to Chrome which will no longer indicate Extended Validation status for certificates issued by TURKTRUST. Mozilla has suspended the TURKTRUST root certificate. TURKTRUST subsequently asked Mozilla to include a newer root certificate and their request was initially approved. However, due to the mis-issued  intermediate CA certificates, Mozilla has decided to suspend inclusion of the new root certificate for now.

NASA says it will encrypt data from now on after its latest laptop loss

(LiveHacking.Com) – Keeping software up to date, installing firewalls and using intrusion detection systems are all excellent ways to boost security however little can be done to tackle the human error aspect. A few days ago NASA employees were told of a laptop theft from a locked car in an email message from Richard Keegan Jr., associate deputy administrator at NASA.

It turns out that the laptop held personally identifiable information of “at least” 10,000 NASA employees and contractors. The laptop was password protected however it did not use disk encryption. This means that the information on the laptop is easily accessible to the thieves. NASA is working with data breach specialist, ID Experts, who be providing identity theft monitoring services to the individuals at risk. NASA will be picking up the bill for ID Expert’s help.

Now NASA has ordered that all laptops must be encrypted and until the process is complete, staff are not allowed to remove NASA laptops containing sensitive information from any of its facilities. With immediate effect laptops containing information about the international sale or transport of weapons, nuclear equipment or other materials are only allowed to leave NASA if the relevant data is encrypted. Also included in the category of sensitive data is any information about NASA’s human resources.

Computerworld spoke with John Pescatore, an analyst with Gartner Inc., who said that “the compromise isn’t surprising considering that NASA has the lowest portable device encryption rate among all federal agencies. According to a report released in March by the White House Office of Management and Budget, only 41% of NASA-owned portable devices meet the encryption requirements of the Federal Information Security Management Act (FISMA).”

According to the BBC, NASA was warned in 2009 that it was not taking enough steps to sufficiently protect information and had reported the loss or theft of 48 of its mobile computing devices between April 2009 and April 2011.

NASA’s chief information officer, Linda Cureton, who gave the order to encrypt says wanted the maximum possible number of laptops to be encrypted by this week and has set a target  that all laptops will be encrypted within a month. Also employees have been banned from storing sensitive data on mobile phones, tablets and other portable devices.

“Some NASA systems house sensitive information which, if lost or stolen, could result in significant financial loss, adversely affect national security, or significantly impair our Nation’s competitive technological advantage,” said Paul K. Martin, Inspector General, National Aeronautics and Space Administration, in testimony given in February  “In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorized access to its systems.”

Many Android apps open to man-in-the-middle attacks due to weak SSL usage

After injecting a virus signature database via a MITM attack over broken SSL, the AntiVirus app recognized itself as a virus and recommended to delete the detected malware.

Security researchers from the Leibniz University of Hanover and the computer science department at the Philipps University of Marburg have tested 13,500 popular free Android apps and found that 8.0% of these apps contain SSL/TLS implementations that are vulnerable to  Man-in-the-Middle (MITM) attacks.

The researchers created a tool called MalloDroid which is designed to detect potential vulnerabilities against MITM attacks. The tool performs static code analysis to analyze the networking API calls and extract valid HTTP(S) URLs, check the validity of the SSL certificates of all the extracted HTTPS hosts; and  identify apps that contain non-default trust managers. Running the tool on the 13,500 samples showed that 1,074 of the apps exhibited some kind of potential vulnerability.

From this 1,074 app a further 100 apps were picked for manual audit to investigate different SSL problem  including the accepting of all SSL certificates regardless of their validity. This manual audit revealed that 41 of the apps were vulnerable to MITM attacks due to SSL misuse.

A particularly embarrassing case the researchers found that the Zoner AntiVirus app updated its virus signatures via a broken SSL connection. As the developers considered the connection to be secure and couldn’t be tampered with there is no built-in verification or validation of the signature files downloaded. This meant that the team was able to insert its own signatures files. In one test they added the signature for the anti-virus app itself. The app then proceeded to recognize itself as malware and recommended that itself be to deleted. The Zoner AntiVirus app has been downloaded more than 500,000 times!

By the end of their research the team had managed to capture credentials for American Express, Diners Club, Paypal, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, IBM Sametime, remote servers, bank accounts and email accounts.

The total cumulative number of installs of all the MITM vulnerable apps is between 39.5 and 185 million users, according to the download numbers from Google’s Play Store.

In brief: RSA launches new system which splits credentials over two servers

(LiveHacking.Com) – RSA has launched a new distribution system which splits credentials over two servers. The idea being that if one server is hacked the attackers only gains access to half of the stored information (password etc). The system called “RSA Distributed Credential Protection” scrambles, randomizes and splits passwords into multiple locations.

As part of the system, administrators can re-randomize and re-split log-in data if a breach is suspected. This means that unless the hackers manage to break into both servers before the re-hashing, the stolen data would be useless.

“DCP scrambles, randomizes and splits sensitive credentials, passwords and Pins and the answers to life or challenge questions into two locations,” said the RSA’s mananger Liz Robinson.

The product however isn’t open source but is rather a commercial offering. RSA expect that DCP will be ready before the end of the year. It will cost about $150,000 per licence which RSA says is less than the cost of “an expensive lawsuit.”

In brief: New free eBook released to those with no prior experience to protect privacy in a digital world

(LiveHacking.Com) – The CryptoParty, a new, decentralized, global initiative aimed at introducing basic cryptography tools to the general public, has released its first handbook. The CryptoParty Handbook is designed to help those with no prior experience to protect their basic human right to Privacy in the online world.

The book covers a variety of topics like passwords, browsing, email encryption, VPNs, hard disk encryption and secure file sharing. In each of these areas the book describes the dangers to privacy and recommends which open source tools to use.

By recommending open source tools, rather than commercial tools, the authors hope that users will start to take their online privacy seriously without needing to spend money on sometimes expensive software products.

The CryptoParty Handbook is the brainchild of Marta Peirano and Adam Hyde who came up with the idea after the first Berlin CryptoParty, held on the 29th of August, 2012. Others including Julian Oliver and Danja Vasiliev, co-organisers of the Berlin CryptoParty (along with Marta) were very enthusiastic about the book. It was written in the first 3 days of October 2012 at Studio Weise7, Berlin. Approximately 20 people were involved in its creation, some more than others, some local and some far (Melbourne in particular).