CRYPTO-GRAM November 15, 2014 by Bruce Schneier CTO, Co3 Systems, Inc. firstname.lastname@example.org http://www.schneier.com [EXCERPTED FOR RISKS. PGN] A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. For back issues, or to subscribe, visit <http://www.schneier.com/crypto-gram.html>. You can read this issue on the web at <http://www.schneier.com/crypto-gram-1411.html>. These same essays and news items appear in the "Schneier on Security" blog at <http://www.schneier.com/blog>, along with a lively and intelligent comment section. An RSS feed is available. Crypto Wars II FBI Director James Comey again called for an end to secure encryption by putting in a backdoor. Here's his speech: There is a misconception that building a lawful intercept solution into a system requires a so-called "back door," one that foreign adversaries and hackers may try to exploit. But that isn't true. We aren't seeking a back-door approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law. We are completely comfortable with court orders and legal process—front doors that provide the evidence and information we need to investigate crime and prevent terrorist attacks. Cyber adversaries will exploit any vulnerability they find. But it makes more sense to address any security risks by developing intercept solutions during the design phase, rather than resorting to a patchwork solution when law enforcement comes knocking after the fact. And with sophisticated encryption, there might be no solution, leaving the government at a dead end -- all in the name of privacy and network security. I'm not sure why he believes he can have a technological means of access that somehow only works for people of the correct morality with the proper legal documents, but he seems to believe that's possible. As Jeffrey Vagle and Matt Blaze point out, there's no technical difference between Comey's "front door" and a "back door." As in all of these sorts of speeches, Comey gave examples of crimes that could have been solved had only the police been able to decrypt the defendant's phone. Unfortunately, none of the three stories is true. The Intercept tracked down each story, and none of them is actually a cas here encryption foiled an investigation, arrest, or conviction: In the most dramatic case that Comey invoked—the death of a 2-year-old Los Angeles girl—not only was cellphone data a non-issue, but records show the girl's death could actually have been avoided had government agencies involved in overseeing her and her parents acted on the extensive record they already had before them. In another case, of a Louisiana sex offender who enticed and then killed a 12-year-old boy, the big break had nothing to do with a phone: The murderer left behind his keys and a trail of muddy footprints, and was stopped nearby after his car ran out of gas. And in the case of a Sacramento hit-and-run that killed a man and his girlfriend's four dogs, the driver was arrested in a traffic stop because his car was smashed up, and immediately confessed to involvement in the incident. [...] Hadn't Comey found anything better since then? In a question-and-answer session after his speech, Comey both denied trying to use scare stories to make his point—and admitted that he had launched a nationwide search for better ones, to no avail. This is important. All the FBI talk about "going dark" and losing the ability to solve crimes is absolute bullshit. There is absolutely no evidence, either statistically or even anecdotally, that criminals are going free because of encryption. So why are we even discussing the possibility to forcing companies to provide insecure encryption to their users and customers? Sadly, I don't think this is going to go away anytime soon. Comey: http://www.nytimes.com/2014/10/17/us/politics/fbi-director-in-policy-speech-calls-dark-devices-hindrance-to-crime-solving.html or http://tinyurl.com/nwqn846 Comey's speech: http://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course or http://tinyurl.com/pq426z9 Vagle and Blaze: http://justsecurity.org/16503/security-front-doors-vs-back-doors-distinction-difference/ or http://tinyurl.com/l5sxvpc The Intercept: https://firstlook.org/theintercept/2014/10/17/draft-two-cases-cited-fbi-dude-dumb-dumb/ or http://tinyurl.com/kj5mro5 The EFF points out that companies are protected by law from being required to provide insecure security to make the FBI happy. https://www.eff.org/deeplinks/2014/10/eff-response-fbi-director-comeys-speech-encryption or http://tinyurl.com/lpvfbyz My first post on these new Crypto Wars is here. https://www.schneier.com/blog/archives/2014/10/iphone_encrypti_1.html or http://tinyurl.com/q5ost46 [Bruce's latest issue of CRYPTOGRAM also includes a bunch of other RISKS-related items. I recommend it for those of you who need to or want to worry about security! Paranoia is not Paranoise. PGN]
The Stack via NNSquad http://thestack.com/chakravarty-tor-traffic-analysis-141114 "Research undertaken between 2008 and 2014 suggests that more than 81% of Tor clients can be 'de-anonymized' - their originating IP addresses revealed - by exploiting the 'Netflow' technology that Cisco has built into its router protocols, and similar traffic analysis software running by default in the hardware of other manufacturers." Not surprising at all.
Eben Moglen, *The Guardian*, 14 Nov 2014 The state's anti-privacy bandwagon uses the most misleading language to blackmail technology companies into illegal surveillance. As he will have wished and we might have predicted, the bandwagon created by the GCHQ boss, Robert Hannigan, is gathering momentum. His demand that the Internet companies abandon their stance on privacy now carries the weight of the British government. Addressing the Society of Editors conference on Tuesday, Sajid Javid, the culture secretary, dismissed the right to privacy—in the form of the right to be forgotten—as “little more than an excuse for well-paid lawyers to hide the shady pasts of wealthy businessmen and the sexual indiscretions of sporting celebrities.'' Last weekend the former home secretary David Blunkett jumped on board, accusing technology companies that offer encryption of “helping terrorists to co-ordinate genocide and foster fear and instability around the world.'' Bernard Hogan Howe, the Metropolitan police commissioner, said this month that space and technology firms must do more to frustrate paedophiles, murderers and terrorists. Hannigan's assault on privacy has found friends in the highest places. Prior to the Edward Snowden revelations, the spymasters and generals directing the NSA and GCHQ didn't write newspaper essays about their work. But times have changed, highlighted by Hannigan's decision to use the Financial Times last week to accuse Twitter and Facebook—“the largest US technology companies''—of being routes for crime and terrorism. Like pretty much everything else said by governments, and spy agencies in particular, since Snowden pulled the behaviour of the US and UK listeners into daylight, Hannigan's comments were intentionally disingenuous. But also, like servants of various despotisms with whom he would be loth to compare himself, Hannigan's frequent use of the word *democracy* is accompanied by a stunning contempt for the rule of law. [...] Full story (and lots of comments already) at http://www.theguardian.com/commentisfree/2014/nov/13/gchq-assault-privacy-illegality-net-blackmail-surveillance
Once largely the domain of the F.B.I., undercover work has increased across federal agencies as policies have changed, according to officials, former agents and documents. http://www.nytimes.com/2014/11/16/us/more-federal-agencies-are-using-undercover-operations.html
The agency was forced to temporarily shut down its unclassified email and public websites after the attack on its computer systems. http://www.nytimes.com/2014/11/17/us/politics/state-department-targeted-by-hackers-in-4th-agency-computer-breach.html
Devlin Barrett, *Wall Street Journal*, 14 Nov 2014 Devices on Planes that Mimic Cellphone Towers Used to Target Criminals, but Also Sift Through Thousands of Other Phones The Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations. http://online.wsj.com/articles/americans-cellphones-targeted-in-secret-u-s-spy-program-1415917533
A company is placing kiosks in New York-area 7-Eleven stores that will allow people to make car keys without having to go to a car dealer. http://www.nytimes.com/2014/11/16/automobiles/lost-key-copies-from-the-cloud.html
November 13, 2014 , 12:30 pm Researchers Daniel M. Zimmerman and Joseph R. Kiniry published a paper called "Modifying an Off-the-Shelf Wireless Router for PDF Ballot Tampering" that explains an attack against common home routers that would allow a hacker to intercept a PDF ballot and use another technique to modify a ballot before sending it along to an election authority. http://threatpost.com/internet-voting-hack-alters-pdf-ballots-in-transmission/109333
The first time Rajibuddin Mandal, a family doctor in Birmingham, England, tried his hand at trading currencies online, he lost 2,000 British pounds. From that experience, he concluded that the foreign-exchange market was too big, too complex and too hazardous for amateur investors like himself. He decided he needed help from the professionals. http://bloom.bg/1wVxpwW 1%/day gain, investment principal return assured. What could go wrong?
Opening TextEdit in your MacBook to jot down some notes may feel like the digital equivalent of scrawling on the back of an envelope. Unfortunately, those unsaved notes may not be as private as you think they are—and likely haven't been for a while. If you're like the majority of Mac users, you may think your in-progress files—the ones you haven't explicitly saved—are being stored directly on your hard drive. And with FileVault 2, a full-disk encryption feature included with your OS, Apple has made it easy to encrypt the contents of your entire drive, offering an additional layer of security if your laptop is stolen—especially if you store your own recovery key. But security researcher Jeffrey Paul recently noticed that Apple's default autosave is storing in-progress files—the ones you haven't explicitly saved yet—in the cloud, not on your hard drive. (Surprise!) Unless you decided to hit save before you start typing, or manually changed the default settings, those meeting notes, passwords, and credit card numbers you jotted down in "Untitled 17" are living in iCloud. http://www.slate.com/blogs/future_tense/2014/11/03/filevault_2_mac_users_unsaved_files_and_screenshots_are_automatically_uploaded.html What could go wrong?
http://www.nytimes.com/2014/11/11/world/europe/for-guccifer-hacking-was-easy-prison-is-hard-.html Marcel-Lehel Lazar, whose pseudonym celebrated “the style of Gucci and the light of Lucifer,'' rampaged through the email of rich Americans, showing the ease of going rogue online.
http://www.nytimes.com/2014/11/13/upshot/americans-say-they-want-privacy-but-act-as-if-they-dont.html People are doubtful about the safety of their personal information online or on cellphones. Yet it does not necessarily change their behavior, according to a new poll.
Officials suspect that big banks ignore bankruptcy court discharges, keeping debts alive on credit reports and impairing borrowers' ability to secure housing and jobs. http://dealbook.nytimes.com/2014/11/12/debts-canceled-by-bankruptcy-still-mar-consumer-credit-scores/
And no, that's not really a hyperbolic headline; anyone who knows that power utilities have a hot list of addresses to restore first due to medical device usage knows exactly what I mean. http://spectrum.ieee.org/aerospace/military/electromagnetic-warfare-is-here As digital and Internet-connected control expands to cover more and more disciplines that we've never used it on before, our exposure to bad guys becomes larger and larger—as much because the barrier to entry becomes lower and lower, and there are always 12-year-old boys as for any other reason. Risk analysis is the fundamental issue here—and the fact that even those who ask for it don't always listen. We Told You So isn't always even satisfying. No matter; we *know* where the likely RISKS pinch points are in systems designs; we've known it for years. What hasn't happened is *getting the people who know into the design cycle, everywhere*. Will that require legislation? We've mooted the topic many times here on RISKS over the 3 decades I've read it. I'm not sure the rate at which the problem's getting better is outstripping the rate at which the domain is getting larger. Jay R. Ashworth, St Petersburg FL; Baylink http://www.bcp38.info +1 727 647 1274 email@example.com [MOOTED? We've variously TOOTED work by Paul Kocher, Ross Anderson, Dan Boneh, and many others, LOOTED risks in ROOTED systems being BOOTED, risks in pacemakers, and more. It's not moot, and of course it never was except in the eyes of folks who thought they could ignore the problems. This seems to be another example of “in that we don't know what to do about it, we're going to ignore it.'' PGN]
Martyn Williams, InfoWorld, 10 Nov 2014 Attackers can replace legitimate apps with fake ones that access and steal personal information http://www.infoworld.com/article/2846015/mobile-security/vulnerability-leaves-iphones-and-ipads-open-to-fake-app-attack.html
Serdar Yegulalp, InfoWorld, 12 Nov 2014 Racy or benign, your favorite sites have likely exposed you to malware-laden ads http://www.infoworld.com/article/2846993/malware/malware-doesnt-discriminate-when-it-comes-to-web-ads.html
Andy Greenberg, *WiReD*, 12 Nov 2014 (via Dave Farber) <http://www.wired.com/2014/11/badusb-only-affects-half-of-usbs/> First, the good news: that unpatchable security flaw in USB devices first brought to light over the summer affects only about half of the things you plug into your USB port. The bad news is it's nearly impossible to sort out the secure gadgets from the insecure ones without ripping open every last thumb drive. At the PacSec security conference in Tokyo on Wednesday, hacker Karsten Nohl presented an update to his research on the fundamental insecurity of USB devices he's dubbed BadUSB. Nohl and his fellow researchers Jakob Lell and Sascha Krissler have analyzed every USB controller chip sold by the industry's eight biggest vendors to see if their hack would work against each of those slices of silicon. The results: Roughly half of the chips were immune to the attack. But predicting which chip a device uses is practically impossible for the average consumer. “It's not like you plug [a thumbdrive] into your computer and it tells you this is a Cypress chip, and this one is a Phison chip,'' says Nohl, naming two of the top USB chip manufacturers. “You really can't check other than by opening the device and doing the analysis yourself. The scarier story is that we can't give you a list of safe devices.'' Nohl's BadUSB attack, which he revealed at the Black Hat security conference in August, takes advantage of the fact that a USB controller chip's firmware can be reprogrammed. That means a thumb drive's controller chip itself, rather than the Flash storage on that memory stick, can be infected with malware that invisibly spreads to computers, corrupts files stored on the drive, or quietly begins impersonating a USB keyboard to type commands on the victim's machine. “You'd Never Get Away With This in a Laptop'' Now Nohl's research team has tested that reprogrammability problem in USB controller chips sold by the industry's biggest vendors: Phison, Alcor, Renesas, ASmedia, Genesys Logic, FTDI, Cypress and Microchip. They checked versions of each chip both by looking up its published specs and by plugging a device using it into a computer and attempting to rewrite the chip's firmware. They found an unpredictable patchwork of results. All of the USB storage controllers from Taiwanese firm Phison that Nohl tested, for instance, were vulnerable to reprogramming. Chips from ASmedia weren't, Nohl's tests found. Controller chips from fellow Taiwanese company Genesys that used the USB 2 standard were immune, but ones that used the newer USB 3 standard were susceptible. In other categories of device like USB hubs, keyboards, webcams and mice, the results produced an even messier Excel spreadsheet of “vulnerable,'' “secure,'' and “inconclusive.'' [...]
[Note: This item comes from friend Steve Goldstein. DLH] (via Dave Farber) Stephanie Mlot, *PC Mag*, 11 Nov 2014 The "Masque Attack" allows hackers to replace a legit app with a phony one to track and collect private information. <http://www.pcmag.com/article2/0,2817,2471947,00.asp> Apple iOS users, beware: A bug discovered in Apple's mobile operating system can leave iPhones and iPads vulnerable to attacks. Uncovered in July by FireEye mobile security researchers, the "Masque Attack" allows hackers to replace a legitimate app with a phony one, then track and collect private information. That data—cached emails, login tokens, etc.—can then be used by the attacker to log into the victim's accounts. Users should be on the lookout for pop-up messages that prompt them to install something like an updated version of Flappy Bird or the latest Angry Birds title. As demonstrated in the video below, clicking on a malicious link could open the door to attackers, who mimic an original app's login interface to steal the victim's credentials. FireEye highlights the bug via the official Gmail application, downloaded to an iPhone from the iTunes App Store. "We have confirmed this attack with email apps where the malware can steal local caches of important emails and upload them to [a] remote server," the blog said. Worst of all, the malware is almost indistinguishable to the victim, who is unlikely to realize they have been duped. "In this situation, we consider it urgent to let the public know," FireEye said, "since there could be existing attacks that haven't been found by security vendors." The firm notified Apple about the vulnerability on July 26. Cupertino did not respond to PCMag's request for comment.
Jacob Hoffman-Andrews, *EFF*, 11 Nov 2014 <https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks> Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers' data to strip a security flag”called STARTTLS”from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.1 By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco's PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception. This type of STARTTLS stripping attack has mostly gone unnoticed because it tends to be applied to residential networks, where it is uncommon to run an email server2. STARTTLS was also relatively uncommon until late 2013, when EFF started rating companies on whether they used it. Since then, many of the biggest email providers implemented STARTTLS to protect their customers. We continue to strongly encourage all providers to implement STARTTLS for both outbound and inbound email. Google's Safer email transparency report and starttls.info are good resources for checking whether a particular provider does. Several Standards for Email Encryption The SMTP protocol, the underpinning of email, was not originally designed with security in mind. But people quickly started using it for everything from shopping lists and love letters to medical advice and investigative reporting, and soon realized their mail needed to be protected from prying eyes. In 1991, Phil Zimmerman implemented PGP, an end-to-end email encryption protocol that is still in use today. Adoption of PGP has been slow because of its highly technical interface and difficult key management. S/MIME, with similar properties as PGP, was developed in 1995. And in 2002, STARTTLS for email was defined by RFC 3207. While PGP and S/MIME are end-to-end encryption, STARTTLS is server-to-server. That means that the body of an email protected with, e.g. PGP, can only be read by its intended recipient, while email protected with STARTTLS can be read by the owners of the sending server and the recipient server, plus anyone else who hacks or subpoenas access to those servers. However, STARTTLS has three big advantages: First, it protects important metadata (subject lines and To:/From/CC: fields) that PGP and S/MIME do not. Second, mail server operators can implement STARTTLS without requiring users to change their behavior at all. And third, a well-configured email server with STARTTLS can provide Forward Secrecy for emails. The two technologies are entirely compatible and reinforce each other. The most secure and private approach is to use PGP or S/MIME with a mail service that uses STARTTLS for server-to-server communication. [...]
Is this on port 25 outbound where you would possibly expect to see something like a Cisco ASA or similar smtp proxy device deployed by an ISP intent on filtering malware / spam traffic outbound from infected user desktops or local spammers? Is this filter on port 587 (the smtp submission port) as well? Several ISPs in the USA and elsewhere outright block port 25 instead of proxying it, but the awareness of port 587 being available for use isn't uniform across all countries so that it is possible that a local ISP may have elected to proxy rather than block outbound port 25 traffic. Of course such an approach ideally whitelists port 25 traffic to known outbound servers (say those belonging to large email providers) but certainly won't be able to account for every mailserver running on a VPS or Linux box on a home dsl line for that matter. And in all cases using port 587, which has been RFC standard, widely supported and recommended as a best practice for several years, is ideal for any outbound mail you might want to send. EFF may want to take port 587 into account especially when they recommend TLS and study incidents like this Thai one (TLS is a best practice the security community entirely agrees with by the way)
How does this compare or relate to the "TLS False Start Using RSA" browser flag? That flag allows the packets to begin to flow before TLS credentials are validated. A Mozilla user can use Data Manager to change this from "allow" to "block" for a given domain, however, recent versions of the browser will refuse to honor that directive. Earlier versions honored it, but it was deliberately deprecated. I have found debates about this issue in Mozilla developer forums; the prevailing opinion appeared to be that requiring strict pre-authentication did not offer sufficient incremental security to justify the delay in page load time. I tend to be skeptical of arguments that appear to be as self-serving as that one, and I fail to see how it in any way justifies removing the option from the discretion of the individual browser user. I did not do much research on IE or Chrome, but I did see some hits that suggest similar policies.
The better solution to this would be not to equate having a drivers license with citizenship. In many places, being able to drive is almost a basic necessity, and denying illegal immigrants drivers licenses only results in more illegal (unlicensed and untested) drivers on the road.
Legal immigrants aka green card holders have been eligible for drivers' licenses since approximately forever. It has never been the case that possession of a driver's license means the holder is a citizen.* I don't see any reason to believe that adding illegal immigrants to the mix makes a significant difference. * In some states there's a thing called an Enhanced Driver's License (EDL) with more stringent documentation requirements that does mean that the holder is a citizen, but they've been notably unpopular.
And at a horrendous cost in code diversity. Not my favorite idea. A far better idea is to teach the difference between well written code and sloppy code. It is really easy, just put the two side by side and discuss for many use cases.
The scary part, at least to me, is that the tool may suggest something that is NOT what you intended, but is sufficiently similar that you do not spot the difference. In particular, if larger chunks of code are inserted, this is a real risk. When you write code yourself, you know what you intend it to do. If a tool inserts it, you may not take the trouble to fully understand what it does because "the tool normally generates good code (whatever that means)".
Please report problems with the web pages to the maintainer