Tuesday, 29 December 2009

Why not simply use explosive-sniffing dog?

In the aftermath of the failed attack on the Delta 253 flight everyone calls for new technologies which may be quite intrusive and certainly are very expensive. So, I'm wondering why don't we use explosive-sniffing dog at the airports? These animals can find even smallest quantities of explosives. Even bees can be used to search for explosives.

Legic Prime Has No Cryptography at All

This is really weird: Karsten Nohl and Hendryk Plötz have shown that the Legic Prime contactless smart cards neither a random generator nor an encryption algorithm. Users of Legic Prime are recommended to upgrade to Legic Advant which contains AES and is compliant to FIPS 201.

Heise article (german)



GSM Security Broken, Finally

It was well known for a long time that A5/1, the GSM encryption code is not secure. Now it has finally been broken. Nobody ever believed that our phone calls were safe from the secret services of this world. The issue is that now the calls and, even worse, SMSes are vulnerable to criminals, too. This is a problem M-TANs are used in online banking, for example.
But not all is lost: UMTS uses another algorithm, called MISTY or KASUMI, which is still considered safe. So, use M-TANs only if you have a 3G uplink.

Friday, 18 December 2009

Credit Card Abuse, Again

Employees of a call center in Bremen, Germany allegedly have abused the credit cards of customers of British Airways. This has been reported be the TV magazine "buten un binnen". A team manager has been arrested. Certainly this is only the tip of the iceberg.
It is well known and accepted that credit cards offer no security all. Users will reclaim their money, if they read their credit card statement. Fraud costs will be distributed to the general public via insurances and merchant fees.
However, a normal smart card won't fix this because it can't be used with a call center. The only viable options here are the internet with secure online banking and OTP. Both options require that dedicated security hardware is used by the end customer. There is no free lunch.

Wednesday, 9 December 2009

Phishing Damage Estimations

Trusteer operatates the anti-phishing browser plugin Rapport. Based on measurements performed by Rapport, they were able to estimate the average damage done by phishing. A succesful phishing attack is counted if the Rapport plugin detects that the user tries to enter credentials into a phishing web site.
Assuming that each successful phishing attack steals between 500$ and 2000$ they arrive at an average damage of 2$ to 9$ per online banking user per year.
This seems a lot but it also explains why banks seem to take phishing so lightly: Any kind of security token will certainly cost more per user and year.
What about Rapport itself? It seems to be well suited here if it helps against phishing and costs the bank less than the 9 Dollars mentioned above. Which is no surprise, as all the numbers come from Trusteer. I would like to know whether it also helps against trojans and man-in-the-middle attacks.

Thursday, 19 November 2009

Google ChromeOS: Computer as a Service

Google has announced it's Chrome OS. They claim that they will take full central control over any computer running Chrome OS. This should be well-known to people who use vendor-branded cell phones: no hassle, quick and simple operation, but restricted functionality.
It seems reasonable to me that a tightly controlled system should be able to defeat malware. However, I don't think tat this level of control is necessary here. The reason to want this level of control should not be security, but the wish to have a computer that "just works", as another vendor of more or less malware-resistant computers calls that.
Also note that Google wants to get into the service business.

Monday, 16 November 2009

"Anomalies" in Spain Speed up EMV Transition

It's not really clear what has happened there. It seems that massive amounts of credit card data were lost at a spanish credit card processor. New cards are sent to customers. At least some of these actually have an EMV chip. Another nail in the coffin of the obsolete magnetic stripes.
Update: Tonight it was in the news: more than 100 000 cards have been exchanged.

Sunday, 8 November 2009

Shreddered Stasi Documents Reconstructed

In the November 1989, the agents of the east german secret police Stasi, had a problem: On the streets there was revolution that would soon take over the government and in the archives there was a precise documentation of what they did in the last 40 years. So, they hurriedly shreddered as much documents as they could.
In the years to follow, people hat to accept the fast that it was just not feasible to reconstruct these documents.
One engineer of Fraunhofer Gesellschaft didn't accept that and developed a program that can reconstruct shreddered documents. The trick is to categorize the shreds before making an attempt to match them. Otherwise, the number of possible combination would grow exponentially with the number of shreds.
The security lesson? Shredding documents no longer keeps them secret.

PhoneSnoop Turns BlackBerries into Bugs

A simple BlackBerry program called PhoneSnoop will turn your BlackBerry into a bug. The attacker will install it on a BlackBerry he found lying around. Then calling the BlackBerry from a preconfigured telephone number will put the Balckberry into SpeakerPhone mode and all conversations near the affected BlackBerry can be overheard at the remote end of the call.
This is not a security issue of the BlackBerry operating system, because the root cause here is that the attacker had full control over the phone when he installed the software. For a minimum level of security, the BlackBerry should be configured to require a password ofter a short period of inactivity.
However, the morale here is that you shouldn't think "I don't have sensitive information on my telephone, so I don't need to secure it".

Sunday, 1 November 2009

Amazon PayPhrase

Amazon has announced a new payment system, Amazon Payphrase. It has two interesting security properties:
  • Participating websites will not obtain the credit card information
  • Deliveries will only be sent to the address set up at Amazon
Stealing the passphrase or the PIN used for authorizing the checkout won't help cybercriminals so much because they cannot trigger a delivery of the goods to an address of their choice. It seems to me that the system is as secure as Amazon itself. As Amazon has my credit card data anyway I gain a little security because the other websites don't get my credit card number.
Small websites might be happy to be relieved from the burden of credit card handling.
Centralizing the sensitive information will also help when security is to be added to the handling of sensitive information, like using a hardened browser, for example.

Sunday, 25 October 2009

Nigeria Closes down Spammers

The Nigerian Anti-Fraud commission EFCC states on its website that they started an operation against spam that has already resulted in the termination of 800 web sites. Nigeria is the home of the 419 scam emails where people are promised a substantial amount of money from questionable origin if the make some advance payments.

Will this reduce the amount of spam? I do not think so: 419 scams are almost neglegible in my spambox. However, if they actually shut down the scammers, it might help Nigeria's internet reputation, which might help Nigeria's economic development.

Sunday, 18 October 2009

Kaspersky wants to end Internet Anonymity

In an interview with zdnet Asia Eugene Kaspersky suggests to put an end to internet anonymity. He says "I'd like to change the design of the Internet by introducing regulation--Internet passports, Internet police and international agreement". Well, first this won't happen because it would be way to expensive. Even if an established system like OpenID would be used as the source of the identity management required here all ISPs and website operators would have to adopt their software. Second, it should not happen because anonymity is sometimes a part of freedom.
However the present system of website logins is a mess and should be fixed by using a voluntary identity management system.

Cnet reports that Comcast have a similar initiative where they disconnect users with infected PCs. This is also problematic, but it sounds a little better becasue it's good internet citizenship not to act as a springboard for internet criminals.

Realistically spaking, the responsibility for PC security remains with the vendors, not with the users as long as the systems are too complicated to be fully managed by the end users.

Sunday, 11 October 2009

Secure Online Banking

The Swiss company Crealogix has announced the CLX.Sentinel, a USB device which promises secure online banking. As I was with them team that developed it, it's no surprise that I like it.
But here is why: It uses a smart card to verify the user identity and set up a SSL connection to the bank. Thus, man-in-the middle attacks are prevented. As an additional security benefit it uses an internal list of legitimate banking sites so that phishers can't use the null prefix issue. The CLX.Sentinel won't connect to anything that's not on its list, so the browser infections are next to impossible.
The software is installed on the flash memory inside the token, so it can't be patched and it contains countermeasures against debugging and code injection at runtime.
I believe that this amount of countermeasures is needed nowadays.

Tuesday, 6 October 2009

The URLZone Trojan

RSA Fraud Action Research Lab publish an article about a online-banking trojan called URLZone. This trojan has an interesting new feature:
It can determine if whether requests for new "mules" come from a botnet member or a security company. If the request comes from a security company or researcher, the server will respond with account data of innocent people, thus protecting their mules from prosecution.
The accounts are people who received a legitimate transfer from a URLZone victim before.

'Mules' are the people who receive payments from infected PCs and forward them to the gangster's accounts. That's money-laundering, and not only criminal, but also quite dangerous. The fake mule responses will put innocent people under suspicion of money laundering.

Sunday, 27 September 2009

Google suggest Online Payment with Single Sign On

Google has suggested a micropayment System to the Newspaper Association of America. How is this asecurity issue? They suggest to combine it with a Single Sign On System also operated by Google.
I welcome paid-for Internet content because I believe that advertising As the only Business model for online content endangers the journalistic quality of the articles. The dependency on the advertisers leads to articles written for the advertisers, not for the readers. Also, I hope that flash and popups will become less intrusive if publishers get an additional revenue stream.
The bad news is that Google would know even more about their users, in particular if they operate the micropayment system.
I really would prefer having a small micropayment token connected to my computer that performs Single Sign On and micropayment operations under my control.

Sunday, 13 September 2009

Linux Botnet

The Register reports a new linux server botnet originally reported here. It is not yet clear how the servers are infectected. The purpuse of these servers is to serve malware from an additional webserver installed on listening on port 8080. It seems to me that people look at their web forum security again very closely: Not only can be used to exploit a server, but also if it is possible to post links at public discussion sites it is also possible to post links to such malware.

Sunday, 6 September 2009

Quantum Computer Chip

One popular use for the quantum computer is the factorization of big numbers. If one could factor a big number as quickly as it can be multiplied from its prime components the RSA algorithm would be broken. Theory says that this should be possible, but no practical implementation has been seen so far. The most important obstacle is the quantum noise that leads to random changes in quantum states.
Researchers at the university of Bristol have found a way to cram a complete quantum computer on one silicon chip. However, the largest number they can factor right now is 15. Also, the peripheral devices still fill up a complete desktop.
In order to factor larger numbers the quantum computer needs more degrees of freedom, which are called 'qbits'. Miniaturizing the computer might help with increasing the number of qbits.

Sunday, 30 August 2009

Real Time Keylogging

According to New York Times the trojan Clampi is able to send key presses in real time. This means that it can be used to attack one time password (OTP) systems.
From here on, it seems necessary to consider a more complex mode of OTP known as EMV CAP respectively Visa DPA. Here a challenge is sent from the server which is signed by a smart card. Therefore the attacker cannot submit the stolen OTP signature for any other purpose than it was originally intended for.

Saturday, 29 August 2009

MacOS X is not Invulnerable

Apple has fixed a nasty longstanding bug. This bug seems to enable user space programs to overwrite arbitrary locations in the kernel memory. The impact of this depends on how easy it is to guess the location of the target. A technique called Address Space Layout Randomization is expected to help here. Attackers need to guess the location of target variables or code for many computers in order to create a worm or rootkit that spreads using this vulnerability. However, it seems that the kernel memory is not randomized so all macs prior to the latest version of Leopard are vulnerable.

Tuesday, 18 August 2009

Voting Computer Tempest Attack

Youtube has a video where the german hacker club CCC shows how to read out the votes cast on an online voting machine. The electromagnetic radiation generated by the machine, in particular it's pressure sensitive input device, is measured by a sensitive radio scanner. It seems that almost any man-machine interface is threatend by this kind of attack.

Whole Genome Amplification allows DNA Spoofing

Israele researchers found that using a variant of polymerase chain reaction called 'whole genome amplification' it is possible to produce macroscopic amounts of DNA from very small samples. This can be used to create fake evidences at crime scenes. The fabricated samples have been tested with commercially available test kits.
This underlines two insights we all should know since long:
  • Don't trust on DNA alone to convict people
  • Be careful with large databases - their contents might be stolen
Update (209-08-20): Another Israeli company, Nucleix, claims that they have a DNA analysis kit that can distinguish between real and amplificated DNA. This looks ver much like another armamaent race to me.

Sunday, 16 August 2009

New RFC for Publishing DKIM Signature Policy

A new RFC allows to publish the policy for using DKIM signatures on outgoing emails. There are two ways to use DKIM:
  • use a valid DKIM header as an indication that the email is legit
  • use a missing DKIM header as an indication that the email is spam.
However, the first option fails if the spammer registers a domain and adds a valid DKIM header. The second option cannot be used if the domain in question simply doesn't use DKIM. Now there is a new option:
  • use a missing DKIM header as an indication that the email is spam and the sending domain announces that they use DKIM
This sounds reasonable to me.

Thursday, 13 August 2009

Email Stamps

CentMail is new attempt to fight spam by using digital stamps.It is backed by Yahoo research. The proceedings from centmail go to a charity chosen by the sender.
It is well known that even such a small cost for sending out spam will kill the business modell of most spammers. However, it remains to be seen how email receivers will react to these stamps. I would consider acknowledging them in my spamassassin rules.
Also note that people still need to guard against malware received by email even if such a system becomes popular, as a targeted malware infection may have a completely different business model.
Anyway, the money is well spent even if it doesn't kill spam immediately.

Formally Evaluated Microkernel Sourcecode

Australian researchers have published a formal proof of the correctness of a L4 microkernel. They used the theorem prover Isabelle to achieve this. L4 is a microkernel, not an operating system. It performs only very elementary functions like memory management and controlling processes as well as interprocess communication.
Additional operating system functionality, like networking or file systems are implemented outside of the kernel.
If this works out, meaning that the proof holds and the kernel runs at a reasonable speed, this would mean thet this the world's fist bug-free operating system kernel source code. Note the defensive wording, there might still be errors in the specification, the services outside of the service or the C compiler.
Unfortunately, it wont't run on smart cards, as it's target architecture is ARM11 and x86. Also, to gain a formally proven secure smart card kernel one would have to prove also security against hardware glitches and attacks.

Wednesday, 12 August 2009

Flash Cookies

Kate McKinley from iSEC Partners notes that Adabe's flash browser plugin can be used to store persistent data and thus track internet usage. Even worse, those flash cookies cannot be deleted through the browser settings. She descrribes a complicated procedure for managing and deleting flash cookies. This is annoying.

Tuesday, 4 August 2009

AES Weaknesses

Recent attacks on AES (see here and here) have shown weaknessesn in the AES key schedule. In short, they managed to recover the key of an 256-bit AES with a complexity of 2119 and 192-bit AES with complexity 2176. If this results holds, AES-256 is not better then AES-128. For the time being, there are no practical implications, as all three algorithms still can be considered practically secure.

Sunday, 2 August 2009

Electromechanical Locks

There is a video that shows all sorts of against electromechanical locks. No details. however. Maybe electronical locks shoudn't use mechanical keys at all?

Economics of Spam

An experiment about spam conversion rate (the rate by which spam emails result in purchases) show that less than 0.00001% of spam emails result in sales. The experiment was performed by infiltrating the storm botnet and sending out spam emails referring to fake sales pages operated by the researchers (I won't comment on whether I consider this method ethically acceptable. At least, no damage is done to the test subjects).
As sending out spam comes with a cost, this low conversion rate poses a problem to the spammers. The authors assume that the retail price for sending out spam is $80/million spam mails. That's not a business because one million emails result in only 0.1 conversions by the conversion rate quoted above.
The conclusion in the cited paper is that the storm botnet is "vertically integrated" and thus operates at lower costs than $80 per million of sent spam emails.
The good news is that spam business seems to operate at the border of profitability. If this is true, then measures that reduce spam profitabiity further might effectively reduce the quantity of spam.

Rootkit Breaks TrueCrypt

There is an attack against TrueCrypt based on a rootkit which is installed in the MBR. Such things are well-known since rootkits have been invented, but this one seems to be targeted directly at TrueCrypt and also quite hard to detect.
Someone who can change the booting process of a PC without being noticed can always steal the keyboard input. However, I would suggest that a tool like TrueCrypt should do everything that as possible to detect rootkits. Also it was suggested to boot TrueCrypt from a physical CD-ROM. That fixes the MBR issue.
Of course a TPM would help here, too. Too bad it has been burned by the DRM industry.

Friday, 31 July 2009

Dumb Smart Cards fail as e-Cash

An e-Cash (well, sort of) system used for parking payments in San Francisco and other US cities has been analysed and broken. It uses chip cards, but the chip cards do not authenticate themselves and therefore are pretty useless. This particular attack would have been impossible if the chip cards were authenticated properly.
It is a nice example for a scalable attack: If the security has been broken for one parking meter it is broken for all of them. This is a design error in a security application.
On a sidenote, in Germany and many other countries there is an e-Cash system which does not have these problems, it is called 'Geldkarte' (moneycard).

Thursday, 30 July 2009

Tempest Reloaded

Italian hackers found out that key presses on PS/2 keyboards can be sniffed out by measuring traces of the signals on the neutal line of the power supply of the computer they are connected to.
However, ATMs used where I live have a secure pinpad which also encrypts the PIN before it is sent to the bank for checking. I find it hard to believe that such a device leaks out the PIN so easily. A quick google query shows that there are such and such keyboards. Please note that the ones with PS/2 seem to lack VISA approval.

Monday, 27 July 2009

Massive Credit Card Data Theft

Credit card data of more than half a million people have been stolen. I don't think that such events can be avoided unless the architecture of web servers is fundamentally changed to make them more error-resilient.

Saturday, 25 July 2009

SWIFT

As many news outlets report, the European Commision starts negotiations with the USA about sharing financial data from SWIFT transactions with the USA.
Once the data are in USA it will be quite hard to ensure that the data are only used as intended. The security of these data does not only depend on the present US government, but only on all future governments.
This underlines and old and wellknown rule of data security: Mimimize the amount of data given at any time. Applied to this case, give SWIFT as few as possible.

iPhones' Hardware encryption without Key Management

Jonathan Zdziarski claims that the "hardware encryption" of the new iPhone 3Gs can be bypassed by removing the PIN that somehow manages said hardware encryption.
I don't know how this is implemented, but given that the iPhone OS is not unbreakable, it seems recommendable to manage the key for that encryption in the hardware encryption device, too.
Anyway, if Jonathan can recover the files without giving the PIN (we have to take his word here, as the clip does not really demonstrate it) something is really wrong there.


Wednesday, 22 July 2009

German Health Smart Card Troubles

The German health smart card is in trouble. My take on that is: On one hand, there are real issues like terminals being too expensive, on the other hand it looks like the doctors who are supposed to use these cards are a little technophobic.
We learn that if security comes with embracing technology it still hard to achieve wide acceptance, at least in germany.

Signature Software for MacOS with CommonCriteria

Intarsys' signature software for MacOS X has been evaluated by the german ffice for information security with the security level EAL3+. It's good that Mac users get something, now we're looking forward to EAL4+.

Tuesday, 21 July 2009

CAcert Auditor Resigned

This is a long story. There is a not-for-profit certification authority, CAcert, with the idea to apply the "web of trust" to a public key infrastructure. This is a good idea, as many security issues boil down to getting people's identities and having a large network of assurers checking people's IDs and passports is still at least as good as having a large corporation check that someone has access to somebody's email (and oldstyle-mailbox, if done a little more securely).
However, they want their certificate in the default installation of popular browsers, in particular firefox. This requires a security audit. And this means that they have to have the "Infrastructure" in PKI audited, which is extremely painful and led me to the trigger of this post. Some days ago, their auditor has resigned.
The quick way out of this is to say "PKI is too complex" and send people back to classic web of trust. I don't think so. PKI is worth it's complexity if it comes to longterm operation. I should think of a way to help beyond making an assurance here and there (I'm humble number 1592 on their assurer list).

Monday, 20 July 2009

E-Cash Coming Back?

The European Commission has started an new attempt at introducing electronic money. The organsiatational requirements , in particular initial capital, are reduced "with the objective of removing barriers to market entry". Not much on technology.
Will there be innovative implementations of E-cash? New busines models? Pay-per-view websites? Hmmm....

Sunday, 19 July 2009

Webcam Security

A collegue has asked me to make a webcam accessible to his iPhone. Unfortunately, the images from the webcam are displayed by a Java applet, if the browser announces itself as a "mozilla". So I had to take a look at the protocol.

Passwords are sent in cleartext. Upon a successful login the client receives a "key", also in cleartext, which is then used as a directory on the web server. Fortunately, no sensitive data is protected by this mechanism...

Elliptic Curves Tested in Lausanne

Researchers at École Polytechnique Fédérale de Lausanne have cracked a 112 bit encryption based on elliptic curves (more exactly secp112r1) using 700 machine-months of the Sony playstation PS3.
Experiments of this sort are important to judge the security of real-life applications: At the moment elliptic curves betwen 160 and 256 bits are used. As the number of processor cycles required for a brute-force-attack grows exponentially with the number of bits there is quite some headroom left.

Joanna Rutkowska on Processor-Level Security

Tomshardware runs an interview with Joanna Rutkowska on malware targetet against the BIOS and even the processor firmware. The issue here is that the operating system can't defend itself against malware targetting lower layers of the system like the processor firmware. Here Joanna sees a task for the vendors of BIOSes and firmware.