Apr 16 2014

nsa operation orchestra

In February of this year, Poul-Henning Kamp (a.k.a “PHK”) gave what now looks to be a peculiarly prescient presentation as the closing keynote to 2014′s FOSDEM.

In the presentation (PDF), PHK posits an NSA operation called ORCHESTRA which is designed to undermine internet security through a series of “disinformation” or “misinformation”, or “misdirection” sub operations. ORCHESTRA is intended to be cheap, non-technical, completely deniable, but effective. One of the opening slides gives ORCHESTRA’s “operation at a glance” overview as:

* Objective:
- Reduce cost of COMINT collection
* Scope:
- All above board
- No special authorizations
* Means:
- Eliminate/reduce/prevent encryption
- Enable access
- Frustrate players

PHK delivers the presentation as if he were a mid-ranking NSA staffer intending to brief NATO in Brussels. But “being American, he ends up [at FOSDEM] instead”. The truly scary part of this presentation is that it could all be completely true.

What makes the presentation so timely is his commentary on openssl. Watch it and weep.

Permanent link to this article: http://baldric.net/2014/04/16/nsa-operation-orchestra/

Apr 16 2014

more heartbleed

For any readers uncertain of exactly how the heartbleed vulberability in openssl might be exploitable, Sean Cassidy over at existential type has a good explanation.

And if you find that difficult to follow, Randall Munroe over at xkcd covers it quite nicely.

heartbleed_explanation

My thanks, and appreciation as always, to a great artist.

Of course, Randall foresaw this problem back in 2008 when he published his take on the debian openssl fiasco.

Permanent link to this article: http://baldric.net/2014/04/16/more-heartbleed/

Apr 16 2014

pulitzer guardian

The Guardian and the Washington Post have been jointly awarded the Pulitzer prize for public service for their reporting of Edward Snowden’s whistleblowing on the NSA’s surveillance activities.

The Guardian reports:

The Pulitzer committee praised the Guardian for its “revelation of widespread secret surveillance by the National Security Agency, helping through aggressive reporting to spark a debate about the relationship between the government and the public over issues of security and privacy”.

Unfortunately that debate seems to be taking place in the USA rather than in the UK.

In typical Guardian style, one correspondent to today’s letters page says:

Congratulations to all. Can’t wait for the film. All the President’s Men II? Johnny Depp as Alan Rusbridger?

I’d pay to see that. But I’m not sure how it ends yet.

Permanent link to this article: http://baldric.net/2014/04/16/pulitzer-guardian/

Apr 15 2014

boot and nuke no more

I was contacted recently by a guy called Andy Beverley who wrote:

Hope you don’t mind me contacting you about one of your old blog posts “what gives with dban”. Thought I’d let you know that I forked DBAN a while ago, and produced a standalone program (called nwipe) that will run on any Linux OS. That means it will work with any Live CD, meaning much better hardware support.

It’s included in PartedMagic, as well as most other popular distros.

“No I don’t mind at all” is my response. In fact, since DBAN seems to be borked permanently, it is nice to see an alternative out there.

Andy’s nwipe page says that he could do with some assistance. So if anyone feels able to help him out, give him a call.

Permanent link to this article: http://baldric.net/2014/04/15/boot-and-nuke-no-more/

Apr 08 2014

heartbleed

This is nasty. There is a remotely exploitable bug in openssl which leads to the leak of memory contents from the server to the client and from the client to the server. In practice this means that an attacker can read 64K chunks of memory on a vulnerable service, thus potentially exposing security critical information.

At 19.00 UTC yesterday, openssl bug CVE-2014-0160 was announced at heartbleed.com. I picked it up following a flurry of emails on the tor relays list this morning. Roger Dingledine posted a blog commentary on the bug to the tor list giving details about the likely impacts on Tor and Tor users.

Dingledine’s blog entry says:

Here are our first thoughts on what Tor components are affected:

  • Clients: Tor Browser shouldn’t be affected, since it uses libnss rather than openssl. But Tor clients could possibly be induced to send sensitive information like “what sites you visited in this session” to your entry guards. If you’re using TBB we’ll have new bundles out shortly; if you’re using your operating system’s Tor package you should get a new OpenSSL package and then be sure to manually restart your Tor.
  • Relays and bridges: Tor relays and bridges could maybe be made to leak their medium-term onion keys (rotated once a week), or their long-term relay identity keys. An attacker who has your relay identity key can publish a new relay descriptor indicating that you’re at a new location (not a particularly useful attack). An attacker who has your relay identity key, has your onion key, and can intercept traffic flows to your IP address can impersonate your relay (but remember that Tor’s multi-hop design means that attacking just one relay in the client’s path is not very useful). In any case, best practice would be to update your OpenSSL package, discard all the files in keys/ in your DataDirectory, and restart your Tor to generate new keys.
  • Hidden services: Tor hidden services might leak their long-term hidden service identity keys to their guard relays. Like the last big OpenSSL bug, this shouldn’t allow an attacker to identify the location of the hidden service, but an attacker who knows the hidden service identity key can impersonate the hidden service. Best practice would be to move to a new hidden-service address at your convenience.
  • Directory authorities: In addition to the keys listed in the “relays and bridges” section above, Tor directory authorities might leak their medium-term authority signing keys. Once you’ve updated your OpenSSL package, you should generate a new signing key. Long-term directory authority identity keys are offline so should not be affected (whew). More tricky is that clients have your relay identity key hard-coded, so please don’t rotate that yet. We’ll see how this unfolds and try to think of a good solution there.
  • Tails is still tracking Debian oldstable, so it should not be affected by this bug.
  • Orbot looks vulnerable; they have some new packages available for testing.
  • The webservers in the https://www.torproject.org/ rotation needed (and got) upgrades too. Maybe we’ll need to throw away our torproject SSL web cert and get a new one too.

But as he also says earlier on, “this bug affects way more programs than just Tor”. The openssl security advisory is remarkably sparse on details, saying only that “A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.” So it is left to others to explain what this means in practice. The heartbleed announcement does just that. It opens by saying:

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.

During their investigations, the heartbleed researchers attacked their own SSL protected services from outside and found that they were:

able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

According to the heartbleed site, versions 1.0.1 through 1.0.1f (inclusive) of openssl are vulnerable. The earlier 0.9.8 branch is NOT vulnerable, nor is the 1.0.0 branch. Unfortunately, the bug was introduced to openssl in December 2011 and has been available in real world use in the 1.0.1 branch since 14 March 2102 – or just over 2 years ago. This means that a LOT of services will be affected and will need to be patched, and quickly.

Openssl, or its libraries, are used in a vast range of security critical services across the internet. As the heartbleed site notes:

OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.

That point about networked appliances is particularly worrying. in the last two years a lot of devices (routers, switches, firewalls etc) may have shipped with embedded services built against vulnerable versions of the openssl library.

In my case alone I now have to generate new X509 certificates for all my webservers, my mail (both SMTP and POP/IMAP) services, and my openVPN services. I will also need to look critically at my ssh implementation and setup. I am lucky that I only have a small network.

My guess is that most professional sysadmins are having a very bad day today.

Permanent link to this article: http://baldric.net/2014/04/08/heartbleed/

Mar 31 2014

the netbook is not dead

I bought my first netbook, the Acer Aspire One, back in April 2009 – five years ago. That machine is still going strong and has seen umpteen different distros in its time. It currently runs Mint 16, and very happily too.

The little Acer has nothing on it that I value over much, all my important data is stored on my desktop (and backed up appropriately) but I find it useful as a “walking about” tool simply because it is so portable, so it still gets quite a bit of use. I am planning a few trips later this year, notably to Scotland and later (by bike) to Croatia, and I want to take something with me that will give me more flexibility in my connectivity options than simply taking my phone to collect email. In particular, it would be really useful if I could connect back to my home VPN endpoint whilst I am out and about. This is exactly the sort of thing I use the Acer for when I’m in the UK. I (briefly) considered using my Galaxy Tab, which is even lighter and more portable than the Acer, but I just don’t trust Android enough to load my openvpn certificates on to it. There is also the possibility that the Tablet could be lost or stolen (I shall be camping quite a lot). So the Acer looks a good bet. The downside of taking the Acer is the need for mains power (for recharging) of course, but I shall be staying in the odd hotel en route, and I have an apartment booked in Dubrovnik so I figure it should cope. However, I am not the only fan of the Acer – my grandson loves to sit with it on his lap in my study and watch Pingu and Octonauts (parents and grandparents of small children will understand). Given that I recognise that I might lose the Tablet, I must also assume that the Acer might disappear. My grandson wouldn’t like that. So the obvious solution is to take another AAO with me – off to ebay then.

Since my AAO is five years old, and that model has been around for longer than that, I figured I could pick up an early ZG5 with 8 or 16 Gig SSD (rather than the 160 Gig disk mine has) for about £20 – £30. Hell, I’ve bought better specced Dell laptops (I know, I know) for less than that fairly recently. I was wrong. Astonishingly, the ZG5, in all its variants, appears to still be in huge demand. I bid on a few models and lost, by quite some margin. So I set up a watch list of likely looking candidates and waited a few days to get a feel for the prices being paid. The lowest price paid was £37.00 (plus £10.00 P&P) for a very early ZG5 still running Linpus, another Linpus ZG5 with only 512Mb of RAM and an 8 Gig SSD went for £50.00 plus £9.00 P&P), most of the later models (with 1 Gig of RAM and 160 – 250 Gig disks went for around £70 – £90 (plus various P&P charges). In all I watched 20 different auctions (plus a few for similar devices such as the MSI Wind and the Samsung NC10). The lowest price I saw after the £37.00 device was £55.00 and the highest was £103.00 with a mean of just over £67. That is astonishing when you consider that you can pick up a new generic 7″ Android tablet for around £70.00 and you can get a decent branded one for just over £100. And as I said, old laptops go for silly money – just take a look at ebay or gumtree and you can pick up job lots of half a dozen or more for loose change.

So – despite what all the pundits may have said, clearly the netbook as a concept still meets the requirements of enough people (like me I guess) to keep the market bouyant. Intriguingly, the most popular machines sold (in terms of numbers of bidders) were all running XP. I just hope the the buyers intended to do as I did and wipe them to install a linux distro. Of course, having started the search for another ZG5, I just couldn’t let it go without buying one. I was eventually successful on a good one with the same specification as my original model.

The only drawback is that it is not blue…..

open

closed

Well, at least I don’t think it will be stolen.

Permanent link to this article: http://baldric.net/2014/03/31/the-netbook-is-not-dead/

Feb 28 2014

the spy in your bathroom

Back in June 2008 I noted Craig Wright had posted to bugtraq reporting a “remote exploitation of an information disclosure vulnerability in Oral B’s SmartGuide management system”. I found it faintly amusing that a security researcher should have been looking for vulnerabities in a toothbrush.

I should have known better.

A report in wednesday’s on-line Guardian points to the release of a new smart tootbrush from Oral B. Apparently that toothbush will link via bluetooth to an app on either an iPhone or Android and report back to your dentist. Apparently Oral B “sees the connected toothbrush, launched as part of Mobile World Congress’s Connected City exhibition, as the next evolution of the smart bathroom.” Wayne Randall, global vice president of Oral Care at Procter and Gamble reportedly said:

“It provides the highest degree of user interaction to track your oral care habits to help improve your oral health, and we believe it will have significant impact on the future of personal oral care, providing data-based solutions for oral health, and making the relationship between dental professionals and patients a more collaborative one.”

That’s just great. GCHQ have plenty of other personal data feeds already without giving them access to our bathrooms.

Permanent link to this article: http://baldric.net/2014/02/28/the-spy-in-your-bathroom/

Feb 12 2014

checking client-side ssl/tls

At the tail end of last year I mentioned a couple of tools I had used in my testing of SSL/TLS certificates used for trivia itself and my mail server. However, that post concentrated on the server side certificates and ignored the security, or otherwise, offered by the browser’s configuration. It is important to know the client side capability because without proper support there for the more secure ciphers it is pointless the server offering them in the handshake – the client-server interaction will simply negotiate downwards until both sides reach agreement on a capability. That capability may be sub-optimal.

A recent post to the Tor stackexchange site posed a question about the client side security offered by the TorBrowser Bundle v. 3.5 (which uses Firefox). The questioner had used the “howsmyssl” site to check the cipher suites which would be used by firefox in a TLS/SSL exchange and been disturbed to discover that it reportedly offered an insecure cipher (SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA). Sam Whited responded with a pointer to his blog post about improving FF’s use of TLS.

From that post, it appears that TLS 1.1 and 1.2 were off by default in FF versions prior to 27. Hence they would have been off in the TorBrowser Bundle as well.

Permanent link to this article: http://baldric.net/2014/02/12/checking-client-side-ssltls/

Feb 12 2014

policy update

An exchange of emails with Mark over at bsdbox.co a day or so ago made me realise that my privacy policy needed updating. Not, I hasten to add, for any fundamental reason, but simply because a couple of the references in that policy were out of date. I have therefore amended it and version 0.2.0 is now in place. As promised in the policy, this post draws attention to the changes.

The amendments I have made are as follows:

I have amended my reference to geo-locating IP addresses because I stopped using the off-site “clustrmaps” tool some time ago. I now point out that I collect aggregate IP address geo-location data incidentally through my use of Counterize. However, as I note in the policy, I may drop Counterize shortly because it is becoming a drain on the site. Unlike static web log analysis tools, Counterize runs a script in real time to update its database. That database is now getting too large for my liking and some of the (automatic) queries it runs are not well optimised. I haven’t spent any long time investigating this, largely because my MySQL DB skills are woefully inadequate, but it looks to me as if some of the fields are not properly indexed to allow fast queries.

As an aside, readers may care to note that Counterize reports that I get between 30,000 and 40,000 hits on trivia each month and the top visiting countries are: the US at 57.8%, China at 13.6%, the EU at 6.8% and the Russian Federation at 4.5%. The dear old UK is eighth at 2.4% just ahead of Canada and the Ukraine. Those stats might look odd until you realise that I have allowed Counterize to include known webcrawlers. The biggest of these of course are based in the US, but Baidu in China is not far behind in its activity.

I have changed my references to the captcha and contact forms I use on trivia because I have stopped using Mike Challis’s plugins. I did this because Mike seems to like to update his plugins every other week or so and, much as that is to be applauded if there are real gains to be made, I found the maintenance overhead to be too high for what I was getting. Stability is good too.

Incidentally, for anyone interested in FreeBSD, particularly in its use on a server running Tor, or a website it is well worth paying a visit to Mark’s blog. He writes well and it is always worth looking at alternatives to Linux.

Permanent link to this article: http://baldric.net/2014/02/12/policy-update/

Feb 11 2014

privacy matters

The Open Rights Group here in the UK has been campaigning against mass, umwarranted surveillance by GCHQ since the Snowden revelations first emerged in summer of last year. Two of its current campaigns are: “don’t spy on us” and “the day we fight back“.

I have signed both of them.

I have also written to my MP in the following terms:

I have today signed the on-line petition for the “don’t spy on us” campaign. That campaign calls for an inquiry into the mass, unwarranted, surveillance of the UK population by GCHQ.

I call upon you, as my elected representative, to support my rights under Article 8 and 10 of the European Convention on Human Rights to a private life with full, unfettered freedom of expression.

I ask that you support the campaign both on-line, and in Parliament. Parliament has been completely ineffective in its oversight of GCHQ. That must end. You, along with all other Parliamentarians must do a much better job of holding them to account.

Yours sincerely

Mick Morgan

I’ll let you know what he says (though I can guess the reply. In fact I could probably write it myself.)

Permanent link to this article: http://baldric.net/2014/02/11/privacy-matters/

Feb 08 2014

compare and contrast

Foreign Secretary William Hague is apparently concerned about press restrictions in Egypt. He has reportedly urged the interim Egyptian government to demonstrate commitment to free expression.

The press release on the gov.uk website says:

Speaking today about increasing restrictions placed upon journalists and the media in Egypt, Foreign Secretary William Hague said:

  • “I am very concerned by restrictions on freedom of the press in Egypt, including reports of the recent charging of Al Jazeera journalists, two of whom are British, Sue Turton and Dominic Kane.
  • “We have raised our concerns about these cases and freedom of expression at a senior level with the Egyptian government in recent days. I will discuss these concerns with other European Foreign Ministers at the European Foreign Affairs Council on Monday, and we will continue to monitor the situation of the journalists very closely, and raise them with the Egyptian authorities.
  • “The UK believes a free and robust press is the bedrock of democracy. I urge the Egyptian interim government to demonstrate its commitment to an inclusive political process which allows for full freedom of expression and for journalists to operate without the fear of persecution.”

So, the UK Government believes that a “free and robust press is the bedrock of democracy”.

I agree.

Last weekend’s Guardian newspaper reported on the visits they had from and the conversations they had with Cabinet Secretary, Sir Jeremy Heywood and colleagues back in June and July of last year when the Snowden revelations were just starting to cause some ripples.

That article says:

In two tense meetings last June and July the cabinet secretary, Jeremy Heywood, explicitly warned the Guardian’s editor, Alan Rusbridger, to return the Snowden documents.

Heywood, sent personally by David Cameron, told the editor to stop publishing articles based on leaked material from American’s National Security Agency and GCHQ. At one point Heywood said: “We can do this nicely or we can go to law”. He added: “A lot of people in government think you should be closed down.”

It goes on:

Days later Oliver Robbins, the prime minister’s deputy national security adviser, renewed the threat of legal action. “If you won’t return it [the Snowden material] we will have to talk to ‘other people’ this evening.” Asked if Downing Street really intended to close down the Guardian if it did not comply, Robbins confirmed: “I’m saying this.”

Perhaps Hague should have a word with Cameron. They really need to be more consistent. If freedom of expression is vital in Egypt, I submit it is equally vital in the UK.

Permanent link to this article: http://baldric.net/2014/02/08/compare-and-contrast/

Jan 22 2014

dis-unity

The “cloud” is achingly trendy at the moment and new companies offering some-bollocks-as-a-service (SBaaS) keep popping up all over the ‘net. Personally I am extremely unlikely to use any of the services I have seen, I just don’t trust that particular business model.

I checked out the website for one of these companies today following an article I read on El Reg. The company’s website says, in answer to its own question, “what can you do with younity?” that you can:

Spontaneously access any file, from any device, without planning ahead.

Browse all your devices at once.

It further says:

share any file.
ANY FILE STORED ON ANY COMPUTER WITHOUT PLANNING AHEAD, VIA YOUNITY OR PRIVATELY TO FACEBOOK.

(I love that “privately to facebook” bit.)

However, further down it says “Step 1, download younity for Windows or Mac, Step 2, install on iOS”. So, the “any file stored on any computer” claim is just not true if, like me you have a mixture of Linux machines, Android tablet and CyanogenMod ‘phone. I’m pretty sure that claim must breach some advertising standard and I’d complain if I cared about using the product. Fortunately I don’t.

Another “cloud” company making some interesting claims is Backblaze, the company whose blog commentary on consumer grade disks I referenced below. They supposedly offer a service with “unlimited storage”, which “automatically finds files” on your computer and then stores them in the Backblaze cloud with “military-grade encryption”. The website says that “everything except OS files” is backed up, so the system must have the freedom (and permissions) to ferret about on your local disk and then pass the files it finds out to Backblaze’s pods. Forgive me if I don’t like that idea.

The section about encryption is intriguing because it claims:

When you use Backblaze, data encryption is built in. Files scheduled for backup are encrypted on your machine. These encrypted files are then transferred over a secure SSL (https) connection to a Backblaze datacenter where they are stored encrypted on disk. We use a combination of proven industry standard public/private and symmetric encryption methods to accomplish this task. To a Backblaze customer all of this is invisible and automatic. For example, when you create your Backblaze account, we automatically generate your private key that is used to uniquely protect your data throughout our system.

They go on to say:

Upon arriving at a Backblaze datacenter, your data is assigned to one or more Storage Pods where it is stored encrypted. Access to your data is secured by your Backblaze account login information (your email address and password). When you provide these credentials, your private key is used to decrypt your data. At this point you can view your file/folder list and request a restore as desired.

A blog posting by Backblaze’s Tim Nufire gives some detail about how the company encrypts your data. On the face of it, the use of a 2048 RSA public/private key pair in conjunction with ephemeral 128 bit AES symmetric keys (to actually encrypt the data) looks impressive – particularly when the company claims that the private key can be further protected by encryption with a user provided passphrase. But given that the company is US based, that claim bothers me. I am particularly sceptical about any claims that the company is unable to decrypt private data because /they/ generate the public/private key pair and they admit (in the blog post) that they store the private key on their servers. Sorry, but if my data is private enough for me to wish to protect it with strong encryption, then I want to use keys I have generated myself, on a system which I control.

Backblaze’s description of the file restoration process does not give me any warm feeling either. Here is what they say:

When you request a data restore, we do what is known as a cloud restore. This simplifies the data restoration process. For example, let’s assume your hard drive crashes and you get a new hard drive or even a new computer. To restore your data you first log in to Backblaze using a web browser by providing your Backblaze account information (email address and password). Once you have logged in to the Backblaze secure web interface you can request a restore of your data. You do not have to install Backblaze to get your data back. To make this work, we decrypt your data on our secure restore servers and we then zip it and send it over an encrypted SSL connection to your computer. Once it arrives on your computer, you can unzip it and you have your data back.

So if I want my data back, they get a clear text copy of it all before sending it to me. Worse, they even offer to send it to me through the post on a USB disk.

I don’t call that a private recovery system.

Permanent link to this article: http://baldric.net/2014/01/22/dis-unity-2/

Older posts «