ssl cipher check

My recent explorations of how to strengthen the ssl/tls certificates I use on both trivia and my mail service have given me cause to look for tools to help me test my configuration. The Calomel firefox plugin and sslabs site are very useful for checking HTTPS configurations, but they are fairly specifically aimed at that aspect alone and I wanted something a little more general purpose – and preferably command line driven. The openssl program itself is pretty useful, but I found this rather nice perl script called ssl-cipher-check which I have now added to my toolset.

Recommended.

On a related note, a post over at crypto stackexchange gives an interesting answer to the question, “how secure is AES?” The post dates from 2012 (and 1 April at that) but it concludes:

  • The federal government is allowed to use AES for top-secret information.
  • We don’t know that they would actually want AES to be mathematically breakable, so at the AES competition 11 years ago it is possible they would have avoided any algorithm they thought they could break in the near future.

None of that is proof, but we tend to assume that the NSA can’t break AES.

No-one has updated or contradicted that answer since it was posted.

Permanent link to this article: https://baldric.net/2013/12/10/ssl-cipher-check/

no more akismet

In common with (probably) all wordpress based blogs, trivia has the aksimet plugin in place. Akismet is shipped by default in the base wordpress installation and new users are encouraged to sign up for an API key. On first configuring the blog’s plugins, users are greeted with the following commentary about akismet:

Used by millions, Akismet is quite possibly the best way in the world to protect your blog from comment and trackback spam. It keeps your site protected from spam even while you sleep. To get started: 1) Click the “Activate” link to the left of this description, 2) Sign up for an Akismet API key, and 3) Go to your Akismet configuration page, and save your API key.

So of course I did, as I guess most people do. And I have used akismet ever since even though I really don’t like it. Having once started to use akismet, I was impressed by the apparent volumes of spam it blocked. The plugin gives statistics through the wordpress dashboard and the reported volumes held at bay are quite remarkable. The graphic below shows my stats since 2009.

akismet-all-time-stats

Note that in 2013 the plugin reportedly stopped over 56,000 spam posts aimed at trivia. In April 2013 alone, the plugin reports that it blocked over 13,500 spam posts. That is a /lot/ of spam. But of course I still had to handle the odd one or two comments (largely from russian sites with dodgy looking URLs) which appeared to get through.

Then I tried an experiment. I turned akismet off. I initially did this in September of this year. I still got the odd one or two russians and ukrainians popping up, but I did not see the expected deluge of rubbish that aksimet would have me believe was out there. I turned it back on in October for short period and noticed no difference so I finally switched it off completely at the beginning of November. It has been off ever since.

Guess what? No deluge. So it stays off. That way I can be sure I am no longer reporting anything back to the aksimet servers.

Permanent link to this article: https://baldric.net/2013/12/08/no-more-akismet/

where are you now?

The ongoing revelations from Snowden continued recently with reporting in the Washington Post about the NSA’s program to track mobile ‘phone location data. Reporting here and elsewhere suggests that the NSA is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world.

That reporting, and its obvious implications, reminded me of the wonderfully graphic reporting in the German newspaper “Die Zeit”‘s on-line magazine, “Zeit Online” some time ago. Zeit reported that the German Green party politician, Malte Spitz, had sued the German telecoms company “Deutsche Telekom” to get them to hand over six months of his ‘phone data. Spitz then gave that data to Zeit Online who combined the geolocation data from the telcom company’s records with information relating to his life as a politician, derived from public information such as his Twitter feeds, blog entries and websites.

The result is quite enlightening.

image of map in germany

The Zeit graphic published on their website is interactive. It allows you to select any date from 31 August 2009 to the end of the six month data span and then press “play”. As the Zeit says:

“By pushing the play button, you will set off on a trip through Malte Spitz’s life. The speed controller allows you to adjust how fast you travel, the pause button will let you stop at interesting points. In addition, a calendar at the bottom shows when he was in a particular location and can be used to jump to a specific time period. Each column corresponds to one day.”

The corresponding data shown alongside the interactive map gives more detail about what Spitz was likely to be doing in any one location at a particular time. So for example, on Wednesday 2 September at 4 pm, Spitz is shown to be in Berlin, whilst data from his twitter feed says that he was speaking to the Social Network VZ group about data privacy and consumer protection.

Spitz agreed to provide his telephony location data to a third party. You probably didn’t.

Permanent link to this article: https://baldric.net/2013/12/08/where-are-you-now/

TLS ciphers in postfix and dovecot

A recent exchange amongst ALUG email list members about list etiquette resulted in a flurry of postings on a variety of related topics. I posted a flippant comment about top posting, but did so (deliberately) from my Galaxy tab using Samsung’s default email client which actually forces top posting. Steve responded suggesting that I look at K9, the android email client of choice for those who care about proper adherence to email standards.

Now I last used K9 around the tail end of 2011 but gave up because it had a silly little problem with my self signed TLS certificates and I told the list that. Steve wasn’t satisfied with that answer and pointed to a discussion about the issue which suggested that my certificates might be causing the problem if the IMAP/POP certificate used the same identifiers (for example, the CN) as the SMTP certificate when the certificates were actually different. In my case this turned out to be exactly what was wrong. Even though both my dovecot and my postfix X509 certificates contained exactly the same information, because I had generated them separately at different dates (purely by historic accident) the certificates and keys differed and it was this which caused K9 to barf. As bernhard, a member of the K9 project team said:

“the problem is that your imaps and your smtps certifcate don’t match. we store the certs with their CN. So if the CN is the same but the cert is different we get a problem.

The fix is complexe and breaks backward compability so we can’t apply it.
I know this does not sound good :/
there is some missing feature which is an blocker on this issue, but i can’t give you an timetable when this missing part is addressed.

I fear the only thing you can do about this is to change your smtps cert to be the same as your imaps cert.”

So I did. I simply changed my dovecot SSL configuration to point to the same certificate and key as I had in place for postfix and bingo, my newly re-installed K9 stopped barfing. Of course, I hadn’t spotted this fix because I had given up on K9 before the fix was documented (he said…).

Now given that I have recently strengthened the SSL/TLS certificates I use and tightened up my lighttpd configuration to force use of stronger ciphers, I thought I ought to take a look at doing the same for my dovecot and postfix configurations. It turns out to be both possible and pretty simple to do so. Here’s how.

In dovecot the SSL/TLS configuration is handled by the file /etc/dovecot/conf.d/10-ssl.conf. The relevant sections of my file now contain the following:

# dovecot ssl configuration for IMAPS/POP3S mail.

ssl = yes

# PEM encoded X.509 SSL/TLS certificate and private key. They’re opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Note that the key and certificate file can be combined into one (as here).

ssl_cert = </path/to/my/smtp-server-cert.pem

ssl_key = </path/to/my/smtp-server-cert.pem

# SSL ciphers to use

# (default)
# ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

# (better)
ssl_cipher_list = TLSv1+HIGH !SSLv2 !RC4 !aNULL !eNULL !3DES @STRENGTH
#
# end

For postfix, the configuration is handled in the usual main.cf. I have updated the relevant section of my configuration file as below:

# TLS parameters

# where we get our entropy

tls_random_source = dev:/dev/urandom

smtpd_use_tls=yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_cert_file=/path/to/my/smtp-server-cert.pem
smtpd_tls_key_file=$smtpd_tls_cert_file
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#
# use only the high grade ciphers (128 bit and higher AES)
#
smtpd_tls_ciphers = high
#
# and exclude known weaknesses
#
smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4
#
# and limit the protocols to TLSv1, specifically excluding SSL version 2 and 3
#
smtpd_tls_protocols = TLSv1, !SSLv2, !SSLv3
#

Note that the postfix configuration documentation says that the full list of cipher grades available for opportunistic TLS (which we are using, mandatory is not advisable unless you wish to break your email) is:

null – encryption-less grades for authenticated loopback traffic
export – 90’s style “export” weak keys or stronger (i.e. deliberately broken…..)
low – Legacy single-DES keys or stronger
medium – 128-bit RC4 or stronger
high – 128-bit AES or stronger

Note also that opportunistic TLS defaults to “export”, which is probably not what you want these days. Here I have deliberately limited the ciphers to “high”.

Now after reloading our mail system we can check the configuration on dovecot with openssl thus:

openssl s_client -connect my.mailserver.com:993

and amongst the details returned we see the reassuring response:


New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.1
Cipher : DHE-RSA-AES256-SHA

and the same check on our postfix mailer port thus:

openssl s_client -connect my.mailserver.com:25 -starttls smtp

gives us:

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.1
Cipher : ECDHE-RSA-AES256-SHA

Job done.

Permanent link to this article: https://baldric.net/2013/12/07/tls-ciphers-in-postfix-and-dovecot/

boycott amazon

This time last year I wrote to Jeff Bezos telling him that I was no longer prepared to support a multinational which so arranged its tax affairs that it paid little or no UK corporation tax on turnover estimated (last year) at some £3.3 billion.

This year, Margaret Hodge, chair of the UK Parliamentary Public Accounts Select Committee, together with at least seven other UK MPs, has renewed her call for a continued boycott of Amazon in the lead up to Christmas. The only way to hurt companies like Amazon is to hit them in the pocket. They hit us by refusing to pay their fair share of taxation. We can hit them by refusing to use them.

I have continued to buy CDs, DVDs and books over the last year. This last week alone I bought several books as Christmas presents, including some rather rare (and hence expensive) ones. None of them came from Amazon. There are plenty of alternatives to the Amazon behemoth. Use them. And tell Bezos why (his email address is jeff@amazon.com)

Merry Christmas Jeff.

Permanent link to this article: https://baldric.net/2013/12/03/boycott-amazon/

data is imaginary. this burrito is real

As usual, Randall Munroe over at xkcd has his own take on the NSA/GCHQ snooping reportage.

XKCD cartoon

My thanks as always.

Permanent link to this article: https://baldric.net/2013/12/03/data-is-imaginary-this-burrito-is-real/

counterpoint the surrealism of the underlying metaphor

Last week, El Reg posted an amusing take on the apparent invasion of the NSA by Management Consultants.

Nothing new there then.

From personal experience I can confirm that UK Government has been completely overrun with the buggers for years.

Permanent link to this article: https://baldric.net/2013/12/02/counterpoint-the-surrealism-of-the-underlying-metaphor/

necessary and proportionate

Yesterday I received an email from the Open Rights Group asking me to sign an on-line petition set up in collaboration with nearly 300 other organisations. The email said:

In 2013, we learned digital surveillance by governments across the world knows no bounds.

Their national intelligence and investigative agencies capture our phone calls, track our location, peer into our address books, and read our emails. They often do this in secret and without adequate public oversight, violating our human rights.

We won’t stand for this anymore.

Over the past year, 300 organisations have come together to support the International Principles on the Application of Human Rights to Communications Surveillance.

Today we’re launching a global petition supporting the 13 International Principles alongside a range of international NGOs including Access, Chaos Computer Club, Digitale Gesellschaft, Electronic Frontier Foundation, OpenMedia and Privacy International.

These thirteen Principles establish the human rights obligations of governments engaged in communications surveillance. [1]

They’ve been developed over months of consultation between internationally-recognised technology, privacy, and human rights experts.

Can you join people from around the world to lend your name and support to the Principles?

Unfortunately, the link given in the email went to a page on the “necessaryandproportionate” website which sought signatures from persons signing on behalf of NGOs rather than individuals wishing to add their own voices to the campaign. Today I received a new email pointing to an amended page where I might actually sign up as me rather than me qua some officer representing an organisation.

A brief investigation of that website shows the following “idiosyncracies”. Firstly, the website on IP address 69.50.232.52 appears to be hosted by Silicon Valley Web Hosting out of San Jose in California (see below – click for a full sized image – note the “ShowIP” popup info bottom left).

image of website

There is nothing inherently wrong with that (though of course the hosting company is subject to US law). After all, lots of websites I use are hosted in the US, and there are many US based organisations appearing as signatories to the petition. However, the SSL certificate used appears to be both woefully weak and incorrectly signed – note in particular the CN (common name) assignation is a wildcard for “trollingeffects.org” whilst the actual website is called “en.necessaryandproportionate.org”. Again, see below:

image of website

So the organisation has re-purposed a certificate produced for another domain rather than getting a nice shiny new (strong) one for itself. And frankly, a 128 bit RC4 cipher with a SHA-1 MAC is just laughably daft given that the page in question says:

Join the global movement demanding the protection of human rights and an end to mass surveillance. Let the world know: Privacy is a human right. Endorse the Necessary and Proportionate Principles.

Whilst I may have no problem in people knowing that I have signed such a petition (after all, if it is to be effective, then the petitioners’ names (and where applicable, affiliations) must be public, I’m not that keen on using a website run by a supposedly privacy conscious collective which is so woefully inadequate in even the basic protection it offers.

“C minus – must do better.”

(Oh, and for comparison, the Open Rights Group’s own website is hosted by ByteMark Consulting (Hi Guys) and uses a 256 bit AES cipher.)

Permanent link to this article: https://baldric.net/2013/11/27/necessary-and-proportionate/

more ninjastiks

In July I noted that a company calling itself Ninjastik had popped up selling what looked to be essentially the Tor Browser Bundle on an 8 Gig stick for $56.95 or a 16 Gig stick for $69.95. As I expected, we have now seen one or two more companies attempting to sell products which leverage Tor – in effect they are trading, or attempting to trade, on the Tor reputation. The first such product to gain prominence is the so-called “safeplug” which appears to be made by the pogoplug guys. Roman Mamedov over at the tor-talk mail list suggested that someone might like to buy one of these and run a tear-down to check it out. No-one has yet owned up to spending the requisite $49.00, but that has not stopped a lively discussion about the value or otherwise of an “off-the-shelf” commodity device which purports to offer “complete anonymity and peace of mind”. As some commentators have said, that looks like dangerous advice. Tor is a complex system. It does not, and cannot offer complete anonymity if you don’t know what you are doing. Selling access to Tor in such a fashion looks like the actions of opportunistic snake oil salesmen.

This brings us to the second new device to pop up on the radar, the Open Router Project, or ORP. Here we have a crowd-sourcing plea for funds to develop what, on the face of it, looks to be an interesting device. The developers claim that ORP1 will offer:

a high performance networking router that allows you to run a firewall, IPSec VPN (virtual private network) and a TOR server for your home network.

Furthermore:

Its easy-to-use web interface will make encrypted and anonymised communications for your entire network easier to set up and manage. Now you don’t need to be a geek to be able to ensure that every device you use at home uses the internet with privacy, whether it’s your home PC, smartphone or tablet.

It’s that “you don’t have to be a geek” bit I worry about, particularly coupled with the promise of an “easy to use web interface”. Unfortunately, you /do/ have to be at least a little geeky to ensure that you remain anonymous when using Tor (or even VPNs, especially IPSEC VPNs). And read the “Stretch Goals” bit on the indiegogo site. That looks decidedly geeky, and is indeed described as such.

But we have a genuine problem here. All Tor users and evangelists want to see greater use of network level encryption in general and Tor in particular. Getting foolproof consumer devices which offer that into the hands of a much larger population of users must be a good thing. The devil, however, is in the detail. As some commentators on the tor-talk list pointed out, most people attempting to use such devices will become frustrated by the limitations Tor imposes (no scripts, no flash, blocks on many websites, odd language problems etc.). In the face of such difficulties, and without understanding why these happen, there is a danger that Tor becomes branded as unusable. In the worst case scenario, the poor unsuspecting user can actively but unwittingly de-anonymise him or herself whilst continuing to use the consumer device in the belief that it is still offering protection.

That said, I would love to see a foolproof consumer device which I could give to my kids in the knowledge that it would offer them the kind of privacy and anonymity they need and deserve. But I just /know/ I’d get lots of “support” calls.

Permanent link to this article: https://baldric.net/2013/11/26/more-ninjastiks/

I’m sure that is not what they meant

Yesterday’s Guardian contained a quarter page advertisement from “hibu” (the company formerly known as Yell, and before that, Yellow Pages). The advertisement showed a picture of a bright red and green fish swimming against a tide of uniformly blue fish. The headline was “Get spotted on all kinds of digital devices”. The ad finished with the tagline, “To help make sure you’re found online, go to hibu.co.uk”.

Right.

Someone, somewhere has a weird sense of humour.

Permanent link to this article: https://baldric.net/2013/10/25/im-sure-that-is-not-what-they-meant/

Oliver Stone on PRISM

I am a big fan of Oliver Stone movies.

Outside the pages of the Guardian and its sister paper the Observer, the level of comment in the UK on NSA/GCHQ surveillance capability remains bizarrely muted. In the US they are at least having a conversation. Whether that conversation results in any sensible decisions, and then legislative action, remains to be seen.

Permanent link to this article: https://baldric.net/2013/10/25/oliver-stone-on-prism/

wd caviar green load cycle count

Back in January of this year I upgraded my desktop’s hard drive to a 2 TB WD Caviar Green. Not the world’s fastest drive, but quiet, power efficient, and, so I thought, good value for money. I subsequently used two of the same disks in a new build RAID 1 server (which I must get around to writing about). An email to the ALUG mailing list this week made me check those disks.

Mark was having trouble with a RAID 5 setup and had discovered that others with the same problem were also using WD Green drives. These drives park the heads rather aggressively as part of the power saving features, Unfortunately, because RAID configurations constantly write to the disks to keep them synchronised this tends to wake the disk up as soon as the head is parked. The result is a very high load cycle count in very short order.

Having read Mark’s posts and the others like the ones referenced above, I thought I had better check my own drives (using smartctl from the smartmontools package). I didn’t like what I found.

On my desktop:

smartctl -a /dev/sda | grep Load_Cycle
193 Load_Cycle_Count 0x0032 151 151 000 Old_age Always – 148961

On the RAID server:

smartctl -a /dev/sda | grep Load_Cycle
193 Load_Cycle_Count 0x0032 071 071 000 Old_age Always – 387053

smartctl -a /dev/sdb | grep Load_Cycle
193 Load_Cycle_Count 0x0032 072 072 000 Old_age Always – 386379

WD say in their specifications for these disks that they are good for a lifetime of 300,000 Load Cycles. So my server’s disks look as if they are at high risk of failure after only 6 months usage. My desktop doesn’t look much better. Not good. Some fora I checked say that the 300,000 figure is on the conservative side and 1 million cycles is perfectly possible, but I’m inclined to believe a manufacturer’s specs in the absence of any other more authoritative advice.

I am looking for potential replacements, but meanwhile I am contemplating trying Christophe Bothamy’s linux idle3tool which supposedly may cure the head parking problem. I am not yet sure I want to use that tool in anger unless I know I have replacement disks on hand. Of course, if the tool works, then I probably would not have needed to buy any new disks.

Tricky.

Permanent link to this article: https://baldric.net/2013/10/12/wd-caviar-green-load-cycle-count/

Snowden paranoia

A recent exchange on the tor-talk mailing list about conspiracy theories elicited this gem from “Ted Smith” (obviously a Bob Heinlein fan).

“One of the more Gibsonesque theories I’ve heard is that Snowden is a CIA operative working to destabilize the NSA’s surveillance system on behalf of the CIA and other elite that feel too watched by it in the wake of the Petraeus scandal.”

That is too beautiful for words. And it is so clearly bonkers that millions will probably believe it.

The internet is truly a wonderful, and disturbing, place.

Permanent link to this article: https://baldric.net/2013/10/09/snowden-paranoia/

running out of money

The failure of the US Government to agree a budget with Congress is having some interesting effects.

NIST appears to be completely shut down: (Click images for full size).

nist-closed

The NSA says “Due to the Government Shutdown, this site is not being updated.” (Though one assumes that they are still being funded….)

nsa-no-update

Whilst the Whitehouse simply blames Congress.

whitehouse-no-money

God bless America.

Permanent link to this article: https://baldric.net/2013/10/09/running-out-of-money/

that’s completely ludicrous

Glenn Greenwald on Newsnight.

The full episode of Newsnight’s report including Greenwald’s interview and comment from Sir David Omand (ex Director GCHQ) can be seen here on BBC’s iplayer. Gordon Corera, the BBC’s Security respondent reports here on the Newsnight episode.

As an aside, I was amused by Ross Anderson’s claim that many academics had apparently not believed that Government was capable of building the sort of panopticon reportedly available to GCHQ on the grounds that Government was incompetent.

Ross is widely known to be rabidly anti-spook.

Permanent link to this article: https://baldric.net/2013/10/05/thats-completely-ludicrous/

the guardian on tor

My last post noted that the Guardian had posted a series of articles on the Tor network and Snowden’s latest revelations about how the NSA has been attacking that network.

All those posts are worth reading, but my favourite is the one by Bruce Schneier explaining how the NSA has attacked Tor users through browser exploits – including native vulnerabilities in the versions of Firefox included in the Tor browser bundle (note to self, maybe opera was a good choice after all).

In the article, Schneier describes the “FoxAcid” CNE system used to attack a target’s browser. He explains that, whilst the FoxAcid server is publicly accessible, it would appear completely innocuous to casual visitors unless a specifically crafted URL, called a FoxAxcid tag, were used, whereupon the server would attempt an attack on the visiting browser as a precursor to a complete compromise of the end user system. Schneier went on to explain that the NSA would use a variety of methods to get a target to use a FoxAcid tag and then helpfully included an actual example as an active link. Way to go Bruce. (That link has since been removed, but it was certainly active last night, I know – and so do most people who read the tor-relays list). That is a pretty good social engineering attack. Note to NSA. If you want to know whether I use Tor, it is easy, just read this blog.

[The comments at the end of Schneier’s article contain this gem:

“This article by Bruce Schneier is the main reason that I have never used the internet.”

How does that work then?]

Permanent link to this article: https://baldric.net/2013/10/05/the-guardian-on-tor/