Dec 07 2013

TLS ciphers in postfix and dovecot

A recent exchange amongst ALUG email list members about list etiquette resulted in a flurry of postings on a variety of related topics. I posted a flippant comment about top posting, but did so (deliberately) from my Galaxy tab using Samsung’s default email client which actually forces top posting. Steve responded suggesting that I look at K9, the android email client of choice for those who care about proper adherence to email standards.

Now I last used K9 around the tail end of 2011 but gave up because it had a silly little problem with my self signed TLS certificates and I told the list that. Steve wasn’t satisfied with that answer and pointed to a discussion about the issue which suggested that my certificates might be causing the problem if the IMAP/POP certificate used the same identifiers (for example, the CN) as the SMTP certificate when the certificates were actually different. In my case this turned out to be exactly what was wrong. Even though both my dovecot and my postfix X509 certificates contained exactly the same information, because I had generated them separately at different dates (purely by historic accident) the certificates and keys differed and it was this which caused K9 to barf. As bernhard, a member of the K9 project team said:

“the problem is that your imaps and your smtps certifcate don’t match. we store the certs with their CN. So if the CN is the same but the cert is different we get a problem.

The fix is complexe and breaks backward compability so we can’t apply it.
I know this does not sound good :/
there is some missing feature which is an blocker on this issue, but i can’t give you an timetable when this missing part is addressed.

I fear the only thing you can do about this is to change your smtps cert to be the same as your imaps cert.”

So I did. I simply changed my dovecot SSL configuration to point to the same certificate and key as I had in place for postfix and bingo, my newly re-installed K9 stopped barfing. Of course, I hadn’t spotted this fix because I had given up on K9 before the fix was documented (he said…).

Now given that I have recently strengthened the SSL/TLS certificates I use and tightened up my lighttpd configuration to force use of stronger ciphers, I thought I ought to take a look at doing the same for my dovecot and postfix configurations. It turns out to be both possible and pretty simple to do so. Here’s how.

In dovecot the SSL/TLS configuration is handled by the file /etc/dovecot/conf.d/10-ssl.conf. The relevant sections of my file now contain the following:

# dovecot ssl configuration for IMAPS/POP3S mail.

ssl = yes

# PEM encoded X.509 SSL/TLS certificate and private key. They’re opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Note that the key and certificate file can be combined into one (as here).

ssl_cert = </path/to/my/smtp-server-cert.pem

ssl_key = </path/to/my/smtp-server-cert.pem

# SSL ciphers to use

# (default)
# ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

# (better)
ssl_cipher_list = TLSv1+HIGH !SSLv2 !RC4 !aNULL !eNULL !3DES @STRENGTH
#
# end

For postfix, the configuration is handled in the usual main.cf. I have updated the relevant section of my configuration file as below:

# TLS parameters

# where we get our entropy

tls_random_source = dev:/dev/urandom

smtpd_use_tls=yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_cert_file=/path/to/my/smtp-server-cert.pem
smtpd_tls_key_file=$smtpd_tls_cert_file
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#
# use only the high grade ciphers (128 bit and higher AES)
#
smtpd_tls_ciphers = high
#
# and exclude known weaknesses
#
smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4
#
# and limit the protocols to TLSv1, specifically excluding SSL version 2 and 3
#
smtpd_tls_protocols = TLSv1, !SSLv2, !SSLv3
#

Note that the postfix configuration documentation says that the full list of cipher grades available for opportunistic TLS (which we are using, mandatory is not advisable unless you wish to break your email) is:

null – encryption-less grades for authenticated loopback traffic
export – 90’s style “export” weak keys or stronger (i.e. deliberately broken…..)
low – Legacy single-DES keys or stronger
medium – 128-bit RC4 or stronger
high – 128-bit AES or stronger

Note also that opportunistic TLS defaults to “export”, which is probably not what you want these days. Here I have deliberately limited the ciphers to “high”.

Now after reloading our mail system we can check the configuration on dovecot with openssl thus:

openssl s_client -connect my.mailserver.com:993

and amongst the details returned we see the reassuring response:


New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.1
Cipher : DHE-RSA-AES256-SHA

and the same check on our postfix mailer port thus:

openssl s_client -connect my.mailserver.com:25 -starttls smtp

gives us:

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.1
Cipher : ECDHE-RSA-AES256-SHA

Job done.

Permanent link to this article: https://baldric.net/2013/12/07/tls-ciphers-in-postfix-and-dovecot/

Dec 03 2013

boycott amazon

This time last year I wrote to Jeff Bezos telling him that I was no longer prepared to support a multinational which so arranged its tax affairs that it paid little or no UK corporation tax on turnover estimated (last year) at some £3.3 billion.

This year, Margaret Hodge, chair of the UK Parliamentary Public Accounts Select Committee, together with at least seven other UK MPs, has renewed her call for a continued boycott of Amazon in the lead up to Christmas. The only way to hurt companies like Amazon is to hit them in the pocket. They hit us by refusing to pay their fair share of taxation. We can hit them by refusing to use them.

I have continued to buy CDs, DVDs and books over the last year. This last week alone I bought several books as Christmas presents, including some rather rare (and hence expensive) ones. None of them came from Amazon. There are plenty of alternatives to the Amazon behemoth. Use them. And tell Bezos why (his email address is jeff@amazon.com)

Merry Christmas Jeff.

Permanent link to this article: https://baldric.net/2013/12/03/boycott-amazon/

Dec 03 2013

data is imaginary. this burrito is real

As usual, Randall Munroe over at xkcd has his own take on the NSA/GCHQ snooping reportage.

XKCD cartoon

My thanks as always.

Permanent link to this article: https://baldric.net/2013/12/03/data-is-imaginary-this-burrito-is-real/

Dec 02 2013

counterpoint the surrealism of the underlying metaphor

Last week, El Reg posted an amusing take on the apparent invasion of the NSA by Management Consultants.

Nothing new there then.

From personal experience I can confirm that UK Government has been completely overrun with the buggers for years.

Permanent link to this article: https://baldric.net/2013/12/02/counterpoint-the-surrealism-of-the-underlying-metaphor/

Nov 27 2013

necessary and proportionate

Yesterday I received an email from the Open Rights Group asking me to sign an on-line petition set up in collaboration with nearly 300 other organisations. The email said:

In 2013, we learned digital surveillance by governments across the world knows no bounds.

Their national intelligence and investigative agencies capture our phone calls, track our location, peer into our address books, and read our emails. They often do this in secret and without adequate public oversight, violating our human rights.

We won’t stand for this anymore.

Over the past year, 300 organisations have come together to support the International Principles on the Application of Human Rights to Communications Surveillance.

Today we’re launching a global petition supporting the 13 International Principles alongside a range of international NGOs including Access, Chaos Computer Club, Digitale Gesellschaft, Electronic Frontier Foundation, OpenMedia and Privacy International.

These thirteen Principles establish the human rights obligations of governments engaged in communications surveillance. [1]

They’ve been developed over months of consultation between internationally-recognised technology, privacy, and human rights experts.

Can you join people from around the world to lend your name and support to the Principles?

Unfortunately, the link given in the email went to a page on the “necessaryandproportionate” website which sought signatures from persons signing on behalf of NGOs rather than individuals wishing to add their own voices to the campaign. Today I received a new email pointing to an amended page where I might actually sign up as me rather than me qua some officer representing an organisation.

A brief investigation of that website shows the following “idiosyncracies”. Firstly, the website on IP address 69.50.232.52 appears to be hosted by Silicon Valley Web Hosting out of San Jose in California (see below – click for a full sized image – note the “ShowIP” popup info bottom left).

image of website

There is nothing inherently wrong with that (though of course the hosting company is subject to US law). After all, lots of websites I use are hosted in the US, and there are many US based organisations appearing as signatories to the petition. However, the SSL certificate used appears to be both woefully weak and incorrectly signed – note in particular the CN (common name) assignation is a wildcard for “trollingeffects.org” whilst the actual website is called “en.necessaryandproportionate.org”. Again, see below:

image of website

So the organisation has re-purposed a certificate produced for another domain rather than getting a nice shiny new (strong) one for itself. And frankly, a 128 bit RC4 cipher with a SHA-1 MAC is just laughably daft given that the page in question says:

Join the global movement demanding the protection of human rights and an end to mass surveillance. Let the world know: Privacy is a human right. Endorse the Necessary and Proportionate Principles.

Whilst I may have no problem in people knowing that I have signed such a petition (after all, if it is to be effective, then the petitioners’ names (and where applicable, affiliations) must be public, I’m not that keen on using a website run by a supposedly privacy conscious collective which is so woefully inadequate in even the basic protection it offers.

“C minus – must do better.”

(Oh, and for comparison, the Open Rights Group’s own website is hosted by ByteMark Consulting (Hi Guys) and uses a 256 bit AES cipher.)

Permanent link to this article: https://baldric.net/2013/11/27/necessary-and-proportionate/

Nov 26 2013

more ninjastiks

In July I noted that a company calling itself Ninjastik had popped up selling what looked to be essentially the Tor Browser Bundle on an 8 Gig stick for $56.95 or a 16 Gig stick for $69.95. As I expected, we have now seen one or two more companies attempting to sell products which leverage Tor – in effect they are trading, or attempting to trade, on the Tor reputation. The first such product to gain prominence is the so-called “safeplug” which appears to be made by the pogoplug guys. Roman Mamedov over at the tor-talk mail list suggested that someone might like to buy one of these and run a tear-down to check it out. No-one has yet owned up to spending the requisite $49.00, but that has not stopped a lively discussion about the value or otherwise of an “off-the-shelf” commodity device which purports to offer “complete anonymity and peace of mind”. As some commentators have said, that looks like dangerous advice. Tor is a complex system. It does not, and cannot offer complete anonymity if you don’t know what you are doing. Selling access to Tor in such a fashion looks like the actions of opportunistic snake oil salesmen.

This brings us to the second new device to pop up on the radar, the Open Router Project, or ORP. Here we have a crowd-sourcing plea for funds to develop what, on the face of it, looks to be an interesting device. The developers claim that ORP1 will offer:

a high performance networking router that allows you to run a firewall, IPSec VPN (virtual private network) and a TOR server for your home network.

Furthermore:

Its easy-to-use web interface will make encrypted and anonymised communications for your entire network easier to set up and manage. Now you don’t need to be a geek to be able to ensure that every device you use at home uses the internet with privacy, whether it’s your home PC, smartphone or tablet.

It’s that “you don’t have to be a geek” bit I worry about, particularly coupled with the promise of an “easy to use web interface”. Unfortunately, you /do/ have to be at least a little geeky to ensure that you remain anonymous when using Tor (or even VPNs, especially IPSEC VPNs). And read the “Stretch Goals” bit on the indiegogo site. That looks decidedly geeky, and is indeed described as such.

But we have a genuine problem here. All Tor users and evangelists want to see greater use of network level encryption in general and Tor in particular. Getting foolproof consumer devices which offer that into the hands of a much larger population of users must be a good thing. The devil, however, is in the detail. As some commentators on the tor-talk list pointed out, most people attempting to use such devices will become frustrated by the limitations Tor imposes (no scripts, no flash, blocks on many websites, odd language problems etc.). In the face of such difficulties, and without understanding why these happen, there is a danger that Tor becomes branded as unusable. In the worst case scenario, the poor unsuspecting user can actively but unwittingly de-anonymise him or herself whilst continuing to use the consumer device in the belief that it is still offering protection.

That said, I would love to see a foolproof consumer device which I could give to my kids in the knowledge that it would offer them the kind of privacy and anonymity they need and deserve. But I just /know/ I’d get lots of “support” calls.

Permanent link to this article: https://baldric.net/2013/11/26/more-ninjastiks/

Oct 25 2013

I’m sure that is not what they meant

Yesterday’s Guardian contained a quarter page advertisement from “hibu” (the company formerly known as Yell, and before that, Yellow Pages). The advertisement showed a picture of a bright red and green fish swimming against a tide of uniformly blue fish. The headline was “Get spotted on all kinds of digital devices”. The ad finished with the tagline, “To help make sure you’re found online, go to hibu.co.uk”.

Right.

Someone, somewhere has a weird sense of humour.

Permanent link to this article: https://baldric.net/2013/10/25/im-sure-that-is-not-what-they-meant/

Oct 25 2013

Oliver Stone on PRISM

I am a big fan of Oliver Stone movies.

Outside the pages of the Guardian and its sister paper the Observer, the level of comment in the UK on NSA/GCHQ surveillance capability remains bizarrely muted. In the US they are at least having a conversation. Whether that conversation results in any sensible decisions, and then legislative action, remains to be seen.

Permanent link to this article: https://baldric.net/2013/10/25/oliver-stone-on-prism/

Oct 12 2013

wd caviar green load cycle count

Back in January of this year I upgraded my desktop’s hard drive to a 2 TB WD Caviar Green. Not the world’s fastest drive, but quiet, power efficient, and, so I thought, good value for money. I subsequently used two of the same disks in a new build RAID 1 server (which I must get around to writing about). An email to the ALUG mailing list this week made me check those disks.

Mark was having trouble with a RAID 5 setup and had discovered that others with the same problem were also using WD Green drives. These drives park the heads rather aggressively as part of the power saving features, Unfortunately, because RAID configurations constantly write to the disks to keep them synchronised this tends to wake the disk up as soon as the head is parked. The result is a very high load cycle count in very short order.

Having read Mark’s posts and the others like the ones referenced above, I thought I had better check my own drives (using smartctl from the smartmontools package). I didn’t like what I found.

On my desktop:

smartctl -a /dev/sda | grep Load_Cycle
193 Load_Cycle_Count 0x0032 151 151 000 Old_age Always – 148961

On the RAID server:

smartctl -a /dev/sda | grep Load_Cycle
193 Load_Cycle_Count 0x0032 071 071 000 Old_age Always – 387053

smartctl -a /dev/sdb | grep Load_Cycle
193 Load_Cycle_Count 0x0032 072 072 000 Old_age Always – 386379

WD say in their specifications for these disks that they are good for a lifetime of 300,000 Load Cycles. So my server’s disks look as if they are at high risk of failure after only 6 months usage. My desktop doesn’t look much better. Not good. Some fora I checked say that the 300,000 figure is on the conservative side and 1 million cycles is perfectly possible, but I’m inclined to believe a manufacturer’s specs in the absence of any other more authoritative advice.

I am looking for potential replacements, but meanwhile I am contemplating trying Christophe Bothamy’s linux idle3tool which supposedly may cure the head parking problem. I am not yet sure I want to use that tool in anger unless I know I have replacement disks on hand. Of course, if the tool works, then I probably would not have needed to buy any new disks.

Tricky.

Permanent link to this article: https://baldric.net/2013/10/12/wd-caviar-green-load-cycle-count/

Oct 09 2013

Snowden paranoia

A recent exchange on the tor-talk mailing list about conspiracy theories elicited this gem from “Ted Smith” (obviously a Bob Heinlein fan).

“One of the more Gibsonesque theories I’ve heard is that Snowden is a CIA operative working to destabilize the NSA’s surveillance system on behalf of the CIA and other elite that feel too watched by it in the wake of the Petraeus scandal.”

That is too beautiful for words. And it is so clearly bonkers that millions will probably believe it.

The internet is truly a wonderful, and disturbing, place.

Permanent link to this article: https://baldric.net/2013/10/09/snowden-paranoia/

Oct 09 2013

running out of money

The failure of the US Government to agree a budget with Congress is having some interesting effects.

NIST appears to be completely shut down: (Click images for full size).

nist-closed

The NSA says “Due to the Government Shutdown, this site is not being updated.” (Though one assumes that they are still being funded….)

nsa-no-update

Whilst the Whitehouse simply blames Congress.

whitehouse-no-money

God bless America.

Permanent link to this article: https://baldric.net/2013/10/09/running-out-of-money/

Oct 05 2013

that’s completely ludicrous

Glenn Greenwald on Newsnight.

The full episode of Newsnight’s report including Greenwald’s interview and comment from Sir David Omand (ex Director GCHQ) can be seen here on BBC’s iplayer. Gordon Corera, the BBC’s Security respondent reports here on the Newsnight episode.

As an aside, I was amused by Ross Anderson’s claim that many academics had apparently not believed that Government was capable of building the sort of panopticon reportedly available to GCHQ on the grounds that Government was incompetent.

Ross is widely known to be rabidly anti-spook.

Permanent link to this article: https://baldric.net/2013/10/05/thats-completely-ludicrous/

Oct 05 2013

the guardian on tor

My last post noted that the Guardian had posted a series of articles on the Tor network and Snowden’s latest revelations about how the NSA has been attacking that network.

All those posts are worth reading, but my favourite is the one by Bruce Schneier explaining how the NSA has attacked Tor users through browser exploits – including native vulnerabilities in the versions of Firefox included in the Tor browser bundle (note to self, maybe opera was a good choice after all).

In the article, Schneier describes the “FoxAcid” CNE system used to attack a target’s browser. He explains that, whilst the FoxAcid server is publicly accessible, it would appear completely innocuous to casual visitors unless a specifically crafted URL, called a FoxAxcid tag, were used, whereupon the server would attempt an attack on the visiting browser as a precursor to a complete compromise of the end user system. Schneier went on to explain that the NSA would use a variety of methods to get a target to use a FoxAcid tag and then helpfully included an actual example as an active link. Way to go Bruce. (That link has since been removed, but it was certainly active last night, I know – and so do most people who read the tor-relays list). That is a pretty good social engineering attack. Note to NSA. If you want to know whether I use Tor, it is easy, just read this blog.

[The comments at the end of Schneier’s article contain this gem:

“This article by Bruce Schneier is the main reason that I have never used the internet.”

How does that work then?]

Permanent link to this article: https://baldric.net/2013/10/05/the-guardian-on-tor/

Oct 05 2013

good news for tor

The past couple of days have seen a flurry of news stories about Tor. Some of the news has hit the mainstream media, some of it hasn’t. Yet.

A couple of day ago, a rather plaintive post to the tor-talk mailing list read:

“looking for a way to contact silk road.Site shut down.money at stake.”

(Note to readers – the “silk road” was a somewhat notorious website acting as a broker, or intermediary, between persons wishing to purchase materials of questionable legality, such as high grade drugs or weapons and vendors of said materials. Transactions on the site were conducted using bitcoin. The site operator made his money by taking a transaction fee from the bitcoin traffic. The “silk road” was run as a hidden service on the Tor network.)

In response to this query, another poster pointed to an article in ehackingnews which explained that the site had been taken down by the FBI following a fairly lengthy, (and by all accounts fairly thorough) investigation. One Ross Ulbricht, the alleged operator of the silk road site has been arrested by the FBI. The full account of the FBI investigation, and its case against Ulbricht can be seen (warning, PDF) here.

After this post, there then follows a long series of posts in the thread titled “Silk Road taken down by FBI”. This thread bears reading. Aside from some of the usual rabid Aluminium Foil Deflector Beanie nonsense, or expected anti-establishment ranting, there is some thoughtful and useful commentary. Two things struck me when reading this series of posts. First, the FBI takedown and arrest seems to have resulted from some good, old fashioned, thorough police work (helped, of course, by the admitted stupidity and poor operational security demonstrated by Ulbricht). As one poster said:

In many ways this is (or should be) a PR win for Tor.

1) No technical vulnerabilities were used (AFAWK) – this should be welcome news to Tor users

2) Traditional police work still works – this should be good news to the law and order folks that traditional methods still work and no extensive digital survailance (sic) state is needed.

Secondly, this incident, coupled with what is now known to be the FBI takedown in August of this year of the Freedom Hosting Service (also a Tor hidden service) site allegedly hosting child pornography, means that two fairly high profile, (probably) illegal sites are now off the Tor network.

I say “probably” for two reasons, one, I am not a lawyer, and two, I am relying on third party reporting of the activity on those sites. I have no personal knowledge of either of them. Here, though, I must confess to some mixed feelings in my reaction. On the one hand I must applaud the removal of sites which have given rise to the sort of reporting which has increasingly lead to Tor becoming known as the “dark web”, a home for criminal activity and only criminal activity. This sort of reporting fosters an atmosphere which is antithetical to support for Tor. That cannot be a good thing, particularly at a time when personal privacy and anonymity are under increasing threat. On the other hand, I believe, and have argued elsewhere that Tor is and should be completely neutral with respect to the services it hosts or provides access to. It is for wider society to take a judgement on which of those services are tolerable. Tor operators must remain neutral or we fall into the same trap of censorship which we profess to deplore elsewhere.

Then, just as the feverish temperature on the tor-talk list was about to cool slightly, Roger Dingledine lobbed in a new post yesterday pointing to the latest in the series of Guardian articles on the Snowden revelations. Those articles, which are listed in summary here detail how the NSA and GCHQ have been attacking Tor in attempts to de-anonymise its users. Dingledine has since posted a blog article on the torproject website explaining that, yes, they do know about the Guardian reporting, in fact they contributed to that reporting. Dingledine promises a full analysis later, but meanwhile he points to his commentary in the Guardian article, where he says (of the NSA):

“The good news is that they went for a browser exploit, meaning there’s no indication they can break the Tor protocol or do traffic analysis on the Tor network. Infecting the laptop, phone, or desktop is still the easiest way to learn about the human behind the keyboard.

Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody’s going to notice. So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on.

Just using Tor isn’t enough to keep you safe in all cases. Browser exploits, large-scale surveillance, and general user security are all challenging topics for the average internet user. These attacks make it clear that we, the broader internet community, need to keep working on better security for browsers and other internet-facing applications.”

As Dingledine says, the good news from Tor’s perspective is that even an adversary as large, powerful and well funded as the NSA is apparently unable to break the network itself. This means that Tor remains safe to use by that majority of people whose only concern is a much lesser adversary. It is also worth noting that there is no contradiction between NSA’s apparent failure in direct attacks against the Tor network and the FBI’s successes against criminal activity facilitated by Tor (even if, as some suspect, the FBI had NSA assistance – see the “parallel construction” arguments). The FBI success proves that police investigative activity works. If you are a dumb criminal, then no technology is going to help you.

Permanent link to this article: https://baldric.net/2013/10/05/good-news-for-tor/

Oct 02 2013

another good reason to avoid the kindle

xkcd-book-burning

My thanks as always to xkcd

(P.S. Take a look at xkcd 533 and read the comment in the “mouseover” title popup. Then try not to laugh.)

Permanent link to this article: https://baldric.net/2013/10/02/another-good-reason-to-avoid-the-kindle/

Sep 25 2013

get your own nsa email account

Some enterprising chap, possibly called “Chris Fisher” if the whois record is correct, has registered the domain name nsa.org. He now appears to be selling email accounts on that domain. The accounts are quite pricey too at $142.00 considering that he is only giving 2 Gig of store. Mind you, his FAQ is quite honest.

I tried to get gchq.org, but it has already gone.

Pity.

Permanent link to this article: https://baldric.net/2013/09/25/get-your-own-nsa-email-account/

Sep 23 2013

just for rob

Shortly after the launch of the new iPhone 5S, my old friend Rob emailed me trying to goad me into writing a post about it. After all, it was made by one of my least favourite companies and it contained a supposedly funky bit of kit in the shape of its fingerprint scanner. Rob pointed to the BBC article where they asked: “Could iPhone’s fingerprint sensor help kill off passwords?” and speculated whether that would be enough to get me to rant ^W comment.

I responded that biometrics had been well covered for a long time by many others and I didn’t think there was much to add that hadn’t already been said. I particularly liked a comment by Schneier back in 1998 where he said:

“Here’s another possible biometric system: thumbprints for remote login authorizations. Alice puts her thumbprint on a reader embedded in the keyboard (don’t laugh, there are a lot of companies who want to make this happen). The computer sends the digital thumbprint to the host. The host verifies the thumbprint and lets Alice in if it matches the thumbprint on file. This won’t work because it’s so easy to steal Alice’s digital thumbprint, and once you have it it’s easy to fool the host, again and again. Biometrics are unique identifiers, but they are not secrets.

Which brings us to the second major problem with biometrics: it doesn’t handle failure very well. Imagine that Alice is using her thumbprint as a biometric, and someone steals it. Now what? This isn’t a digital certificate, where some trusted third party can issue her another one. This is her thumb. She only has two. Once someone steals your biometric, it remains stolen for life; there’s no getting back to a secure situation. (Other problems can arise: it’s too cold for Alice’s fingerprint to register on the reader, or her finger is too dry, or she loses it in a spectacular power-tool accident. Keys just don’t have as dramatic a failure mode.)”

As I said, what’s to add? It’s just another apple gimmick (and as Schneier said “Don’t laugh, there are a lot of companies who want this to happen.”)

Rob tried again a couple of days ago when he emailed me this link to a page which put together a list of potential rewards offered to the first person or persons to crack the iPhone fingerprint scanner.

I’m sure he will be delighted to read the El Reg report today that the German Chaos Computer Club claim to have cracked it.

So I’ve posted this just for him.

Permanent link to this article: https://baldric.net/2013/09/23/just-for-rob/

Sep 20 2013

that’s another password I have to change

Michael Horowitz has posted an interesting article over at Computer world. In it he points out that, by default, most android devices (tablets and ‘phones) routinely ‘phone home to Google to back up Wi-Fi passwords along with other assorted settings. Google sells this option as a convenience to help you regain settings after you upgrade to a new device, or replace a lost or stolen device.

As I was reading this article, I was actually feeling pretty smug because I do not allow any of my devices to call home. Google is the last company I would trust with any of my personal information, so I always ensure that options such as “backup and recovery” are resolutely switched off. If I lose the phone, tough, I’ll live with it.

Then I thought about my wife. And asked her to check her phone (an old HTC device running Android 2.3.4).

Yep – she had “Backup my settings” checked.

Horowitz concludes his blog post:

“At this point, everybody should probably change their Wi-Fi password.”

Done.

Permanent link to this article: https://baldric.net/2013/09/20/thats-another-password-i-have-to-change/

Sep 20 2013

RSA says don’t use RSA

A report in wired today says that RSA Security [*] have released an advisory to developer customers noting that the Dual Elliptic Curve Deterministic Random Bit Generation (or Dual EC DRBG) algorithm (the one which is subject to speculation about NSA interference) is the default in one of its toolkits and strongly advised them to stop using the algorithm.

Wired says:

The advisory provides developers with information about how to change the default to one of a number of other random number generator algorithms RSA supports and notes that RSA has also changed the default on its end in BSafe and in an RSA key management system.

The company is the first to go public with such an announcement in the wake of revelations by the New York Times that the NSA may have inserted an intentional weakness in the algorithm — known as Dual Elliptic Curve Deterministic Random Bit Generation (or Dual EC DRBG) — and then used its influence to get the algorithm added to a national standard issued by the National Institute of Standards and Technology.

The report continues:

In its advisory, RSA said that all versions of RSA BSAFE Toolkits, including all versions of Crypto-C ME, Micro Edition Suite, Crypto-J, Cert-J, SSL-J, Crypto-C, Cert-C, SSL-C were affected.

In addition, all versions of RSA Data Protection Manager (DPM) server and clients were affected as well.

The company said that to “ensure a high level of assurance in their application, RSA strongly recommends that customers discontinue use of Dual EC DRBG and move to a different PRNG.”

I can find nothing about this announcement on the RSA website at present, but it is is entirely possible that the company wishes to keep its developer community ahead of the game before it makes any other public statement. If the wired reporting is true, and since they quote Sam Curry, chief technical officer for RSA, it looks authentic, then this announcement is one more example of how NSA’s activity is having a nasty impact on US Corporations. RSA’s unique selling point is supposed to be its trustworthiness in the field of cryptographic products. If you lose that, you lose your customers. Lose your customers and you lose your business.

[ * ] Note. I find it ironic that the SSL certificate for RSA.com fails the firefox check because it is actually for emc.com. EMC may own RSA, but it does not give wary customers any warm feeling to see an SSL warning pop up on the RSA site.

.

Permanent link to this article: https://baldric.net/2013/09/20/rsa-says-dont-use-rsa/

Sep 17 2013

Naughton’s ten tips

Back in July I commented on one of John Naughton’s “networker” columns in the Observer. Last Sunday, Naughton wrote another nice article titled “10 ways to keep your personal data safe from online snoopers”.

Naughton begins the article by recalling that Tim Berners-Lee called the technology he devised a “web” of interrelated documents. He notes that:

“To its inventor, the noun must have seemed perfectly apposite: it described the intricate, organic linking of sites and pages that he had in mind. But “web” has other, metaphorical, connotations. Webs are things that spiders weave with the aim of capturing prey. And if you want a metaphor for thinking about where we are now with networked technology, here’s one to ponder.

Imagine a gigantic, global web in which are trapped upwards of two billion flies. Most of those unfortunate creatures don’t know – yet – that they are trapped. After all, they wandered cheerfully, willingly, into the web. Some of them even imagine that they could escape if they wanted to.

We are those insects.”

He continues:

“What’s astonishing is how unconcerned many people appear to be about this. Is it because they are unaware of the extent and comprehensiveness of the surveillance? Or is it some weird manifestation of Stockholm syndrome – that strange condition in which prisoners exhibit positive feelings towards their captors?”

I’m no longer astonished. But I am increasingly depressed at the lack of concern for personal privacy that most people seem to exhibit. Unfortunately, given the way the ‘net works, once that privacy has been breached, there is no way back. I like to think I have been fairly careful over the last several years in protecting that part of me which I feel needs to remain private. The most public manifestation of me is this blog, but trivia contains only that information which I choose to divulge. I control it, but even so, in aggregate there is probably more information available from trivia than I would initially have wished to reveal. But hey, you cannot expect to be a vanity publisher and /not/ reveal personal information.

As I have previously noted, sometimes I care about the footprint I leave on the web, sometimes I don’t, but the point is that I should be in control of that footprint. I am not sure that is entirely possible any more but I’m going to continue trying. As part of controlling my footprint I routinely lie when asked to provide personal identifiers on any website which requires me to have an “account”. If I can find an alternative source of the information I am seeking on a website which does not have such a ridiculous policy I will do so, but unfortunately sometimes this is not always possible. So as I said, I lie. My own privacy policy here encourages trivia’s visitors to do the same.

In my attempts to limit my exposure elsewhere I have recently been checking old sites I have used with the intention of deleting any and all accounts I no longer want or need. I have found this trickier than it should be, even though I keep fairly good records. Most of the sites I still appear to have unnecessary accounts on are specialist fora which I have used when researching a problem (like my old difficulty of getting sony memory sticks working on my AAO netbook – which I never did solve). Only one or two are the sort of mainstream site which really need concern me – like google for example which it is completely impossible to avoid if you use any android device. In google’s case I have an account which only exists on the mobile devices, divulges the absolute bare minimum I can get away with and never uses email – but I still don’t like even that. Some sites I simply have to give personal information to if I want them to accept a credit card and deliver goods to me – though of course I no longer have an amazon account. I was thus pleased to see the arrival of a new site called justdelete.me which aims to assist people like me who wish to clean up old accounts, but are having difficulty finding out how to do so. Amazon is a good example of a company which makes this unnecessarily difficult. (Intriguingly, it would appear that it is impossible to delete an account from /any/ gawker media site – you have been warned.)

But back to Naughton. He asks:

“What can you do if you’re someone who feels uneasy about being caught in this web? The honest answer is that there’s no comprehensive solution: if you are going to use telephones (mobile or landline) and the internet then you are going to leave a trail. But there are things you can do to make your communications less insecure and your trail harder to follow.”

He then lists “10 ideas you might consider”. Those ideas are fairly sensible tips, but it reads an awful lot like whistling in the wind. Anyone with any clue about protecting personal privacy and the need to do so would already be doing all of what he discusses – and more. The people who really need the advice, won’t follow it. Delete a facebook account? My daughter would not countenance that, it is her primary way of sharing information. Avoid google? My daughter thinks google /is/ the web – her default when looking for even an obvious website (e.g. tesco) is to plug “tesco” into a google search on the grounds that that is quick and simple. Avoid free email? Fortunately in my daughter’s case I gave her an email account on my mail server, but I’m pretty sure she also has a gmail account – she has an android mobile. Use PGP encryption? Get real.

My daughter is not stupid, she simply would not see the need to do any of what Naughton recommends. And nor, I’ll bet will many others.

Permanent link to this article: https://baldric.net/2013/09/17/naughtons-ten-tips/

Sep 12 2013

add ssl to lighttpd server

For some time now I have protected all my own connections to trivia with an SSL connection. I do this to protect my user credentials when managing trivia’s content or configuration. In fact my server is configured to force any connection coming from my IP address to a secured SSL connection so that I cannot accidentally connect in clear.

Of course my X509 certificate is self signed (why would I go to the trouble and expense of getting a certificate from a commercial CA?). I built it in the standard form recommended on many sites (and as I have discussed before) thus:

openssl req -new -x509 -nodes -keyout server.pem -out server.pem -days 1095

This says, build a PEM format file called “server.pem” which contains both the (new) server private key (by default RSA) and the (new) certificate. The certificate will be valid for 1095 days (three years).(The “-nodes” switch means there will be no passphrase). I have happily used certificates like this (and similarly contructed TLS certificates) to protect my webserver and POP3/IMAP/SMTP servers for some years. When running this command you will be prompted for certificate details covering location, organisation name and common name (i.e. the name of the server). The only really critical component here is the “Common Name”. If your server is called wwww.something.org, then that is what you must enter in the Common name field. On trivia I used something like this:

Country Name (2 letter code) [AU]:UK

State or Province Name (full name) [Some-State]:Norfolk

Locality Name (eg, city) []:Norwich

Organization Name (eg, company) [Internet Widgits Pty Ltd]:trivia

Organizational Unit Name (eg, section) []:

Common Name (eg, YOUR name) []:baldric.net

Email Address []:postmaster@baldric.net

A month or two ago I found a nice firefox plugin from calomel.org. This plugin adds a toolbar button which changes colour (from red, through amber to green) according to the plugin’s assessment of the strength of the SSL cipher of the current connection. Clicking on the button gives you a reasonably detailed summary of the SSL negotiation parameters from the site you are connected to. In addition to checking the connection, the tool offers the ability to change how firefox negotiates its connection with SSL enabled sites. So for example you can allow only TLS v1.1 and v1.2 and turn off OCSP checks or limit the connection to choosing only ciphers which offer forward secrecy. All in all a very useful and interesting plugin.

One problem immediately became apparent on trivia – I got a big red button and the plugin complained that the connection was very insecure.

baldric-cert-info

As can be seen above, the certificate was 1024 bit RSA with a 128 bit RC4 symmetric cipher. The biggest problem of course was the lack of a trust chain because the certificate was self signed. The question is, should I care about this? For my threat model, probably not. After all, all I am trying to protect is my user credentials when managing a blog. My finances are not threatened. However, the recent brouhaha around NSA/GCHQ capability against SSL, and the publicity about the weakness of RC4 cipher suites got me thinking about how I could strengthen the SSL connection if necessary. After all, whilst I might not care about, or need, a particularly strong SSL connection to trivia, readers might be interested in how to build and configure a stronger certificate and cipher chain. After a little research on the openssl site and a few others such as madboa and skytale.net I came up with a stronger set of options. I also strengthened the SSL preferences offered by my lighttpd installation during the negotiation handshake. Here’s how:

Firstly we need to build the X509 certificate file using stronger ciphers thus:

openssl req -x509 -nodes -sha256 -newkey rsa:2048 -keyout server.pem -out server.pem -days 1095

As with the first option shown above, this tells openssl to build a new X509 certificate file called server.pem which will be vailid for three years. However, in this case we specify sha256 with 2048 bit RSA rather than the weaker defaults. Once again we need to supply the certificate location and naming details as above.

When the certificate is complete it needs to be stored in a directory accessible to the webserver (I use /etc/lighttpd/ssl). Because the certificate contains the server’s private key it needs to be protected from casual prying eyes so it is a good idea to make it read only and owned by root (chmod 400). The certificate is only read on startup before lighty gives up root priviliges so mode 400 root is fine.

Now we need to strengthen the default ciphers offered by lighty in the SSL negotiation with the client.

The lighty configuration file for SSL (usually found at /etc/lighttpd/conf-enabled/10-ssl.conf) contains a list of prefered ciphers. By default it looks like this on debian.

$SERVER[“socket”] == “0.0.0.0:443” {

ssl.engine = “enable”

ssl.pemfile = “/etc/lighttpd/server.pem”

ssl.cipher-list = “ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM”

ssl.honor-cipher-order = “enable”

}

(I normally change the pemfile location to /etc/lighttpd/ssl/server.pem)

But this configuration allows weak RC4 ciphers to be offered in the negotiation with the client. A better configuration would be:

$SERVER[“socket”] == “0.0.0.0:443” {

ssl.engine = “enable”

ssl.pemfile = “/etc/lighttpd/ssl/server.pem”

ssl.use-sslv2 = “disable”

ssl.use-sslv3 = “disable”

ssl.cipher-list = “TLSv1+HIGH !SSLv2 !RC4 !aNULL !eNULL !3DES @STRENGTH”

ssl.honor-cipher-order = “enable”

}

This says: use the TLSv1=HIGH cipher set (see the openssl documentation on cipher suites) but do not use SSLv2, the RC4 suite or any of the very weak (or completely insecure) ones thereafter. The “@STRENGTH” directive means we should sort the ciphers by strength and offer the most secure first. For good measure I have also disabled use of the (old) ssl-v2 and ssl-v3 suites in separate lines.

Qualys SSL labs over at www.ssllabs.com provide a very good suite of on-line tests for SSL certificates. They also provide some good advice on SSL/TLS implementation. All you need to do when testing a site is enter the full domain name of that site and it will be subjected to a battery of tests and after a minute or two you get a very detailed report of the strength (or otherwise) of negotiated connection. My test of trivia after building the new configuration got a pleasingly strong set of results. (Well, actually I got an F, but I would have got an A if the trust chain failure was ignored).

But hey, I’m still not going to pay a CA for something I can do myself for nothing.

And why should I trust a commercial CA anyway?

Permanent link to this article: https://baldric.net/2013/09/12/add-ssl-to-lighttpd-server/

Sep 11 2013

neil doesn’t get it

A couple of days ago I received an email from an old friend (let’s call him “Geoff”) which said:

Following last Friday night discussion I have created a facebook page as a shared repository of our photos etc. I have kickstarted with most of mine. You can either make yourself a friend of this page if you have a facebook account, or just login to it if you do not.

The login is deleted-email address password: deleted-password

Geoff

That email went to some two dozen or so people (most, but not all, of whom I know reasonably well). Obviously “Geoff” and some others on the list had been discussing setting up a “club” page in order to advertise the antics of members. I was not present at that meeting, nor party to the discussion.

As you would expect, I was less than happy with this email and having checked the facebook page in question and found some prominent pictures of myself I told Geoff (and cc addressees) as much in response. I said:

Thank you.

But please delete any and all photos containing my image. And please will anyone else thinking of adding any photograph of me NOT DO SO. I do not wish to have any image identifying me on Facebook (or any other “social networking site” of any kind). I have not approved the use of my image, and I do not do so. Images on such sites become the property of the site owner. Facebook is a large US based corporation whose security and privacy policy I most decidedly do NOT approve. And whilst I should not have to say this, I think it an appalling lapse of good sense to a) firstly create the site and populate it with images of persons who have not previously approved that, and b) then send the login credentials in clear by email to a large number of people. That site is now completely compromised.

At this point, one of the copy addressees (let’s call him “Neil”) responded:

FFS. They are no pix of you on it.

Geoff, to his credit, deleted the most obvious photographs and responded:

No worries Mick. … BTW you have the login stuff so you can engage with the great Satan and delete anything you don’t like.

I then went through the site and deleted a few Geoff had missed and replied:

Done.

And since Neil clearly doesn’t get why I should care, he, and others, should think carefully about the implications of a public system which allows the posting of images of others over which the subject has no control. Worse, those images can be tagged by third parties. Worse still, those images are automatically the property of the social networking site under the terms of its user policy. So, despite /my/ careful control of any and all images of me, some other person can happily post an image tagged say, “Harry Roberts with his wife Mary and dog Jehosophat on holiday with their friends in Corfu”. That image could contain exif data giving dates and geo-locations. Linkages from those images go to “their friends in Corfu”. Unless Harry has posted that himself, or given very specific permission for it to be posted, then that is a gross abuse of privilege.

FFS indeed.

At this point, Neil appeared to lose some control. He responded:

Mick. Get a life. Get a fucking life. You are already documented, certified, attested, and if the fucking black helicopters wanted to machine-gun or abduct you, they’d have done so already. And, right now, with my fucking blessing. Mick, this and you are tedious. You’ve degenerated into a bad-tempered, fulminating, sclerotic old bastard. Shame.

Now I’ve known Neil for over 25 years. I recall him once being witty and enjoyable company. Unfortunately, he now appears to be somewhat short tempered, irrational and, let’s face it, just plain rude. Shame.

So, why do I dislike Facebook (and of course other similar systems) so much? Well, even a cursory read of trivia would probably answer that, but for now, I’ll let others do the talking for me. So here, in no particular order, are some comments from others who share my concern:

Of course, any simple search for “Facebook + Privacy” will get you thousands more such articles. I leave further research to the reader.

Oh, and I considered adding a photograph of “Neil” to this post.

But that would just be wrong.

Permanent link to this article: https://baldric.net/2013/09/11/neil-doesnt-get-it/

Sep 10 2013

tor node upgrade

I have switched my tor node to the experimental branch and it is now running version 0.2.4.17-rc. The huge load on the network seen since the botnet starting using it on about 19 August last has forced the tor project team to recommend that all relay operators move to the 0.2.4 branch (and this release of 0.2.4.17 in particular) in response. Dingledine explains in his email that this release:

adds an emergency step to help us tolerate the massive influx of users: 0.2.4 clients using the new (faster and safer) “NTor” circuit-level handshakes now effectively jump the queue compared to the 0.2.3 clients using “TAP” handshakes.

It had previously been noted that the botnet causing the load on the network is using an older (v 0.2.3) client so this shift of relays to a later version should (hopefully) de-prioritise the botnet traffic in favour of clients using the latest code.

My own experience so far is promising. My node is a guard (trusted entry) node so it should typically be hit by clients trying to build new tor circuits. Before the upgrade I was seeing a maxed out CPU, and a load average of around 1.2 for in excess of 9000 established TCP connections. My log was full of comments such as “[warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [4218 similar message(s) suppressed in last 60 seconds]”. Since the upgrade (a couple of hours ago) I am now back up to around 8000 TCP connections but my CPU has some headroom – top shows tor taking around 65-70%, my load average is back down to an acceptable 0.4 to 0.5 and my log is showing no complaints about circuit creation failures.

(Update added 11 September @ 20.25)

I spoke too soon. Just 24 hours since the upgrade, my node is now maxed out once again with some 9000 TCP connections – but at least the log is clear of those irritating messages. The last heartbeat message though was “Heartbeat: Tor’s uptime is 1 day 0:00 hours, with 13436 circuits open. I’ve sent 130.01 GB and received 136.39 GB.”

Permanent link to this article: https://baldric.net/2013/09/10/tor-node-upgrade/

Aug 31 2013

totally not israel

Collin Anderson on tor-talk posted a nice graphic showing tor usage in the top 50 states since the appearance of the huge rise in the number of tor clients on the network. With the exception of Syria, the slopes of all those graphs looks much the same.

But as a few people have noticed, the graph for Israel at the same time is completely different.

israel-tor

So, whilst the rest of the world sees a massive climb in tor client usage, possibly the result of a botnet doing some exploration of the tor network, Israel’s usage goes down.

What does that say?

Permanent link to this article: https://baldric.net/2013/08/31/totally-not-israel/