The research, done by Robert Hansen of SecTheory, shows that browsers such as Firefox, Internet Explorer and Chrome have a number of architectural problems that can essentially negate the security that SSL is meant to provide for sensitive Web transactions. The techniques that Hansen has developed, which he demonstrated at the Black Hat conference here Thursday, give an attacker the ability to do any number of nasty things to a target machine, including forcing the download of an executable file, overwriting the URL field in the browser and overwrite secure HTTPS cookies with non-secure cookies.

In all, Hansen found 24 problems before he decided to stop looking. “I had basically had to stop the research because there were just too many issues. I didn’t have time to deal with anymore,” Hansen said.

A big part of the problem, Hansen said in an interview, is that browsers don’t enforce policies that would isolate the tabs in an open browser from one another. This allows an attacker who can control one of the tabs, say a normal non-SSL session, to also affect content in the other tabs, even if they’re using SSL. Hansen identified several techniques that enable him to watch an SSL-protected session and glean a lot of information about what the user is doing, based on timing certain parts of the Web session and knowing how long it takes for part of a site to load. He also can tell whether a user is logged in on a given site and use a specific technique to log the user out so he can then watch the login operation and steal the credentials.

“When you look at it, what does SSL really offer? What this means is that for the average user, against a determined adversary, there really is no protection,” said Hansen, who presented his findings at the Black Hat conference here Thursday. “People give SSL and TLS a lot of credit, when it shouldn’t have any at all.”

SSL is the main transport security used by millions of Web sites to protect data being sent from browsers to Web servers. It’s been shown to be vulnerable to a number of different attacks, including several man-in-the-middle attacks, which could be used in conjunction with some of Hansen’s techniques to completely compromise a supposedly secure Web session.

“The most important thing is that if an attacker can map out the domain ahead of time, he can get a really good feel for how the site is built,” Hansen said. “If there’s a side channel, I can force them to precache some of the content on the page so that I don’t see that again when they reload the page. Then, the only thing you’re seeing are the things that are interesting to the attacker. You can map out the user’s flow around the site and the attacker can force the user to make an SSL connection to them so they can tell which SSL and HTTP headers are being sent in which direction. It’s about narrowing down the number of bytes that are interesting.”

As troubling as the problems that Hansen found are, he emphasized that they don’t mean that the sky is falling.

“You still need to be a man in the middle first and there are probably easier ways to attack people once you are, but there are a lot of issues here,” he said. “If there was better jitter and padding in SSL, a lof of this wouldn’t even be possible.”

Source

In the 12 months to March 31 this year, government officials approved 38 notices under Part III of the Regulation of Investigatory Powers Act, compared to 26 in the previous year.

The powers, known as section 49 notices, require suspects to hand over passwords or make files intelligible to investigators on threat of a two-year jail sentence, or five years where national security is concerned.

As well as obtaining more section 49 notices, police also expanded the range of crimes they were used to investigate.

In 2008/09 they were served in relation to counter-terrorism, possiession of indecent images of children and “domestic extremism” (a case involving activist attacks on animal testing labs). In the last 12 months, however, RIPA Part III was used to demand decryption in cases of insider dealing, illegal broadcasting, theft, excise duty evasion and aggravated burglary, the Chief Surveillance Commissioner Sir Christopher Rose said in his annual report.

Investigations into indecent images of children remained the “main reason” section 49 notices were served, he added.

Of the 17 notices obtained this year that have so far been served, six suspects complied and seven did not. The remainder are still being processed. One person suspected of possessing indecent images of children has been convicted for failing to hand over passwords.

The compliance rate was up on last year, the first full year since the powers were activated, when 11 out of 15 suspects served with a section 49 notice did not make their files intelligible to investigators.

Sir Christopher noted the discrepancy between 38 approvals granted by the National Technical Assistance Centre (NTAC) and the number of notices actually served. NTAC is a unit at GCHQ, the Cheltenham code-breaking agency.

“Notices, once approved, should be served without delay,” Sir Christopher said. “If delays continue, I will require an explanation.”

Last year The Register reported the case of the first man known to have been jailed for failing to hand over encryption keys to the police. “JFL” was a schizophrenic software developer initially charged with explosives offences that were later dropped. He was sectioned under the Mental Health Act during his prison sentence.

Source

“We have a long way to go,” acknowledges Heartland CEO Bob Carr, pointing out the so-called E3 payment terminals, intended for small-to-midsize customers, are but the first step, “with more advanced technologies coming in the summer” intended for use between Heartland’s network and much larger merchants that would require more back-end integration into processing systems. “We’re not ready to help all of them yet,” he acknowledges.

There is as of yet no end-to-end encryption requirement for debit- and credit-card processing, though the Payment Card Industry (PCI) Security Standards Council, which sets technical standards used by payment processors and merchants, is expected to weigh in on that topic in its upcoming PCI standard this October.

Unwilling to delay action after last year’s devastating discovery of a data breach that has so far cost it well over $100 million in fines and associated costs, Heartland has spearheaded its own multi-million-dollar end-to-end encryption technology effort to keep cybercriminals at bay. (Hacker Albert Gonzalez was caught and confessed to hacking Heartland’s processing network and much more, and this March was sentenced to 20 years in prison.

“Every single breach I know of wouldn’t have happened if our end-to-end encryption solution had been there,” Carr says. He believes Heartland is the first to come out with a commercial deployment of end-to-end encryption with merchants.

Carr says the definition of end-to-end encryption may end up varying, but in the case of Heartland, it means protecting card data, particularly the track data, as it’s being swiped at the merchant to the entry point to Heartland’s network, and encrypted on through Heartland’s network. However, this encryption now stops at the card brand point, such as Visa and MasterCard, and isn’t encrypted on through to the banking points.

Carr thinks the most vulnerable points that hackers will try to exploit are in the interconnections between merchant and payments processor, but he acknowledges that as the industry evolves to better protect these routes, hackers will undoubtedly look for the weakest link in the chain.

The E3 terminals, built by Voltage Security and Uniform Industrial Corp., were custom ordered by Heartland, which isn’t requiring its merchants to use them, but strongly recommending them.

“They do have to buy the devices,” Carr says, noting they range between $300 to $500, which Heartland will finance for six months if merchants have cash-flow issues. But one incentive for using E3 is a guarantee from Heartland that if merchants using E3 are breached, Heartland will cover fines and forensic costs related to any breach tied to the stand-alone terminals. Heartland is also offering free help to smaller merchants in filling out PCI standard conformance forms, something that can be technically bewildering to them.

One looming issue in end-to-end encryption is interoperability if the industry adopts more robust processes for protection through encryption. But Carr is optimistic the industry will meet the challenge, saying the PCI Security Standards Council “is listening hard and being responsive.”

Source

Security research firm Qualys is attempting to paint a detailed picture of SSL deployments and their shortcomings with a new, still under-development study that aims to deliver a deeper degree of information on the state of the SSL marketplace than what is currently known. Most industry intelligence on the subject thus far has come from Netcraft research reports and from vendor reports.

In its study, Qualys scanned 119 million domain names, but found that only 92 million were active. Approximately 12.4 million domains failed to resolve properly and 14.6 million failed to respond. Of the active domains that did respond, nearly 34 million responded to the Qualys scan on both port 80 and port 443. Port 80 is typically used for HTTP while port 443 is typically used for HTTPS-, SSL-secured Websites.

Digging a layer deeper into the active sites on Port 443, Ivan Ristic, director of engineering at Qualys, said in a Webcast that he found that only about 23 million of the sites were actually running SSL.

SSL certificates can be generated for any domain name. It is considered to be a best practice that the name on the SSL certificate matches the name of the domain on which the SSL certificate is being used, though Ristic’s research shows that’s not always the case.

“Only about 3.17 percent of the domain names matched,” Ristic said. “So we have about 22 million SSL servers with certificates that are completely invalid because they do not match the domain name on which they reside.”

Detecting invalid SSL certificates
In a preview of a talk set to be delivered at this summer’s Black Hat USA conference, Ristic explained that his company has had an SSL security-checking service available publicly for some time. However, the Qualys SSL checker required that users came to the site to check their own SSL status. With the new research conducted by Ristic, Qualys set about scanning the Internet to collect information on how sites are implementing SSL.

“For us, the question is: How exactly is SSL used on the Internet as a whole?” Ristic said during the Webcast. “Interestingly enough, as popular as SSL is, no one had made public the information about how it is used.”

According to VeriSign, there are currently approximately 193 million domain names. In terms of SSL, Netcraft reports that there are 1.5 million SSL certificates. Ristic decided to focus his research on the total number of .com, .net, .org, .biz, .us and .info domains, which total 119 million domain names in total.

Ristic explained that he built a virtual machine that was able to run 2,000 threads in parallel to scan those millions of domain names. The process took him two days at a speed of 1,000 servers scanned per second.

In response to a question from InternetNews.com about his testing hardware and software infrastructure, Ristic noted that the scanning software had been custom-written for the task.

“The hardware was nothing special — I’m using a virtual server in the cloud and it’s just a medium-sized box,” Ristic said. “The trick to why the tests are quick is that it’s only a couple of network packets that are being exchanged, and that’s enough to determine if the server on the other side is capable of supporting the protocol.”

As part of the complete report that he is working on, Ristic said that he’ll be doing a deeper analysis of 720,000 SSL certificates that he uncovered in his initial scan and considers valid. The plan is to collect up to 300 data points on each SSL server to better understand how the certificates are deployed and configured.

Source

Brazilian police seized five hard drives when they raided the Rio apartment of banker Daniel Dantas as part of Operation Satyagraha in July 2008. But subsequent efforts to decrypt files held on the hardware using a variety of dictionary-based attacks failed even after the South Americans called in the assistance of the FBI.

The files were encrypted using Truecrypt and an unnamed algorithm, reportedly based on the 256-bit AES standard. In the UK, Dantas would be compelled to reveal his passphrase under threat of imprisonment, but no such law exists in Brazil.

The Brazilian National Institute of Criminology (INC) tried for five months to obtain access to the encrypted data without success before turning over the job to code-breakers at the FBI in early 2009. US computer specialists also drew a blank even after 12 months of efforts to crack the code, Brazil’s El Globo newspaper reports.

The case is an illustration of how care in choosing secure (hard-to-guess) passwords and applying encryption techniques to avoid leaving file fragments that could aid code breakers are more important in maintaining security than the algorithm a code maker chooses. In other cases, law enforcement officials have defeated suspects’ use of encryption because of weak cryptographic trade craft or poor passwords, rather than inherent flaws in encryption packages.

Source

Right now the install bits are only available on the pilot site at: http://www.owa.hammerofgod.com in the downloads
section. I have to wait on Raging Haggis to return from Canada before posting on
www.hammerofgod.com .

Here’s a bit from the TGP Overview document included with the install and on the web site. Please read through it
before asking silly questions. :)

Also, feel free to hack it up as much as you would like. I know this is full disclosure, so feel free to zing them at
me, or if you prefer, I can work with you on any issues you might have.

Remember, this is totally free, so my ability to handle custom requests will be limited. For those looking to break
it, I would look at fuzzing the XML documents and the “drag and drop public XML” parsing feature.

If you have questions or challenges about any of the security, I would ask to keep it on the list so that everyone can
get the full benefit of productive security development. The read-me should pretty much lay everything out for you.
If not, we’ll take it up from there.

t

TGP – “Thor’s Godly Privacy”
06/13/10 v1.1.06

TGP is a small yet very powerful encryption utility. With all eyes on “the cloud,” I decided to write an encryption
application better suited to an environment where portability and security were, at the least, challenging. In cloud
computing, not only is the use of file structures becoming more abstract, but the very concept of a “file server” is
becoming more and more ubiquitous.

As such, I designed TGP with “encryption for the cloud” in mind. That means that not only does TGP do everything your
normal PGP-type applications do, but it does things a bit differently – differently in a way that can change the way
you work with your encrypted data. At the simplest level, this is done by encrypting data into byte arrays, and then
converting those byte arrays into Base64 encoded text wrapped inside XML tags. In this way, not only do you get your
typical file-based encrypted representation of your data, but you also get data that you can copy and paste directly
into any email, mailing list, blog-page, or social networking site.

What I think is interesting about this is that if we choose to, we no longer have to be the custodians of our encrypted
data – we don’t have to worry about actually housing the files: we can just post them to the internet and let someone
else assume the burden of storing the files for us.

If I want to share encrypted files with someone or secure my own files, all I have to do is TGP encrypt the data I
want, and post it to a mailing list somewhere. In the case of a list like Bugtraq or Full Disclosure, the data is
actually automatically replicated out to any number of archive sites, thus distributing my data for me. I can
literally be anywhere in the world and just do a quick search for my post to retrieve my data. And since the TGP
public key files are also text representations of encrypted key data, I can do the same with my keys.

Normally, you want to keep your private keys as safe as possible. This is still the case with TGP. However, it is
trivial to build as many private keys as you wish to use for anything you want to use them for. TGP Private Key files
are password protected and individually salted, so with a strong passphrase you have very reasonable assurance that no
one is going to get to your key any time soon. So, you can create a private key with a strong password, post that, and
then, say, encrypt a scan of your passport and post that. Then if you are ever in a pinch while travelling or
something like that, you can simply use Google or Bing to access your data wherever you are.

Of course, that’s just an example, but I think it illustrates the power of encrypted file structures like this. You
can literally use Facebook to post encrypted documents that you don’t have to maintain.

That’s really the main different between TGP and an application like PGP. That and of course, TGP is free, and
personally, I think PGP is tardware. It’s bloated, it’s far too expensive, it’s hard to use, and if you don’t watch
your licensing, you can get screwed hard like I did when I didn’t want to buy the extended support and one day my
encrypted drives stopped working until I paid them. That doesn’t fly. TGP also doesn’t require that you are an admin
to install. However, the .NET installer for the 4.0 client profile does – that’s not my doing. Regardless, here are
the file structures TGP uses:

Things that still suck about TGP
Currently TGP uses a memory stream for the destination of the AES cryptostream. This sucks because it makes the
maximum file one can encrypt based on available memory. It’s not a huge deal, but it does keep you from encrypting a
gigabyte file. I’ll be changing that soon.

[Description: Description: Description: TimSig]
Timothy “Thor” Mullen
Hammer of God
thor () hammerofgod com
www.hammerofgod.com
[cid:image002.png@01CB0B06.EED273B0]

Source

The mathematicians and cryptography experts at Bletchley Park broke the code used by Germany’s Enigma machine, a complex encryption device used across the German military. By January 1940, Britain was decoding the majority of the Enigma-encrypted radio messages intercepted by its signal intelligence stations.

Since then, buildings on the 25-acre Bletchley Park estate have fallen into disrepair: At one stage the site was close to being demolished to make way for a supermarket and housing development, and efforts to raise money to preserve it have struggled.

Existing funds have been consumed by emergency infrastructure repairs such as keeping the roofs of buildings from caving in, said Simon Greenish, director and CEO of Bletchley Park Trust. Preserving the core of Bletchley Park’s heritage — the intercepted messages — was far down the list of priorities, he said.

Those messages are still in the building’s archive after more than six decades, neatly typed on trimmed slips of paper and glued into fragile, decaying books. Also in the archive are drawers full of maps and a system of index cards used to classify messages by subject.

With the archive building’s roof among those that needed fixing earlier this year, the flimsy documents stored there “really ought to be properly dealt with,” Greenish said.

That is starting to happen, with the launch of a project to digitize the documents in the archive and make them accessible to the public.

Hewlett-Packard has donated servers, storage and five of its latest enterprise-level Scanjet scanners to get the project going, said Laura Seymour, marketing manager for HP’s LaserJet and enterprise solutions. The company has also assigned consultants to help train volunteers and Bletchley staff on the equipment.

Volunteers will use HP’s Scanjet 7000 to scan the index cards used to classify messages. Once the cryptanalysts had decoded a message, a summary of it would be written on an index card and filed under a subject heading to make it easy to find groups of related messages. The cards — which number in the tens of thousands — are handwritten in cursive, often on both sides.

The Scanjet 7000 can scan both sides of the cards quickly in batches. The scanner can detect if a card has been incorrectly fed or if two cards are stuck together. A larger flatbed scanner, such as HP’s N9120, will be used for the books containing the actual messages. The pages of those books will have to be turned by hand in order to scan them since they are too fragile for automated page-turning scanners.

Another bit of technology can help compensate if an index card’s writing is fading. HP’s Kofax Virtual rescan software inspects the material, then adjusts its brightness and contrast for clarity so that the image is more readable, said Mander Thiara, a specialist with HP’s imaging and printing group.

Source

An uninitialised buffer in the EVP_PKEY_verify_recover() function in version 1.0.0 can be exploited to make an invalid RSA key appear to be valid. Since very few applications have used this recently-introduced function, the scope of this problem is limited. The OpenSSL developers say that pkeyutl is currently one of the only OpenSSL tools to access this function.

Source

Data protection laws in particular are being tightened up, with the potential for large financial penalties to be imposed for the loss or leakage of data. Fines may come not only from general data protection bodies, but also individual industry regulators in verticals such as financial services or healthcare. Data breach notification laws, pioneered very effectively by California, are planned for Europe. These have shown that the real cost of a data loss is the clean-up afterwards. Companies suffer from the loss of reputation and trust in a brand, as well as having to foot the bill for fraud monitoring, credit protection and possible recompense for those people affected.

Now, you may well be thinking: “That’s all well and good, but how does it affect me?” Legislation is effectively raising the bar and sending a message that dealing with risks posed by a data breach is important, and that the efforts made to secure the data held will be used to determine the level of penalties should a breach occur. So doing nothing may be an option, but it will probably be a very expensive one. Accepting this, how can you approach what for many is a very murky problem – and can encryption help?

That old chestnut, off-site backup, is the traditional starting point for data protection. However this does involve risk at multiple points: transporting the backups, holding them at a third party, and then being able to recover the data at a future time. Encryption of the backed-up data certainly appears to be part of the solution: it enables safe transport and storage, providing the passwords or keys are kept separate from the data itself, of course.

However, backup is only half of the answer when it comes to data protection and availability – the flip-side is restoration of data if required. At this point, encryption makes things harder, not easier. How many companies have implemented a system to guarantee that encrypted information can be retrieved and restored? To do so requires a comprehensive catalogue of backups, combined with encryption key or password management information. It may be a challenge keeping records, especially as the retention periods for these data sets can extend into years and decades.

As a system of many interacting steps, many of which are complex and temperamental, the whole of the problem may seem like much more than the sum of its parts. Keeping a firm grip on encrypted data will be dependent on process, documentation and management tools. Regular testing of restore capability must also be part of the process, ideally as part of formal Governance, Risk and Compliance (GRC) procedures.

It is tempting to focus efforts on testing restores on fairly recent active data. After all, there are whole libraries of the old stuff! But is this really going to be enough? Indeed, if it can’t be guaranteed that old, encrypted data can be restored at some point in the future, is there really any point in keeping it at all?

Long-term access to backup data has many associated risks. For example, job rotation and rapid technology obsolescence mean that this is often left as a problem for somebody else to solve. The physical condition of the tape may deteriorate. Tape readers may become obsolete (even NASA has this problem). Encryption adds to the complexity of the problem of data restoration, and as with all the other issues this must be tackled to ensure long-term retrieval is viable. Process is as vital in ensuring success as the technology used, perhaps even more so as technology changes frequently but people are slow to change – as, to be fair, is the data.

We’re not claiming to have all the answers here. But as encryption once again piques the interest of the media, it is worth considering the practicalities and ramifications when it comes to this fundamental area of data protection – that of backup and restore. Whatever approach is followed to encrypting backups, key management will likely become the over-riding issue to ensure that access to the data is still possible after many years. Tough as it sometimes can be, most organisations would not think of running important systems without backups and recovery plans in place. But neglecting the same with encrypted data and keys, lays a business open to losing access to important data with a very difficult path to recovery.

Have you ever had a data wipe-out from lost keys? Has encryption saved your bacon?

Source

The agreement will allow McAfee to offer a wider range of enterprise-targeted mobile security products for smartphone platforms, including iPhone OS, Android, Web OS, Windows Mobile and Symbian. Trust Digital’s technology will be integrated into McAfee’s ePolicy Orchestrator management console technology. This symbiosis will guard against such risks as malicious downloads of applications onto smartphone devices.

McAfee’s pitch is that its technology will make the roll-out of iPhone and Android smartphones in enterprises safer. It’s unclear how many of Trust Digital’s 40 workers will be offered jobs with McAfee.

Source