Wednesday, September 25, 2013

I'm scanning udp/53 right now

So I'm scanning the Internet with a DNS version request, because it'd be a useful datapoint in my Friday #Brucon talk mentioning that BIND is still the overwhelming favorite DNS server on the Internet. The abuse reports are an interesting read, such as one that claims "This activity is neither just a scanning nor unexpected attempts, but a sophisticated attack". Nope, it's just scanning, and terribly unsophisticated.

Monday, September 23, 2013

TouchID defeated: what does it mean?

Apple's Touch ID sensor has been defeated. What does this mean?

First of all, it means Nick Depetrillo and I were wrong. We claimed it'd be harder. We assumed that a higher resolution sensor wouldn't be so simply defeated with just a higher resolution camera. We bet money. We lost (and Starbug of the CCC won).

Many people claim this hack is "too much trouble". This is profoundly wrong. Just because it's too much trouble for you doesn't mean it's too much trouble for a private investigator hired by your former husband. Or the neighbor's kid. Or an FBI agent. As a kid, I attended science fiction conventions in costume, and had latex around the house to get those Vulcan ears to look just right. As a kid, I etched circuit boards. This sort of stuff is easy, easy, easy -- you just need to try.

At the same time, it doesn't mean Touch ID is completely useless. Half the population doesn't lock their phone at all because it's too much trouble entering a 4 digit PIN every time they want to use it. If any of them choose to use Touch ID security instead of no security, then it's a win for security.

There are also some ways around the hack. Use your ring finger or pinky finger instead. You don't use these fingers to navigate your phone, so these prints won't be on your phone. These are also the most difficult and unlikely prints to retrieve from other surfaces, like beer glasses.

So here are the four lessons:

1. security experts can be wrong
2. don't believe the security assurances from vendors
3. bad security is still better than no security
4. knowledge is your best defense: understand this hack and how to use your pinkie finger instead


Friday, September 20, 2013

How Weev's prosecutors are making up the rules

Many of us believe that the conviction of Andrew "weev" Auernheimer proves that the system is corrupt, that the law can be arbitrarily applied to prosecute anybody. The rules are whatever the prosecutors say the rules are. There are one set of rules for the powerful, and another set for anybody who would challenge the powerful.

Today, prosecutors prove our theory correct. They submitted a 26,495 word brief in the appeal that does not conform to the Third Circuit's 14,000 word limit -- a limit that the defense struggled to fit within. In that brief, prosecutors arbitrarily redefined the Internet to prove that Weev (and friends) broke the rules. They liberally reinterpreted the rules of the Internet (the "protocols") to find Weev in violation -- while flaunting the rules of the court themselves.

Monday, September 16, 2013

BBC's nonsense tech story

I can't ignore this story from the BBC about the "first" online shopping. It's wrong in every respect. Firstly, it may have been a first for Britain, but it comes years after the "Minitel" system in France was used for online shopping. Secondly, online shopping still doesn't work that way. Thirdly, it's not the same as the Internet -- it's the opposite.

France rolled out it's systems in the late 1970s, called "Minitel". It was "teletex", which meant that it used a really slow modem, and only displayed text. Any "graphics" shown were only slightly more advanced than ASCII art, using special character sets with graphics symbols. The BBC article is about a British clone of the Minitel system in 1984, over five years after France introduced their system, wich is forever in Internet-years.

The thing to notice is that we still can't order groceries from the local grocery store and have then delivered. Sure, we can buy everything else online, from televisions to cars, and have them delivered to our doorstep, but not groceries. There is a simple reason for that -- groceries are a low-price/low-margin business. The only way to make them deliverable is to dramatically increase their price -- to the point where most people would rather just drive down to the store themselves. Sure, rich people can afford it, but not the "average" person or "pensioners".

The system described was not only an economic failure but a technical one. Teletex was designed by the phone-companies based on the principle that all the intelligence was in the network, and that the device in the home was a "dumb" terminology. The most important thing about the Internet is that it upended that principle. It made the network dumb, with routers that simply knew how to forward packets, and put all the intelligence on the "ends" of the network. If there is one thing you remember about the Internet is that it's based on "end-to-end" technology.

My point is this: that BBC article is wrong in every way something can be wrong. It was nearly the first at what it claimed -- France's Minitel was. The scenario they describe, the average person buying groceries, still doesn't work. The technology they describe, the intellegent telco network, was completely obsoleted by the end-to-end Internet.




Update: Many people are correcting me pointing out grocery deliveries are cheaper than I claim, pointing out they have friends who do it, or that they've done it in the past. Okay, they have a point, but at the same time, that they aren't using the service now supports my point that "groceries" isn't the revolution, buying everything else is.




Sunday, September 15, 2013

NSA's Fort Belvoir and Star Trek

This is an example of how my experiences with the NSA jar with the press's reporting. An article in Foreign Policy Review claims that General Alexander hired a Hollywood set designer to make his command center at Fort Belvoir look like the bridge of the Enterprise. That's not the story I heard.

I visited Fort Belvoir around 2003 (I forget the exact timeframe). The story I was given is that the Hollywood set designer was a relative, of the head himself or one of his underlings, and that the set designer provided his services for free. Rather than a passion for Star Trek, the situation was more about taking advantage of the opportunity. Whether they spent a ton of money, or got free services, seems to me to be a critical part of the story.

Also, it's not just Federation. The exterior doors have interlocking swords like the Klingon High Council Chamber.

I point this out to show how the press creates a narrative, in this case of Keith Alexander being a "cowboy", and ignores things that don't fit their narrative. I'm on the front lines calling the NSA evil and Orwellian, but at the same time, I don't trust the press, either.




Saturday, September 14, 2013

Masscan: the entire Internet in 3 minutes


I thought I'd write up some notes about my "masscan" port mapper.

Masscan is the fastest port scanner, more than 10 times faster than any other port scanner. As the screenshot shows, it can transmit 25 million packets/second, which is fast enough to scan the entire Internet in just under 3 minutes. The system doing this is just a typical quad-core desktop processor. The only unusual part of the system is the dual-port 10-gbps Ethernet card (most computers have only 1-gbps Ethernet).

Masscan is a typical "async/syn-cookie" scanner like 'scanrand', 'unicornscan', and 'ZMap'. The distinctive benefits of masscan are:
  1. speed
  2. better randomization
  3. flexibility
  4. compatibility
These are described in more detail below.

Friday, September 13, 2013

We scanned the Internet for port 22

Yesterday (Sept. 12) we scanned the entire Internet for port 22 -- the port reserved for "SSH", the protocol used by sysadmins to remotely log into machines.  Unlike our normal scans of port 80 or 443, this generated a lot more "abuse" complaints, so I thought I'd explain the scan.

Firstly, we'll happily add you to our "blacklist", so that we won't scan you ever again (barring accidents on our part). Our current blacklist is hundreds of entries long. However, please consider adding our scanner (71.6.151.167) to your "whitelist". We are well-known cyber-sec researchers, we aren't trying anything nefarious or evil, and we are being as transparent as possible about our scans.

Our scanner was just checking banners. It didn't complete the connection, nor did it try any passwords. Several abuse complaints assumed that we were trying to "login", but we weren't. Yes, hackers are constantly trying to login into SSH servers, so it's a good assumption to make, it's just that in this case, it doesn't apply to us.

Tuesday, September 10, 2013

Fingerprints can change

With Apple's new fingerprint recognition, "Touch ID", for the iPhone, one of the problems they'll have to deal with is that your fingerprints can change. I experienced this when I was a kid by sticking my finger into a "router", a device that shaves off the corners of wood to round them.

This (picture on right) is what a router table looks like. You push the wood left-to-right, and the rotating bit in the center shaves the wood, to make rounded corners, or other corner shapes.

As I was pressing the wood against the fence, and moving it along, the router bit struck a knot in the wood, kicking it out. Because I was pressing forward at the time, I pushed my finger into the bit.

Finger tip prints are not fingerprints

You use a different part of your finger to touch the iPhone sensor than what you use to touch other things. Hold a glass in one hand, and hold your iPhone in the other with your thumb on your sensor. You'll notice that you are holding the glass with the flat of your thumb, but touching the phone with the tip. The two prints overlap slightly, or not at all.

That means while hackers may be able to lift your thumbprint from you holding other objects, or from other parts of the phone itself, they probably can't get the tip print needed to do bad things on your iPhone.

This means the fingerprint databases held by the NSA, FBI, and border security are largely useless at unlocking your phone: they don't cover the same parts of your fingers. 

I point this out in regards to the latest iPhone 5S release with "Touch ID" sensor that reads fingerprints instead of requiring you to type in passwords. We cybersec hackes will be discussing how to break this in the near future, so I thought I'd be the first to make this observation.



Monday, September 09, 2013

The first rule of NSA club...

According to the law, you can't use the NSA log -- or even mention the letters "NSA" or use the name "National Security Agency":

   Sec. 15. (a) No person may, except with the written permission
   of the Director of the National Security Agency, knowingly use the
   words 'National Security Agency', the initials 'NSA', the seal of
   the National Security Agency, or any colorable imitation of such
   words, initials, or seal in connection with any merchandise,
   impersonation, solicitation, or commercial activity in a manner
   reasonably calculated to convey the impression that such use is
   approved, endorsed, or authorized by the National Security Agency.

Well, you might argue, clearly that doesn't apply, but it is precisely this law that was used to justify censorship of a post critical of the NSA by cryptography professor Mathew Green's post. His university threatened Green with legal action unless he removed the NSA logo -- based on their interpretation of this law.

Sunday, September 08, 2013

No, the NSA can't spy on arbitrary smartphone data

The NSA has been exposed as evil and untrustworthy, but so has the press. The press distorts every new revelation, ignoring crucial technical details, and making it sound worse than it really is. An example is this Der Spiegel story claiming "NSA Can Spy On Smartphone Data", such as grabbing your contacts or SMS/email stored on the phone. Update: That was a teaser story, the actual story appearing tomorrow (available here) has more facts and fewer speculations than the teaser story.

Friday, September 06, 2013

Tor is still DHE 1024 (NSA crackable)

After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break. But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys. Assuming no "breakthroughs", the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips.

The problem with Tor is that it still uses these 1024 bit keys for much of its crypto, particularly because most people are still using older versions of the software. The older 2.3 versions of Tor uses keys the NSA can crack, but few have upgraded to the newer 2.4 version with better keys.

You can see this for yourself by going to a live listing of Tor servers, like http://torstatus.blutmagie.de/. Only 10% of the servers have upgraded to version 2.4.

Recently, I ran a "hostile" exit node and recorded the encryption negotiated by incoming connections (the external link encryption, not the internal circuits). This tells me whether they are using the newer or older software. Only about 24% of incoming connections were using the newer software. Here's a list of the counts:

14134 -- 0x0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 5566 -- 0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 2314 -- 0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  905 -- 0x0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    1 -- 0xc012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

The older software negotiates "DHE", which are 1024 bit Diffie-Hellman keys. The newer software chooses ECDHE, which are Elliptical-Curve keys. I show the raw data because I'm confused by the last entry, I'm not sure how the software might negotiate ECDHE+3DES, it seems like a lulz-worthy combination (not that it's insecure -- just odd). Those selecting DHE+3DES are also really old I think. I don't know enough about Tor, but I suspect anything using DHE+3DES is likely more than 5 years old.

(By the way, I used my Ferret tool to generate this, typing "ferret suites -r ".)

The reason software is out of date is because it takes a long time for repositories to be updated. If you type "apt-get install tor" on a Debian/Ubuntu computer, you get the 2.3 version. And this is what pops up as the suggestion of what you should do when you go to the Tor website. Sure, it warns you that the software might be out-of-date, but it doesn't do a good job pointing out that it's almost a year out of date, and the crypto the older version is using is believed to be crackable by the NSA.

Of course, this is still just guessing about the NSA's capabilities. As it turns out, the newer Elliptical keys may turn out to be relatively easier to crack than people thought, meaning that the older software may in fact be more secure. But since 1024 bit RSA/DH has been the most popular SSL encryption for the past decade, I'd assume that it's that, rather than curves, that the NSA is best at cracking.

Therefore, I'd suggest that the Tor community do a better job getting people to upgrade to 2.4. Old servers with crackable crypto, combined with the likelyhood the NSA runs hostile Tor nodes, means that it's of much greater importance.



Update: The above list are the incoming connections from other Tor servers. The following is a list of outgoing connections (since this is an exit node). This has nothing to do with the above discussion, I just include it here for completeness.

      count  suite - description
      39611 0x0005 - TLS_RSA_WITH_RC4_128_SHA
      30138 0x0035 - TLS_RSA_WITH_AES_256_CBC_SHA
      14569 0xc011 - TLS_ECDHE_RSA_WITH_RC4_128_SHA
      10043 0x0004 - TLS_RSA_WITH_RC4_128_MD5
       8576 0xc007 - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
       7100 0x0039 - TLS_DHE_RSA_WITH_AES_256_CBC_SHA
       4081 0x002f - TLS_RSA_WITH_AES_128_CBC_SHA
       2077 0xc014 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
       1900 0x0088 - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
       1090 0x0084 - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
        481 0xc013 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        337 0x000a - TLS_RSA_WITH_3DES_EDE_CBC_SHA
        102 0xc009 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        101 0x0016 - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
         83 0x009f -
         78 0xc030 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
         35 0xc02f - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
         16 0x0033 - TLS_DHE_RSA_WITH_AES_128_CBC_SHA
          6 0x003d - TLS_RSA_WITH_AES_256_CBC_SHA256
          6 0xc028 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384


Thursday, September 05, 2013

Cyberwarfare is like sniping: "If you don't have DOPE you don't have a shot"*


I disagree strongly with this article by Jason Healey in The Atlantic. To put a finer point on my disagreement: I am against the “demystifying” of cyber weapons to show they have humanitarian value.

Cyber weapons do not have peace keeping or humanitarian value. The inconsistency of cyber weapons means that they are not integrated into an order of battle; meaning, to be effective they have to be in use all the time and the results gained can be used to plan operations.

If an operations commander were to go to a cyber warfare group and ask for something that a kinetic team could accomplish, perhaps turning off the lights in a city at midnight tomorrow to send a message or support a planned operation,  the likely answers would be:

1. “Let me see if we already own something there.”
This means that the target has been compromised in the past and a rootkit may have been left behind. Of course there is no guarantee because the rootkit could have been discovered, the machine that was infected could have been replaced or even egress firewall rule changes could block access. 
2. “We can attempt to gain access, but no promises.”
This means the cyber warriors will have to collect data on the target and attempt a cold notice infiltration.** Unless there are servers with sql injection or easy to hit buffer overflows, exploitation will not work. 
3. “We can deploy some high speed commandos to place a key logger on someone's computer, and nab a password that will hopefully get us access to the important systems.”
Think about the game "Splinter Cell." This could work -  but you would already need operatives in the area briefed and ready to breach the facility.***  
"Hey buddy, whats you PGP passphrase?"
4. “Don’t you have guys for that? I keep reading about these JSOC commandos...”
This equates to “we cannot get the job done in the allotted time, please look for other solutions to your warfighting needs.” 

The “demystifying” part is what really gets me. Cyber weapons rely on secrecy to work. The POTUS can’t go on TV and say “We will go with a cyber solution utilizing rootkits we have intalled over the years in their military network.” That just sounds bad. It confirms the now widely-held notion that we are the world's Cyber-overlord and we're constantly looking for ways to put the rest of the world under our Cyber-thumb. Announcing the intended use of Cyberwar tools ahead of time is just bad strategy: the target would suddenly start scrubbing critical machines, changing passwords, and tightening firewall rules.

Do you remember the first Gulf War where plenty of jokes were made about Iraq getting all of its useful intel from CNN? A repeat of the fiasco would occur if the government tried to demystify its cyberwar capabilities.  It isn't hard to imagine a scenario where a forewarned adversary will prepare systems to observe an infiltration, and thus gain invaluable knowledge of Tactics, Techniques, and Procedures used by friendly forces. In the "cyberwar" world, giving away your methods is a good way to see them turned back on you.  It would also invalidate your DOPE.

"I wouldn't be here if people just ignored patches and clicked on everything in email...but noooo..."

* DOPE is an acronym used by trained marksmen around the world, meaning Data On Previous Engagement. This means the operator of a kinetic weapon system, such as a sniper and his rifle, have prepared ballistic data on the effect of his projectile on a target at a predetermined range and with consideration for atmospheric conditions, as well as target attributes such as movement and vulnerability.
**In cyber warfare a "cold notice infiltration" means you don't have any prior data on the target so you do everything from footprint and recon to exploitation in one step often in a very short timeframe. This is opposite of a "hot notice infiltration" which means all the steps to infiltrate a target are done individually and with a lot of prep time.
***We could also talk about the usefulness of a kinetic option to deliver a cyber payload but I feel this blog post has already hit the point of over thinking.