Securityfocus has this story about a group of researchers that have found a way to semi-automate the creation of exploits.
... Microsoft has not taken adequate steps to make such attempts more difficult, Brumley said. The researchers suggested possible avenues that Microsoft could pursue to increase the likelihood that customers received patches before attackers could reverse engineer them, including obfuscating the code, encrypting the patches and waiting to distribute the key simultaneously, and using peer-to-peer distribution to push out patches faster.
The researchers recommend the above for Microsoft. However, each method may create more problems than it solves. Let us consider them, one by one:
1)Obfuscate the code - Obfuscating the patching code doesn't help at all. One could simply snapshot the system before and after applying a patch and get the diffs. Obfuscating the application code (the application that is being patched) if done manually will make it prone to more bugs and hence more exploits. Automated obfuscation will not introduce any extra bug/exploits but it could make the application run slower.
2)Encrypt the patches and withhold the key - Well, the key will have to be distributed eventually. The window of opportunity for automated exploit generators will be smaller assuming the key can be distributed faster than the patch. However, the window of opportunity for zero-day exploits will be bigger. Also, the exploit generation can be done by using as input IDS/IPS signature updates instead of the patch. So should you encrypt those as well and withhold the key?
3)Using peer to peer distribution of patches - This could work...but why is it better than using other content delivery methods?
Friday, April 25, 2008
Friday, February 15, 2008
Can I protect private data from the threat of coerced password disclosure?
Bruce Schiener mentioned the threat of government authorities asking you to divulge the password to your encrypted file or disk:
The latter threat is becoming more real. I have long been worried that someday, at a border crossing, a customs official will open my laptop and ask me to type in my password. Of course I could refuse, but the consequences might be severe -- and permanent. And some countries -- the United Kingdom, Singapore, Malaysia -- have passed laws giving police the authority to demand that you divulge your passwords and encryption keys.
This is indeed a pain. The same could be done by an adversary by holding you at gun-point etc. Truecrypt, a free disk encryption software that I use, has a partial solution. It allows you to create a hidden volume within an encrypted volume. So to protect yourself from the above threat you can enter the password for the outer volume and deny the existence of any inner volume. I don't know how Truecrypt implements this but I think it works somewhat like this:
The descriptor of the inner volume(and not just the user data) is stored at a fixed location and encrypted with the inner volume's password. Until that password is typed there is no way to know whether there is a valid descriptor(and hence a hidden volume) or not.
This is nice since one can pretend that the inner volume does not exist and the adversary has no way to prove otherwise(all unused space is initialized with random bytes). However, a clever adversary may threaten to overwrite the fixed location where the hidden volume's descriptor resides. At that point you can choose between disclosing the data to the adversary or losing it forever. And in many cases it is good to have that choice.
The latter threat is becoming more real. I have long been worried that someday, at a border crossing, a customs official will open my laptop and ask me to type in my password. Of course I could refuse, but the consequences might be severe -- and permanent. And some countries -- the United Kingdom, Singapore, Malaysia -- have passed laws giving police the authority to demand that you divulge your passwords and encryption keys.
This is indeed a pain. The same could be done by an adversary by holding you at gun-point etc. Truecrypt, a free disk encryption software that I use, has a partial solution. It allows you to create a hidden volume within an encrypted volume. So to protect yourself from the above threat you can enter the password for the outer volume and deny the existence of any inner volume. I don't know how Truecrypt implements this but I think it works somewhat like this:
The descriptor of the inner volume(and not just the user data) is stored at a fixed location and encrypted with the inner volume's password. Until that password is typed there is no way to know whether there is a valid descriptor(and hence a hidden volume) or not.
This is nice since one can pretend that the inner volume does not exist and the adversary has no way to prove otherwise(all unused space is initialized with random bytes). However, a clever adversary may threaten to overwrite the fixed location where the hidden volume's descriptor resides. At that point you can choose between disclosing the data to the adversary or losing it forever. And in many cases it is good to have that choice.
Tuesday, January 15, 2008
To WPA or not to WPA?
Renowned security expert Bruce Schneier wrote a controvertial essay arguing about the benefits of keeping his home wireless network unsecured. He talks a lot about less important things like the possibility of someone using your network for doing bad stuff and getting you involved in legal proceedings. He is not concerned about it and neither am I.
However, as this article points out Bruce mentions the most important point only in passing: he has secured his computers in a way that the wireless link being unsecure does not matter to him(perhaps disk encryption and VPN). This is probably because he travels a lot and uses unsecured wireless access often. Many people don't. I don't use any public wireless network. I don't have a reason to use PGP or any other disk encryption techology on my laptop. I do however have a desktop at home which is accessible only from behind my internet firewall and since it is connected only via a wired link I do not have to lock it down (use long and difficult passwords, change passwords often, use disk encryption etc). If I make my wireless network open, drive-by hackers can easily hack into my desktop and laptop. Passive eavesdroppers can read my mail, instant messages etc. easily when I am using my laptop to access them. Choosing between taking that risk and enabling WPA is a no-brainer for me.
Regarding WPA Bruce says:
"This is not to say that the new wireless security protocol, WPA, isn't very good. It is. But there are going to be security flaws in it; there always are."
The question is not whether WPA has any flaws or not, it is whether any have been found and are easily exploitable by drive-by hackers. In his own words "security is a tradeoff". As a I mentioned above this tradeoff is a no-brainer to me.
The bulk of Bruce's argument centers on social politeness. He has an open network to provide people "stranded without internet access" the courtesy of using his network. If this can be done without jeopardizing my own security I won't mind. However, I am not going to encrypt my disks, use strict password policies etc in order to do that. Bruce already did that for other reasons and "sharing" is easy for him. Good for his neighbors!
However, the social politeness argument involves another party: the ISP. This article does a good job of explaining that factor. Under most ISP's terms of service, sharing your internet connection is analogous to sharing your cable TV: it is illegal. There may be other terms of service where you buy internet access "by the byte or by the hour" and in those cases it is perfectly OK to let others use your connection. However, how many people will continue to extend this courtesy if it cost them by the byte? It is easy to share something that doesn't cost you anything extra. Bruce uses economic reasoning particularly the concept of externality often to explain security issues. That concept applies here: the action of a subscriber to extend his internet access to neighbors and others has a consequence for the ISP. Charging by the byte or by the hour makes this externality "internal".
In conclusion, regarding the question of whether to use WPA on your home wireless or not, I find that it really depends on your situation. If your computers are secured and your ISP does not mind, you may decide to extend "internet access courtesy" to those in your wireless range. Otherwise, it is better to secure your wireless connection.
However, as this article points out Bruce mentions the most important point only in passing: he has secured his computers in a way that the wireless link being unsecure does not matter to him(perhaps disk encryption and VPN). This is probably because he travels a lot and uses unsecured wireless access often. Many people don't. I don't use any public wireless network. I don't have a reason to use PGP or any other disk encryption techology on my laptop. I do however have a desktop at home which is accessible only from behind my internet firewall and since it is connected only via a wired link I do not have to lock it down (use long and difficult passwords, change passwords often, use disk encryption etc). If I make my wireless network open, drive-by hackers can easily hack into my desktop and laptop. Passive eavesdroppers can read my mail, instant messages etc. easily when I am using my laptop to access them. Choosing between taking that risk and enabling WPA is a no-brainer for me.
Regarding WPA Bruce says:
"This is not to say that the new wireless security protocol, WPA, isn't very good. It is. But there are going to be security flaws in it; there always are."
The question is not whether WPA has any flaws or not, it is whether any have been found and are easily exploitable by drive-by hackers. In his own words "security is a tradeoff". As a I mentioned above this tradeoff is a no-brainer to me.
The bulk of Bruce's argument centers on social politeness. He has an open network to provide people "stranded without internet access" the courtesy of using his network. If this can be done without jeopardizing my own security I won't mind. However, I am not going to encrypt my disks, use strict password policies etc in order to do that. Bruce already did that for other reasons and "sharing" is easy for him. Good for his neighbors!
However, the social politeness argument involves another party: the ISP. This article does a good job of explaining that factor. Under most ISP's terms of service, sharing your internet connection is analogous to sharing your cable TV: it is illegal. There may be other terms of service where you buy internet access "by the byte or by the hour" and in those cases it is perfectly OK to let others use your connection. However, how many people will continue to extend this courtesy if it cost them by the byte? It is easy to share something that doesn't cost you anything extra. Bruce uses economic reasoning particularly the concept of externality often to explain security issues. That concept applies here: the action of a subscriber to extend his internet access to neighbors and others has a consequence for the ISP. Charging by the byte or by the hour makes this externality "internal".
In conclusion, regarding the question of whether to use WPA on your home wireless or not, I find that it really depends on your situation. If your computers are secured and your ISP does not mind, you may decide to extend "internet access courtesy" to those in your wireless range. Otherwise, it is better to secure your wireless connection.
Monday, October 15, 2007
2factor's RPM: is it secure?
Network World just published a list of "10 IT Security Companies to watch".
The first company 2Factor claims to improve security by provinding a "secure applet" that continuously generates new keys for each transaction. The hypothesis is that "This session of the browser is completely controlled by the SecureWeb® software, eliminating the threat of hacking attacks". The assumption is probably that a new applet will avoid vulnerabilities in the browser and hence will be secure. However, this applet is only as secure as the hardware and OS it is running on. How does this scheme protect against rootkit based Trojans? How difficult is it to "hijack" the icon that it creates? ["Online customers perform a one-time download of a small file that places a bank-branded icon on their computer desktop. "] and replace it with a Trojan that invokes the applet in a sandbox and has access to all its state? How is the process of downloading this applet secured? Until I have answers to these question, I would be wary of this technology.
This technology may be useful for improving performance compared to SSL-PKI if it has a equally good way(or better) of generating keys which is faster. However, since crypto-accelerator hardware is so mature these days I doubt if the "performance story" alone would make this startup fly. Maybe the founders felt the same and that is why they cooked up the "security story" I criticized above. 2factor also claims "the advent of quantum computers will render current technology useless, RPM's underdetermined system of equations is PROVABLY secure". I don't think quantum computers are arriving anytime soon, but I would love to know if RPM has been evaluated by cryptographers against the claim of being provably secure.
2factor does have an "easier story" and that might indeed be a valuable advantage.
Add to Technorati Favorites
The first company 2Factor claims to improve security by provinding a "secure applet" that continuously generates new keys for each transaction. The hypothesis is that "This session of the browser is completely controlled by the SecureWeb® software, eliminating the threat of hacking attacks". The assumption is probably that a new applet will avoid vulnerabilities in the browser and hence will be secure. However, this applet is only as secure as the hardware and OS it is running on. How does this scheme protect against rootkit based Trojans? How difficult is it to "hijack" the icon that it creates? ["Online customers perform a one-time download of a small file that places a bank-branded icon on their computer desktop. "] and replace it with a Trojan that invokes the applet in a sandbox and has access to all its state? How is the process of downloading this applet secured? Until I have answers to these question, I would be wary of this technology.
This technology may be useful for improving performance compared to SSL-PKI if it has a equally good way(or better) of generating keys which is faster. However, since crypto-accelerator hardware is so mature these days I doubt if the "performance story" alone would make this startup fly. Maybe the founders felt the same and that is why they cooked up the "security story" I criticized above. 2factor also claims "the advent of quantum computers will render current technology useless, RPM's underdetermined system of equations is PROVABLY secure". I don't think quantum computers are arriving anytime soon, but I would love to know if RPM has been evaluated by cryptographers against the claim of being provably secure.
2factor does have an "easier story" and that might indeed be a valuable advantage.
Add to Technorati Favorites
Friday, September 14, 2007
How not to handle data leaks: TD Ameritrade
I was greeted this morning by my broker's CEO. After telling me that he leaked my data he added:
"Please be assured that UserIDs and passwords are not included in this database, and we can confirm that your assets remain secure at TD AMERITRADE. "
This is good, but even if they were exposed:
- if the passwords were "hashed" with nonces (like they should be) I have nothing to fear.
- if they were stored in cleartext or without nonces and if I had a weak password, I could just go and change it.
He continues to say:
"You continue to be covered by our Asset Protection Guarantee..."
and that is good because even if the password scheme and password were weak and the crook logged in before I changed my password, I am protected. Awesome! And so far so good, except that I would expect this announcement to being with an apology for leaking my data.
But reading further I start to get nervous:
"While Social Security Numbers are stored in this particular database, we have no evidence to establish that they were retrieved or used to commit identity theft."
On their FAQ page they say:
"After extensive investigations involving outside forensics experts, we have no evidence that this sensitive personal information was taken. That is one of the reasons why we have also hired ID Analytics. Its initial investigation has concluded that there is no evidence of identity theft as a result of this issue.Because of our ongoing investigation, we will not provide additional details."
In another place they say:
"In fact, we have been able to conclude that this sensitive information belonging to our legacy TD Waterhouse retail and institutional clients was not retrieved."
I wonder how they established this and already alienated by the rest of the PR material I am inclined to believe that this is misinformation as well.
They use the terms "extensive", "initial", "continuing" to describe their investigation depending on what they are trying to say. They use "initial" and "continuing" when trying to convince me that they cannot tell me how the forensic experts reached the conclusions they did but they use "extensive" when they want to convince me that these conclusions have been reached.
TD Ameritrade having no evidence that my sensitive information was leaked or of identity theft does nothing to calm my nerves. The crooks could still have this information. They could have covered their tracks so that there is no evidence. They may have left behind evidence which TD Ameritrade will never find (infact TD Ameritrade has a lot to gain by not finding this evidence and a lot to loose by finding it). They may not have used this information yet knowing the heightened alert level right now. What stops them from using this information later? The legal system is clearly not on my side as depicted by this ruling in another data leak case:
"Without more than allegations of increased risk of future identity theft, the plaintiffs have not suffered a harm that the law is prepared to remedy."
How would I ever be able to tie a future ID theft to TD Ameritrade's leak?
Why can TD Ameritrade get away with this? This is because my security is not their concern. It is an externality for them. The only way to solve this recurring problem is to change that and no advance in security technology can change the law. Meanwhile, not using immutable and leakable information for authentication will help ease some of the pain.
Now there is news coverage (Sep 17)
http://www.darkreading.com/document.asp?doc_id=134056
http://www.wallstreetandtech.com/blog/archives/2007/09/why_td_ameritra.html
Add to Technorati Favorites
"Please be assured that UserIDs and passwords are not included in this database, and we can confirm that your assets remain secure at TD AMERITRADE. "
This is good, but even if they were exposed:
- if the passwords were "hashed" with nonces (like they should be) I have nothing to fear.
- if they were stored in cleartext or without nonces and if I had a weak password, I could just go and change it.
He continues to say:
"You continue to be covered by our Asset Protection Guarantee..."
and that is good because even if the password scheme and password were weak and the crook logged in before I changed my password, I am protected. Awesome! And so far so good, except that I would expect this announcement to being with an apology for leaking my data.
But reading further I start to get nervous:
"While Social Security Numbers are stored in this particular database, we have no evidence to establish that they were retrieved or used to commit identity theft."
On their FAQ page they say:
"After extensive investigations involving outside forensics experts, we have no evidence that this sensitive personal information was taken. That is one of the reasons why we have also hired ID Analytics. Its initial investigation has concluded that there is no evidence of identity theft as a result of this issue.Because of our ongoing investigation, we will not provide additional details."
In another place they say:
"In fact, we have been able to conclude that this sensitive information belonging to our legacy TD Waterhouse retail and institutional clients was not retrieved."
I wonder how they established this and already alienated by the rest of the PR material I am inclined to believe that this is misinformation as well.
They use the terms "extensive", "initial", "continuing" to describe their investigation depending on what they are trying to say. They use "initial" and "continuing" when trying to convince me that they cannot tell me how the forensic experts reached the conclusions they did but they use "extensive" when they want to convince me that these conclusions have been reached.
TD Ameritrade having no evidence that my sensitive information was leaked or of identity theft does nothing to calm my nerves. The crooks could still have this information. They could have covered their tracks so that there is no evidence. They may have left behind evidence which TD Ameritrade will never find (infact TD Ameritrade has a lot to gain by not finding this evidence and a lot to loose by finding it). They may not have used this information yet knowing the heightened alert level right now. What stops them from using this information later? The legal system is clearly not on my side as depicted by this ruling in another data leak case:
"Without more than allegations of increased risk of future identity theft, the plaintiffs have not suffered a harm that the law is prepared to remedy."
How would I ever be able to tie a future ID theft to TD Ameritrade's leak?
Why can TD Ameritrade get away with this? This is because my security is not their concern. It is an externality for them. The only way to solve this recurring problem is to change that and no advance in security technology can change the law. Meanwhile, not using immutable and leakable information for authentication will help ease some of the pain.
Now there is news coverage (Sep 17)
http://www.darkreading.com/document.asp?doc_id=134056
http://www.wallstreetandtech.com/blog/archives/2007/09/why_td_ameritra.html
Add to Technorati Favorites
Tuesday, August 21, 2007
Another multi-core...
Tilera has come out of the closet. There is a good writeup about its 64 core processor here
Here is a snippet from the article:
"what will make or break Tilera is not how many peak theoretical operations per second it's capable of (Tilera claims 192 billion 32-bit ops/sec), nor how energy-efficient its mesh network is, but how easy it is for programmers to extract performance from the device."
I agree. And by focusing on the development environment, ability to run SMP Linux etc, Tilera has chosen to offer a smooth learning curve to software engineers. Although there are some design wins, it remains to be seen whether taking the first few steps on this curve offer a significant advantage over the wares sold by Tilera's competitors: Intel, AMD, Cavium, RMI and Sun.
There is another good article here. An interesting point about pricing:
"For a new entry into the market, Tilera priced its product with confidence: 10K-tray pricing is set at $435 for each Tile64 – which appears cheap, if it can replace ten Xeon processors. But in a real world environment, the processor is priced against a quad-core Xeon 5345 (2.33 GHz, 8 MB L2 cache), which currently sells for a 1K tray price of $455. "
Add to Technorati Favorites
Here is a snippet from the article:
"what will make or break Tilera is not how many peak theoretical operations per second it's capable of (Tilera claims 192 billion 32-bit ops/sec), nor how energy-efficient its mesh network is, but how easy it is for programmers to extract performance from the device."
I agree. And by focusing on the development environment, ability to run SMP Linux etc, Tilera has chosen to offer a smooth learning curve to software engineers. Although there are some design wins, it remains to be seen whether taking the first few steps on this curve offer a significant advantage over the wares sold by Tilera's competitors: Intel, AMD, Cavium, RMI and Sun.
There is another good article here. An interesting point about pricing:
"For a new entry into the market, Tilera priced its product with confidence: 10K-tray pricing is set at $435 for each Tile64 – which appears cheap, if it can replace ten Xeon processors. But in a real world environment, the processor is priced against a quad-core Xeon 5345 (2.33 GHz, 8 MB L2 cache), which currently sells for a 1K tray price of $455. "
Add to Technorati Favorites
Tuesday, August 7, 2007
Chief blogging officers debating NAC
"Chief Blogging Officers" at two security vendors have a highly technical and meaningful debate:
http://www.nevis-blog.com/2007/08/wondernac-i-lik.html
http://www.stillsecureafteralltheseyears.com/ashimmy/2007/08/more-on-the-won.html
Add to Technorati Favorites
http://www.nevis-blog.com/2007/08/wondernac-i-lik.html
http://www.stillsecureafteralltheseyears.com/ashimmy/2007/08/more-on-the-won.html
Add to Technorati Favorites
Subscribe to:
Posts (Atom)
