Rebranding

The Recycle Bin is under going a period of re-branding.  I will be moving the blog off of WordPress and over to a custom domain powered by Blogger.  WordPress hosting wants to charge for custom-domain forwarding, so I’m going to have to move on.  I’ve been annoyed with them anyway – and the fact that the site barely works on IE is ridiculous.  So, over to blogger – http://therecyclebin.novielli.org

Privoxy

The AdBlock guys did some interesting analysis on exactly how much bandwidth, space, and recourses web advertisement are taking up and wrote about it in this blog post [adblockplus.org].  They develop an ad-blocking plug-in for Firefox, so they definitely have a one-sided opinion on the issue.  It’s interesting either way to see just how much these ads “cost” you.  Add this post together with the one from here a while back about malware coming in though advertisements, and it makes you want to block them all the more. 

On top of plug-ins for your browser there is another (arguably better) way to block ads, and that is a web filtering proxy.  A proxy is simply a filter that sits in between your internet browser and the web and can help you control what you receive or send out.  I’m current running Privoxy, an open source local proxy and absolutely love it.  It is really simply to use – just install it, and set your browsers connection to use a proxy at 127.0.0.1 port 8118.  Its a quick and dirty way to block advertisements for any browser on your system with use browser plug-ins.

Junk “Journalism”

I love it when a article gets posted that is so clearly and obviously wrong to everyone reading it that the page fills up with comments fixing all the writer’s mistakes.  The part I love most about it is that it reveals all the lazy and incompetent writers out there, since there will be an endless amount of “new” stories that are just working off of the one junky blog post.

Example:  Windows 7 versions announced.  Engadget got this story completely wrong.  They editorialized, added a biased slant, and manufactured some nerd rage to completely distort the announcement.  To be clear – consumers will have two versions of Windows 7 to decide from (Home Premium, and Professional).  All other SKUs will not be available for consumers to purchase.  One of the versions is only available in developing countries at a very discounted price.  Another will be only installed by OEMs, marketed for netbooks (no, you aren’t limited to running just three apps at a time ::rolls eyes::).  The other (Enterprise) is for businesses that need volume licensing (not you Engadget).  Also, no prices have been announced for any version of Windows7, so putting Vista equivalent prices next to the new versions is inaccurate, leads to confusions, and is just plain dumb.

I can’t for the life of me figure out what the problem with multiple SKUs is.  The Windows OS has over a billion customers, and not all of them have the exact same needs.  What is the alternative?  Offer just one version and the listen to everyone complain about paying for features that don’t want??  Plus, I thought these were intelligent, tech minded people – they can’t read a check list and decide what version they want (pick 1 out of 2, ZOMG!!11!!)  I guess the part that confuses me the most, is that people actually read that site, and take it seriously…

Here’s the facts for this story

http://www.microsoft.com/presspass/features/2009/feb09/02-03Win7SKU-QA.mspx

 

[UPDATE]

Slashdot gets it wrong too – but I think they do it on purpose…

Teaser Feeds

It really bothers me when websites truncate their posts in RSS feeds and only show you little snippets of the story.  It defeats the purpose of RSS – and renders my offline reader useless.  I can understand why they do it; they want to get page views and ad impressions, and most of the time the post isn’t that interesting so I skip it.  But really, does the Whitehouse.gov RSS feed have to do it too?

Cold News

January 15th came and went – and we all still have a job.  Twitter flurried, experts predicted, and news trucks descended on campus like vultures on a kill, but in the end, everyone was duped.  Internet rumors can be nasty beasts, but one with the widespread implications on peoples lives and a local economy like this one, really should be scrutinized a bit more before it’s believed.  I almost feel bad for the Q13Fox guy who had to stand outside in the cold at 6m trying to get his story, or the KOMO4 people, disappointed I’m sure that they don’t have a video of a mass of despondent souls walking out of their offices a final time on their way to the dole line.   I almost feel bad for them, but really, I don’t.  They all too eagerly play into the game, fuel the rumors, and revel in the thought of having a bad situation to stick their cameras in.  I don’t know what’s going to happen tomorrow, I don’t know if there will be layoffs or not, but I do know that if I get a pink slip not a single one of those “journalists” will be getting their sound bite from me.

ActiveX Redux

Google has decided to throw away years of progress in Web security, JIT interpreters, and general common sense and implemented a weak rehash of the ActiveX control.  Dubbed Native Client, this new plug-in architecture will allow websites to deliver raw x86 code to users in an attempt to “create richer and more dynamic browser-based applications.”

First of all, there is nothing browser-based about running native code.  The browser is simply the distribution medium for your native application.  Is Google admitting that AJAX and browser applications aren’t all they’re cracked up to be?

In all the hilarious irony however, we shouldn’t lose sight of how awfully bad this idea really is.  I mean, it’s just a terrible idea.  Pushing raw machine code down the pipes is not a reasonable solution to the problem.  We tried this with ActiveX – it’s been a mess.  Sure, they’ve put some thought to security – a thinly veiled ‘sandbox’ that statically analyzes the bytes for any “dangerous commands”  before it executes.  Yeah, I’m sure no one is going to find a way around that….

Really, it’s ideas like this that guarantee that anti-virus vendors will always have a job…

This Week in MalWare

There have been several interesting malware stories in the news this week. 

Facebook

There’s a new worm circulating the social network called Koobface.  Basically, you get a message from on of your friends that says something along the lines of, “I found this video with you in it, check it out,” and then you click on the link and the website tells you to update your Flash player.  Of course, this isn’t an update to Flash, but rather a worm that steals passwords and account information.  McAfee’s Avert Labs has a good piece of advice that everyone should follow to stay safe on the web:

Do not follow any unexpected hyperlinks you receive over the Web, Email, or IM, even if they are received from someone you know.  It’s best to ask for confirmation from the sender; that they intentionally sent such a link.

On the other end of hyperlinks, it’s best to install software and updates from the source (such as adobe.com in this case) rather than trusting the content from a third-party website.

FireFOX

There’s also a new trojan that is specifically targeting the Firefox add-ons system and masquerading as a legitimate extension called Greasemonkey.  The trojan gets installed through traditional means (codecs, flash update, etc) and installs into the add-ons and extensions folder.  Once it’s been installed, it runs as a normal add on would, and watches what websites get visited.  It looks for about 100 different sites, ranging from gaming to banking sites.  Once it finds a site that it knows, it records the user name and password and reports back to the attacker.  The piece of malware takes advantage of what I believe is a major design flaw in Firefox; any extension has complete access to everything the browser gets.  This is a major reason way IT departments are reluctant to deploy FF on their networks.  You really need to be careful when you are installing extensions, and make sure that they from a trusted source.  If browsing a local intranet page with confidential information, it is a best practice to either use a clean FF with no add-ons, or Internet Explorer.

OSX

Thirdly, Apple found itself in the malware spotlight after someone found an old support article in which the company recommended running anti-virus software on OSX.  This sort opinion sort of flies in the face of their advertising campaign that says that OSX is immune to viruses due to it’s superior architecture.  The controversy really started to mount with Apple quietly pulled that article from their support database and did a complete 180 on the issue.  I think Apple is doing it’s users a disservice by acting so defiant about the issue.  Suggesting that it’s users protect themselves with a modern anti-virus client which does more than just protect against viruses (it helps mitigate damage from trojans, phishing scams, and general data loss) does not mean that their product is flawed, or somehow inferior, it just means they care about their users.  Throughout all of this debate though, people seemed to lose sight of the real reason why OSX users should have AV clients on their machines – they can still receive and forward  Windows viruses! So please, if you’re on a shared open network, be courteous, and run an AV client.

 

Here are some of the links

http://www.bitdefender.co.uk/NW900-uk–BitDefender-detects-novel-approach-to-stealing-web-passwords.html

http://blog.trendmicro.com/cyber-crimainals-target-firefox-users/

Full Disclosure

It’s been about a month since Microsoft released MS08-067 – which I posted about here.  Since the patch was released, malware writers have scrapped together a worm that is spreading through the internet, swelling the ranks of their already impressive botnet.  How does this happen?  Wasn’t the bug fixed?  Well, let’s take a look at what happened.  First, the hole in the system stayed hidden for years – no one knew it existed, not MS security, hackers, or the all-knowing Slashdotters.  This is not necessarily a bad thing – because a vulnerability that no one knows about isn’t really a vulnerability at the time, right?  It isn’t once the bug was discovered and disclosed that we started having a problem.  In this case, the turnaround was fairly quick.  MS reacted appropriately and released an out-of-band update and pushed out a lot of press about how imperative it is that people update their machines.  The problem is, not everybody is going to update their machine.  These people are exceptionally vulnerable right now because in sending out a patch, Microsoft not only told everyone about the bug, but practically sent exploit code to the bad guys.  You see, a patch is like the inverse of an exploit – and hackers can take these files and analyze them to figure out exactly what component of the system is vulnerable.  There is a time span of mere hours between a patch release and the first sighting of in-the-wild exploitation.

So, my question is, what are we supposed to do?  These bugs are going to exists.  All operating systems will have a bug like this.  Don’t believe the drivel that gets spouted about how Windows is architecturally inferior to all other systems, therefore it is the only one to have these problems.  Programmers and testers are human, they make mistakes.  The question here is, how do you deal with these bugs once their found.  Obviously, you have to disclose them.  People need to be made aware of the situation.  But once you tell people about the bug, and patch it, then some people are more at risk than they were before.  I guess you could take comfort in the fact that less people are at risk (those who patched) but maybe, the overall risk has increased – because now there is a worm spreading.  So, do we need a less informative way to disclose the information – just tell people to update without saying what the problem really is?  Well, that won’t work either, because really, all the important information is found in the binary patch that gets sent out from Windows Update.  Bad guys have a Windows box too, and they get the update.  OK – encrypt the patch?  Won’t work, they’ll just diff their machines – it might slow them down a couple of hours, but that’s about it.  So, I’m at a loss, I guess I have to accept the fact that patches will lead to full disclosure, which will lead to exploitation.  I guess we just have to hope that people update their systems when they’re asked to.  But, I hate this conclusion – most cause of that H word… maybe we can make updates work they do in video games land – force you to update before it will allow you to connect to the internet again.  Any ideas?

 MS Secuity Bulletin

Critical Update

Please update your Windows machine now if you haven’t already.  Microsoft released an out-of-band update to patch a critical hole that is present in all  versions of Windows.  Vista and Server 2k8 users are at a slightly less risk since “the vulnerable code path is only accessible to authenticated users” – but still, if you haven’t updated, do it now!  This is not an everyday type of vulnerability, but rather a widespread wormable hole that has serious implications if it remains unpatched.

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Holy anti-feature, batman

I had the opportunity to attend at talk by Mark Russinovich, of Sysinternals fame, during last week’s Trustworthy Computing Conference.  The topic of the talk was about security boundaries in Windows, and more specifically, what is not a security boundary.  The talk was very interesting, and I don’t want to reveal too much here, but there was one part of it that stuck with me and has been bothering me for a little while now.  One of the technologies he addressed was Patchguard, or Kernel Patch Protection, which was introduced in 64-bit Vista and Server 2008.  Patchguard is intended to keep programs from patching, hooking, or otherwise tampering with the internals of the NT kernel.  It does this by periodically taking a checksum of some important structures in the kernel (SSDT, interrupt table, HAL tables, etc) and comparing the current value with the previous one.  Any discrepancy here will indicate that the kernel has been subverted.  If it notices any changes to these structures, it throws an exception which throws a blue screen error.  Sounds good, right?  Sounds like a great new security feature, no more rootkits!  Well, not really.  The truth is, KPP really does nothing to stop malicious code, and in fact, is pretty useless in doing so.  Mark revealed in his talk, that that was never the intention of KPP, but rather, it was conceived as a way to force legitimate developers to stop using these techniques in their own programs.  See, most anti-virus and security products will use some level of system hooking in order to get a good view of activity.  In fact, one of Mark’s very own tools, RegMon, hook’s the SSDT to watch registry activity.  He even wrote a publication about the technique!  The problem with kernel hooking is that it is entirely unsupported and significantly reduces stability.

So here’s what I don’t understand.  Microsoft has recognized that system hooking leads to instability.  They’ve decided that programmers aren’t good enough to extend a kernel function safely without throwing a blue screen exception, so now they’re not going to allow us to hook certain system structures (pfft, allow is a funny thought).  But, instead of actually fixing the gaping holes in their system, they’re going to simply watch for system hooking, and then guarantee that the system will crash, by causing the crash.  Oh yeh, and they are going to blame it on the developer.  It’s like a car company deciding that talking on your cell phone while driving is dangerous, so they’re going to create a system that detects if you’re on the phone and then drives the car off the road for you.  That will show you! 

I just don’t understand this anti-feature.  There are plenty of legitimate reasons for hook these system functions, and it can be done safely.  I know it can because Mark has done it, and I’ve done it.  If you don’t want developers to subvert the kernel, then provide a complete API that we can use to extend and monitor the system, and fix the problems with your system that allows someone to take write-protected virtual memory, map it to physical memory, strip all the restrictions off of it, and send it back patched.  Don’t just come behind perfectly valid code, throw an exception and blame it on us. 

Live Writer Update

I blogged about Live Writer back when I started this site and I’ve been using it the whole time.  It has treated me well and I think it’s one of the most useful programs from the Live suite.  Well, they’ve just released a new version as a Community Technical Preview (CTP), which is like an alpha version – relatively stable, yet not feature complete.  There are some new features that they want feedback on so give it a try if you’re feeling adventurous.  You can read about it here.  One feature I’m enjoying is the real-time word count, since I’ve noticed my posts are getting kind of long and I think everyone is bored.  I’ll try to keep them short!

Windows Live Writer Technical Preview

Safari Carpet Bomb (Update)

I love being right.  Remember the Safari carpet bomb I posted about back in April?  Remember how Apple said it wasn’t a “security concern” and I scolded them for it?  Well, now it’s got interesting.  Apparently there is a known flaw in Internet Explorer that allows a website to execute any program on the user’s desktop without their consent.  Normally, this flaw isn’t as much of a concern because all new executables downloaded (by anything but Safari) get marked with an alternate data stream tag that indicates that is from the Internet Zone.  Any time an application with this tag is opened, the user is prompted and the action must be explicitly allowed.  Now when we include Safari’s carpet bombing technique that downloads an exe without notification or ADS marking, then this IE flaw becomes a critical security concern.  This is a great example of what is called a blended threat.  Two seemingly innocuous bugs combine to create a gaping security hole.  The IE team was not concerned with their bug because there was no way to get an unmarked exe onto the desktop without the user knowing, and the Safari team wasn’t concerned with their’s because you couldn’t execute the exes that it downloaded automatically.

So yeh, here’s the MS Security Advisory. 

Meshing the Common Feed List

Last week I blogged a little bit about a new cloud syncing product called Live Mesh.  I mentioned how in its current incarnation it really only serves as a file syncing and sharing tool, but in the future it will have an open API that will allow programmers to add application specific data to the system instead of whole files.  I concluded with a short wish list of programs that might take advantage of this API which included a cloud synced RSS feed list.  Well, I was playing around with this the other night, and figured out that this can already be done with just the file-based Mesh.

Quick Background:  with IE7, Microsoft introduced what is known as the Common Feed List within Windows.  When you click on the little orange RSS icon in IE and subscribe to a feed, it gets added into a system wide collection of feeds.  There is a background service that keeps all of these feeds up to date.  The feeds are then visible to any application on the system that wants to interact with them.  Right now, FeedDemon and RSS Bandit interact with the Common Feed List as well as IE, Outlook and Live Mail.  So, as far as offline feed readers go, the Common Feed List is a pretty good idea.  What I would like to do is push that list up into the cloud, and allow me to access it from any computer I’m at.  I’m not talking about just an OPML file of feeds that I’m subscribed to, but instead it’s a full version of the CFL, including a read and unread marking on all entries.  So far, I think I’ve got a working solution.

In Vista, and Feed List is stored in

C:\Users\$USERNAME$\AppData\Local\Microsoft\Feeds

and, in XP it is in

C:\Documents and Settings\$USERNAME$\Local Settings\Application Data\Microsoft\Feeds

I just added that folder to Mesh and synced it to that location on all of my other machines.  It seems to work like a charm.  While Google Reader is probably a better solution to all of this, I still sort of like this set up.  You must be careful to allow Live Mesh to update before the Common Feed List does, or your read/write tags will get a little messed up.

[UPDATE]

I’ve been running this set for about a week or two now and I can say for sure that it does work, however it will clutter your Recycle Bin with .feed-ms files.  Why?  I cannot explain…

Vista’s Despised UAC Nails Rootkits

PC World – Business Center: Vista’s Despised UAC Nails Rootkits, Tests Find

PCWorld has a story about test conducted AV-Test.org that was supposed to rate the most popular anti-virus products ability to detect rootkits.  For people that don’t know, a rootkit is a program that takes complete control of a system, and tries to hide itself deep within the operating system.  They are notoriously difficult to detect once they are installed.  The most interesting result from this test wasn’t necessarily the results about which product detected what, but the revelation that Vista’s security framework, specifically User Access Control (UAC) was really effective at preventing rootkit infection.  The test took 30 rootkits written for Windows XP and tested various anti-malware and anti-rootkit suites.  Some of them scored fairly well, but none were perfect.  Of the 30 XP rootkits, only 6 would actually run on Vista, and in order to get them to run UAC had to be disabled.  This means that UAC has significantly raised the bar of entry for rootkits on Windows.  This shouldn’t really come as a surprise to anyone familiarly with this area, but there seems to be a lot of loud mouths shouting that UAC is worthless and should be disabled.  I have an anecdote that tells a different story.

The last product that I worked on was essentially a rootkit.  It was a component of a broader intrusion detection system which needed real-time information about what was going on in the system.  We wrote a simple device driver that intercepted all events within the kernel and logged them out to a database.  This means that every file, registry key, key pressed, port opened, etc, was visible to this program and logged.  We originally wrote it to work on XP, and an application to install it as a service, which involved a couple of calls to the Service Controller to install it.  If the user was running with an Administrator account (which everyone in XP does) then the driver would be loaded completely invisibly.  That means that any program that you have ever installed could very easily be spying on everything you, or any other user on your machine does.  I say it could be “very easily” doing this, not because the code is particularly easy to write, but that the Internet is absolutely littered with rootkit code, especially the .cn domain.  A little while ago we decided to update our driver to work under Vista.  Since rootkits are essentially an extension of the operating system, they become very dependent on certain structures and features of an OS and tend to only work under that version.  So we had to change the code a little bit to get it to run, but for the most part, it was the same program.  The only real difference between the two version was that on Vista, even if the user is logged in as Administrator, the installation of the service would fail if it wasn’t elevated with a UAC prompt.  Privileges in Windows works with tokens; each user and group has a token, there is a system level administrator token, etc.  When a program starts, it is given the token of the user, and is run with what ever permissions that the user has.  So, users of the Administrator group in XP would pass along Administrator, or system level, permissions to any applications.  The difference between XP and Vista, is that when a user is in the Administrators group their token in Vista is not a complete system access token.  For an application to receive system level access, it must be spawned by a system level user group (SYSTEM, LOCAL SERVICE, etc) or being elevated by an administrator with a UAC prompt.  This prompt assures that the user behind the keyboard is aware that they are giving this application complete access to the system.  Sure, it can get a little annoying from time to time, but I’d rather have a prompt alerting me every so often as opposed to a rootkit silently being installed.

Making it Mesh

Microsoft has a series of lectures on campus called The Breakfast Series where guest speakers will give a presentation about current products, technologies, or anything really relevant to the company.  This week’s was about Live Mesh and I thought it was a really interesting product, so I wanted to share it with you all.

As everyone should have noticed by now, computing is moving away from a desktop centric model, to a cloud (Internet) based system.  Microsoft has been trying for the last few years to figure exactly how they plan to adapt their products to incorporate more web based services.  They have numerous ventures into this arena, but nothing complete and cohesive.  Live Mesh really seems like it is their final solution. 

Basically, the idea with Mesh is to have a central system for synchronizing programs, data, and settings across multiple machines, devices, and web storage.  Sure, products like this have been done before.  In fact, I can think of two separate tools for this already made by Microsoft.  What separates Mesh from the other tools is it’s broad scope and extensibility.  Mesh isn’t design to simply be an application that syncs files, it is supposed to be a platform the provides syncing as simple service for applications to build on.

By the time this reaches beta testing it will run on many different devices.  XP, Vista, OSX, WinMobile, and some WAP enabled devices should all have a version of the client.  The demo shown during the presentation showed a person taking a picture with their smart phone, and it was immediately delivered to the home pc, as well as someone’s laptop who was traveling.   I thought it was kind of neat.

Like I said earlier, the real purpose of Mesh isn’t simply to share files, but rather to expose data syncing and cloud functionality to applications.  There will be an API for developers to use to allow their programs to sync what ever they want and however they want to the Mesh system.  From what was demoed, the API looked very simple and straight-forward.  I believed they had a plug in for Firefox that would add FF bookmarks to the Mesh.  This sort of system seems like a good solution because it allows the application developer add cloud based data portability without dealing with the complicated nature of it.  It will be interesting to see how this system is accepted by the community and how many applications will take advantage of it.  I also wonder how it will be used inside of Microsoft.  I would like to see something like Outlook syncing the contents of your inbox into this, or maybe the Common Feed List keeping a global synced feed list.

Currently, Mesh is dogfooding inside MS and there is an CTP that you can register for.  It took about a week for me to get accepted into the CTP.  There should be a public beta coming in the next couple of months, so keep an eye out for it, it’s going to be pretty cool.

Safari Carpet Bomb

When you’re writing a web browser, every bug should be considered a security issue.  Even if the bug seems simple and inconsequential, chances are someone will try to exploit it to harm users.  Nitesh Dhanjani over at ONLamp has a post about three different bugs he has found in Apple’s Safari web browser.  Now, to be clear, I’m not deriding Apple for having bugs in Safari.  These types of programs are very complicated and never bug free.  What I find troubling is their response to the submission.  Nitesh says that he submitted all three bugs that he found to Apple, and they responded by saying that they don’t consider two of the bugs a security related issue at this time.  I must object loudly to this.  Here is the bug:

It is possible for a rogue website to litter the user’s Desktop (Windows) or Downloads directory (~/Downloads/ in OSX). This can happen because the Safari browser cannot be configured to obtain the user’s permission before it downloads a resource. Safari downloads the resource without the user’s consent and places it in a default location (unless changed).

That means that any website can download anything and the user isn’t even notified or asked.  How is this not a security issue?  A large amount of malware relies on getting an executable onto a machine, and then convincing a user to run on it.  How about dropping a worm named Safari.exe, or Word.exe onto someone’s desktop, and the next time they go to open it they infect their machine.  Nitesh demonstrates this bug by littering the users desktop with tons of unwanted files.  While this is annoying, it’s fairly pointless and obvious.  If you think like an attacker for a minute you can come up with more sneaky and nefarious ways to use this hole.  I can’t seem to understand why Apple’s security team doesn’t recognize this as a security concern.  I mean, it’s sort of their job to look at every bug and see how it can be exploited to cause harm.  Nitesh also wanted to congratulate the team on their communication:

Before I get to the details, I want to make it extremely clear that the Apple security team has been a pleasure to communicate with. I sent them a couple of emails asking for clarifications, and they responded quickly and courteously every time

That’s wonderful that they’re talkative, but shouldn’t it bother you that they are dangerously wrong?

Safari Carpet Bomb – O’Reilly ONLamp Blog

Serious flaw in OpenSSL on Debian-based Linux

 

[SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

OK, this is kind of a big deal.  It turns out that there is a serious flaw in the OpenSSL packages used on Debian-based Linux distributions, which includes Ubuntu, Xandros, and many others.  The problem appears to be that the random number generator is giving predictable, rather un-random results.

From the bulletin:

It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.

Debian Linux runs many of the websites out there, and a lot of them rely on cryptographic keys for SSL.  Replacing these keys (getting them re-signed by a Certificate Authority) will surely be a long and expensive process.

Here’s another gem from the bulletin:

OpenSSL’s DTLS (Datagram TLS, basically “SSL over UDP”) implementation did not actually implement the DTLS specification, but a potentially much weaker protocol, and contained a vulnerability permitting arbitrary code execution (CVE-2007-4995).

These bugs beg the question, why is the Debian team making changes to OpenSSL?  Cryptography is hard, and the OpenSSL team has one of the most accurate and respected libraries to date.   They should stick to what they’re good at, like package management, and leave cryptography to the people who know what they’re doing.  As it stands, I’m not sure if I can trust any SSL connection anymore…

Sharing a Secret

There is more to cryptography than simply hiding information.  One very useful extension of the field is into the area of information dissemination.  Imagine that you run a retail store with several employees.  This store has a code for it’s alarm system that must be set every night and cleared every morning.  Obviously, you can’t trust just any employee with the alarm key, because then they could enter the store at any time!  But you’re also a very busy person that can’t be bothered with actually opening and closing the store every day.  You would like to make a rule that there needs to be at least two people present at the store during opening and closing to prevent theft.  How are you going to implement this rule?  Fortunately you learned enough algebra is high school to do this!  You can split the key code into even but distinct halves, and then hand one out to each employee.  This way two employees would have to join their part together in order to open or close the door. 

That example isn’t very interesting.  How about enforcing the following rule:  four employees can open a door, or two employees and one manager, or two managers.  Now we need to split the key more finely, so that each manager gets two shares, each employee gets one, and it requires four parts to reassemble the key.  Now that we understand the problem, let’s discuss the math.

The trick is called the Shamir Threshold scheme and uses LaGrange Interpolation and the knowledge that two points are required to infer a line, three points for a quadratic, etc.  You simply define a polynomial with the secret number as the 0 root coefficient, and random numbers for the rest.  Let w be the number of participants in the system, and t be the number of shares needed to reassemble a secret message M.  Construct the follow polynomial:

This polynomial defines a graph and the shares of the secret will be points along the graph.  Calculate a point for each person (w):  (1, f(1)) (2, f(2)) (3, f(3)) … (w, f(w)).  Each person now has a unique point on this graph.  They can then take t number of points and calculate the LaGrange coefficients to reassemble the polynomial, thus yielding the secret.

LaGrange states that given a set of x,y points

then

where

Wikipedia has a good page on LaGrange interpolation if you need more of an explanation that what I gave.

Let’s see an example.  We will take the first scenario I outlined:  there are 10 employees, at least two must be present to lock and unlock the door.  Let’s say the key code for the door is 25.

First we generate a polynomial:  f(x) = 25 + 73x^1.  The first coefficient is the secret, the second is a random number.

The second step is to generate unique points for each participant:
(Note:  All of the arithmetic here is done modulus some random n)

Modulus n: 163

(1, 98)
(2, 8)
(3, 81)
(4, 154)
(5, 64)
(6, 137)
(7, 47)
(8, 120)
(9, 30)
(10, 103)

As you can see, none of the participants know the secret number, but if you take two of their points you can calculate the secret.  Taking points (1,98) and  (2,8) gives the set of LaGrange constants as {-324, -1}.  Multiply -324 by 98, -1 by 8 and mod them by n=163 and you will be left with the secret, 25.

A more complicated example:  10 participants, 4 shares are required to reassemble.  Same secret, 25.

Modulus n: 181

Polynomial: 25 + 119x^1 + 159x^2 + 106x^3

(1, 47)
(2, 118)
(3, 150)
(4, 55)
(5, 107)
(6, 37)
(7, 119)
(8, 84)
(9, 25)
(10, 35)

Now if you try to reassembly the secret with only 3 points, then you will get an incorrect value.  Points (1, 47) (25, 107) (9, 25) will calculate a secret value of 40.  Point (3,150), and (6, 37) will give you 82.  Only if you select four or more point along the graph will you be able to calculate the correct secret.

Here is some Java code if you would like to play with this.

If you just want to see the program run, here is a pre-built JAR.

To run the JAR, use the command ‘java -jar secret.jar” provided you have a version of the JRE installed.

Unaccountable Authority

I have a problem with certificate authorities.  I hate that most people have no idea what they are even though they deal with them every time they browse the web.  Show of hands, does anyone understand what these dialogs are talking about?

  

  

I’m going to venture a guess that not many people raised their hands.  So you’re all told to look for certain visual cues when browsing sensitive sites (banking, etc) but I’m sure no one ever told you what they mean or why they’re necessary.  I’m about to tell you why it is all utterly stupid.

SSL

This all pertains to sites which deal with sensitive information, like your bank’s website, or any log in screen.  The goal is to establish a unique encryption session between your computer and the server, so that eavesdroppers aren’t able to steal your valuable information as it gets sent along the line.  This is accomplished by using the Secure Socket Layer (SSL) protocol.  SSL uses public-key cryptography to securely establish a session (symmetric) key that is used to protect the subsequent data.  This is how it works:

• Client (you and your browser) connects to a server over https:// (port 443)
• Server sends you it’s public certificate – This certificate contains the server’s public key .
• Client generates a random number, encrypts it with the server’s certificate and sends it - This number is the premaster key
• Server takes the premaster key along with some other random numbers that were exchanged and generates the session key

Now that you and the server have agreed on the same key all the data sent from this point forward will be encrypted.

So, some questions should come to mind:

Can’t someone eavesdrop on the key creation and thus obtain the session key?
    No.  The session key is made up of three random numbers hashed together, two of which will be available to an eavesdropper, and the third (the premaster key) will be encrypted with the server’s public key, so that only you and the server know what it is.

How can I trust the server’s certificate?
   Well, each certificate is signed by a certificate authority.

What’s a certificate authority?
   It’s a company that signs certificates.  You see, a website will generate a public/private key pair and then send out a Certificate Signing Request (CSR) out to a CA who will take the public key and attach a digital signature to it and return it to the site.  Now the website can distribute this signed certificate so it can’t be faked.  When a browser receives a certificate, it verifies that the certificate has been signed by one of it’s trusted CAs

So, where do I get a trusted CA certificate?
   Chances are, you already have them.  Your computer, web browser, and java VM  all ship with root trusted authority certificates in their respective certificate stores.

Wait, who are these CA’s again? 
   Here is a list that I found googling: Catsdeep FreeSSL, Comodo, Digicert, Digi-Sign, Digital Signature Trust Co., Ebizid, Enterprise SSL, GeoTrust, GlobalSign, LiteSSL, Network Solutions, Pink Roccade PKI, ProntoSSL , QualitySSL, Rapid SSL, Real digital certificates, Secure SSL, SimpleAuthority, SSL Certificate Management Site, SSL.com, Thawte Digital Certificates, The USERTRUST Network, Verisign, XRamp Security

That’s a pretty big list full of companies I’ve never heard of.  Why should I trust them?
   Well, they’re big companies, with a lot of money invested in this.  Plus, how can you not trust them, with names like those, they must be secure!

In all seriousness, that last question is exactly the problem I have with certificate authorities. We have absolutely no reason to trust them.  Worse than that fact though is that nobody understands just how much trust we are placing in these companies.  We are taught as users to not be bothered with all of the magic that is going on between the browser, the ca, and the server, and to just assume that if there is a lock on the corner of your screen than you are safe and everything is good.  This gives the CA a level of unaccountable authority because not only are we incapable of noticing any wrong doing on their part, we are completely ignorant of their existence!  It’s a wonder scenarios like this aren’t more prevalent:

http://www.microsoft.com/technet/security/bulletin/MS01-017.mspx

For those that don’t like to click on links, this is a security bulletin about Erroneous VeriSign-Issued Digital Certificates that attackers are using to sign invalid certificates.

The certificate authority is the main point of failure in the X509 and SSL system.  I can’t for the life of me understand why any person in the field of security could conclude that giving a single company that much authority over an entire protocol is a good idea.  They build these massively complicated, mathematically intense systems for protection, and then leave it open to a single entity for trust.

I wrote this post under that assumption that most users don’t know what a certificate authority is, or even vaguely what is happening during a secure connection.  I feel like this illustrates a failure in the security community, much more so than in the individual user.  We walk a fine line in the computer security field, constantly afraid that if we require the slightest bit of effort from a user than they are not going to use the technology.  That’s all understandable, but if you go so far as to completely remove them from the process you leave them incapable of protecting themselves and fill them with a false sense of security.  By not even being aware of the most essential component in SSL security, it is impossible for anyone to know what to do if there is a failure somewhere along the line.  If the connection gets attacked, the protocol will rightly fail and the user will be presented with a choice; proceed anyway, or stop.  How is the user supposed to make the correct decision here?

To illustrate this point, I want to see some comments.  Answer this question:  what do you do when you encounter a website with an invalid certificate?  Do you just click ok and view the site anyway?

MIA

So, I’ve been pretty busy lately and haven’t updated this in awhile.  I haven’t forgotten about it though.  I have a lot of ideas for posts floating around my head, and now that school is done and I have a couple of weeks of downtime I’m going to try and get them on the site.

I’ve also been thinking a lot about what I want this site to be, and the overall point of this.  I’ve decided that I have strayed from the initial purpose considerably.  Be prepared for some significant changes here in the coming months.