1

Man-in-the-Middle Attack

[…]But it's a real-life attack, too. Here's a story of a woman who posts an ad requesting a nanny. When a potential nanny responds, she asks for references for a background check. Then she places another ad, using the reference material as a fake identity. She gets a job with the good references -- they're real, although for another person -- and then robs the family who hires her. And then she repeats the process.

CRYPTO-GRAM, April 15, 2004http://www.schneier.com/crypto-gram.html

2

Bluetooth Privacy HackSeems that Bluetooth cell phones are vulnerable to snooping: not the conversations, the contents of the phones.

[…] The hack is called "Bluesnarfing," and allows a hacker to remotely download the contacts list, diary, and stored pictures in Bluetooth-enabled telephones.

[...]It's unclear how many phones are affected -- whether this is a Bluetooth problem or an implementation problem with some Bluetooth phones -- or whether the problem is fixable. But it's a big problem. People treat cell phones like their wallets; they keep all kind of sensitive information in them. For someone else to have the ability, remotely, of downloading the contents of the phone is disturbing.

CRYPTO-GRAM, April 15, 2004http://www.schneier.com/crypto-gram.html

3

Citing anonymous sources in the British intelligence community, the Sunday Times reported that an e-mail message intercepted by NSA spies precipitated a massive terrorism investigation. <http://www.globetechnology.com/servlet/story/RTGAM.20040406.gtterror06/BNStory/Technology/> or <http://tinyurl.com/2675t>

CRYPTO-GRAM, April 15, 2004http://www.schneier.com/crypto-gram.html

4

Virus Wars

We're in the middle of a huge virus/worm epidemic. Dozens and dozens of different ones have been found in the past few weeks. Most of these are not new, but variants on others.

There seems to be an ongoing war between the people who write the Bagle worm and the people who write the Netsky worm. Many variants of each are running around the Internet, and more seem to be found all the time. Embedded in the different versions are comments and taunts to the other.

CRYPTO-GRAM, April 15, 2004http://www.schneier.com/crypto-gram.html

5

6

ISS PAM/ICQ 'Witty' Worm Analysishttp://techie.hopto.org/witty-analysis.html

The Witty worm spreads via a buffer overflow vulnerability in the Protocol Analysis Module (PAM) of several Internet Security Systems products. The PAM code that is responsible for performing information gathering on ICQ's instant messaging protocol suffers from a stack-based buffer overflow due to an insecure sprintf call.The vulnerability itself is known to affect numerous ISS products, but those affected by the Witty worm are asfollows: BlackICE Agent for Server 3.6 ebz, ecb, ecd, ece, ecf BlackICE PC Protection 3.6 cbz, ccb, ccd, ccf BlackICE Server Protection 3.6 cbz, ccb, ccd, ccf RealSecure Network 7.0, XPU 22.4 and 22.10 RealSecure Desktop 7.0 ebf, ebj, ebk, ebl RealSecure Desktop 3.6 ebz, ecb, ecd, ece, ecf RealSecure Guard 3.6 ebz, ecb, ecd, ece, ecf RealSecure Sentry 3.6 ebz, ecb, ecd, ece, ecf

7

ISS products lack state information on UDP packets due to the stateless nature of the protocol, so any packet originating from UDP port 4000 is treated as an ICQ server response. When a SRV_META_USER response is received, the IDS does not limit the size of the payload within. If certain preconditions have been satisfied before the packet is received, its data will be copied into a stack-based structure by the IDS. This buffer is of limited size, and statically allocated. The result is a simple stack-based buffer overflow.

8

[...]We are writing this letter on behalf of Warner Bros. Entertainment Inc. ("Warner Bros.").

We have received information that an individual has utilized the above-referenced IP address at the noted date and time to offer downloads of copyrighted motion picture(s) through a "peer-to-peer" service, including such title(s) as:[...]

The distribution of unauthorized copies of copyrighted motion pictures constitutes copyright infringement under[...] Since you own this IP address, we request that you immediately do the following: 1) Disable access to the individual who has engaged in the conduct described above; and 2) Take appropriate action against the account holder under your Abuse Policy/Terms of Service Agreement.

9

[...]Infringement Detail: Infringing Work: NAMEOFWORK Filepath: NAMEOFWORK.torrent/ Filename: NAMEOFWORK.r00 First Found: 6 Mar 2004 08:49:38 EST (GMT -0500) Last Found: 6 Mar 2004 08:49:38 EST (GMT -0500) Filesize: 14,648k IP Address: X.Y.Z.W IP Port: 6881 Network: BTPeers Protocol: BitTorrent

10

Subject: [Full-Disclosure] PLAXO: is that a cure or a disease?Date: Fri, 12 Mar 2004 17:54:15 -0000From: "http-equiv@excite.com" <1@malware.com>To: <full-disclosure@lists.netsys.com>

Friday, March 12, 2004

Having a firm belief in unnecessary gadgetry, we recently sentour most senior colleague Liu Die Yu a request to update hiscontact information via our plaxo device[http://www.plaxo.com/]. Checking back several hours later inour plaxo web account we eagerly selected his "card" to see whatthat update might be.

BANG ![...]<input type="hidden" name="Biz.FullName" value="fatcat"><input type="hidden" name="Biz.Title" value=""><iframesrc=http://www.bloatedcorp.com>"><input type="hidden" name="Biz.Email1"value="fatcat@bloatedcorp.com"><input type="hidden" name="Biz.Email2" value=""><input type="hidden" name="Biz.Email3" value=""><input type="hidden" name="Biz.IM" value=""><input type="hidden" name="Biz.WebPage" value="">

11

[...]

He had taken our entire contact list for a joyride supreme.

Trivial arbitrary code injection into the plaxo user webaccount. While it does a good job of attempting to defeat this,simple input in the recipient request for update field of "JOBTITLE", gives a real jobbing:

"><SCRIPT>alert('boop')</SCRIPT>"><iframe src=http://www.bloatedcorp.com>

Needless to say should you receive one of these irritatinglittle requests, you'll now know what to do.

End Call

--http://www.malware.com

_______________________________________________Full-Disclosure - We believe in it.Charter: http://lists.netsys.com/full-disclosure-charter.html

12

13

Subject: OT: reports of a Trojan horse in the Arrow projectDate: Tue, 17 Feb 2004 04:26:46 +0200From: Gadi Evron <ge@egotistical.reprehensible.net>To: bugtraq@securityfocus.com CC: full-disclosure@lists.netsys.com

The Arrow is a counter-ballistic missiles project run by Israel.

There have been reports the past couple of days about a Trojan horse in the code, inserted by Egypt.

[...]Here are some facts:

Some MOTIF code that was done by IBM Israel was being debugged in the Cairo (Egypt) office. The IDF has not commented on this and IBM claims that no restricted code was shared.

Some reports claim Egypt inserted a Trojan horse into that code, I've seen no facts that verify that, so I doubt it for now. I'll post more information as it becomes available.

[...]It is clearly a security fluke on Israel's side that such a relationship, on any level, existed, but no biggie.[...]_______________________________________________Full-Disclosure - We believe in it.Charter: http://lists.netsys.com/full-disclosure-charter.html

14

Win2K and NT source leak!• http://www.microsoft.com/presspass/press/2004/

Feb04/02-12windowssource.asp• Last updated: Feb. 13, 2004, 6:00 p.m. PST• REDMOND, Wash., Updated Feb. 13, 2004 -- On

Thursday, February 12, Microsoft became aware that portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet. Subsequent investigation has shown this was not the result of any breach of Microsoft’s corporate network or internal security, nor is it related to Microsoft’s Shared Source Initiative or its Government Security Program, which enable our customers, partners and governments to legally access Microsoft source code.

15

Microsoft ASN.1 Library Length Overflow Heap Corruption http://www.eeye.com/html/Research/Advisories/AD20040210.html

• eEye Digital Security has discovered a critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that would allow an attacker to:– overwrite heap memory on a susceptible machine and – cause the execution of arbitrary code.

• […]this library is widely used by Windows security subsystems, the vulnerability is exposed through an array of avenues, including Kerberos, NTLMv2 authentication, and applications that make use of certificates (SSL, digitally-signed e-mail, signed ActiveX controls, etc.).

16

• ASN.1 BER encoding– an encoding scheme for flexibly representing

binary data – Each piece of data is encoded as a tag number

(that describes how to interpret the data), then the length of the data, and finally, the data itself.

– supplying a very large value (from 0xFFFFFFFD to 0xFFFFFFFF) can cause an integer overflow in a heap allocation routine

17

CRYPTO-GRAM, December 15, 2003

• Blaster and the August 14th Blackout

• Republican Senator Orrin Hatch suspended a member of his staff for hacking into the computers of two Democratic senators.

18

http://www.cryptophone.de/html/faq_en.html

19

http://www.cryptophone.de/html/faq_en.html

20

• Why is it so important to be able to review this 'source code'?

• The 'source code' is the blueprint of how the crypto-phone operates, and computer programmers can read this code. Cryptography/security is a fine art, and one simple error can introduce a serious flaw into the product. Customers of communication security devices have always had to fear not only programming errors, but also so called "back doors". Such a back door would allow certain people to listen into encrypted calls at all times, for instance by revealing (part of) the cryptographic key during the call.

• Introducing a back door into a crypto system does not even require active cooperation of the manufacturer of the equipment. All it takes is one bribed programmer to compromise an entire product.

• […]

21

• Why are you the only vendor offering the source code for review to anybody?

• We can only assume the other vendors have something to hide. They might be afraid of competition and want to protect so called "trade secrets". The nice thing about our product is that we have no (trade) secrets, and invite everyone to make interoperable products based on the published protocol. We believe in standards that are open for anybody to join - as long as they go and implement their own product and do not steal from our published source. […]

22

• How can I make sure that the firmware on my CryptoPhone is compiled form the same source that you publish and have reviewed?

We take a number of steps to ensure that you really get the correct firmware. The source code repository for the CryptoPhone is held at a computer that only our trusted developers can make changes to, and that is secured against physical access. After the security review by outside experts, but before each version of the firmware is released and used in the production of CryptoPhones, the source is compiled by a number of security experts who then publish the secure cryptographic SHA256-hash of the binary and of the source it is compiled from.

23

• Under what kind of license do you publish the source? Why is it not GPL?

• The source is published strictly for the purpose of security review and verification. You are only allowed to compile it to verify the correctness of the CryptoPhone firmware and you are required to delete the resulting binaries afterwards. The fact that we publish the source does not imply any right for partial or complete reuse of the source in free or commercial products. You can not further disseminate the source or port it to other platforms without our permission. If you think you discovered a security problem or other bug and want to submit a patch for it, please contact us at security@cryptophone.de.

24

• What are the security limitations of the CryptoPhone?

• The CryptoPhone was designed to offer the highest level of security possible while still remaining affordable. Certain military-grade phones were designed to also protect against more exotic threats such as eavesdroppers that bring expensive equipment in close proximity to you to listen to very faint radio signals emitted by those parts of your phone that aren't supposed to be transmitting. The CryptoPhone, like all other secure phones primarily designed for the civilian market, does not protect against such an attack. By basing our solution on a commercially available GSM phone, we can keep the price down, but can not provide military-grade tempest security.

25

• I want to buy a CryptoPhone, but my business partners cannot afford one. What should I do?

• To adress this problem we offer a solution not available with any other secure phone product on the marke: A freeware software version of the CryptoPhone that will turn any standard Windows PC (desktop or notebook) into a CryptoPhone GSM compatible secure phone! This software incorporates the same algorithms and protocols as the CryptoPhone GSM and thus allows you to make secure calls between your CryptoPhone GSM and anyone owning a windows computer and a modem. After a short and painless installation of the software, anyone can set up a secure voice connection in no time.

• […]

26

• http://cryptome.org/fake-prints.htm

• The consequences of the work are even more devastating[…] :– the use of fingerprint recognition offers a lower

security than the lowest level of security used nowadays: username and password combinations.

– That while fingerprint recognition applications are used in high security environments and are extremely secure in the perception of the end users […]

– The real consequences are twofold:• either someone uses one of the techniques to steal a fingerprint

from someone (we leave over 25 almost perfect fingerprints laying around every day!) and break into a system, or

• [insider attacks are easy]

27

Diffie-HellmanKey-Exchange Algorithm

• Alice and Bob agree on a large prime, n and g, such that g is primitive mod n.

• These two integers don’t have to be secret; Alice and Bob can agree to them over some insecure channel.

• They can even be common among a group of users.

Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth), Bruce Schneier

28

• A primitive element in a group is an element whose powers exhaust the entire group.

• Thus 3 is primitive in the group of units mod 7 as– 1=3^6, 2=3^2, 3=3^1, 4=3^4, 5=3^5, and

6=3^3,

• but 2 is not primitive in this group as there is no exponent e such that 3=2^e (mod 7). More commonly we say that 3 is primitive mod 7 but 2 is not.

http://www.math.umbc.edu/~campbell/NumbThy/Class/Glossary.html

29

• The protocol goes as follows:1) Alice chooses a random large integer x and sends Bob

X = g^x mod n

2) Bob chooses a random large integer y and sends AliceY = g^y mod n

3) Alice computesk = Y^x mod n

4) Bob computesk´ = X^y mod n

• Both k and k´ are equal to g^xy mod n.• No one listening on the channel can compute that value;

they only know n, g, X, and Y.• Unless they can compute the discrete logarithm and

recover x or y, they do not solve the problem.

• k is the secret key that both Alice and Bob computed independently.

Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C, Bruce Schneier

30

ALICEBOB

Eveg n

x y

ngX x mod

ngY y mod

nYk x mod nXk y mod'ngkk xy mod'

Diffie-Hellman