Re: [cryptography] msft skype IM snooping stats & PGP/X509 in IM?? (Re: why did OTR succeed in IM?)

[StealthMonger]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Steven Bellovin  writes:

> Ever since Microsoft bought the company, these rumors have been
> floating around.

If they're innocent, why would they not issue an unequivocal denial
with supporting argument?


- -- 


 -- StealthMonger 
Long, random latency is part of the price of Internet anonymity.

   anonget: Is this anonymous browsing, or what?
   
http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=source&output=gplain

   stealthmail: Hide whether you're doing email, or when, or with whom.
   mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html


Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.9 

iEYEARECAAYFAlFPgR8ACgkQDkU5rhlDCl4s4QCfUXDPaRYX9ilVwkuZX66TTMq+
m3YAn17mN5R5OgE91XOR7P4yixEGDkDn
=dys8
-END PGP SIGNATURE-

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] Here's What Law Enforcement Can Recover From A Seized iPhone

[Jeffrey Walton]

Interesting point below is OS vendors are extracting data for law
enforcement. I wonder how they are doing it when other tools fails.
(Thanks to JM on another list for the link).

http://www.forbes.com/sites/andygreenberg/2013/02/26/heres-what-law-enforcement-can-recover-from-a-seized-iphone/

You may think of your iPhone as a friendly personal assistant. But
once it’s alone in a room full of law enforcement officials, you might
be surprised at the revealing things it will say about you.

On Tuesday the American Civil Liberties Union published a report it
obtained from a drug investigation by the Immigration and Customs
Enforcement (ICE) agency, documenting the seizure and search of a
suspect’s iPhone from her bedroom. While it’s no surprise that a phone
carries plenty of secrets, the document presents in stark detail a
list of that personal information, including call logs, photos,
videos, text messages, Web history, eight different passwords for
various services, and perhaps most importantly, 659 previous locations
of the phone invisibly gathered from Wifi networks and cell towers.

“We know the police have started using tools that can do this. We’ve
known the iPhone retains records of the cell towers it contacts. But
we’ve never before seen the huge amount of data police can obtain,”
says ACLU technology lead Chris Soghoian, who found the report in a
court filing. “It shouldn’t be shocking. But it’s one thing to know
that they’re using it. It’s another to see exactly what they get.”

In this case, ICE was able to extract the iPhone’s details with the
help of the forensics firm Cellebrite. The suspect doesn’t seem to
have enabled a PIN or passcode. But even when those login safeguards
are set up in other cases, law enforcement have still often been able
to use tools to bypass or brute-force a phone’s security measures.
Google in some cases helps law enforcement to get past Android phones’
lockscreens, and if law enforcement can’t crack a seized iPhone,
officers will in some cases mail the phone to Apple, who extract the
data and return it stored on a DVD along with the locked phone.

The phone search and seizure described in the documented case required
a warrant. But the legality of warrantless phone searches remains an
open issue. At U.S. borders or when arresting a suspect, for instance,
police and government officials have argued that no such warrant is
required.

Failing legal protections, the ACLU’s Soghoian says those who’d like
to keep prying eyes away from their handsets’ data should use long,
complex passcodes and encrypt their phone’s storage disk. “While the
law does not sufficiently protect the private data on smartphones,
technology can at least provide some protection,” Soghoian writes.

Here’s the full court document detailing the iPhone’s forensic search.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] msft skype IM snooping stats & PGP/X509 in IM?? (Re: why did OTR succeed in IM?)

[Steven Bellovin]

On Mar 23, 2013, at 10:04 AM, Adam Back  wrote:

> btw is anyone noticing that apparently skype is both able to eavesdrop on
> skype calls, now that microsoft coded themselves in a central backdoor, this
> was initially rumoured, then confirmed somewhat by a Russian police
> statement [1], then confirmed by microsoft itself in its law enforcement
> requests report.  Now publicly disclosed law enforcement requests reports
> are good thing, started by google, but clearly those requests are getting
> info or they wouldnt be submitting them by the 10s of thousands.
> 
> http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/
> 
> 75,000 skype related law enforcement requests, 137,000 accounts affectd (each
> call involving or more parties).


Two words about this purported confirmation: "pen register".  There's a
lot of very useful information that doesn't include content, and under US
law a pen register warrant is a *lot* easier to get than a wiretap warrant:
the latter requires a lot of internal paperwork, is restricted to a certain
set of crimes (though that list has been increasing over the years), and
requires law enforcement to show that other means of investigation won't
work.  A pen register order, by contrast, simply requires "certification
by the applicant that the information likely to be obtained is relevant
to an ongoing criminal investigation".

For more information on modern surveillance, see
http://www.forbes.com/sites/andygreenberg/2012/07/02/as-reports-of-wiretaps-drop-the-governments-real-surveillance-goes-unaccounted/
Skype leaks: 
https://krebsonsecurity.com/2013/03/privacy-101-skype-leaks-your-location/

Besides that, Skype Out calls are tappable even without any back doors, and
always have been.

And that Russian assertion -- maybe it's credible, maybe it's not.  Tass is 
certainly more reliable now than it was 25 years ago, but that's a very low
bar.  I can certainly see the Russian government wanting their citizens to
believe they can listen to Skype, even if they can't.  I'll chalk this one
up as unproven.  

Ever since Microsoft bought the company, these rumors have been floating around.
I have yet to see any real evidence.  Here are the two best articles I've seen:
https://www.nytimes.com/2013/02/25/technology/microsoft-inherits-sticky-data-collection-issues-from-skype.html
http://paranoia.dubfire.net/2012/07/the-known-unknows-of-skype-interception.html
Both point out reasons for concern, but there's still no *evidence*.


--Steve Bellovin, https://www.cs.columbia.edu/~smb





___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] msft skype IM snooping stats & PGP/X509 in IM?? (Re: why did OTR succeed in IM?)

[Adam Back]

Ian wrote:
Are we saying then that the threat on the servers has proven so small 
that in practice nobody's bothered to push a persistent key 
mechanism? Or have I got this wrong, and the clients are doing p2p 
exchange of their ephemeral keys, thus dispersing the risk?


Its been a while since I used pidgin OTR via the plugin, but I suspect it
would warn you if keys change unexpectedly (ssh key-caching style).  There
might also be a ADH fingerprint or something.  Maybe someone who is actively
using it or knows how it works could comment.  But otherwise you would be
very right that the chat server would actually be definitionally placed to
conduct MITMs.  An option to PGP sign the ADH would be nice.

IMHO, it's not Microsoft that has ever been special in this respect.  
It is all large companies that have a large invasive government. 
Unfortunately, once a company has made its bed in a country, the side 
deals are inevitable.


shades of hushmail backdooring.  It seems a very ethically dubious concept
to me that a service with specific privacy policy could be required to
modify its code to install a backdoor, and/or not talk about it.  Personally
I do not consider this type of arm-twisting to be consistent with an open
democratic society.

Anyway the obvious defense is to design protocols that are end 2 end secure,
not vulnerable to server based back doors, including CA malfeasance, and
open source so that client backdoors can be more easily detected also.

My prediction for the list is that detectable CA based and other MITMing
will become more prelavant and brazen.  Ie the climate will get so they feel
they dont have to worry too much about it being detectable.  Think eg China,
Iran but US following their lead.


And clearly there are plenty of people with very legitimate reasons to
hide; given the levels justice has stooped to do these days in their legal
treatment of activists (even green activists, anti-financial crimes,
corporate ethics activists, whistleblowers) - western countries are
slipping backwards in terms of transparency and justice.



And people like us.

https://www.noisebridge.net/pipermail/noisebridge-discuss/2013-March/035200.html


I'd kind of forgotten about that, maybe dimly remember reading it though it
sounds a bit paranoid, but seems like that guy narrowly avoided becoming
another Andrew Auernheimer (Weev)

http://appleinsider.com/articles/13/03/18/hacker-involved-in-att-ipad-3g-e-mail-breach-sentenced-to-41-months-in-jail

41 months for pointing out to a journalist that att had an unprotected API
allowing iphone accounts to be identified.  More CFAA idiocy.

I guess dont live in the US is one partial defense.

Lesson for now until Aaron's law can undo the capricious stupidity is dont
probe servers, or if you are asked to by the owner written permission, or
probe over ToR, and release your findings to journalists via anonymous
remailers.  Dangerous times to be a security researcher for sure.

It could be that you might get similar issues for non-network things even -
eg reverse engineer a protocol and break it?  Probably most click through
licenses also forbid such things.  Obviously there have been various abuses
of DMCA which were not actually DRM related, but maybe there is scope even
beyond that for ignoring anti-security-testing stuff in click through
licenses.

Encourages the ostrich, and PR denial approach to security flaws. 
Corporates will thing they can achieve "security" via the corporate entity

and US "justice" aggressively abuse CFAA to suppress flaws, to avoid
embarrassment.  (And probably not bother fixing either, leading to the
actual security they ought to care about going unsecured - government
sponsored and organized criminal activities exploiting the flaws for
espionage or illicit profit!)

Adam
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] msft skype IM snooping stats & PGP/X509 in IM?? (Re: why did OTR succeed in IM?)

[Jeremy Stanley]

On 2013-03-24 14:03:43 +0300 (+0300), ianG wrote:
[...]
> I fully expected that when Microsoft purchased Skype in 2011, it
> was only a matter of time before it was backdoored.
[...]

I'll point this out merely because people seem to keep forgetting...
remember Kazaa? Remember how it had no qualms with installing
spyware on the desktops of unsuspecting users? Now... who wrote
Skype?
-- 
{ PGP( 48F9961143495829 ); FINGER( fu...@cthulhu.yuggoth.org );
WWW( http://fungi.yuggoth.org/ ); IRC( fu...@irc.yuggoth.org#ccl );
WHOIS( STANL3-ARIN ); MUD( kin...@katarsis.mudpy.org:6669 ); }
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] msft skype IM snooping stats & PGP/X509 in IM?? (Re: why did OTR succeed in IM?)

[Ian Goldberg]

On Sun, Mar 24, 2013 at 02:03:43PM +0300, ianG wrote:
> Now, from the combined comments of other posters I draw that the key
> factor in OTR's success was that it uses some form of ADH and
> doesn't use persistent public keys at all.  This then allowed an
> immediate startup into secure mode, and consequently a clean and
> usable UI.

That's not the case; OTR does have long-term keys.  If an OTR user
doesn't know about the long-term keys (or indeed may not even realize
he's using OTR at all!), you still get security against passive attacks.
A user who wants to actively authenticate his buddy, however, can do so
either by manually exchanging fingerprints or by engaging in an in-line
shared-secret or question/answer protocol that uses a zero-knowledge
protocol called the Socialist Millionaire's Protocol to determine if
both sides know the same secret (and have the same idea of each others'
session and public keys) without leaking any information, even to an
active adversary, except whether the secrets are the same or not.
Note that the authentication step is once per buddy, not once per
conversation.

> I can see this working directly peer to peer, because (as I claim)
> the threat is always on the node.  But if the IM world typically
> mediates its messages, or its startup keyex, via servers, this means
> there is one easy place with which to conduct any MITMs -- the
> servers.

Absolutely.  Indeed, many years ago, someone wrote a plugin for ejabberd
(I think it was) that automatically MITM'd OTR traffic.  This just
underscores the importance of doing the authentication step.

But the point is that if you're comparing
OTR-without-knowing-that-OTR-even-exists to no-protection-at-all, the
former is intended to be strictly better.  The MITM would have gotten
your plaintext in the latter case, as well.  On the other hand, if you
*do* know OTR exists, and do run the authentication step, you're
protected against even the MITM.

   - Ian
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] msft skype IM snooping stats & PGP/X509 in IM?? (Re: why did OTR succeed in IM?)

[ianG]

Hi Adam,

Replying to this one because there's one part I haven't grokked yet:

On 23/03/13 17:04 PM, Adam Back wrote:

Was there anyone trying to use OpenPGP and/or X.509 in IM?

I mean I know many IM protocols support SSL which itself uses X.509, but
that doesnt really meaningfully encrypt the messages in a privacy sense as
they flow in the plaintext through chat server with that model.



Right.  The threat is always on the node.  In which I have a tiny doubt...

Now, from the combined comments of other posters I draw that the key 
factor in OTR's success was that it uses some form of ADH and doesn't 
use persistent public keys at all.  This then allowed an immediate 
startup into secure mode, and consequently a clean and usable UI.


I can see this working directly peer to peer, because (as I claim) the 
threat is always on the node.  But if the IM world typically mediates 
its messages, or its startup keyex, via servers, this means there is one 
easy place with which to conduct any MITMs -- the servers.


Are we saying then that the threat on the servers has proven so small 
that in practice nobody's bothered to push a persistent key mechanism? 
Or have I got this wrong, and the clients are doing p2p exchange of 
their ephemeral keys, thus dispersing the risk?




btw is anyone noticing that apparently skype is both able to eavesdrop on
skype calls, now that microsoft coded themselves in a central backdoor,
this
was initially rumoured, then confirmed somewhat by a Russian police
statement [1], then confirmed by microsoft itself in its law enforcement
requests report.


Rest is gossip:

Right.  For my own part, I fully expected that when Microsoft purchased 
Skype in 2011, it was only a matter of time before it was backdoored. 
That link [1] seems to confirm it.


(Before Skype was purchased, the intel agencies had attack kits that 
would replace either Skype or OS hooks on the victim's PC.  But this 
involves an invasive attack on the victim's PC which could perhaps have 
been prevented by someone who was paranoid enough.  The new backdoor 
solution is far better for the intel people.)




Now publicly disclosed law enforcement requests reports
are good thing, started by google, but clearly those requests are getting
info or they wouldnt be submitting them by the 10s of thousands.

http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/


75,000 skype related law enforcement requests, 137,000 accounts affectd
(each
call involving or more parties).

You have to wonder with that kind of mentality at microsoft (to
intentionally insert themselves into the calls, gratuitiously when it
supposedly wasnt previously architected to allow that under skype's watch),
what other nasties they've put in.  Eg routine keyword scanning?  Remote
monitoring (turn on microphone, camera?) Remote backdoor and rifling
through
files on the users computer.  The source is more than closed, its coded
like
a polymorphic virus with extensive anti-reverse-engineering features it
would be rather hard to tell what all it is doing, and given the apparent
lack of end to end security, basically impossible to tell what they are
doing in their servers.



IMHO, it's not Microsoft that has ever been special in this respect.  It 
is all large companies that have a large invasive government. 
Unfortunately, once a company has made its bed in a country, the side 
deals are inevitable.



I think its past time people considered switching to another IM client, an
open source one with p2p routed traffic and/or end 2 end security,
preferably with some resilience to X.509 certificate authority based
malfeasance.

I have nothing particular to hide, but this level of aggressive, no-warrant
mass-scale fishing is not cricket.  They are no doubt probably hoovering it
all up to store in those new massive Utah spook data centers in case they
want to do some post-hoc fishing also.

And clearly there are plenty of people with very legitimate reasons to
hide;
given the levels justice has stooped to do these days in their legal
treatment of activists (even green activists, anti-financial crimes,
corporate ethics activists, whistleblowers) - western countries are
slipping
backwards in terms of transparency and justice.



And people like us.

https://www.noisebridge.net/pipermail/noisebridge-discuss/2013-March/035200.html

iang


Adam

[1] http://www.itar-tass.com/en/c142/675600.html

On Sat, Mar 23, 2013 at 01:36:34PM +, Ben Laurie wrote:

On 23 March 2013 09:25, ianG  wrote:

Someone on another list asked an interesting question:

 Why did OTR succeed in IM systems, where OpenPGP and x.509 did not?


Because Adium built it in?





(The reason this is interesting (to me?) is that there are not so many
instances in our field where there are open design competitions at this
level.  The results of such a competition can be illuminating as to what
matters and what does not.  E.g., OpenPGP v. S/MIME and SSH v. secure
telnet
are