Re: Some companies are just asking for it.

[Lance James]

Steve Furlong wrote:


On 6/24/05, Perry E. Metzger [EMAIL PROTECTED] wrote:
 


For the record, the guys at Fidelity Investments have always seemed to
me to have their act together on security, unlike lots of other
   



A few years ago I did some consulting at Fidelity Investments, writing
code to spider their own websites for, among other things, security.
The fact that they were willing to pay for a few months of my time,
plus the obscene markup for the company I billed through and putting
me up in Boston, suggests they were serious about it.

 

I can vouch on that level as well, unfortunately what I can vouch for is 
covered under NDA - but I can tell you they are very serious about 
addressing security - mind you, no one is perfect.






--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free!


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: AES cache timing attack

[Thor Lancelot Simon]

On Tue, Jun 21, 2005 at 10:38:42PM -0400, Perry E. Metzger wrote:
 
 Jerrold Leichter [EMAIL PROTECTED] writes:
  Usage in first of these may be subject to Bernstein's attack.  It's much 
  harder to see how one could attack a session key in a properly implemented 
  system the same way.  You would have to inject a message into the ongoing 
  session.
 
 I gave an example yesterday. Perhaps you didn't see it.
 
 The new 802.11 wireless security protocols encrypt the on-air portion
 of communications, and are typically attached to ethernet bridges.

Sorry I didn't respond to this earlier -- I was on vacation last week.

It is simple to practice this attack against an 802.11 network that is
behind a NAT or routing firewall, rather than just a simple Ethernet
bridge.  It's only moderately harder when the 802.11 network is separated
from the public Internet by a proxy firewall.

In fact, I can run it right here in my house:

From the west-facing window of my apartment building, I can see over
50 different 802.11 networks as I scan the buildings across the street
with a reasonably tight antenna.  Many of those networks are connected
to the public Internet by a cablemodem network to which I also have
access.

A small number of those networks use WPA with AES (I'm lucky I have so
many networks to choose from; this isn't common on residentail networks --
yet).

So, to obtain encryption timing data, I can:

1) Do two quick tcpdumps, imported them into SPSS, and look for the
   best-correlated wireless and wired activity times.  This gives me a
   good guess as to which wireless network had which public address (it
   also, presumably, gives me en/deryption timing data, for known, even,
   but not chosen plaintext; but that's just gravy).

2) Look at the tcpdump for the wired segment again (or run a new one) to
   find some open TCP connections.  These will pretty much all correspond
   to open TCP connections on the inside; routing firewalls and almost
   all NAT boxes will just pass packets sent from the outside straight
   through (a proxy firewall will require an application-layer attack)

3) Send duplicate ACKs (or wholly spurious ACKs) to the public address
   of the firewall in question and watch the wireless segment to see
   how long it takes to encrypt them.  Oh, by the way, they're chosen
   plaintext...

Thor

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]