Privacy Guru Locks Down VOIP
--- begin forwarded text Date: Wed, 27 Jul 2005 08:12:53 -0400 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: Privacy Guru Locks Down VOIP --- begin forwarded text Date: Wed, 27 Jul 2005 12:44:43 +0200 From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Privacy Guru Locks Down VOIP User-Agent: Mutt/1.5.9i Sender: [EMAIL PROTECTED] http://wired.com/news/print/0,1294,68306,00.html Privacy Guru Locks Down VOIP By Kim Zetter Story location: http://www.wired.com/news/technology/0,1282,68306,00.html 10:20 AM Jul. 26, 2005 PT First there was PGP e-mail. Then there was PGPfone for modems. Now Phil Zimmermann, creator of the wildly popular Pretty Good Privacy e-mail encryption program, is debuting his new project, which he hopes will do for internet phone calls what PGP did for e-mail. Zimmermann has developed a prototype program for encrypting voice over internet protocol, or VOIP, which he will announce at the BlackHat security conference in Las Vegas this week. Like PGP and PGPfone, which he created as human rights tools for people around the world to communicate without fear of government eavesdropping, Zimmermann hopes his new program will restore some of the civil liberties that have been lost in recent years and help businesses shield themselves against corporate espionage. VOIP, or internet telephony, allows people to speak to each other through their computers using a microphone or phone. But because VOIP uses broadband networks to transmit calls, conversations are vulnerable to eavesdropping in the same way that e-mail and other internet traffic is open to snoops. Attackers can also hijack calls and reroute them to a different number. Few people consider these risks, however, when they switch to VOIP. Years ago, people kind of stumbled into e-mail without really thinking about security, Zimmermann said. I think that what's happening today with VOIP is that we're kind of stumbling into it (as well) without thinking about security. People don't think about it, he said, because they're used to phone calls being secure on the regular phone system -- known as the Public Switched Telephone Network. The PSTN is like a well-manicured neighborhood, (while) the internet is like a crime-ridden slum, Zimmermann said. To move all of our phone calls from the PSTN to the internet seems foolish without protecting it. Interest in VOIP is growing rapidly because the user pays less for the service and pays no long-distance toll charges. Some services are free. According to one recent survey, 11 million people worldwide use a subscription VOIP service, compared to only 5 million in 2004, and at least another 35 million use free VOIP services. That leaves a lot of people potentially open to eavesdropping. It's not as easy to eavesdrop on VOIP as it is to intercept and read e-mail. Phone conversations aren't stored or backed up where an attacker can access them, so the conversations have to be captured as they occur. But a program available for free on the internet already allows intruders to do just that. Using the tool, someone with access to a local VOIP network could capture traffic, convert it to an audio file and replay the voice conversation. The program is called Voice Over Misconfigured Internet Telephones, a name clearly chosen for its catchy acronym -- VOMIT. Bruce Schneier, chief technology officer of Counterpane Internet Security and author of the Crypto-Gram newsletter, said that the need for VOIP encryption is a given. If you're concerned about eavesdropping, then encryption is how you defend against it, he said. And it's not that hard to do. It's just a matter of writing the code. But David Endler, chairman of the VOIP Security Alliance industry group and director of security research at TippingPoint, said a protocol for encrypting and protecting VOIP data already exists and companies are starting to make VOIP phones that support the protocol. But he said that people typically don't enable the encryption option. Probably because we're not seeing attacks yet, he said. He said most users are less concerned with eavesdropping than with having VOIP service that provides the same quality and reliability that they expect from regular phone service. Some people can see clearly that there's a need for this, and others wonder if anyone cares about protecting phone calls, Zimmermann said. But those are the same people who wondered why anyone would want to protect e-mail. I think as people gain experience with VOIP they're going to have a great appreciation for the need to come up with extra measures to protect it. Endler also said that companies using VOIP are reluctant to implement encryption because of the overhead involved in managing the
Possibly new result on truncating hashes
Guys, I have what seems like a new and interesting result, which I haven't seen before, but which may or may not be new. The high order bit is that you can't generally guarantee that truncating your hash (chopping off some bits) won't weaken it. That is, if you chop SHA256 off to 160 bits as a replacement for SHA1 (something I'm working on with Niels Ferguson for X9 right now), it's possible that there's no attack on SHA256, but there is an attack on SHA160. How could this work? Suppose we have an algorithm like the Wang attacks on MD5, SHA0, or SHA1 for finding a single collision pair. The algorithm returns a single collision pair on the first 160 bits of SHA256 for (say) 2^{64} work. (Remember that this is just an example--I don't have any such algorithm!) Each time the algorithm is run, it gives a new, unrelated collision pair, and the remaining 96 bits are completely randomized by the collision pair. Now, this is an attack on SHA256 truncated to 160 bits. Does it lead to an attack on SHA256 as a whole? If it does, then we can make a reduction proof that says that the truncated hash is strong if the original hash is strong. Unfortunately, we can't make this argument, because this postulated collision algorithm can't be used to find a collision in the whole SHA256 more efficiently than brute force. Let's do the counting argument: Each time we call the 160-bit collision algorithm, we get a new pair which has the same first 160 bits of SHA256 output, and random unrelated last 96 bits of SHA256 output. Each pair has a probability of 2^{-96} of colliding in the remaining bits. So, to get a collision on the whole SHA256 using this 160-bit collision algorithm, we expect to have to try about 2^{96} collision pairs, each found at a cost of 2^{64}. The resulting work is 2^{64} * 2^{96} = 2^{160}, more than a straight brute-force collision search on SHA256. What does this mean? It means that just because you have a good 256-bit hash, you can't necessarily make a good 160 bit hash from it. You might be able to--it seems like you usually will be able to--but there's no guarantee. Comments? Is this some well-known result that I'm rediscovering? --John - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[Clips] All your routers are belong to us
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Wed, 27 Jul 2005 22:57:32 -0400 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: [Clips] All your routers are belong to us Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] --- begin forwarded text Date: Wed, 27 Jul 2005 18:49:47 -0700 From: Major Variola (ret) [EMAIL PROTECTED] Organization: GLODO PSYOPS To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: All your routers are belong to us Sender: [EMAIL PROTECTED] Take da subway, its da bomb LAS VEGAS--Cisco Systems has taken legal action to keep a researcher from further discussing a hack into its router software. The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference. The motion came after Lynn showed in a presentation how attackers could take over Cisco routers--a problem that he said could bring the Internet to its knees. The filing in U.S. District Court for the Northern District of California asks the court to prevent Lynn and Black Hat from further disclosing proprietary information belonging to Cisco and ISS, said John Noh, a Cisco spokesman. It is our belief that the information that Lynn presented at Black Hat this morning is information that was illegally obtained and violated our intellectual property rights, Noh added. Lynn decompiled Cisco's software for his research and by doing so violated the company's rights, Noh said. The legal moves came Wednesday afternoon, only hours after Lynn gave the talk at the Black Hat security conference here. Lynn told the audience that he had quit his job as a researcher at ISS to deliver the presentation, after ISS had decided to pull the session. Notes on the vulnerability and the talk, The Holy Grail: Cisco IOS Shellcode and Remote Execution, were removed from the conference proceedings, leaving a gap in the thick book. Lynn outlined how to run attack code on Cisco's Internetwork Operating System by exploiting a known security flaw in IOS. The software runs on Cisco routers, which make up the infrastructure of the Internet. A widespread attack could badly hurt the Internet, he said. The actual flaw he exploited for his attack was reported to Cisco and has been fixed in recent releases of IOS, experts attending Black Hat said. The ISS research team, including Lynn, on Monday decided to cancel the presentation, Chris Rouland, chief technology officer at ISS, said in an interview. It wasn't ready yet, he said. Lynn resigned from ISS on Wednesday morning and delivered the presentation anyway, Rouland added. Lynn presented ISS research while he was no longer an employee, Rouland said. Adding to the controversy, a source close to the Black Hat organization said that it wasn't ISS and Lynn who wanted to cancel the presentation, but Cisco. Lynn was asked to give a different talk, one on Voice over Internet Protocol security, the source said. But ISS' Rouland said there was never a VoIP presentation and that Wednesday's session was supposed to be cancelled altogether. The research is very important, and the underlying work is important, but we need to work with Cisco to determine the full impact, Rouland said. Previous Next Cisco was involved in pulling the presentation, a source close to the company said. The networking giant had discussions with ISS and they mutually agreed that the research was not yet fully baked, the source said. The demonstration on Wednesday showed an attack on a directly connected router, not a remote attack over the Internet. You could bring down your own router, but not a remote one, Rouland said. One Black Hat attendee said he was impressed with Lynn's presentation. He got a shell really easy and showed a basic outline how to do it. A lot of folks have said this could not be done, and he sat up there and did it, said Darryl Taylor, a security researcher. Shell is a command prompt that gives control over the operating system. Noh said that Lynn's presentation did not disclose information about a new security vulnerability or new security flaws. His research explored possible ways to expand the exploitation of existing vulnerabilities affecting routers, the Cisco spokesman said. Cisco has patched several flaws in IOS over the past year. Last year, the San Jose, Calif., networking giant said that part of the IOS source code had been stolen, raising fears of more security bugs being found. On Wednesday, Noh reiterated the company's usual advice that customers upgrade their software to the latest versions to mitigate vulnerabilities. Following his presentation, Lynn displayed his resume to the audience and announced he was looking
Diebold - might be of interest
Hi all, I don't know if this is appropriate on this list, but I know that diebold voting systems have been an issue in the cryptography community for a while now. Having said that, I'm pasting an article that I received (from my parents actually) that might be of interest to this group. If it is not, just moderate :) *Subject:* Black Box Darkness is settling over the election process in San Diego. I say get rid of anything electronic that has to do with elections. Realistic sentiment?! Gene VIEWING THE DIEBOLD VOTE-TALLYING SCREEN PROHIBITED Jim March, a member of the Black Box Voting board of directors, was arrested Tuesday evening for trying to observe the Diebold central tabulator (vote tallying machine) as the votes were being counted in San Diego's mayoral election (July 26). (- online discussion: http:/www.blackboxvoting.org -) According to Jim Hamilton, an elections integrity advocate from San Diego, he and March visited the office of the registrar of elections earlier in the day. During this visit, March made two requests, which were refused by Mikel Haas, the San Diego Registrar of elections. 1) March asked that the central tabulator, the computer that tallies up the votes from all the precincts, be positioned so that citizens could observe it. According to Hamilton, this would have required simply moving a table a few feet. 2) March also asked for a copy of the .gbf files -- the vote tally files collected during the course of tabulation - to be provided for examination after the election. During the tallying of the election, the Diebold computer was positioned too far away for citizens to read the screen. Citizens could not watch error messages, or even perceive significant anomalies or malfunctions. Unable to see the screen, March went into the office where the tabulator was housed. Two deputies followed him and escorted him out. According to Hamilton: He was not belligerent, not at all. After he went inside the tabulator room he came [was escorted] out and he said clearly 'I'm not resisting.' They handcuffed him, took him out of the building. They put him in a squad car. They're going to take him to the police station, book him and take him to jail, said Hamilton. He's getting charged with a felony, 'interfering with an election official.' March's actions are the culmination of two years of increasing frustration with the refusal of election officials to respond to security deficiencies in the voting machines. The software that tallies the votes in San Diego is made by Diebold Election Systems, a company that has already paid the state of California $2.8 million for making false claims, due to a lawsuit filed by March and Black Box Voting founder Bev Harris. On July 4, a report was released by European computer security expert Harri Hursti, revealing that the Diebold voting system contains profound architectural flaws. It is open for business, says Hursti, who demonstrated the flaws on Leon County, Florida Diebold machines. He penetrated the voting system in less than five minutes, manipulating vote reports in a way that was undetectable. Despite the critical security alert issued by Hursti, San Diego County sent 713 voting machines home with poll workers, increasing the risk that the memory cards housed in the machines could be hacked, and removing the argument that inside access was carefully safeguarded. The arrest of Jim March underlines a fundamental problem facing Americans today as, increasingly, they lose the ability to monitor, verify, or watch any part of the counting process. The San Diego registrar of elections knew of the security flaws in the voting system. Diebold has never denied the vulnerability identified in Hursti's report, found at http://www.blackboxvoting.org/BBVreport.pdf. Despite knowledge of the increased risks, Haas made the decision to create additional vulnerability by sending the machines home with hundreds of poll workers. While San Diego officials will no doubt point to a small seal on the compartment housing the memory card (the component exploited in Hursti's study), Black Box Voting has interviewed a former San Diego poll worker, who reported that all that is necessary to dislodge and then reaffix the seal is a small pair of pliers. IN A NUTSHELL: - The machines have been demonstrated to be vulnerable to undetected tampering - The San Diego registrar of voters chose not to take appropriate precautions - The main tally machine was placed in a location that was impossible for citizens to observe - Many voting integrity advocates have come to believe that voting machine reform now rivals the urgency of the Civil Rights movement in the 1960s. Jim March acted on those beliefs. * * * * * If you share the feelings that Jim March has expressed about voting system secrecy, please forward this message to your lists and to online blogs as appropriate. Permission granted to reprint, with link to http://www.blackboxvoting.org. * * * *
Last WWII Comanche code talker dies in Oklahoma
[resending this, after it didn't reach the list first time. I seem to have fallen off the list, and am back on now. I hope this isn't a repeat. /udhay] http://aolsvc.news.aol.com/news/article.adp?id=20050721170009990017 Last WWII Comanche code talker dies in Oklahoma By Ben Fenwick, Reuters OKLAHOMA CITY, Oklahoma (Reuters) - The last surviving Comanche code talker from World War Two, Charles Chibitty, has died at a nursing home in Tulsa, Oklahoma, a tribal spokeswoman said Thursday. Chibitty, who died Wednesday at age 83, was one of the 14 Comanche tribesmen who transmitted radio messages in their native language during the D-Day invasion of Normandy in 1944. In a 2002 speech Chibitty said: I wonder what the hell Hitler thought when he heard those strange voices over there, when we hit D-Day at Utah Beach. Now old Hitler, he's probably scratching his head yet down in his grave. He said they called Nazi dictator Adolph Hitler posah tai vo which means crazy white man. The Germans could not understand them, thus the Comanches were called code talkers. snip -- ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com)) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]