Re: Re: Encrypted Virtual Drives
Or you can run vmware under XP, run NetBSD under vmware, use CGD, and export it back to windows with samba. It's sick, but I know of at least one person who is doing this, and he says the performance is acceptable (on his 1+ GHz laptop). /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Bamford on the NSA and the Greek mobile phone tapping scandal
As some of you may remember, there was a scandal in Greece back in February 2006 involving the interception of mobile phones belonging to high-level government officials, including the Prime Minister. The CALEA software on the Ericsson switches used by Vodafone was blamed; it had apparently been surrepticiously turned on and was copying traffic to an equal number of shadow phones. An thorny point in the investigation was the revelation that the shadow phones had also been used to make phone calls to Laurel, MD. An interview with James Bamford on the possible role of the NSA in the Mavili-gate was published in last Sunday's (5/8) To Vima, one of the major Athens newspapers. I contacted the journalist, Alexis Papahelas, asking for permission to forward the article to this list, and he was kind enough to send me the original raw transcript. Here it is, very slightly edited for obvious transcription mistakes. The published article (in Greek) can be found in: http://www.tovima.gr/print_article.php?e=Bf=14755m=A20aa=1 -- Mr. Bamford Good Evening from Athens, thank you very much for being with us tonight. JB: My pleasure -- Let me ask you first of all, there has been a lot of discussion here in Greece about this lawful interception software, explain to me what it is, and whether the US put pressure on worldwide companies to install that after 9/11 especially? JB: Well the software is basically used to attach to commercial communication facilities, like the ATT in the US, or whatever commercial company it is, and anything that goes over these communication facilities gets picked up, whether it is e-mail, or telephone calls and divert it to the US Government, whoever attached the equipment. -- Is it your understanding that most of the hardware companies around the world, that provide mobile telephone companies with equipment, had this installed at some point? JB: Well in the US there was a lot of requiring that US companies do it, but around the world I think there was pressure by the US for a lot of the friendly countries to the US, allied countries to do as much as they can in terms of domestic eavesdropping and this type of equipment is most useful for that. -- As you know, during the Olympics here in 2004, a lot of the US intelligence agencies were here, based here, they had a lot of equipment here, now do you imagine they were able back then to monitor conversations between mobile phones here in Greece? JB: Oh, the technology has been long in existence for them to be able to monitor mobile phone calls, the US monitors phone calls all over the world, and it has the equipment, so I would imagine that especially since there was a large US contingency at the Olympics in Athens, that they would have, the NSA would have had a presence there with an eavesdropping capability. -- Give us a sense of you know, what an NSA operation would entail here in Greece. JB: Well, what would have happened was, the US would fly over a team plus equipment. They would first scan out the best places to maybe put antennas to intercept microwave communications, communications that would carry mobile phone signals, for example. On the other hand they could have also worked out an agreement with Greek telecommunications companies, or the Greek Government to install NSA equipment on their facilities in order to monitor the communications, so it is hard to say but there is very little question that the NSA did a lot of monitoring during that period of time. -- What you are saying is very important to us, so to my understanding is that the NSA does strike, I suppose secret agreements, with phone companies around the world, is that what you are saying? JB: Oh sure, it tries as much as it can to get phone companies around the world to co-operate with the NSA in order to help its world-wide monitoring operations. -- And would it be acceptable for them also, to try to recruit some people from inside the companies, if they cannot strike such an agreement? JB: Yeah, NSA does that too it will try to make a deal, to get somebody to co-operate. In the old days the NSA would try to get a code-clerk at an Embassy to co-operate, but these days they try to get people, that have access to large databases, or telecommunications facilities. -- We have sent you e-mails, and you have an idea of what this Greek system of interception looked like. Does it tell you something, I mean how sophisticated is it, does it tell you it is a US intelligence agency, a British, somebody else? What is your assessment? JB: Well I think it is pretty much a standard communications system, in terms of mobile phone calls and so forth, they all pretty much operate the same way, it is just that it is a different frequency,
Re: Crypto hardware with secure key storage
Speaking of bulk encryption cards... does the linux 2.6 kernel support any? There is a reference to a crypto framework in the configuration menus, but as is typical of linux, there are no man pages or other documentation related to it, and I don't feel like reading source code. (/usr/src/linux*/Documentation/crypto says next to nothing, and the two URLs in the file are not working) Cheers, /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: skype not so anonymous...
Although in this case it's obviously the man's stupidity using an instant messenger with his old virtual identity that got him tracked down. No one For that matter, he could just have gotten a phonecard and used a payphone. Wearing sunglasses, a wig and a false beard while limping to and from the payphone would have even rendered surveillance cameras useless. Sometimes the way to defeat high-tech policing is with low-tech measures. Unfortunately, the terrorists have already figured this out. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: cellphones as room bugs
On Sat, Dec 02, 2006 at 10:21:57AM -0500, Perry E. Metzger wrote: Quoting: The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. Not very novel; ISDN phones, all sorts of digital-PBX phones, and now VoIP phones, have this feature (in the sense that, since there is no physical on-hook switch (except for the phones in Sandia and other such places), it's the PBX that controls whether the mike goes on or not). I've always wondered what legitimate use the ability to turn on the microphone of a *mobile* phone remotely was. No mobile telephony company has ever advertised this as a feature. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: cellphones as room bugs
On Sun, Dec 03, 2006 at 09:26:15PM -0600, Taral wrote: That's the same question I have. I don't remember seeing anything in the GSM standard that would allow this either. I'll hazard a guess: mobile providers can send a special type of message (not sure if it would be classed as an SMS) with various settings for your phone. They do that, for example, to set the GPRS settings. IN many phones, one of the possible settings is to automatically answer the phone, without ringing (the feature is used in some of the hands-free settings). The user would probably notice that the phone is in use, but there may be some other trick around that. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
SSL (https, really) accelerators for Linux/Apache?
There is too much conflicting information out there. Can someone please recommend an SSL accelerator board that they have personally tested and used, that works with the 2.6.* kernels and the current release of OpenSSL, and is actually an *accelerator* (I've used a board from a certain otherwise famous manufacturer that acted as a decelerator...). I only need this for SSL, not for IPsec. Thanks, /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Banking Follies
Citibank send me periodic reminders to switch to an electronic-only statement so that I am better protected against identity theft. John Cleese saying explain the logic underlying this conclusion in the cheese shop sketch comes to mind... The return address for the email message, although appearing to be from citibank.com, is linked to a black hole or some other information sink. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Banking Follies
On Sun, Jan 14, 2007 at 03:31:22PM -0500, Steven M. Bellovin wrote: On Sat, 13 Jan 2007 18:26:52 -0500 John Ioannidis [EMAIL PROTECTED] wrote: Citibank send me periodic reminders to switch to an electronic-only statement so that I am better protected against identity theft. The advice may actually be correct, though of course they have a major financial incentive to persuade you to adopt the scheme even if it isn't. Until they start electronically signing and timestamping their electronic statements, I would much rather have a paper trail from them than from my printer, so that when they (inevitably) screw up my account, it won't be just my printouts against their infallible computers. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: some thoughts about Oracle's security breach (by SAP)
On Fri, Mar 23, 2007 at 02:29:14PM -0800, Alex Alten wrote: It seems to me that this could have been prevented (or better damage control) by: 1) encrypting the files Encrypting the files would not have served any purpose; the decryption key would simply have been part of the customer credentials that were abused. Proper key management is actually harder than proper access control. 2) putting in place good access controls (policy adjudication and enforcement) examples: if more than 100 files / week then raise alert if customer access incorrect areas /directories raise an alert Yes, Oracle did not enforce proper access controls if customers could download things they were not entitled to. An argument can be made in their favor that they allow customers without a license to browse around so that they will be tempted to actually buy the product later on, and relying on the legal system to enforce abuse. This, however, does not explain why internal, proprietary information was available with unrestricted access, and SAP (or anyone else, for that matter) was able to download it. Again, as far as alerts are concerned, it is easier to put hard-and-fast access controls than to try to deduce customer behavior. 3) possibly better auditing in place to assist after-the-fact forensics (this might have reduced the scope of the theft by allowing a more timely response) I think their auditing is fine; the attacks occured in late November 2006, and the litigation is starting less than four months later. /ji -- John Ioannidis | Packet GENERAL Networks, Inc. [EMAIL PROTECTED] | http://www.packetgeneral.com/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
IBM Lost Tape(s)
Apparently, last February IBM lost some tapes with employee data. Yesterday, I received a notification from them, which I scanned and put (slightly redacted) in http://www.tla.org/private/ibmloss1.pdf for your amusement. Now, I haven't worked for IBM in a long time, and since then I have moved about a dozen times. I'm pretty sure quite a few people are in that situation. I wonder how much it cost them to find current addresses for everybody so we could be notified. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How the Greek cellphone network was tapped.
silvio wrote: Aren't run-of-the-mill cellphones these days powerful enough to use available software like OpenSSL to encrypt voice/datastreams? Again...what are the options for end-to-end cell encryption right now? Mobile phones have had spare cycles for doing strong crypto for a very long time. There are two classes of reasons why this is not happening and is (unfortunately) never going to happen: 1. Practically no users ask for it, so the handset vendors prefer to use development resources to build even more flashy features, rather than allocate resources to developing E2E security. No user would ever brag about how secure their phone is, but they would brag about how they can play video games or take pictures or whatever, or how small it is. 2. E2E crypto on mobiles would require cross-vendor support, which would mean that it would have to go into the standard. Unfortunately, standards in the mobile world are heavily influenced by governmnets, and the four horsemen of the apocalypse (drug dealers, paedophiles, spies, and terrorists) are still being used by government types to nix any attempts at crypto they can't break or intercept. Unfortunately, it's not so easy to roll your own on top of a 3G-enabled smartphone. The broadband channel does not have the tight jitter and throughput guarantees that voice needs, and some providers (Verizon in the USA for example) consider running voice traffic over their broadband network a violation of the usage agreement (no need to blame the government for that, their own greed is adequate explanation). There are lots of other technical and human-factors issues that have been covered to great extent in this and other fora. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How the Greek cellphone network was tapped.
Florian Weimer wrote: It's also an open question whether network operators subject to interception requirements can legally offer built-in E2E encryption capabilities without backdoors. You probably meant device vendors, not network operators. The whole *point* of E2E security is that network operators are not involved. If they were, it wouldn't be end-to-end! /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Lack of fraud reporting paths considered harmful.
Perry E. Metzger wrote: That's not practical. If you're a large online merchant, and your automated systems are picking up lots of fraud, you want an automated system for reporting it. Having a team of people on the phone 24x7 talking to your acquirer and reading them credit card numbers over the phone, and then expecting the acquirer to do something with them when they don't have an automated system either, is just not reasonable. But how can the issuer know that the merchant's fraud detection systems work, for any value of work? This could just become one more avenue for denial of service, where a hacked online merchant suddenly reports millions of cards as compromised. I'm sure there is some interesting work to be done here. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: House o' Shame: Amtrak
Not just Amtrak. The Economist and The New Yorker both do the same thing. I tried engaging them in a discussion on the subject. The Economist never replied, whereas the New Yorker assured me that those addresses were indeed theirs. I haven't figured out how to get past the clueless people whose job is not to be clueful and engage the clueless people whose job should be to be clueful. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Just update the microcode (was: Re: defending against evil in all layers of hardware and software)
Intel and AMD processors can have new microcode loaded to them, and this is usually done by the BIOS. Presumably there is some asymmetric crypto involved with the processor doing the signature validation. A major power that makes a good fraction of the world's laptops and desktops (and hence controls the circuitry and the BIOS, even if they do not control the chip manufacturing process) would be in a good place to introduce problems that way, no? /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Just update the microcode (was: Re: defending against evil in all layers of hardware and software)
[EMAIL PROTECTED] wrote: No need to be a major power. Linux patches x86 code, as does Windows. I ran across a project several years ago that modified the microcode for some i/o x86 assembly instructions. Here's a good link explaining it all. What the OS or the BIOS loads is files that come from Intel. There is some verification involved, as the processor won't just accept random bytes. You'll need a fair amount of money, as well as intelligence expertise, to get hold of the signing keys, not to mention the documentation for how to write microcode in the first place. I assume that's one of Intel's (and AMD's) closest-guarded secrets. http://en.wikipedia.org/wiki/Microcode It must be true, I read it on the Internet :) All this hw/sw flexibility makes designing a good security system a real challenge. You need a reference monitor somewhere in it that you can truly trust. - Alex That we agree on! /ji - Original Message - From: John Ioannidis [EMAIL PROTECTED] To: Cryptography cryptography@metzdowd.com Subject: Just update the microcode (was: Re: defending against evil in all layers of hardware and software) Date: Mon, 28 Apr 2008 18:16:12 -0400 Intel and AMD processors can have new microcode loaded to them, and this is usually done by the BIOS. Presumably there is some asymmetric crypto involved with the processor doing the signature validation. A major power that makes a good fraction of the world's laptops and desktops (and hence controls the circuitry and the BIOS, even if they do not control the chip manufacturing process) would be in a good place to introduce problems that way, no? /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Ransomware
Leichter, Jerry wrote: Computerworld reports: http://www.computerworld.com/action/article.do?command=viewArticleBasicarticleId=9094818 This is no different than suffering a disk crash. That's what backups are for. /ji PS: Oh, backups you say. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: survey of instant messaging privacy
Perry E. Metzger wrote: Also from Declan McCullagh today, a full survey of instant message service security: http://news.cnet.com/8301-13578_3-9962106-38.html?part=rsstag=feedsubj=TheIconoclast Interesting. Of course, with the possible exception of Skype, only the over-the-network part of the communication is protected. The IM providers can still give the contents of your communications to third parties. As OTR has shown, it's not hard to do end-to-end crypto even if you don't have direct client connectivity. Makes one wonder why the default clients don't have the functionality :) /ji, Pidgin user - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: security questions
Does anyone know how this security questions disease started, and why it is spreading the way it is? If your company does this, can you find the people responsible and ask them what they were thinking? My theory is that no actual security people have ever been involved, and that it's just another one of those stupid design practices that are perpetuated because nobody has ever complained or that's what everybody is doing. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: security questions
[EMAIL PROTECTED] wrote: John Ioannidis wrote: | Does anyone know how this security questions disease started, and why | it is spreading the way it is? If your company does this, can you find | the people responsible and ask them what they were thinking? The answer is Help Desk Call Avoidance; allow the end-user to fix their own account without having to get someone on the phone. This is simply an available mechanism in the spectrum between easy-to-use and rock-solid security. As the discussion so far indicates, and as published papers show, the security of these security questions is lower than the security of the password. | My theory is that no actual security people have ever been involved, and | that it's just another one of those stupid design practices that are | perpetuated because nobody has ever complained or that's what | everybody is doing. Your theory is incorrect. There is considerable analysis on what Can you reference it please? There has been some analysis on the entropy of passphrases as a password replacement, but it is not relevant. constitute good security questions based on the anticipated entropy of the responses. This is why, for example, no good security question has a yes/no answer (i.e., 1-bit). Aren't security questions just an automation of what happens once you get a customer service representative on the phone? In some regards they may be more secure as they're less subject to social manipulation (i.e., if I mention a few possible answers to a customer support person, I can probably get them to confirm an answer for me). The difference is that when you are interfacing with a human, you have to go through a low-speed interface, namely, voice. In that respect, a security question, coupled with a challenge about recent transactions, makes for adequate security. The on-line version of the security question is vulnerable to automated dictionary attacks. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Voting machine security
This just about sums it up: http://xkcd.com/463/ /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Activation protocol for tracking devices
As it has been pointed out numerous times on this and other places, this is a singularly bad idea. The crypto isn't even the hardest part (and it's hard enough). Just don't do it. If you are going to spend your energy on anything, it should be to work against such a plan. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: consulting question....
If you've already explained to them that what they are trying to do is both impossible and pointless, and they still want your consulting services, take as much of their money as you can and don't feel bad about it! Maybe you can get some more people on this list hired, too :) /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: consulting question.... (DRM)
John Gilmore wrote: ... PPS: On a consulting job one time, I helped my customer patch out the license check for some expensive Unix circuit simulation software they were running. They had bought a faster, newer machine and wanted to run it there instead of on the machine they'd bought the node-locked license for. The faster their simulation ran, the easier my job was. Actually, I think we patched the Unix kernel or C library that the program depended upon, rather than patch the program; it was easier. Kernel. Instead of calling the subroutine that would retrieve the 32-bit hostid from the PROM, you just did a load immediate with the right number. The instructions were the same length, so everything worked fine :) Not that I know of any places that actually did this, of course :) /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Against Rekeying
I think the problem is more marketing and less technology. Some marketoid somewhere decided to say that their product supports rekeying (they usually call it key agility). Probably because they read somewhere that you should change your password frequently (another misconception, but that's for another show). Also, there's a big difference between rekeying communications protocols and rekeying for stored data. Again, the marketoids don't understand this. When I was working for a startup that was making a system which included an encrypted file system, people kept asking us about rekeying, because everybody has it. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Location services risks (was: Re: Spy/Counterspy)
Location-based services are already being used for dating services (big surprise here). Mobiles send their location to a server, the server figures out who is near whom, and matches them. There are lots of variants on that. An obvious risk here is that the server is acting as a location oracle, allowing me to triangulate. Or I can fake my location to be my mark's, and see if he is near there. A senator no longer even has to have a wide stance to be caught cruising :) /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Fw: [IP] Malware kills 154
On 8/23/2010 5:17 PM, Thierry Moreau wrote: Commercial avionics certification looks like the most demanding among industrial sectors requiring software certification (public transportation, high energy incl. nuclear, medical devices, government IT security in some countries, electronic payments, lottery and casino systems). I can't resist pointing out that electronic voting systems are not part of that list :( /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com