Re: Cracking the code?
the hex value stored is perhaps a hash, or even better, a salted hash, or even better, a keyed salted hash which is then hex-encoded. any discussion of unix password cracking will describe the first two. (i think even the original doug mcilroy paper) all are vulnerable to dictionary and brute force attacks. an unsalted hash also reveals what two users have the same password as their hashes are the same. yes, you could also precompute hash values instead of using attacks which enumerate the values and their hashes. if the hash is sent to a counterparty to authenticate the user (to make unnecessary their typing a password) it has the same protective power as a plaintext password. if you have the hash, you can pretend to be the user in any situation which accepts the hash as an authenticator. the only value of such a hash is to obscure the password and to make less likely that someone with the hash can take advantage of the user using the same plaintext password in other circumstances. this is the main reason why static authenticators such as passwords should generally not be reused, or, for that matter, used at all for high value asset protection. On Sat, Mar 03, 2007 at 04:09:36AM -0800, Allen wrote: > Hi gang, > > On recent consulting gig, I came across what I think is a > potential vulnerability and wanted to see how crazy my thinking is. > > Without mentioning the exact place or piece of software because > of NDAs, here is the basic scenario. > > The tool stores the hex version of the remote access password in > a field that is visible to the end user. The default setting of > the software is that if you enter ASCII into the field, it will > calculate the hex version and display it. At this site the sys > admins have decided that this is not a user settable field so > once set the user can not change it except with the help of an > admin. There is also no policy in place to require periodic > password changes. > > Also every user in the entire enterprise has this field visible > in their LDAP address information that anyone in the company can > access at any time. The address info also contains the user name > for logging onto the network. The password for remote access > appears to be the same as the password for logging onto the > machine even when it it not connected to the domain. > > Next, trial versions of the software are available that still > have the default setting where the user can enter any password > and the hex value will be shown. As to the password algorithm > itself, I don't know what it is. I don't know if it uses an IV > that changes for every password that is entered, but that would > be easy to check with the trial version. What research I've done > says that it is derived from AES128 and it is a fixed field > length. There is more than a bit of security by obscurity at play > here. > > So it seems to me this is vulnerable to a know text attack: i.e., > enter "known password 1" get back "hex value 1", etc. By hand it > would take a while to build a list of equivalences, but I assume > that a clever perl hacker, which I'm not, could code a widget > that would automate this, taking a common dictionary such as from > Cain & Abel, John the Ripper or some such, and fairly quickly > build a list of password/hex pairs. With this list in hand an > insider bent on industrial espionage could find the weak > passwords of sys admins and logon as them and do whatever > nefarious deeds they wish. > > My questions are: A) is this as vulnerable as it seems at first > blush? B) how many password/hex pairs would be needed to deduce > the underlying algorithm?, C) If one could deduce the algorithm, > could the attack be generalized so that it could be used against > other enterprises that use the same software? (It is very(!) > widely deployed), and D) am I missing something in my thinking? > > Thanks, > > Allen > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Secure phones from VectroTel?
another contender (or could-be contender): http://www.cryptophone.de/products/CPG10/index.html (open source and built by people like rop gonggrijp and barry wels) On Tue, May 23, 2006 at 01:45:15PM -0400, John Ioannidis wrote: > On Tue, May 23, 2006 at 11:19:38AM -0400, Perry E. Metzger wrote: > > > > Following the links from a /. story about a secure(?) mobile phone > > VectroTel in Switzerland is selling, I came across the fact that this > > firm sells a full line of encrypted phones. > > > > http://www.vectrotel.ch/ > > > > Too little, too late. What are they doing, running a V.32bis modem > over the GSM analog channel? That would account for the worse voice > quality and the delays in the spec. > > A friend showed me yesterday his EVDO-enabled, WinCE handheld, which > he was using to make phone calls over Skype (not that Skype is secure, > but that's another story). > > /ji - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: VoIP and phishing
On Thu, Apr 27, 2006 at 01:12:43PM -0700, [EMAIL PROTECTED] wrote: > so if you are counting on the calling party being who they say the are, > or even within your company, based on callerid, don't. > > does anyone know if time ANI from toll free services is still unspoofable? make that "real-time ANI" - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: VoIP and phishing
the other point that should be made about voip is that callerid is trivial to spoof. so if you are counting on the calling party being who they say the are, or even within your company, based on callerid, don't. i predict a round of targeted attacks on help desks and customer service, as well as more general scams with callerid set to (say) "Visa Security". does anyone know if time ANI from toll free services is still unspoofable? some of my clients have been receiving targeted phishes recently that correctly name their bank and property address and claim to be about their mortgage. this is information obtainable from public records. On Thu, Apr 27, 2006 at 12:07:20PM -0400, [EMAIL PROTECTED] wrote: > >From Computerworld: > > > New phishing scam model leverages VoIP > Novelty of dialing a phone number lures in the unwary > News Story by Cara Garretson > > APRIL 26, 2006 > (NETWORK WORLD) - Small businesses and consumers aren't the only ones > enjoying the cost savings of switching to voice over IP > (VoIP). According to messaging security company Cloudmark Inc., phishers > have begun using the technology to help them steal personal and > financial information over the phone. > > Earlier this month, San Francisco-based Cloudmark trapped an e-mailed > phishing attack in its security filters that appeared to come from a > small bank in a big city and directed recipients to verify their account > information by dialing a certain phone number. The Cloudmark user who > received the e-mail and alerted the company knew it was a phishing scam > because he's not a customer of this bank. > > Usually phishing scams are e-mail messages that direct unwitting > recipients to a Web site where they're tricked into giving up their > personal or financial information. But because much of the public is > learning not to visit the Web sites these messages try to direct them > to, phishers believe asking recipients to dial a phone number instead is > novel enough that people will do it, says Adam O'Donnell, senior > research scientist at Cloudmark. > > And that's where VoIP comes in. By simply acquiring a VoIP account, > associating it with a phone number and backing it up with an interactive > voice-recognition system and free PBX software running on a cheap PC, > phishers can build phone systems that appear as elaborate as those used > by banks, O'Donnell says. "They're leveraging the same economies that > make VoIP attractive for small businesses," he says. > > Cloudmark has no proof that the phishing e-mail it snagged was using a > VoIP system, but O'Donnell says it's the only way that staging such an > attack could make economic sense for the phisher. > > The company expects to see more of this new form of phishing. Once a > phished e-mail with a phone number is identified, Cloudmark's security > network can filter inbound e-mail messages and block those that contain > the number, says O'Donnell. > > -- Jerry > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Not everyone knows about strong crypto...
and a second data point, not everyone in the mafia chooses good passphrases; a few years ago the government got a black bag warrant (once and a renewal) to install some still undescribed keystroke monitoring technology on nicky scarfo jr's pc, to find out the pgp key of a spreadsheet of a smalltime mafioso whose hard drive they'd already taken a copy of. it turned out to be his father's federal prison number. On Wed, Apr 19, 2006 at 11:10:49AM -0400, Perry E. Metzger wrote: > > It seems not everyone has gotten the message that monoalphabetic > substitution was broken many hundreds of years ago. Excerpt: > > The recently arrested "boss of bosses" of the Sicilian Mafia, Bernardo > Provenzano, wrote notes using an encryption scheme similar to the one > used by Julius Caesar more than 2,000 years ago, according to a > biography of Italy's most wanted man. > > http://dsc.discovery.com/news/briefs/20060417/mafiaboss_tec.html?source=rss > > -- > Perry E. Metzger [EMAIL PROTECTED] > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: NY Times reports: Documents show link between AT&T and NSA
in this case, poorly chosen example. it's hard to not print documents used by the technician(s) to install splitters in the fibers and specify the details of wiring in and between various racks and cabinets. On Thu, Apr 13, 2006 at 08:04:07PM +0200, lorenzo wrote: > On 4/13/06, Perry E. Metzger <[EMAIL PROTECTED]> wrote: > > http://www.nytimes.com/2006/04/13/us/nationalspecial3/13nsa.html > [...] > > Now Mr. Klein and a few company documents he saved have emerged as key > > elements in a class-action lawsuit filed against AT&T on Jan. 31 by a > > civil liberties group, the Electronic Frontier Foundation. The suit > > accuses the company of helping the security agency invade its customers' > > privacy. > > Am I wrong or if we were living in a DRM- or Trusted Computing- World, > those documents probably would be unreadable, if they were digital > documents? Also they could have prevented printing of the documents, > and so on. > > Of course, the human is still the weaker ring, but this is not of much > help in such cases. > > -- > :lorenzo grespan > GPG Key fingerprint = 5372 1B49 9E61 747C FB9A 4DAE 5D2A A9A0 74B4 8F1A > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: [Clips] Banks Seek Better Online-Security Tools
please, can people tell us about what their country's liability framework is, as they understand it, and where the onus of proof is for what sorts of transactions? this is one of the few areas where consumers have some actual protection in the us. due to ross anderson, i have heard about the uk. has this been harmonized in the eu? many other countries are a mystery to me. it would seem to me even in countries with pro-bank/anti-consumer stances the risk could be limited by putting few eggs in that basket, rather than giving up on using baskets entirely. as an offering from left field, here's an pretty good paper about fraud and identity in .au and .nz http://www.aic.gov.au/conferences/other/smith_russell/2003-09-identity.html On Mon, Dec 05, 2005 at 07:09:33PM +0100, Jonathan Thornburg wrote: > I would never use online banking, and I advise all my friends and > colleagues (particularly those who _aren't_ computer-security-geeks) > to avoid it. > > > >On Sun, Dec 04, 2005 at 05:51:11PM -0500, [EMAIL PROTECTED] wrote: > >I've been using online banking for many years, both US and Germany. > >The German PIN/TAN system is reasonably secure, > >being an effective one-time pad distributed through out of band channel > > Ahh, but how do you know that the transaction actually sent to the > bank is the same as the one you thought you authorized with that OTP? > If your computer (or web browser) has been cracked, you can't trust > _anything_ it displays. There are already viruses "in the wild" > attacking German online banking this way: > http://www.bsi.bund.de/av/vb/pwsteal_e.htm > > > I also don't trust RSAsafe or other such "2-factor authentication" > gadgets, for the same reason. > > [I don't particularly trust buying things online with a credit card, > either, but there my liability is limited to 50 Euros or so, and the > credit card companies actually put a modicum of effort into watching > for suspicious transactions, so I'm willing to buy (a few) things online.] > > ciao, > > -- > -- Jonathan Thornburg <[EMAIL PROTECTED]> >Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut), >Golm, Germany, "Old Europe" http://www.aei.mpg.de/~jthorn/home.html >"Washing one's hands of the conflict between the powerful and the > powerless means to side with the powerful, not to be neutral." > -- quote by Freire / poster by Oxfam > > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: [Clips] Banks Seek Better Online-Security Tools
On Mon, Dec 05, 2005 at 09:24:04AM +, Ian G wrote:
> [EMAIL PROTECTED] wrote:
> >it seems to me the question is how much liability do i expose myself to by
> >doing this, in return for what savings and convenience.
>
> That part I agree with, but this part:
>
> >i don't keep a lot of money in banks (why would anyone?) -- most of
> >the assets are in (e.g.) brokerage accounts. at most i'm exposing
> >a month of payroll check to an attacker briefly until it pays some
> >bill or is transferred to another asset account.
>
> George's story - watching my Ameritrade account get phished out in 3 minutes
> https://www.financialcryptography.com/mt/archives/000515.html
>
> Seems like a hopeful categorisation!
>
> iang
okay, i read this story from 7/2005 reporting an incident in 5/2005. the short
form of it is:
the bad guys changed the associated bank account,
then they placed orders to sell everything at market prices.
at some point they changed the email address to a hotmail account (if they'd
done this first he would
have gotten less notice)
for some unexplained reason he received confirmations of the trades at the old
email address.
actual cash didn't get transfered at least because of the 3 day settlement time
for the trades.
the rest was dealing with law enforcement and customer service punes who
wouldn't tell him
anything for "privacy reasons".
well, i have lots of nit-picking questions, about the actual incident
and about the general point.
about the actual incident:
maybe his password was phished, maybe it was malware,
maybe it was password reuse and some other account was phished.
how was the bofa account set up? (the fraudster's destination account)
in these days of
patriot act "know your customer"? (or was it someone's phished account
also used just for transit?)
why didn't they just do the wire transfer early, and leave him with a
giant margin balance
to be paid from the proceeds at settlement?
about the general point:
the main thing online access changes (compared with phone access, or written
instructions) is the velocity.
most sensible institutions provide "change of account status"
notifications
by both email and postal mail (to both the old and the new addresses).
some sensible institutions put brakes on removing money from the system,
certainly for new accounts and (as i recommend to my clients) after an
account
change reflecting identity or control.
aside from the time and energy drain of identity theft, what is the
financial liability for consumers if your us-based brokerage account
is phished resulting in a fraudulent funds transfer? does anyone know
if there is any uniform protection (such as reg e would cover for interbank
funds transfers?)
i insert the weasel-words "consumers" and "us-based" because
of bofa's behavior in the joe lopez malware case, where they
are trying to claim he is a business not a consumer, and that
they are without fault in wire transfering his funds to latvia.
slightly off-topic:
remember abraham abdallah, the brooklyn busboy who assumed the
identity of a large number of the fortune 200 richest? made goldman
sachs "signature guaranteed stamps" and opened accounts in their number?
had 800 fraudulent credit cards and 2 blank cards when he was
arrested? ("hey kids! collect 'em all!"). my point is only that this
is
possible without my participating. as jerry leichter reminded me,
the fact there there are these facilities available means a bad guy can
use them even if i do not, unless i can not only opt out but forbid
anyone
else from subsequently opting in, the moral equivalent of cutting your
debit
card in half and returning it to the bank (rather than just destroying
the PIN).
even more off-topic:
i'm surprised that the people on this list don't feel as if they have
enough
personal connections that at least they could figure out what happened
to them
as *some* financial institution. doesn't anyone else ask, as a basis
for imputing
trust "exactly who did that {protocol, architecture, code} review as a
basis for
imputing trust? maybe i'm delusional, but i give fidelity some
residual credit
for having adam shostack there, even some years ago, and there are some
firms
i'd use because i've been there enough to see their level of care.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: [Clips] Banks Seek Better Online-Security Tools
dan, maybe you should just keep less money in the bank. i use online banking and financial services of almost every kind (except bill presentment, because i like paper bills). i ccannot do without it. it seems to me the question is how much liability do i expose myself to by doing this, in return for what savings and convenience. i don't keep a lot of money in banks (why would anyone?) -- most of the assets are in (e.g.) brokerage accounts. at most i'm exposing a month of payroll check to an attacker briefly until it pays some bill or is transferred to another asset account. (the lack of payment planning tools is my biggest beef with bill paying systems... it's so stupid that they don't show you the future running balances based on already arranged scheduled payments and regular withdrawals). i have an slightly too elaborate drip-feed system set up, with direct deposit of the paycheck into an account which pays (as scheduled payments) my fixed bills automatically every month and makes minimum credit card payments too, so i don't often pay nuisance fees. (my utilities have been switched to "average payment" plans, or more recently to bill to credit cards so they fit into this plan). i haven't written more than a few paper checks in years. i just add the payee to the online system and have the bank do it. the online system has paid around 200 bills so far this year. so i save on time, on postage, on the float (since the banks do ach transfers to the larger payees which often post in 2-3 days), on nuisance and finance charges, and on the phone, complaining about problems posting paper checks. i would notice a fraudulent transfer on my online backing long before i would notice a fraudulent paper check written against the same account. not only do i use online banking, i use aggregation systems which scrape screens for most of my accounts and display recent transactions, current balances, etc. i think i've tried almost all of these. fidelity's "full view" seems among the best of the group (they use yodlee for the scraping but manage their own password store). (while dan is surveying, i'll ask if anyone is using gnucash for this). i find this extremely helpful in managing diversification across several accounts, and in noticing such details such as both sides of payments or transfers between institutions or charges on infrequently used credit card accounts. an interesting question regarding aggregation was whether i should let them use the information they scraped to decide what to offer me. (so far they haven't offered me a free toaster to entice me to move assets to them. according to an informant, they don't use the information for poaching.) On Fri, Dec 02, 2005 at 11:05:29PM -0500, [EMAIL PROTECTED] wrote: > > You know, I'd wonder how many people on this > list use or have used online banking. > > To start the ball rolling, I have not and won't. > > --dan > > > Cryptography is nothing more than a mathematical framework for > discussing the implications of various paranoid delusions. > -- Don Alvarez > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Digital Water Marks Thieves
at the risk of being accused of being humor impaired: the particles are ignorant. it's the police officers that need to know to look for the taggants. civilians could look, but might not have access to the semantic content in the database. this is similar, i think to the taggants that are imbedded in industrial explosives to indicate the explosive batch number (to try to trace the pre-bang chain of custody). google for taggants if this interests you particularly. On Wed, Feb 16, 2005 at 10:36:33PM -0600, Matt Crawford wrote: > > On Feb 15, 2005, at 12:40, R.A. Hettinga wrote: > > >Instant, is a property-marking fluid that, when > >brushed on items like office equipment or motorcycles, tags them with > >millions of tiny fragments, each etched with a unique SIN (SmartWater > >identification number) that is registered with the owner's details on a > >national police database and is invisible until illuminated by police > >officers using ultraviolet light. > > That's amazing! How do the tiny particles know that it's not a > civilian illuminating them with ultraviolet light? > > And how does Wired reporter Robert Andrews fail to ask that question? > > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
