Re: [cryptography] skype backdoor confirmation
On Thu, May 16, 2013 at 3:52 PM, Adam Back a...@cypherspace.org wrote: So when I saw this article http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html I was disappointed the rumoured skype backdoor is claimed to be real, and that they have evidence. The method by which they confirmed is kind of odd - not only is skype eavesdropping but its doing head requests on SSL sites that have urls pasted in the skype chat! Sorry to dig up an old thread According to [1], Skype provided the backdoor before Microsoft purchased the service (but interception increased after M$'s purchase): The NSA also praised the collaboration with the FBI in the case of messaging and VoIP service Skype. According to the documents, Skype joined PRISM in early 2011, before it was acquired by Microsoft. That takeover is alleged to have resulted in a redoubling of efforts to enable PRISM to access Skype communications. According to the NSA, in July 2012, the volume of intercepted Skype data tripled following the introduction of new surveillance capability. There have been repeated rumours of backdoors in Skype intended to enable encrypted communications to be intercepted by the security services. Skype has always denied these reports. [1] http://www.h-online.com/security/news/item/Microsoft-gave-NSA-s-PRISM-access-to-Skype-Outlook-com-and-SkyDrive-1916730.html ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Indeed, it seems that Skype lost their privacy mojo somewhere between eBay and Microsoft. It's slightly unfair to blame Microsoft for the dirty deed itself, but one must ask: are we saying that M$ would have done any different, and did the then-owners know they had to prepare anyway? For those who follow twitter, Skype, et al, have become synonymous for privacy humour: https://twitter.com/skypeglobalpr Skype Global PR @SkypeGlobalPR 11 Jul To our users who used Skype for cybersex with loved ones: thank you. You have spiced up otherwise boring workdays for many NSA analysts. For those who are uncomfortable with the FBI now having the direct line to our more private moments, what Skype-replacements do people recommend? iang On 15/07/13 09:06 AM, Jeffrey Walton wrote: On Thu, May 16, 2013 at 3:52 PM, Adam Back a...@cypherspace.org wrote: So when I saw this article http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html I was disappointed the rumoured skype backdoor is claimed to be real, and that they have evidence. The method by which they confirmed is kind of odd - not only is skype eavesdropping but its doing head requests on SSL sites that have urls pasted in the skype chat! Sorry to dig up an old thread According to [1], Skype provided the backdoor before Microsoft purchased the service (but interception increased after M$'s purchase): The NSA also praised the collaboration with the FBI in the case of messaging and VoIP service Skype. According to the documents, Skype joined PRISM in early 2011, before it was acquired by Microsoft. That takeover is alleged to have resulted in a redoubling of efforts to enable PRISM to access Skype communications. According to the NSA, in July 2012, the volume of intercepted Skype data tripled following the introduction of new surveillance capability. There have been repeated rumours of backdoors in Skype intended to enable encrypted communications to be intercepted by the security services. Skype has always denied these reports. [1] http://www.h-online.com/security/news/item/Microsoft-gave-NSA-s-PRISM-access-to-Skype-Outlook-com-and-SkyDrive-1916730.html ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 2013-07-15 09:34:46 +0300 (+0300), ianG wrote:
Indeed, it seems that Skype lost their privacy mojo somewhere
between eBay and Microsoft.
[...]
I still don't understand where it ever got privacy mojo to start
with, even before eBay. Skype was written by the authors of KaZaA.
Anyone remember KaZaA? Embedded spyware and similar evils? It seems
people have very short memories where unpleasant truth is concerned.
--
{ PGP( 48F9961143495829 ); FINGER( fu...@cthulhu.yuggoth.org );
WWW( http://fungi.yuggoth.org/ ); IRC( fu...@irc.yuggoth.org#ccl );
WHOIS( STANL3-ARIN ); MUD( kin...@katarsis.mudpy.org:6669 ); }
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 15-07-13 14:59, Jeremy Stanley wrote: On 2013-07-15 09:34:46 +0300 (+0300), ianG wrote: Indeed, it seems that Skype lost their privacy mojo somewhere between eBay and Microsoft. [...] I still don't understand where it ever got privacy mojo to start with, even before eBay. Skype was written by the authors of KaZaA. Exactly! From the people that gave the music industry the finger. Can't be bad guys, then. Guido. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
From the new Washington Post Article According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms. http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story_1.html On Sun, May 26, 2013 at 6:32 AM, ianG i...@iang.org wrote: On 26/05/13 03:31 AM, James A. Donald wrote: On 2013-05-26 2:13 AM, Eric S Johnson wrote: Sauer: We answer to this question: We provide a safe communication option available. I will not tell you whether we can listen to it or not. In other words, no evidence there, either. Oh come on. We will not tell you tells us. This is the problem with non-disclosure. It tells us, but what does it tell us? For my money, Mr Sauer has told us that Skype is /preserving the option/. He doesn't tell us who Skype is listening to or when, it is even worse than that: they are preserving the option for anyone they so desire. People who hold an option do so because they can benefit from it, because options are not free. So Skype have decided that someone needs to listen, they will get a benefit, and they'll decide who that is, when and if [0]. The curious thing to take out of this is, for me: how should a security company act? If they act like Skype acted, people won't trust them. So how is it that a security company can deliver security if they themselves cannot be trusted? Consider two examples. Apple are mostly trusted, but they never tell us what they do in security. Verisign's CA model was an exercise in non-trust, because they told us in glorious 100page detail, and nobody had a clue what the deal was. What's the difference here? It seems to me that we should be able to determine a better way to be a trusted security company. Or, maybe there is no principle to be extracted here, maybe the market for security trust has no single way? We've been doing this for 20 years now, and it seems we still don't know. iang [0] Observers may point to limitations in the ToS. But if you need to point to ToS, then you are simply proving your deception. Does anyone know when the ToS were changed to permit intercept and listening? If they've changed ToS to permit e2e, where it wasn't permitted before, without telling us that e2e is over, then they've also changed them to permit whatever they want, and any new uses will likewise see a change. __**_ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/**mailman/listinfo/cryptographyhttp://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 26/05/13 03:31 AM, James A. Donald wrote: On 2013-05-26 2:13 AM, Eric S Johnson wrote: Sauer: We answer to this question: We provide a safe communication option available. I will not tell you whether we can listen to it or not. In other words, no evidence there, either. Oh come on. We will not tell you tells us. This is the problem with non-disclosure. It tells us, but what does it tell us? For my money, Mr Sauer has told us that Skype is /preserving the option/. He doesn't tell us who Skype is listening to or when, it is even worse than that: they are preserving the option for anyone they so desire. People who hold an option do so because they can benefit from it, because options are not free. So Skype have decided that someone needs to listen, they will get a benefit, and they'll decide who that is, when and if [0]. The curious thing to take out of this is, for me: how should a security company act? If they act like Skype acted, people won't trust them. So how is it that a security company can deliver security if they themselves cannot be trusted? Consider two examples. Apple are mostly trusted, but they never tell us what they do in security. Verisign's CA model was an exercise in non-trust, because they told us in glorious 100page detail, and nobody had a clue what the deal was. What's the difference here? It seems to me that we should be able to determine a better way to be a trusted security company. Or, maybe there is no principle to be extracted here, maybe the market for security trust has no single way? We've been doing this for 20 years now, and it seems we still don't know. iang [0] Observers may point to limitations in the ToS. But if you need to point to ToS, then you are simply proving your deception. Does anyone know when the ToS were changed to permit intercept and listening? If they've changed ToS to permit e2e, where it wasn't permitted before, without telling us that e2e is over, then they've also changed them to permit whatever they want, and any new uses will likewise see a change. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
I missed that one--do you have a URL? (I don't know German.) Sure, here is the translated quote from Kurt Sauer, head of the security division of Skype: ZDNet: What is the answer to my question, even if you can not listen to Skype calls? Sauer: We answer to this question: We provide a safe communication option available. I will not tell you whether we can listen to it or not. or in original German ZDNet: Was ist dann die Antwort auf meine Frage, ob selbst Sie Skype-Telefonate nicht abhören können? Sauer: Wir antworten auf diese Frage: Wir stellen eine sichere Kommunikationsmöglichkeit zur Verfügung. Ich werden Ihnen nicht sagen, ob wir dabei zuhören können oder nicht. found here http://www.zdnet.de/39151472/telefonieren-uebers-internet-wie-sicher-ist-skype-wirklich/ Again--not a religious/ideological question; merely, is there any evidence of Skype ever having been in-line-intercepted? I can't find it. I would agree there is no smoking gun, but there is not likely to be smoking gun. The question is can skype if it wanted to, could it allow a third party to intercept your communications and the answer is yes. The second question is would it do so, if you believe their privacy policy which might be there to just cover their ass, then the answer is yes. Finally what have companies in similar situations done in the past, and the answer is that they have always cooperated. This shouldn't be shocking, skype helps with Chinese government censorship. The central issue for me is that skype can force update itself ( http://community.skype.com/t5/Windows-desktop-client/Forced-update-done-with-Skype/td-p/108692). Such a capability is a backdoor, the question is if they will feel compelled to use it. This is a much larger issue than skype, any software that can force update itself, like most modern software, has a defacto backdoor. How can we design systems that can be remotely updated by third parties without having to completely trust those third parties? On Fri, May 24, 2013 at 11:33 PM, Eric S Johnson cra...@oneotaslopes.orgwrote: The evidence as I understand is this: 1. Skype has said in the german press that they can listen to communications I missed that one--do you have a URL? (I don't know German.) 2. Russian intelligence has said in the Russian press that Skype allows them to listen to communications Well ... the Russian press has reported ... ... but do we consider the Russian press a reliable source of information? Having lived in Russia for many years (and reading the articles in the original), I'd say not particularly, no. (That Vedomosti report has been the subject of much skepticism in the Russian blogosphere.) 3. The Skype privacy policy explicitly states that they will allow LE access to all communication when feasable Right--but that's not evidence that it's feasible, only that if it were feasible, Skype would do it when LEAs make a proper request. 4. Skype appears to be able to read URLs sent which sparked this email thread Oh, it's been true for nearly 2 yrs that newer versions of Skype upload copies of all IM sessions to MS's servers, and that's clearly stated in Skype's Terms of Service. Sure. But that's not at all the same thing as intelligence agencies are intercepting and reading Skype. (I do think it's strange MS's transparency report a couple months ago says they've not provided to LEAs any actual Skype content--only metadata; the existence of those IM logs, even if only kept for 30 days, would be (you'd think) of interest to LEAs.) Again--not a religious/ideological question; merely, is there any evidence of Skype ever having been in-line-intercepted? I can't find it. (Am not asserting it's the safest communications method in the world, just asking this particular question.) As an aside, I bet we could easily identify older versions of Skype (which still work fine) which don't upload IM session history to MS servers--in case someone wants to effectively turn off that feature. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Also adding to the evidence there was this story in which minutes were leaked from an Austrian counter terrorism meeting that stated that skype has a backdoor that helps the Austrian government listen to communications: At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations. This has been confirmed to heise online by a number of the parties present at the meeting. Skype declined to give a detailed response to specific enquiries from heise online as to whether Skype contains a back door and whether specific clients allowing access to a system or a specific key for decrypting data streams exist. http://www.h-online.com/security/news/item/Speculation-over-back-door-in-Skype-736607.html On Sat, May 25, 2013 at 10:20 AM, Ethan Heilman eth...@gmail.com wrote: I missed that one--do you have a URL? (I don't know German.) Sure, here is the translated quote from Kurt Sauer, head of the security division of Skype: ZDNet: What is the answer to my question, even if you can not listen to Skype calls? Sauer: We answer to this question: We provide a safe communication option available. I will not tell you whether we can listen to it or not. or in original German ZDNet: Was ist dann die Antwort auf meine Frage, ob selbst Sie Skype-Telefonate nicht abhören können? Sauer: Wir antworten auf diese Frage: Wir stellen eine sichere Kommunikationsmöglichkeit zur Verfügung. Ich werden Ihnen nicht sagen, ob wir dabei zuhören können oder nicht. found here http://www.zdnet.de/39151472/telefonieren-uebers-internet-wie-sicher-ist-skype-wirklich/ Again--not a religious/ideological question; merely, is there any evidence of Skype ever having been in-line-intercepted? I can't find it. I would agree there is no smoking gun, but there is not likely to be smoking gun. The question is can skype if it wanted to, could it allow a third party to intercept your communications and the answer is yes. The second question is would it do so, if you believe their privacy policy which might be there to just cover their ass, then the answer is yes. Finally what have companies in similar situations done in the past, and the answer is that they have always cooperated. This shouldn't be shocking, skype helps with Chinese government censorship. The central issue for me is that skype can force update itself ( http://community.skype.com/t5/Windows-desktop-client/Forced-update-done-with-Skype/td-p/108692). Such a capability is a backdoor, the question is if they will feel compelled to use it. This is a much larger issue than skype, any software that can force update itself, like most modern software, has a defacto backdoor. How can we design systems that can be remotely updated by third parties without having to completely trust those third parties? On Fri, May 24, 2013 at 11:33 PM, Eric S Johnson cra...@oneotaslopes.orgwrote: The evidence as I understand is this: 1. Skype has said in the german press that they can listen to communications I missed that one--do you have a URL? (I don't know German.) 2. Russian intelligence has said in the Russian press that Skype allows them to listen to communications Well ... the Russian press has reported ... ... but do we consider the Russian press a reliable source of information? Having lived in Russia for many years (and reading the articles in the original), I'd say not particularly, no. (That Vedomosti report has been the subject of much skepticism in the Russian blogosphere.) 3. The Skype privacy policy explicitly states that they will allow LE access to all communication when feasable Right--but that's not evidence that it's feasible, only that if it were feasible, Skype would do it when LEAs make a proper request. 4. Skype appears to be able to read URLs sent which sparked this email thread Oh, it's been true for nearly 2 yrs that newer versions of Skype upload copies of all IM sessions to MS's servers, and that's clearly stated in Skype's Terms of Service. Sure. But that's not at all the same thing as intelligence agencies are intercepting and reading Skype. (I do think it's strange MS's transparency report a couple months ago says they've not provided to LEAs any actual Skype content--only metadata; the existence of those IM logs, even if only kept for 30 days, would be (you'd think) of interest to LEAs.) Again--not a religious/ideological question; merely, is there any evidence of Skype ever having been in-line-intercepted? I can't find it. (Am not asserting it's the safest communications method in the world, just asking this particular question.) As an aside, I bet we could easily identify older versions of Skype (which still work fine) which don't upload IM session history to MS servers--in
Re: [cryptography] skype backdoor confirmation
Sauer: We answer to this question: We provide a safe communication option available. I will not tell you whether we can listen to it or not. In other words, no evidence there, either. (NB the question is do we have evidence. Not are we inclined to suspect, based on our intuition / religion / ideology / paranoia .) skype can force update itself Skype's auto-update feature can be turned off (at least, every version of Skype I've ever run allows that, including the one I'm running now, 6.3.0.107). At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations. I agree-this one (from 2008, thus well predating Skype's acquisition by MS) seems categorical. It seems like such an outlier, though, that one wonders whether it's based on a misunderstanding (as so many other reports of Skype can be monitored have been (usually because they're referring to monitoring one of the endpoints, not in-line interception)). I'm totally not asserting Skype is uncrackable (anything can be cracked, with enough computing power)-just looking for a smoking gun, or even a gun, or even smoke, or even a bullet-hole, or even a bullet casing, or even unused ammo, or anything vaguely evidence-like. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Sauer: We answer to this question: We provide a safe communication option available. I will not tell you whether we can listen to it or not. In other words, no evidence there, either. (NB the question is do we have evidence. Not are we inclined to suspect, based on our intuition / religion / ideology / paranoia .) skype can force update itself Skype's tools - options allows the auto-update feature to be turned off (I'm running 6.3.0.107). At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations. I agree-this one (from 2008, thus well predating Skype's acquisition by MS) seems categorical. It seems like such an outlier, though, that one wonders whether it's based on a misunderstanding (as so many other reports of Skype can be monitored have been (usually because they're referring to monitoring one of the endpoints, not in-line interception)). I'm totally not asserting Skype is uncrackable (anything can be cracked, with enough computing power)-just looking for a smoking gun, or even a gun, or even smoke, or even a bullet-hole, or even a bullet casing, or even unused ammo, or anything vaguely evidence-like. One option could be some sort of individual-forced-update, i.e. perhaps MS could be forced by an LEA to forcefully-update (even overriding the user-set no updates) a particular user's Skype client to make it surveillable. We know that the compromising an (insecure) update channel is one of the mechanisms used by e.g. Gamma's FinFisher. This would mean surveillability functionality wouldn't be built in to the normal Skype and thus couldn't be detected. And obviously, the lack of open-source-ness of the code would preclude understanding whether our belief that we can turn off updates is wrong. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Dear Eric, Eric S Johnson: Sauer: We answer to this question: We provide a safe communication option available. I will not tell you whether we can listen to it or not. In other words, no evidence there, either. There is also no useful definition of safe. Does that include secure? Does that mean safe from Skype? Safe from the Syrian government? Safe from anyone without a super computer? (NB the question is do we have evidence. Not are we inclined to suspect, based on our intuition / religion / ideology / paranoia .) We have all kinds of information that clearly shows evidence of interception capabilities. That information leads to many questions. I outlined a number of those issues in this post: http://lists.randombit.net/pipermail/cryptography/2013-May/004264.html It is not simply 'are we included to suspect' - we are past suspicion, now we are looking for explanations about the *scope* of the compromised communications channel. Please feel free to address the points I made in that email - both how each thing isn't concerning and how you imagine the system is built such that this evidence shouldn't concern anyone. skype can force update itself Indeed. Skype's auto-update feature can be turned off (at least, every version of Skype I've ever run allows that, including the one I'm running now, 6.3.0.107). How have you verified that a specific person cannot be targeted and that this setting is impossible to disregard? Generally, we require source code for such a verification. Furthermore, I wonder if an old patched Skype client that is remotely exploitable is really one where someone cannot update it remotely? It seems unlikely. At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations. I agree-this one (from 2008, thus well predating Skype's acquisition by MS) seems categorical. It seems like such an outlier, though, that one wonders whether it's based on a misunderstanding (as so many other reports of Skype can be monitored have been (usually because they're referring to monitoring one of the endpoints, not in-line interception)). The malware angle is a perfectly fine explanation and we have seen it time and time again. I'm totally not asserting Skype is uncrackable (anything can be cracked, with enough computing power) This statement here is madness or it is nonsense. Yes, if we brute force something over millions of years, anything may be cracked. Generally though, competently designed crypto systems are broken without brute force but through shortcuts or implementation flaws. In those cases, it is rarely a problem of computing power. When you say that nothing is uncrackable, I find it frustrating. Salsa20 isn't uncrackable but short of brute force, we know of nothing to speed up an attack against it. It is currently understood that bruteforce of Salsa20 will take a lot longer than a human lifetime, say on the order of the history of the entire human civilization give or take hundreds of millions of years. Skype on the other hand seems to require no cracking except perhaps for the link between the user's computer and a few Skype servers. This is very different from say, Salsa20; to suggest that this is even in the same ballpark is silly. -just looking for a smoking gun, or even a gun, or even smoke, or even a bullet-hole, or even a bullet casing, or even unused ammo, or anything vaguely evidence-like. They claim in their privacy policy to record data that people consider confidential, they interface with CALEA compliant telephone systems, they discover and fetch urls only shared between two parties over Skype, we know they have other metadata, we also see from Microsoft's report that they do have *some* data to hand over. It goes on and on. When we combine this with targeted malware, I think we would have to be blind to say that there is nothing even vaguely evidence-like. Even if we leave out the malware, the url scanning and the privacy policy are both directly observable without having a third party involved other than a friend you trust or by simply reading their website. I'd love to see examples from the competent court that Skype has traditionally recognized and to see evidence that they have produced under court order. My guess is that there is little that requires cracking at all and it simply requires compelling disclosure of logged or server side stored data. All the best, Jacob ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 19/05/13 22:41 PM, Jacob Appelbaum wrote: This patent by Microsoft may be of interest to those looking into Skype, automated interception and probably many other kinds of interception - note that this is not just a matter of recording, it in fact *tampers* with the data: Aspects of the subject matter described herein relate to silently recording communications. In aspects, data associated with a request to establish a communication is modified to cause the communication to be established via a path that includes a recording agent. Modification may include, for example, adding, changing, and/or deleting data within the data. The data as modified is then passed to a protocol entity that uses the data to establish a communication session. Because of the way in which the data has been modified, the protocol entity selects a path that includes the recording agent. The recording agent is then able to silently record the communication. http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2Sect2=HITOFFu=%2Fnetahtml%2FPTO%2Fsearch-adv.htmlr=1f=Gl=50d=PG01p=1S1=20110153809OS=20110153809RS=20110153809 Note that this is from 2009 and the Skype purchase was not finalized until 2011. Perhaps the authors (Ghanem; George; (Redmond, WA) ; Bizga; Lawrence Felix; (Monroe, WA) ; Khanchandani; Niraj K.; (Redmond, WA)) of that patent are open to discussing how they might improve on their patent for a peer to peer system as deployed today? :) I found that patent snippet interesting. Has Microsoft really patented the MITM? Is this a cunning plot to defeat Mallory by hitting him with IPR violations? The bind moggles... iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 2013-05-26 2:13 AM, Eric S Johnson wrote: Sauer: We answer to this question: We provide a safe communication option available. I will not tell you whether we can listen to it or not. In other words, no evidence there, either. Oh come on. We will not tell you tells us. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Does anyone on this list honestly doubt that intelligence agencies are intercepting and reading skype given both public statements by skype, the various news reports about governments state they are doing it, and the 200 year history of agencies and communication companies working together? Is the debate that (1). we don't know the exact method, or (2). can't prove it 100% or (3). that someone actual believes they aren't doing this? On Fri, May 24, 2013 at 3:49 AM, yersinia yersinia.spi...@gmail.com wrote: On Wed, May 22, 2013 at 9:41 AM, James A. Donald jam...@echeque.com wrote: On 2013-05-22 5:00 PM, yersinia wrote: Sorry for the top posting. Many company are using private social network these days. As usual someone internal to the organization has the right to record and sniff also the private traffic. Don't like ? Well, you can always use services as scrumbls. Perhaps not so secure from a nsa wiretap but sufficient in most case. Scrumbls? I am sorry. Typo. https://scrambls.com/ ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
At a minimum, it's is there any evidence--at all--other than guessing / suspicions / assumptions / presumptions / paranoia? It need not be a religious or ideological discussion; it need not be based on I believe it's happening or I don't believe it's happening--just, is there any evidence The evidence as I understand is this: 1. Skype has said in the german press that they can listen to communications 2. Russian intelligence has said in the Russian press that Skype allows them to listen to communications 3. The Skype privacy policy explicitly states that they will allow LE access to all communication when feasable 4. Skype appears to be able to read URLs sent which sparked this email thread I know of no communication company that refused to cooperate with an intelligence agency and Skype explicitly says they provide access to governments in their privacy policy, they have the capability to add a wiretap into skype since they control the software so it is certainly feasible. Why would skype lie in their privacy policy and say they would provide access and then not provide access? Skype, Skype's local partner, or the operator or company facilitating your communication may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information. Skype will provide reasonable assistance and information to fulfill this request and you hereby consent to such disclosure. http://www.skype.com/en/legal/privacy/ Other than skype publicly stating the method that they use, I'm not sure what would constitute better proof. On Fri, May 24, 2013 at 10:23 AM, Eric S Johnson cra...@oneotaslopes.org wrote: Does anyone on this list honestly doubt that intelligence agencies are intercepting and reading skype Is the debate that (1). we don't know the exact method, or (2). can't prove it 100% or (3). that someone actual believes they aren't doing this? At a minimum, it's is there any evidence--at all--other than guessing / suspicions / assumptions / presumptions / paranoia? It need not be a religious or ideological discussion; it need not be based on I believe it's happening or I don't believe it's happening--just, is there any evidence? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
It seems like there is this new narrative in some peoples minds about all companies backdoor everything and cooperate with law enforcement with no questions asked, what do you expect. I have to disagree strongly with this narrative to combat this narrative displacing reality! I've seen several people saying similar things in this thread. No I say. I think the point is not that a company could backdoor something. We know that companies that have information for whatever pre-existing reason that may help investigations will typically be expected to hand it over with appropropriate legal checks and balances, a court order, subpoena etc. Sometimes their lawyers will fight it if the subpoena is ridiculously broad, and thats not that unusual. Sometimes there are gag orders to prevent the fact that a subpoena was received from being disclosed to the target, or disclosed ever. The latter is considered fairly obnoxious. Now and then there are rumours or claims of forced changes that eg hushmail maybe changed some code in response to law enforcement request of some kind. However it is not the case that anything that could be backdoored is backdoored. Do you think all SMIME email clients, all SSL clients (embedded and browser), all SSL web servers, all VPNs are backdoored? I seriously doubt any of them are backdoored in fact. Would those taking the what do you expect narrative like to try your narrative against web servers and VPNs? Now web2.0 types of things that involve social media and messages being stored online obviously are targets for subpoenas and dont typically involve more than transport encryption. IM most of the clients are not end2end by design - ie like web20 there is transport encryption from client to server, but a central server that sees all traffic. As someone mentioned many companies run their own server for this reason (to avoid traffic being readable to the internet scale IM server operator). Skype was claimed to be end2end secure. The skype security review white paper saying so is still on their web page. The privacy policy just says they will hand over information they have, in response to valid legal requests, which is a non-statement, companies operatate in jurisdictions which issue legal requests. For all we know skype may still be end2end secure when used with a strong password, except for uploading URLs for some ill thought out malware checking. Or not, maybe thats happening server side, no one took the trouble to determine (its easy enough I think as I said just upload lots of URLs and same character count with no URLs and count the byte count of the traffic flow). The password reset doesnt sound so good, possibly not being technically end2end, but presumably you dont have to use that. So anyway, no, products riddled with backdoors is not acceptable, its not business as usual, and we do expect better. And if companies are advertising end2end security, and yet routinely decrypting all traffic, in many countries that could open them up to fines and possible prosecution for false advertising. Adam ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Danilo Gligoroski danilo.gligoro...@gmail.com wrote: 1. Indeed these discussions among the security community 2. Eventually some contacts with journalists will help the cause (one live demonstration on some security/crypto conference like Usenix, Black Hat, Crypto, ... will do the job). 3. I see a chance for some other product like: Zfone (that never took significant popularity),maybe Pidgin, maybe Cryptocat, ... 4. Even some open source security plugin for Skype. My two cents: 4a: A SSH Java open source wrapper around Skype will do the job. The chat logs or any other traffic that Skype is leaking to some Echelon-like spying sites will be externally encrypted by the SSH wrapper. Regards, David ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On Thu, May 23, 2013 at 09:38:18AM +0200, David Adamson wrote: Danilo Gligoroski danilo.gligoro...@gmail.com wrote: 1. Indeed these discussions among the security community 2. Eventually some contacts with journalists will help the cause (one live demonstration on some security/crypto conference like Usenix, Black Hat, Crypto, ... will do the job). 3. I see a chance for some other product like: Zfone (that never took significant popularity),maybe Pidgin, maybe Cryptocat, ... 4. Even some open source security plugin for Skype. My two cents: 4a: A SSH Java open source wrapper around Skype will do the job. The chat logs or any other traffic that Skype is leaking to some Echelon-like spying sites will be externally encrypted by the SSH wrapper. To move this thread a bit sideways, does anyone know whether Hangout claims to be end to end secure? Considering that Google is dropping XMPP support, I'm investigating other options, e.g. Jitsi. Has there been a security review for Jitsi? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On Mon, May 20, 2013 at 1:50 PM, Mark Seiden m...@seiden.com wrote: On May 20, 2013, at 1:18 PM, Nico Williams n...@cryptonector.com wrote: Corporations are privacy freaks. I've worked or consulted for a number of corporations that were/are extremely concerned about data exfiltration. this is completely dependent on context -- the kind of company, the communicants involved, the regulatory environment, the material being conveyed. the variability is about as high as for natural persons, i reckon. Yes, but there's always a need for privacy protection, and it's always well-justified and reasonable. And it's common to default to privacy protection. particularly in financial services, firms try to record and retain all of the communication with their customers in any channel. if they can't record it, they don't want to hear it (e.g. trading instructions sent via IM…) Recording is one thing, but those recordings still need privacy protection. Customer data is treasured. I'd not advise such corporations to use Skype without an agreement with Skype as to what can/does happen to the their data, or else to be very careful about what is exchanged over Skype. And it does happen that sometimes a corporation's employees need to communicate with people over Skype or similar *external* systems. you can advise whatever you fancy, but skype, google, microsoft are unlikely to agree to any such thing unless your client is a Really Big company who pays them a lot of money. and why should they even bother their lawyers? pretty much, their service Is What it Is, take it or leave it. Contracts are contracts. Especially if you pay for a service and privacy protection is stipulated, then the service provider has civil liability. And if you have the pocket depth for a lawsuit you have a good chance of getting said privacy protection, though not likely in relation to LEA (that depends on applicable laws and how much LEA respects them). of course, your clients are free to use some other service that provides what they're looking for or… do it themselves, which gives them total control and the high costs that go with that. Correct. But it's not always easy. People can write their own mobile apps, but that's expensive, and you still get to concern yourself with whether the device vendor can MITM you through the app store. Fortunately HTML5 is making as-good-as-native apps possible for mobiles. Beyond corporations, individuals absolutely have a right to private communications with their lawyers, etc... And there need not be any criminal or civil liability for an individual to hide. For example, if I were trying to patent something, I'd want my communications with my lawyer kept secret. oh, have you looked into how your lawyer receives your email? probably they host with the likes of google or some other outsourcer, because they're in the business of law, not IT. I'm aware. I send sensitive documents to them via other methods, or encrypted over e-mail and then give them the passphrase out of band. do you use how they receive their email as a criterion for how you choose your patent lawyer? No. I assume e-mail is public and refrain from sending sensitive information that way. last time i looked, the ABA does not require anything unusual, such as encryption, for privileged communcation. That's because there's no real, workable e-mail encryption solution, not one that lawyers and their typical clients can use easily. Nico -- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Jitsi is XMPP or SIP. For the text-part, they have built-in support for OTR. Otherwise, there is no end-to-end secrecy as far as I know. For voicecalls, they have something similar, with some shared-secret verification which is validated using the text-channel, which is best secured with OTR I guess. I know of no throughout reviews of their model though. regards, Jonas ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
They have implemented ZRTP for end to end security. It works with a diffie hellman key exchange, while protecting against man-in-the-middle attackers by comparing Short Authentication Strings (SAS). When you know the voice of the other person you can exclude Eve. see https://jitsi.org/Documentation/ZrtpFAQ Regards Dominik On 23.05.2013 20:01, Jonas Wielicki wrote: Jitsi is XMPP or SIP. For the text-part, they have built-in support for OTR. Otherwise, there is no end-to-end secrecy as far as I know. For voicecalls, they have something similar, with some shared-secret verification which is validated using the text-channel, which is best secured with OTR I guess. I know of no throughout reviews of their model though. regards, Jonas ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography signature.asc Description: OpenPGP digital signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
can someone give a few lines of explanation on how the Retained shared Secret (RS) is used in ZRTP? second, is it possible for an attacker to force an RS validation error (e.g. simulating network connection error by having a router drop packets) and then MiTM the DH handshake? the SAS is only 4 characters. presumably this is ascii so 2^27 = 531441 possibilities. On average the active MiTM attacker would need to try only half of them (real time) to find a collision. Do parties first commit (e.g. send H(N,g^x)) prior to sending their g^x to avoid the latter problem? If so, then what's the use of the SAS? Sorry if all those questions are trivial... Wasa On 23/05/2013 19:05, Dominik Schürmann wrote: They have implemented ZRTP for end to end security. It works with a diffie hellman key exchange, while protecting against man-in-the-middle attackers by comparing Short Authentication Strings (SAS). When you know the voice of the other person you can exclude Eve. see https://jitsi.org/Documentation/ZrtpFAQ Regards Dominik On 23.05.2013 20:01, Jonas Wielicki wrote: Jitsi is XMPP or SIP. For the text-part, they have built-in support for OTR. Otherwise, there is no end-to-end secrecy as far as I know. For voicecalls, they have something similar, with some shared-secret verification which is validated using the text-channel, which is best secured with OTR I guess. I know of no throughout reviews of their model though. regards, Jonas ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 About the SAS: ZRTP uses a so called Hash Commitment with traditional Hashes before generating SAS values for voice comparison. See http://zfone.com/docs/ietf/rfc6189bis.html#HashCommit The use of hash commitment in the DH exchange constrains the attacker to only one guess to generate the correct Short Authentication String (SAS) in his attack, which means the SAS can be quite short. A 16-bit SAS, for example, provides the attacker only one chance out of 65536 of not being detected. Without this hash commitment feature, a MiTM attacker would acquire both the pvi and pvr public values from the two parties before having to choose his own two DH public values for his MiTM attack. He could then use that information to quickly perform a bunch of trial DH calculations for both sides until he finds two with a matching SAS. To raise the cost of this birthday attack, the SAS would have to be much longer. The Short Authentication String would have to become a Long Authentication String, which would be unacceptable to the user. A hash commitment precludes this attack by forcing the MiTM to choose his own two DH public values before learning the public values of either of the two parties. Regards Dominik On 23.05.2013 20:59, Wasabee wrote: can someone give a few lines of explanation on how the Retained shared Secret (RS) is used in ZRTP? second, is it possible for an attacker to force an RS validation error (e.g. simulating network connection error by having a router drop packets) and then MiTM the DH handshake? the SAS is only 4 characters. presumably this is ascii so 2^27 = 531441 possibilities. On average the active MiTM attacker would need to try only half of them (real time) to find a collision. Do parties first commit (e.g. send H(N,g^x)) prior to sending their g^x to avoid the latter problem? If so, then what's the use of the SAS? Sorry if all those questions are trivial... Wasa On 23/05/2013 19:05, Dominik Schürmann wrote: They have implemented ZRTP for end to end security. It works with a diffie hellman key exchange, while protecting against man-in-the-middle attackers by comparing Short Authentication Strings (SAS). When you know the voice of the other person you can exclude Eve. see https://jitsi.org/Documentation/ZrtpFAQ Regards Dominik On 23.05.2013 20:01, Jonas Wielicki wrote: Jitsi is XMPP or SIP. For the text-part, they have built-in support for OTR. Otherwise, there is no end-to-end secrecy as far as I know. For voicecalls, they have something similar, with some shared-secret verification which is validated using the text-channel, which is best secured with OTR I guess. I know of no throughout reviews of their model though. regards, Jonas ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJRnmn+AAoJEHGMBwEAASKCDP8H/id2iQhe53uzeZH20K89mcKd 44WWMUkyo9MROK5nH2/7B+KhrWQVLTqeToE3SqfwSBnQiBde+CY2lPnDgvN+M1ax 8p6ES2umbgHXM9Cg9qzW+AKEW7QmoyeaVu4f6g9zsrJDOMzx9XjWLoKQjKgjNL89 Bw1rVbFKoZEmT/XzEBrzm8UyxyYClXQvOe5XQ8o5ICeMKvCwFCCmKDMFjMyDsInf 2x+mxJqoImntWKQp9SigdLIxQ0upt3zK0XsvSKbSB6eupLgv6SpgiUsP1MWFk9ML q0dzom+A5BS8E8UD5GOXUunOCAGZNhoLAGPgEZkgeyl6pEmV/bQW35VeGHDqge0= =uVm2 -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 2013-05-23 3:28 AM, Florian Weimer wrote: * Adam Back: If you want to claim otherwise we're gonna need some evidence. https://login.skype.com/account/password-reset-request This is impossible to implement with any real end-to-end security. Skype's claim was that it was end to end, except for the possibility of man in the middle attack by Skype, and only by Skype. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Sorry for the top posting. Many company are using private social network these days. As usual someone internal to the organization has the right to record and sniff also the private traffic. Don't like ? Well, you can always use services as scrumbls. Perhaps not so secure from a nsa wiretap but sufficient in most case. Best regards 2013/5/19, Jeffrey Walton noloa...@gmail.com: On Sat, May 18, 2013 at 5:40 PM, mark seiden m...@seiden.com wrote: opt *out* of… (obviously) Not possible in many cases. I don't like IM but I have to use it on occasions for my job. Ditto for license agreements from handset manufacturers, carriers, operating systems, business software and the like. How Corporations Affect Us Directly, http://www.polisci.ccsu.edu/trieb/ecocon.htm: The services of these companies are so necessary in conducting business - and, in fact, in just functioning - in the world today that we have to go along with their rules. Jeff On May 18, 2013, at 2:38 PM, mark seiden m...@seiden.com wrote: except bad guys will always opt of having their content inspected. so it just doesn't work in this case. On May 18, 2013, at 10:46 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, May 18, 2013 at 1:24 PM, mark seiden m...@seiden.com wrote: ... there are numerous other IM systems that are server centric and do a lot of work to look for and filter bad urls sent in the message stream. this is intended to be for the benefit of the users in filtering spam, phishing, malware links, particularly those that spread virally through buddy lists of taken over accounts. sometimes these links (when believed to be malicious) are simply (and silently) not forwarded to the receiving user. this involves databases of link and site reputation, testing of new links, velocity and acceleration measurements, etc.the usual spam filtering technology. my impression is that almost all users thank us for doing that job of keeping them safe. they understand that IM is yet another channel for transmitting spam. the url filtering is aggressive enough (and unreliable enough) in some cases that you have to check with your counterparty in conversation if they got that link you just sent. so users are aware of it, if only as an annoyance. (once again, spam filtering gets in the way of productive communication) i am merely telling you how it is. obviously user expectations differ on AIM, Yahoo Messenger, etc. from those of users on Skype, some of whom believe there is magic fairy dust sprinkled on it, and that it is easier to use than something else with OTR as a plugin. Perhaps the user should be given a choice. The security dialog could have three mutually exclusive choices: * Scan IM messages for dangerous content from everyone. This means company will read (and possibly retain) all of your messages to determine if some (or all) of the message is dangerous. * Scan IM messages for dangerous content from people you don't know. This means company will read (and possibly retain) some of your messages to determine if some (or all) of the message is dangerous. * Don't scan IM messages for dangerous content . This means only you and the sender will read your messages. Give an choice, it seems like selection two is a good balance. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography -- Inviato dal mio dispositivo mobile ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 2013-05-22 5:00 PM, yersinia wrote: Sorry for the top posting. Many company are using private social network these days. As usual someone internal to the organization has the right to record and sniff also the private traffic. Don't like ? Well, you can always use services as scrumbls. Perhaps not so secure from a nsa wiretap but sufficient in most case. Scrumbls? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
This presupposes custom malware written for the specific target. Not always. It presumes that someone may pack a binary just for a single target - this is however an automated process for lots of malware packages. Highly customized spearphish attacks are unlikely to be detected, but require a lot of smarts per attack. Government does not display evidence of a lot of smarts. Here is a counter point that I discovered last week at Oslo Freedom Forum: http://www.economist.com/blogs/erasmus/2013/05/islam-internet-and-privacy This was an extremely lame backdoor and it worked very well. Government employees are seldom the sharpest blade in the box. Governments hire people with our tax dollars who when paid well, will do better and we see it in the wild. They use a standard package written by a private contractor, and use it over and over again, and use it badly and crudely. And that private contractor is not going to let them use source code, because it would leak, and because they would no more know what to do with source code that your mother would. This is largely false in most cases that I've seen or heard about in the wild. Yes, there are toolkits and frameworks. Source code is escrowed from such companies to governments, I believe this was just reported as having happened in Germany with FinFisher. A more likely attack is spearphishing - standard malware with an attack vector customized to the individual but off the shelf script kiddy code - social, rather than code, customization. And even that is a stretch. Cops just don't put that much work in. Yes, yes they do: http://www.scmagazine.com/finfisher-command-and-control-hubs-turn-up-in-11-new-countries/article/291252/ Now suppose instead of the police, it is a foreign government trying to get secret research data. Maybe instead of targeting one research group, they just target, say, anyone who keeps Matlab source code in a git repository. By Matlab source code, you presumably mean source code written to be interpreted by Matlab. How many people in government employment can write and understand Matlab source code? And if they targeted everyone that is a lot of people. Someone is going to notice. While I generally understand your arguments, I think you underestimate the capabilities of even local police officers. There are point and click tools, custom tools and everything in between. Now if someone is working on a missile, /him/ they might well target - but he is not going to have his matlab source code on a public repository. If you are targeting everyone, in the hope of catching a few big fish, then you are going to do what the botnet operators do, and will be detected the way botnet operators are detected. Customized solutions are the standard operating procedure. I encourage you to read this: http://www.gpo.gov/fdsys/pkg/CHRG-112hhrg64581/html/CHRG-112hhrg64581.htm === Ms. Chu. Okay. Last question. If we do grant the FBI the authority it seeks, will this stop sophisticated criminals and terrorists from encrypting their communication, or will they simply start using communication tools provided by companies or programmers outside the U.S.? And what do we do when criminals start using secure communication tools provided by developers associated with the WikiLeaks organization, who will ignore requests by U.S. law enforcement agencies? Ms. Caproni. Thank you for that question. There will always be criminals, terrorists, and spies who use very sophisticated means of communications that are going to create very specific problems for law enforcement. We understand that there are times when you need to design an individual solution for an individual target, and that is what those targets present. We are looking for a better solution for most of our targets, and the reality is, I think, sometimes we want to think that criminals are a lot smarter than they really are. Criminals tend to be somewhat lazy, and a lot of times, they will resort to what is easy. And so, long as we have a solution that will get us the bulk of our targets, the bulk of criminals, the bulk of terrorists, the bulk of spies, we will be ahead of the game. We can't have individual--have to design individualized solutions as though they were a very sophisticated target who was self- encrypting and putting a very difficult encryption algorithm on for every target we confront because not every target is using such sophisticated communications. == Governments may be incompetent but that doesn't mean that it is not preying on people. Quite the opposite, I think. All the best, Jacob ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
ianG wrote: Skype made their reputation as being free and secure (e2e) telephony. The latter was something that many people bought into. It is now the largest telco in the world, by minutes, in no small part because people enjoyed both security as well as free calls to their friends. Yes. A typical luring strategy. First you offer something good and e2e secure (even confirmed by independent auditors), build a huge base of users, then by Important Security Updates you actually remove the luring part i.e. the e2e security. If indeed they have done this, then people like us -- the security community -- are entitled to report the deception widely. In the awareness rising I see several options: 1. Indeed these discussions among the security community 2. Eventually some contacts with journalists will help the cause (one live demonstration on some security/crypto conference like Usenix, Black Hat, Crypto, ... will do the job). 3. I see a chance for some other product like: Zfone (that never took significant popularity),maybe Pidgin, maybe Cryptocat, ... 4. Even some open source security plugin for Skype. Danilo! ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Cops just don't put that much work in. On 2013-05-22 5:41 PM, Jacob Appelbaum wrote: Yes, yes they do: http://www.scmagazine.com/finfisher-command-and-control-hubs-turn-up-in-11-new-countries/article/291252/ That governments attempt to spy on people is not evidence that they any good at it. If they were half way competent, it would not be possible to detect these hubs. While I generally understand your arguments, I think you underestimate the capabilities of even local police officers. There are point and click tools, custom tools and everything in between. Local police can no more do this stuff than your mother can, and the FBI is not a whole lot better. Consider for example, the boston bombing. Interested parties threw away Tsarnaev's laptop, indicating he had been doing interesting things on the internet. Despite the fact that the FBI had been told by the Russian intelligence service Tsarnaev was a terrorist, they had failed to collect any interesting internet communications. Customized solutions are the standard operating procedure. I encourage you to read this: http://www.gpo.gov/fdsys/pkg/CHRG-112hhrg64581/html/CHRG-112hhrg64581.htm Upon reading it, I find the unsurprising information: Simply stated, the technical capabilities of law enforcement agencies have not kept pace with the dazzling array of new communication devices and other technologies that are now widely available in the marketplace. This tells me that not that the police are super terrific hackers who produced customized malware for each person's computer, but that they are your mother. === Ms. Caproni. Thank you for that question. There will always be criminals, terrorists, and spies who use very sophisticated means of communications that are going to create very specific problems for law enforcement. We understand that there are times when you need to design an individual solution for an individual target, and that is what those targets present. We are looking for a better solution for most of our targets, and the reality is, I think, sometimes we want to think that criminals are a lot smarter than they really are. Criminals tend to be somewhat lazy, and a lot of times, they will resort to what is easy. And so, long as we have a solution that will get us the bulk of our targets, the bulk of criminals, the bulk of terrorists, the bulk of spies, we will be ahead of the game. We can't have individual--have to design individualized solutions as though they were a very sophisticated target who was self- encrypting and putting a very difficult encryption algorithm on for every target we confront because not every target is using such sophisticated communications. This tells us that they would like to have customized solutions, that they aspire to have customized solutions, but that instead of customized solutions they rely on Google and Microsoft vacuuming everything up and handing it to them on a platter tied up with a pink ribbon. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 22.05.2013 10:45, James A. Donald wrote: This tells me that not that the police are super terrific hackers who produced customized malware for each person's computer, but that they are your mother. ... your mother, with a bit of monetary power to simply purchase the knowledge and the tools on the market. It's not like you can't buy enough knowledge from any mediocre CS crypto student. --Mo ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
James A. Donald: Cops just don't put that much work in. On 2013-05-22 5:41 PM, Jacob Appelbaum wrote: Yes, yes they do: http://www.scmagazine.com/finfisher-command-and-control-hubs-turn-up-in-11-new-countries/article/291252/ That governments attempt to spy on people is not evidence that they any good at it. Of course. They are quite good at it. Their successes are well documented: https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/ https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferation-2/ If they were half way competent, it would not be possible to detect these hubs. You keep saying that and they're still compromising people. They only have to be slightly competent and the evidence shows that they are competent enough. While I generally understand your arguments, I think you underestimate the capabilities of even local police officers. There are point and click tools, custom tools and everything in between. Local police can no more do this stuff than your mother can, and the FBI is not a whole lot better. Wow. First of all, I'm not sure why you use such sexist comparisons - what is the implication about my mother exactly? That the government is hardly half way competent and in that, they're just slightly better than my mother? Classy. You're also wrong about the FBI and the police - they are quite good at it. Defense is a hard problem and overall, we're losing this battle every day. Consider for example, the boston bombing. Interested parties threw away Tsarnaev's laptop, indicating he had been doing interesting things on the internet. Despite the fact that the FBI had been told by the Russian intelligence service Tsarnaev was a terrorist, they had failed to collect any interesting internet communications. Hardly. Furthermore, we've heard that we're not even getting the full picture: http://www.guardian.co.uk/commentisfree/2013/may/04/telephone-calls-recorded-fbi-boston You suggest that because we haven't seen it - it isn't happening. We know that this spying happens and that it is rarely openly discussed. Customized solutions are the standard operating procedure. I encourage you to read this: http://www.gpo.gov/fdsys/pkg/CHRG-112hhrg64581/html/CHRG-112hhrg64581.htm Upon reading it, I find the unsurprising information: Simply stated, the technical capabilities of law enforcement agencies have not kept pace with the dazzling array of new communication devices and other technologies that are now widely available in the marketplace. This tells me that not that the police are super terrific hackers who produced customized malware for each person's computer, but that they are your mother. Look at the wiretap statistics - the FBI had no trouble with cryptography in interception. They're playing both sides of the game and they're doing quite well. Zero cases stopped by crypto, how do you suppose that happens? Do you think they can break all the crypto? Or do you suppose that perhaps they're better at malware? === Ms. Caproni. Thank you for that question. There will always be criminals, terrorists, and spies who use very sophisticated means of communications that are going to create very specific problems for law enforcement. We understand that there are times when you need to design an individual solution for an individual target, and that is what those targets present. We are looking for a better solution for most of our targets, and the reality is, I think, sometimes we want to think that criminals are a lot smarter than they really are. Criminals tend to be somewhat lazy, and a lot of times, they will resort to what is easy. And so, long as we have a solution that will get us the bulk of our targets, the bulk of criminals, the bulk of terrorists, the bulk of spies, we will be ahead of the game. We can't have individual--have to design individualized solutions as though they were a very sophisticated target who was self- encrypting and putting a very difficult encryption algorithm on for every target we confront because not every target is using such sophisticated communications. This tells us that they would like to have customized solutions, that they aspire to have customized solutions, but that instead of customized solutions they rely on Google and Microsoft vacuuming everything up and handing it to them on a platter tied up with a pink ribbon. This report was from a few years ago. They're getting that data from the companies, from malware, from surveillance both targeted and strategic; it is really weird to say that they're not having their needs met. We've known that Green Lantern, the FBI malware, was designed, built and deployed in the 1990s. All the best, Jacob ___ cryptography mailing list cryptography@randombit.net
Re: [cryptography] skype backdoor confirmation
On May 22, 2013, at 5:59 AM, Jacob Appelbaum ja...@appelbaum.net wrote: James A. Donald: Cops just don't put that much work in. On 2013-05-22 5:41 PM, Jacob Appelbaum wrote: Yes, yes they do: http://www.scmagazine.com/finfisher-command-and-control-hubs-turn-up-in-11-new-countries/article/291252/ That governments attempt to spy on people is not evidence that they any good at it. Of course. They are quite good at it. Their successes are well documented: https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/ https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferation-2/ also the very colorful http://epic.org/crypto/scarfo.html (this is all from memory, but… a keylogger was installed in a black bag job with a magistrate warrant (on nicky scarfo jr, the son of an imprisoned mobster nicky scarfo sr) accused of loan sharking and racketeering (as i recall). in a previous search they had found a pgp encrypted spreadsheet and wanted the passphrase. the keylogger supposedly satisfied the minimization requirements (suppressing logging when he used aol on a dialup…) (i really want to know how that worked…) they didn't get the passphrase during the first term of the first warrant (couple months, as i recall.) not much of a loanshark, doesn't update his books in a couple months, hm… then they renewed the warrant… and finally got him typing the passphrase…. which was his father's federal prison number. duh. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On Wed, May 22, 2013 at 10:07 AM, Mark Seiden m...@seiden.com wrote: On May 22, 2013, at 5:59 AM, Jacob Appelbaum ja...@appelbaum.net wrote: James A. Donald: http://www.scmagazine.com/finfisher-command-and-control-hubs-turn-up-in-11-new-countries/article/291252/ That governments attempt to spy on people is not evidence that they any good at it. Of course. They are quite good at it. Their successes are well documented: https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/ https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferation-2/ also the very colorful http://epic.org/crypto/scarfo.html (this is all from memory, but… a keylogger was installed in a black bag job with a magistrate warrant (on nicky scarfo jr, the son of an imprisoned mobster nicky scarfo sr) accused of loan sharking and racketeering (as i recall). in a previous search they had found a pgp encrypted spreadsheet and wanted the passphrase. the keylogger supposedly satisfied the minimization requirements (suppressing logging when he used aol on a dialup…) (i really want to know how that worked…) http://www.justice.gov/criminal/cybercrime/docs/ssmanual2009.pdf: The Pen/Trap statute authorizes a government attorney to apply to a court for an order authorizing the installation of a pen register and/or trap and trace device if “the information likely to be obtained is relevant to an ongoing criminal investigation.” and The government must also use “technology reasonably available to it” to avoid recording or decoding the contents of any wire or electronic communications. 18 U.S.C. § 3121(c). When there is no way to avoid the inadvertent collection of content through the use of reasonably available technology, DOJ policy requires that the government may not use any inadvertently collected content in its investigation. However, a few courts have gone beyond the statute’s requirement that the government use technology reasonable available to it to avoid collecting content. Citing the exclusion of contents from the definitions of pen register and trap and trace device, these courts have stated or implied that the government cannot use pen/trap devices that might collect any content at all. ... they didn't get the passphrase during the first term of the first warrant (couple months, as i recall.) not much of a loanshark, doesn't update his books in a couple months, hm… then they renewed the warrant… and finally got him typing the passphrase…. which was his father's federal prison number. duh. http://www.justice.gov/criminal/cybercrime/docs/ssmanual2009.pdf: A pen/trap order may authorize the installation and use of a pen/trap device for up to sixty days and may be extended for additional sixty-day periods. See 18 U.S.C. § 3123(c). and At least one court has adopted the severe position that suppression is appropriate when the government fails to comply with court-imposed limits on the time period for reviewing seized computers. In United States v. Brunette, 76 F. Supp. 2d 30 (D. Me. 1999), a magistrate judge permitted agents to seize the computers of a child pornography suspect on the condition that the agents searched through the computers for evidence “within 30 days.” The agents executed the search five days later and seized several computers. A few days before the thirty-day period elapsed, the government applied for and obtained a thirty-day extension of the time for review. The agents then reviewed all but one of the seized computers within the thirty-day extension period, and found hundreds of images of child pornography. However, the agents did not begin reviewing the last of the computers until two days after the extension period had elapsed. The defendant moved for suppression of the child pornography images found in the last computer, on the ground that the search outside of the sixty-day period violated the terms of the warrant and subsequent extension order. The court agreed, stating that “because the Government failed to adhere to the requirements of the search warrant and subsequent order, any evidence gathered from the . . . computer is suppressed.” Id.at 42. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
So, the review is not invalid. And, even when Skype changes its model, the review remains valid. There are now features that are incompatible with the design sketched in the report, such as user password recovery and call forwarding. The key management never was end-to-end, and we'd view that somewhat differently these days (I think). ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
You know thats the second time you claimed skype was not end2end secure. Did you read the skype independent security review paper that Ian posted a link to? http://download.skype.com/share/security/2005-031%20security%20evaluation.pdf It is cleary and unambiguously claimed that skype WAS end to end secure. If you want to claim otherwise we're gonna need some evidence. I know they provided certification of the user identity, but as they provided the namespace its not clearly what else they could easily do, without exposing users to fingerprints, x509 certificates (which are not free) or PGP WoT. I dont think you can use that to make blanket statements that it was never end2end secure. Also you say there are now features which are incompatible. Really? What features? Adam On Wed, May 22, 2013 at 06:57:09PM +0200, Florian Weimer wrote: So, the review is not invalid. And, even when Skype changes its model, the review remains valid. There are now features that are incompatible with the design sketched in the report, such as user password recovery and call forwarding. The key management never was end-to-end, and we'd view that somewhat differently these days (I think). ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
* Adam Back: If you want to claim otherwise we're gonna need some evidence. https://login.skype.com/account/password-reset-request This is impossible to implement with any real end-to-end security. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks, we recently wrote a small section about skype with some references: http://sufficientlysecure.org/uploads/skype.pdf Interesting references (from 2005, 2006): http://www.ossir.org/windows/supports/2005/2005-11-07/EADS-CCR_Fabrice_Skype.pdf http://secdev.org/conf/skype_BHEU06.pdf In my understanding it provided some sort of minimum end-to-end security in the past, but it could never be verified as it is a highly obfuscated protocol. Regards Dominik On 22.05.2013 19:28, Florian Weimer wrote: * Adam Back: If you want to claim otherwise we're gonna need some evidence. https://login.skype.com/account/password-reset-request This is impossible to implement with any real end-to-end security. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJRnQNPAAoJEHGMBwEAASKC5woH/3RJCrM4mXhvFwAHCGf4Hdpo dtP5NkZNHTrpTT2Gj6ECbfbD6GZLg+RxeBimDiVEpIovW9lyB/T3bV/yBqkE7ZDV xdFYGMH5+ZBxpg8q3K8D6hL1maLSV7DWRyye5z45/DVmLPe1Sax3Dh7XHOn1k0k8 VI3ck/YLTaOIBhaifc7qXBAV8gWs/GjCpr+o3+S23SLLTWV8Qla2nucwCdtKVQAM LWMH5I0mBMssVF3dKkPvGtinoJ51gqiZb19z+2DwNucRPHOo2+kZNFpjafNKqjsh 1TGU1d/DmUsDQsMeUoprRG2yt6hORIb2ZYgG49JzuQa7Zya3TIzhGsfIjN5Nk8M= =yIS5 -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
I dont think your inference is necessarily correct. With reference to the Berson report, consider the skype RSA keypair was for authentication only (authenticating ephemeral key-exchange as described in the paper). The public RSA key is certified by skype as belonging to your identity. They would be able to do an email password reset with your client generating a new keypair and skype recertifying it, using your knowledge of the new password hash and ability to receive email at the registered address as authorization. Of course typing the password on the website (as it is now) would have some trust-us limitations if it is not hashing the password in jscript. I see there is jscript and the password reset will tell you need to enable jscript, but I didnt actually see any evidence of pbkdf2/sha/md5 etc in that code, however it has been minified and the browser itself does support some kinds of password hashing, so thats not definitive. Even if it doesnt do password hashing client side they may claim that it doesnt record the password server side, just hash and store. But also and my point: its hard to say at this point how password reset worked at the time the report was written (2005). Also it can be a defense that if its a choice between losing a user, who prefers convenience over security, to offer a web based password reset is optional. A user who cares can use a strong password entered only in the client, and back it up. Adam On Wed, May 22, 2013 at 07:28:30PM +0200, Florian Weimer wrote: * Adam Back: If you want to claim otherwise we're gonna need some evidence. https://login.skype.com/account/password-reset-request This is impossible to implement with any real end-to-end security. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Indeed it was understood that skype's coding was described as akin to a polymorphic virus. However it was also considered that this was for business reasons to make it difficult for competing products to interoperate at the codec, and protocol level. I notice that those two papers do NOT make the claim that skype learns the communications encryption session key as part of the protocol, but rather as I was saying, their only ability stemmed from being the CA issuing identity certificates, and therefore could construct two fake certificates, and somehow persuading the p2p network to route the real users to the MITM (holding a fake cert for both parties). (The session key that is mentioned as part of the server auth protocol is used to encrypt the hashed password and emphemeral RSA key used for authentication, not as far as I understand the traffic, that happened end2end in a separate protocol). Adam On Wed, May 22, 2013 at 07:41:38PM +0200, Dominik Schürmann wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks, we recently wrote a small section about skype with some references: http://sufficientlysecure.org/uploads/skype.pdf Interesting references (from 2005, 2006): http://www.ossir.org/windows/supports/2005/2005-11-07/EADS-CCR_Fabrice_Skype.pdf http://secdev.org/conf/skype_BHEU06.pdf In my understanding it provided some sort of minimum end-to-end security in the past, but it could never be verified as it is a highly obfuscated protocol. Regards Dominik On 22.05.2013 19:28, Florian Weimer wrote: * Adam Back: If you want to claim otherwise we're gonna need some evidence. https://login.skype.com/account/password-reset-request This is impossible to implement with any real end-to-end security. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJRnQNPAAoJEHGMBwEAASKC5woH/3RJCrM4mXhvFwAHCGf4Hdpo dtP5NkZNHTrpTT2Gj6ECbfbD6GZLg+RxeBimDiVEpIovW9lyB/T3bV/yBqkE7ZDV xdFYGMH5+ZBxpg8q3K8D6hL1maLSV7DWRyye5z45/DVmLPe1Sax3Dh7XHOn1k0k8 VI3ck/YLTaOIBhaifc7qXBAV8gWs/GjCpr+o3+S23SLLTWV8Qla2nucwCdtKVQAM LWMH5I0mBMssVF3dKkPvGtinoJ51gqiZb19z+2DwNucRPHOo2+kZNFpjafNKqjsh 1TGU1d/DmUsDQsMeUoprRG2yt6hORIb2ZYgG49JzuQa7Zya3TIzhGsfIjN5Nk8M= =yIS5 -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 20/05/13 21:02 PM, Adam Back wrote: The user, encrypted with their password. Its roamable but the keys were end2end encrypted with the user password. The independent audit skype paid for of their crypto design is probably still online. By Tom Berson, 2005. I do not know the gentleman but I am told by at least one person (prolific contributor and very knowledgeable security guy) that Tom is the business. http://download.skype.com/share/security/2005-031%20security%20evaluation.pdf (Though possibly no longer valid). Just on that point: An audit is always a point-in-time check. It is a reflection of the past, and not a prediction of the future. It is an indication that an external review found that what Skype said up until the end of the review was aligned with what they were doing internally. So, the review is not invalid. And, even when Skype changes its model, the review remains valid. The public perception is that a review is some form of guarantee of future behaviour, but it is not. Auditors will engage in their own forms of deception by letting that public perception permeate the minds, but their TOS (again!) and other documentation will clearly state that it is always about the past. Where it does effect the future is that it presents the company with a choice to get better from their record. Or worse. Which is precisely the place Skype finds itself in... We dont know if they are uploading the urls over a side channel for anti-malware or pulling them out of the MITM stream on the server. I think you could tell simply without reverse engineering: just paste lots of long urls and sniff the traffic volume vs pasting lots of the same amount of text without urls. Someone want to try that before they take it down? Good point. Facts are important. iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 21/05/13 10:17 AM, ianG wrote: http://download.skype.com/share/security/2005-031%20security%20evaluation.pdf Just because it is a superlative example of a clear statement, here is what Tom said about their Security Policy: 1.2 Security Policy A Security Policy defines what “security” means in the context of a system and allows one to answer the question, “Is this system secure?” A security policy is a great help to designers, implementers, operators, managers, and users of a system. The Skype Security Policy is: 1. Skype usernames are unique. 2. Users or applications must present a Skype username and its associated authentication credential (e.g., password) before they exercise that username’s identity or privileges. 3. Each peer correctly provides the other with proof of its username and privileges whenever a Skype session is established. Each verifies the other’s proof before the session is allowed carry messages (e.g., voice, video, files, or text). 4. Messages transmitted through a Skype session are encrypted from Skype-end to Skype-end. No intermediary node, if any exist, has access to the meaning of these messages. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On Tue, 21 May 2013 14:17:02 +1000 James A. Donald jam...@echeque.com wrote: Police install malware by black bagging, and by the same methods as botnets. Both methods are noticeable. I do not think the following scenario is terribly far-fetched: Suppose the police want to target a grad student in a CS department at a major university. The police enter the server room, insert some malware into the student's research group's git repository, and waits for the student to merge the changes. The next time the student runs whatever code she is working on, the malware will be installed; the malware then installs a keystroke logger, enables the microphone, etc. The malware can be even more secretive, only activating on a specific computer (the target's) or perhaps the police could modify the software on the server to only send the malware to the target. Now, let's change this somewhat. Instead of sneaking into a server room (or presenting the school with a court order), the police compromise another grad student's computer, and simply commit their malware to the group's repository (do you think researchers actually read commit logs, when they have a deadline in a few days?). Now suppose instead of the police, it is a foreign government trying to get secret research data. Maybe instead of targeting one research group, they just target, say, anyone who keeps Matlab source code in a git repository. Now suppose that instead of researchers, it is a political activist group, and instead of a git repository, it is a shared PDF (let's just assume that Acrobat has an exploitable vulnerability). Maybe the malware will spread by inserting itself into *every* PDF that the user sends out. Police and other state-sponsored malware typically target specific people or groups of people, and usually for surveillance and espionage purposes. That is very different from your typical spammer or criminal botnet. -- Ben -- Benjamin R Kreuter UVA Computer Science brk...@virginia.edu KK4FJZ -- If large numbers of people are interested in freedom of speech, there will be freedom of speech, even if the law forbids it; if public opinion is sluggish, inconvenient minorities will be persecuted, even if laws exist to protect them. - George Orwell signature.asc Description: PGP signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 2013-05-22 4:20 AM, Benjamin Kreuter wrote: On Tue, 21 May 2013 14:17:02 +1000 James A. Donald jam...@echeque.com wrote: Police install malware by black bagging, and by the same methods as botnets. Both methods are noticeable. I do not think the following scenario is terribly far-fetched: Suppose the police want to target a grad student in a CS department at a major university. The police enter the server room, insert some malware into the student's research group's git repository, and waits for the student to merge the changes. The next time the student runs whatever code she is working on, the malware will be installed; the malware then installs a keystroke logger, enables the microphone, etc. The malware can be even more secretive, only activating on a specific computer (the target's) or perhaps the police could modify the software on the server to only send the malware to the target. Now, let's change this somewhat. Instead of sneaking into a server room (or presenting the school with a court order), the police compromise another grad student's computer, and simply commit their malware to the group's repository (do you think researchers actually read commit logs, when they have a deadline in a few days?). This presupposes custom malware written for the specific target. Highly customized spearphish attacks are unlikely to be detected, but require a lot of smarts per attack. Government does not display evidence of a lot of smarts. Government employees are seldom the sharpest blade in the box. They use a standard package written by a private contractor, and use it over and over again, and use it badly and crudely. And that private contractor is not going to let them use source code, because it would leak, and because they would no more know what to do with source code that your mother would. A more likely attack is spearphishing - standard malware with an attack vector customized to the individual but off the shelf script kiddy code - social, rather than code, customization. And even that is a stretch. Cops just don't put that much work in. Now suppose instead of the police, it is a foreign government trying to get secret research data. Maybe instead of targeting one research group, they just target, say, anyone who keeps Matlab source code in a git repository. By Matlab source code, you presumably mean source code written to be interpreted by Matlab. How many people in government employment can write and understand Matlab source code? And if they targeted everyone that is a lot of people. Someone is going to notice. Now if someone is working on a missile, /him/ they might well target - but he is not going to have his matlab source code on a public repository. If you are targeting everyone, in the hope of catching a few big fish, then you are going to do what the botnet operators do, and will be detected the way botnet operators are detected. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
I was inspecting Skype terms and condition http://www.skype.com/en/legal/tou/#15 [...]We will process your personal information, the traffic data and the content of your communication(s) in accordance with our Privacy Policy:http://www.skype.com/go/privacy.; http://www.skype.com/en/legal/privacy/ 1. WHAT INFORMATION DOES SKYPE COLLECT AND USE? . Content of instant messaging communications, voicemails, and video messages Nikos On Sun, May 19, 2013 at 10:41 PM, Jacob Appelbaum ja...@appelbaum.net wrote: Krassimir Tzvetanov: To the best of my knowledge in Russia (no, I'm not Russian nor have lived there so I'm not 100% sure) you need to submit a copy of the private key if you are operating a website providing encryption on their territory to allow for legal intercept. They also have other provisions about wiretapping and monitoring which would mean that Skype really has not options if they want to _legally_ operate there... It's just the way the local legislation is rather than a function of how Skype is. They are just following the law. Now if somebody does not like the law there are other ways to approach this but breaking/violating it is usually one that is not effective. I think this discussion is focusing too much into the technical details and forgets a simple detail - doing some of those things to increase privacy may itself be _illegal_ in certain jurisdictions which make this even more fun. It's not impossible but it is usually very difficult to provide technical solutions to political/politics problems. That's of course just my experience :) Cheers, Krassimir Hi, I'm late to the party on this list but I've been worried about these kinds of backdoors in Skype for quite some time. My worry partially comes from the common rumors, of which there are many, though it is largely the existential proof, the economic, the political and the social contextual issues that raise the largest concerns in my mind. As we've seen with Cisco, we know how some of these so-called lawful interception systems are implemented: http://www.cisco.com/web/about/security/intelligence/LI-3GPP.html This patent by Microsoft may be of interest to those looking into Skype, automated interception and probably many other kinds of interception - note that this is not just a matter of recording, it in fact *tampers* with the data: Aspects of the subject matter described herein relate to silently recording communications. In aspects, data associated with a request to establish a communication is modified to cause the communication to be established via a path that includes a recording agent. Modification may include, for example, adding, changing, and/or deleting data within the data. The data as modified is then passed to a protocol entity that uses the data to establish a communication session. Because of the way in which the data has been modified, the protocol entity selects a path that includes the recording agent. The recording agent is then able to silently record the communication. http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2Sect2=HITOFFu=%2Fnetahtml%2FPTO%2Fsearch-adv.htmlr=1f=Gl=50d=PG01p=1S1=20110153809OS=20110153809RS=20110153809 Note that this is from 2009 and the Skype purchase was not finalized until 2011. Perhaps the authors (Ghanem; George; (Redmond, WA) ; Bizga; Lawrence Felix; (Monroe, WA) ; Khanchandani; Niraj K.; (Redmond, WA)) of that patent are open to discussing how they might improve on their patent for a peer to peer system as deployed today? :) Skype is clearly inspecting the entire message and right now, we have an existential proof that they extract at least HTTP and HTTPS urls and process them in some fashion. I suspect that it would be a useful idea to insert many different kinds of protocols to see the depth of the rabbit hole probing, so to speak. http://user@password:www.example.com/secret-area magnet://[hash] ftp://ftp.example.com https://user@password:www.example.com/secret-area telnet//user@password:telnet.example.com I would also suggest that we might try a few hacks to determine where the parsing, inspection and extraction of interesting data is or isn't taking place. As an example - run Skype in a virtual machine, type a message - delay the message sending to the network, freeze the virtual machine and flip a single bit in the url already in the outbound message queue. This isn't trivial to do with Skype by any means but it most certainly isn't impossible for someone with the inclination. We know that Skype clients sync up the social graph of a given user; they call this a buddy list. This suggests that information in the directory of clients and the linked list for relationships is stored on their servers - is it encrypted in a way that may not be recovered by anyone other than the user? Skype dynamically routes calls to devices, does this imply that the location of the user is
Re: [cryptography] skype backdoor confirmation
i think we are having a misunderstanding here. any sort of opt-in or opt out doesn't work in the account takeover scenario, which is very common these days. the bad guy will always have a relationship through the buddy list, which is exactly why they are using taken over accounts. the situation you are imagining is the way it was prior to the rash of account takeovers, and they way it might be if accounts could not be taken over easily (e.g. if they used 2 factor or some other way of knowing the customer was authentic). On May 18, 2013, at 6:04 PM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, May 18, 2013 at 5:38 PM, mark seiden m...@seiden.com wrote: except bad guys will always opt of having their content inspected. Right, that's why it becomes the receiver's option for unknown senders. If there's an existing relationship between the sender and receiver, I imagine the rates of malicious URLs and other content drop dramatically. In this case, the service should stop aggregating data at the user's choice. That's if they had a choice. Jeff On May 18, 2013, at 10:46 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, May 18, 2013 at 1:24 PM, mark seiden m...@seiden.com wrote: ... there are numerous other IM systems that are server centric and do a lot of work to look for and filter bad urls sent in the message stream. this is intended to be for the benefit of the users in filtering spam, phishing, malware links, particularly those that spread virally through buddy lists of taken over accounts. sometimes these links (when believed to be malicious) are simply (and silently) not forwarded to the receiving user. this involves databases of link and site reputation, testing of new links, velocity and acceleration measurements, etc.the usual spam filtering technology. my impression is that almost all users thank us for doing that job of keeping them safe. they understand that IM is yet another channel for transmitting spam. the url filtering is aggressive enough (and unreliable enough) in some cases that you have to check with your counterparty in conversation if they got that link you just sent. so users are aware of it, if only as an annoyance. (once again, spam filtering gets in the way of productive communication) i am merely telling you how it is. obviously user expectations differ on AIM, Yahoo Messenger, etc. from those of users on Skype, some of whom believe there is magic fairy dust sprinkled on it, and that it is easier to use than something else with OTR as a plugin. Perhaps the user should be given a choice. The security dialog could have three mutually exclusive choices: * Scan IM messages for dangerous content from everyone. This means company will read (and possibly retain) all of your messages to determine if some (or all) of the message is dangerous. * Scan IM messages for dangerous content from people you don't know. This means company will read (and possibly retain) some of your messages to determine if some (or all) of the message is dangerous. * Don't scan IM messages for dangerous content . This means only you and the sender will read your messages. Give an choice, it seems like selection two is a good balance. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Mark Seiden: i think we are having a misunderstanding here. any sort of opt-in or opt out doesn't work in the account takeover scenario, which is very common these days. the bad guy will always have a relationship through the buddy list, which is exactly why they are using taken over accounts. the situation you are imagining is the way it was prior to the rash of account takeovers, and they way it might be if accounts could not be taken over easily (e.g. if they used 2 factor or some other way of knowing the customer was authentic). Indeed. It also depends entirely on the end user software. Often it is possible that there are two users with the same name but with different identifiers. This also doesn't stop people from registering domains that look-alike, I might add. We already see this kind of behavior with phishing and we have continued to see it for the better part of a decade. There are obviously smart heuristics for ways to flag a message - however, if I was pwning such a system, I would just own the content inspection system at a different level - say, by fingerprinting the first request and not returning malware. Only when the user, who is easy to distinguish from Microsoft, visits the site will they get the actual targeted malware. This is also what we see with web pages that provide browser specific exploits on a per user basis. The other reason to get the buddy list is that the social graph is almost as important as the content, if not more important for some groups. All the best, Jacob ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 19/05/13 00:29 AM, Ethan Heilman wrote: Actually I think that was the point, as far as anyone knew and from the last published semi-independent review (some years ago on the crypto list as I recall) it indeed was end2end secure. Skype has never claimed it is end to end secure ... I think that is false. Skype have in the past facilitated (contracted?) at least one independent audit of the system that is still posted on their website. As an audit, it provides a point-in-time statement that we can rely upon to a great extent, as both representations of the special auditor and of Skype. This was also circumstantially confirmed in around 2007 when it was discovered that intelligence agencies were sharing attack kits, as you suggest [0]. This raises then several questions - for me at least. (1) when did Skype change, (2) what actions did they take to change the public perception of their offering, (3) how far have they unwound it? (1) when? It has long been suggested that Microsoft did this. But they have been coy about it, they have admitted to some form of legal provision, but they certainly haven't announced the wholesale dropping of the e2e security as suggested by URL scanning. (2) deception. People are entitled to rely on the representations made by other people, especially when they are made on the basis of some product offering for security. Skype made their reputation as being free and secure (e2e) telephony. The latter was something that many people bought into. It is now the largest telco in the world, by minutes, in no small part because people enjoyed both security as well as free calls to their friends. If however they have changed that security claim, and declined to inform users, then that is a deception. Worse, it is a deception against their users, for the benefit of others (in this case intel police) that are not their users. If indeed they have done this, then people like us -- the security community -- are entitled to report the deception widely. But, we cannot report that deception until we get proof. Hearsay doesn't cut the mustard [1]. Now we have proof. (3) How far does this go? The URL scanning indicates that there is far more going on than some special supernode mode to decrypt on demand by court orders [2]. This indicates a complete roll-back from e2e to client-server security. Which brings with it data mining, live feeds to intel and police and Microsoft support and the Egg Board, marketing sales, vulnerability to corruption bribery, and routine use in civil court cases such as divorce [3]. This is not the reputation that Skype was made on. I would wonder whether there is anything left of it? iang [0] police agencies were also having trouble and complaining at that time in the press and to lawmakers; see last quote below. [1] at least, in anglo countries, society's convention is that one sticks to the facts. In Germany and perhaps others, proof of facts is not necessarily a defence against defamation of a company. From what I recall, we'd probably need some locals to explain it more. [2] 1st and 2nd quotes below. [3] E.g., as John reported, a clear case of non-intelligence low-bar availability for a routine prosecution of some random journeyman level scumbags. John, if you're still suffering our questions, was your case civil or criminal? in fact they have hinted many times that they can and do listen to users conversations: Skype, Skype's local partner, or the operator or company facilitating your communication may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information. Skype will provide reasonable assistance and information to fulfill this request and you hereby consent to such disclosure. - http://www.skype.com/en/legal/privacy/#collectedInformation After Microsoft in May 2011 acquired Skype, she provided legal technology of Skype audition, says the executive director of Peak Systems Maxim Emm . Now, any subscriber can switch to a special mode in which the encryption keys that were previously generated on the phone or computer, the subscriber will be generated on the server. [..] With access to the server, you can listen to the conversation or read the correspondence. Microsoft provides the opportunity to use this technology, intelligence agencies around the world, including Russia, the expert explains. google translated from Russian http://www.vedomosti.ru/politics/news/10030771/skype_proslushivayut Skype spokesman did not deny the company's ability to intercept the communication. On the question of whether Skype could listen in on their users' communication, Kurt Sauer, head of the security division of Skype, replied evasively: We provide a secure means of communication. I will not say if we are listening in or not. -
Re: [cryptography] skype backdoor confirmation
[3] E.g., as John reported, a clear case of non-intelligence low-bar availability for a routine prosecution of some random journeyman level scumbags. John, if you're still suffering our questions, was your case civil or criminal? Criminal, US vs. Christopher Rad. http://www.justice.gov/usao/nj/Press/files/Rad,%20Christopher%20Verdict%20PR.html ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On Fri, May 17, 2013 at 6:06 AM, Ben Laurie b...@links.org wrote: On 17 May 2013 11:39, d...@geer.org wrote: Trust but verify is dead. Maybe for s/w, but not everything: http://www.links.org/files/CertificateTransparencyVersion2.1a.pdf Which requires s/w. Infinite loop detected. :) More seriously, we can't detect all backdoors before using the software, but at least we can fix the ones we find if we have suitably-licensed source. Nico -- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 20 May 2013 17:35, Nico Williams n...@cryptonector.com wrote: On Fri, May 17, 2013 at 6:06 AM, Ben Laurie b...@links.org wrote: On 17 May 2013 11:39, d...@geer.org wrote: Trust but verify is dead. Maybe for s/w, but not everything: http://www.links.org/files/CertificateTransparencyVersion2.1a.pdf Which requires s/w. Infinite loop detected. :) More seriously, we can't detect all backdoors before using the software, but at least we can fix the ones we find if we have suitably-licensed source. As I've mentioned before, you can use the transparency concept to at least verify that the s/w you are running is the same s/w as others are running (and hence have had a chance to verify). ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
(i know that at least jake and ian understand all the nuances here, probably better than me.) bus still, i would like you to consider, for a moment, this question: suppose there were a service that intentionally wanted to protect recipients of communications from malicious traffic? when i was at $big_provider, i spent an awful lot of time and energy communicating with colleagues and sharing threat intelligence about bad guys. i.e. accumulating reputation information about the counterparties. any mechanism to do this (that i could think of, anyway) presents a possible risk to those communicants who want no attributable state saved about their communication. either these are privacy freaks (not intended pejoratively: for whatever reason, they're entitled to be…) … or criminals. it's really hard to engineer systems that will satisfy the needs of privacy freaks while still protecting the naive, and not at the same time equip criminal enterprises. most of us seem to be willing to engineer to trust ourselves (the operators of the facility) to have good taste in protecting all but the criminals. only a few of us are willing to go as far as you can trust us because you don't have to. i still believe microsoft is trying to do the right thing here for 99*% of their users, but they can't help but get slammed because they haven't been crystal clear about it, hiding the activity with weasel words and legalese in their TOS. i also agree that relying on an old and inapplicable security review would be a deceptive practice. i agree with ian that telling people what your system does so they can manage their own risks (transparency) is a good middle ground. (but it also enables criminals to know how to avoid detection, not a society good). (so now we all know, skype is not suitable for privacy freaks or criminals! woo hoo.) (btw, keep in mind that any hosting provider can inspect hosted web content on their backends, which would show nothing in web access logs. their TOS doubtless permits that. there is nothing that i know of that requires your hosted content or your site activity to not be looked at by your provider, unless stored communication is involved, and even then there are provider exceptions such as for malware and AV scanning.) a few other comments interlineated. On May 20, 2013, at 7:55 AM, Jacob Appelbaum ja...@appelbaum.net wrote: Mark Seiden: i think we are having a misunderstanding here. any sort of opt-in or opt out doesn't work in the account takeover scenario, which is very common these days. the bad guy will always have a relationship through the buddy list, which is exactly why they are using taken over accounts. the situation you are imagining is the way it was prior to the rash of account takeovers, and they way it might be if accounts could not be taken over easily (e.g. if they used 2 factor or some other way of knowing the customer was authentic). Indeed. It also depends entirely on the end user software. Often it is possible that there are two users with the same name but with different identifiers. This also doesn't stop people from registering domains that look-alike, I might add. We already see this kind of behavior with phishing and we have continued to see it for the better part of a decade. yes, but good guys and brand protection companies routinely look for lookalike domains and phishing activity, both passively (zillions of honeypot mailboxes) and actively (looking at dns activity). There are obviously smart heuristics for ways to flag a message - however, if I was pwning such a system, I would just own the content inspection system at a different level - say, by fingerprinting the first request and not returning malware. Only when the user, who is easy to distinguish from Microsoft, visits the site will they get the actual targeted malware. This is also what we see with web pages that provide browser specific exploits on a per user basis. right. because one needs the right credentials to see the malicious payload, microsoft is supplying the complete URLS. makes sense to me. yup. the earliest hits on a brand new malicious web site, before a spam campaign is deployed, are likely to be AV/security companies, their hosting facility, and some crawlers trying to discover new content, but also the bad guys testing their content prior to deployment. the more stupid criminals deliver payloads in such circumstances (because they don't have to be smart to succeed). the smarter criminals filter based on ip address, initially. you have the wrong address, you get a 404. sometimes they're too smart for their own good, and whitelist their own cc addresses, oops. by shutting sites down at the earliest point, we only train the criminals to know how we must have found them, and become smarter. we have already trained the bad guys to lovingly age their sites (10 months in french
Re: [cryptography] skype backdoor confirmation
On Mon, May 20, 2013 at 12:08 PM, Mark Seiden m...@seiden.com wrote: any mechanism to do this (that i could think of, anyway) presents a possible risk to those communicants who want no attributable state saved about their communication. either these are privacy freaks (not intended pejoratively: for whatever reason, they're entitled to be…) … or criminals. Corporations are privacy freaks. I've worked or consulted for a number of corporations that were/are extremely concerned about data exfiltration. I'd not advise such corporations to use Skype without an agreement with Skype as to what can/does happen to the their data, or else to be very careful about what is exchanged over Skype. And it does happen that sometimes a corporation's employees need to communicate with people over Skype or similar *external* systems. Beyond corporations, individuals absolutely have a right to private communications with their lawyers, etc... And there need not be any criminal or civil liability for an individual to hide. For example, if I were trying to patent something, I'd want my communications with my lawyer kept secret. Nico -- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On Sat, May 18, 2013 at 3:15 PM, Adam Back a...@cypherspace.org wrote: Actually I think that was the point, as far as anyone knew and from the last published semi-independent review (some years ago on the crypto list as I recall) it indeed was end2end secure. Many IM systems are not end2end so for skype to benefit from the impression that they still are end2end secure while actually not being is the focus of this thread. The original Skype homepage (circa 2003/2004) claims the service is secure: Skype calls have excellent sound quality and are highly secure with end-to-end encryption. (http://web.archive.org/web/20040701004241/http://skype.com/). The new web page does not even use the word (web.archive.org/web/20130426221613/http://www.skype.com/). (Sorry to rewind so far back in the thread). Jeff ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On Mon, May 20, 2013 at 12:22 PM, Jeffrey Walton noloa...@gmail.com wrote: The original Skype homepage (circa 2003/2004) claims the service is secure: Skype calls have excellent sound quality and are highly secure with end-to-end encryption. (http://web.archive.org/web/20040701004241/http://skype.com/). Secure in what way though? Probably: relative to passive eavesdroppers. As for LEA, forget it. (Nothing is secure w.r.t. LEA that have jurisdiction, as ultimately there's the rubber hose.) The new web page does not even use the word (web.archive.org/web/20130426221613/http://www.skype.com/). So their advertising/terms changed. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On Mon, May 20, 2013 at 1:30 PM, Nico Williams n...@cryptonector.com wrote: On Mon, May 20, 2013 at 12:22 PM, Jeffrey Walton noloa...@gmail.com wrote: The original Skype homepage (circa 2003/2004) claims the service is secure: Skype calls have excellent sound quality and are highly secure with end-to-end encryption. (http://web.archive.org/web/20040701004241/http://skype.com/). Secure in what way though? Probably: relative to passive eavesdroppers. As for LEA, forget it. (Nothing is secure w.r.t. LEA that have jurisdiction, as ultimately there's the rubber hose.) Well, I take 'secure' to mean confidentiality and authenticity, including an authenticated key agreement. If we don't know who we are talking to, or someone else can listen in, or someone else can tamper, then its surely not secure by any reasonable definition. For a typical user, they would probably take 'secure' to mean that only both users (the endpoints) can read the message, hear, the conversation, see the video, etc. I'm not sure how they would react to 'highly secure', other than its 'secure' plus some other good stuff they can't even imagine. The new web page does not even use the word (web.archive.org/web/20130426221613/http://www.skype.com/). So their advertising/terms changed. It appears so. In the US, I believe that's a Material Adverse Change and usually requires explicit notification (credit card issuers were especially bad about changing terms). Do any Skype users recall being informed the terms changed dramatically? There was a time the FTC would do something about it. In the end, does it matter since it appears there are only carrots and no sticks? Jeff ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
James A. Donald: On 2013-05-20 7:49 PM, Mark Seiden wrote: i think we are having a misunderstanding here. any sort of opt-in or opt out doesn't work in the account takeover scenario, which is very common these days. No one on my buddy list has been taken over, or if they have, they took care of it before I noticed. Zombie computers are seldom of high value. Some malware is designed to keep people communicating, under heavy watch; it is not always designed to abuse a system the traditional manner befitting script kiddie botnets. What steps do you normally take to mitigate Skype exploitation that leverages 0day and then dumps say, FinFisher on your system? That is - how would they notice and if they were being logged, how would *you* notice on your end? All the best, Jacob ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On Tue, May 21, 2013 at 10:46:55AM +1000, James A. Donald wrote: On 2013-05-20 7:49 PM, Mark Seiden wrote: i think we are having a misunderstanding here. any sort of opt-in or opt out doesn't work in the account takeover scenario, which is very common these days. No one on my buddy list has been taken over, or if they have, they took care of it before I noticed. Zombie computers are seldom of high value. The people selling botnets would beg to differ I think. -- staticsafe O ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On Mon, May 20, 2013 at 8:55 PM, Jacob Appelbaum ja...@appelbaum.net wrote: James A. Donald: ... Zombie computers are seldom of high value. Some malware is designed to keep people communicating, under heavy watch; it is not always designed to abuse a system the traditional manner befitting script kiddie botnets. In Skype's case, it appears there is no need for the malware to coerce communications since the service is always on (http://www.sec.gov/Archives/edgar/data/1498209/000119312510182561/ds1.htm): The number of connected users is subject to uncertainties and in some ways may overstate the number of users actively using our products during a given period. For example, for a number of our users, once a user has downloaded our software onto their device, the software will automatically be logged in to when the device is turned on, even if the customer takes no steps to affirmatively engage our software client after initial registration. Jeff ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
James A. Donald: No one on my buddy list has been taken over, or if they have, they took care of it before I noticed. On 2013-05-21 10:55 AM, Jacob Appelbaum wrote: That is - how would they notice and if they were being logged, how would *you* notice on your end? I would notice, because they would spam me, this being the primary income source and reproductive method for botnets. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
James A. Donald: James A. Donald: No one on my buddy list has been taken over, or if they have, they took care of it before I noticed. On 2013-05-21 10:55 AM, Jacob Appelbaum wrote: That is - how would they notice and if they were being logged, how would *you* notice on your end? I would notice, because they would spam me, this being the primary income source and reproductive method for botnets. You're not distinguishing between the classes of attacker that exist here; they are not all the same. Police malware only spreads, for example, when it needs coverage. It makes sense for such activity to target friends of a target when the target's computer is harder to compromise. Also, the bugs/exploits I've heard/seen/read about about in Skype do not all have UX indications that you've even received a message. All the best, Jacob ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 2013-05-21 3:08 AM, Mark Seiden wrote: (i know that at least jake and ian understand all the nuances here, probably better than me.) bus still, i would like you to consider, for a moment, this question: suppose there were a service that intentionally wanted to protect recipients of communications from malicious traffic? when i was at $big_provider, i spent an awful lot of time and energy communicating with colleagues and sharing threat intelligence about bad guys. Gmail is very efficient at filtering out malicious traffic. It also spies on all its customers and keeps all their mail in the clear forever. For this reason I use mail services that perform absolutely no filtering, and do my own filtering. If I get filtered, I want to know it. Furtive filtering is a hostile act. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 2013-05-21 4:50 AM, Mark Seiden wrote: you can advise whatever you fancy, but skype, google, microsoft are unlikely to agree to any such thing unless your client is a Really Big company who pays them a lot of money. and why should they even bother their lawyers? pretty much, their service Is What it Is, take it or leave it. If, however, they don't tell you what their service is ...? If, out of the kindness of their hearts, they decide to check out all your urls /without telling you/. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Gmail only keeps in the clear what you leave in the clear. s/a hostile act/less useful to power users than filter but notify On Mon, May 20, 2013 at 8:48 PM, James A. Donald jam...@echeque.com wrote: On 2013-05-21 3:08 AM, Mark Seiden wrote: (i know that at least jake and ian understand all the nuances here, probably better than me.) bus still, i would like you to consider, for a moment, this question: suppose there were a service that intentionally wanted to protect recipients of communications from malicious traffic? when i was at $big_provider, i spent an awful lot of time and energy communicating with colleagues and sharing threat intelligence about bad guys. Gmail is very efficient at filtering out malicious traffic. It also spies on all its customers and keeps all their mail in the clear forever. For this reason I use mail services that perform absolutely no filtering, and do my own filtering. If I get filtered, I want to know it. Furtive filtering is a hostile act. __**_ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/**mailman/listinfo/cryptographyhttp://lists.randombit.net/mailman/listinfo/cryptography -- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 2013-05-21 12:41 PM, Jacob Appelbaum wrote: James A. Donald: James A. Donald: No one on my buddy list has been taken over, or if they have, they took care of it before I noticed. On 2013-05-21 10:55 AM, Jacob Appelbaum wrote: That is - how would they notice and if they were being logged, how would *you* notice on your end? I would notice, because they would spam me, this being the primary income source and reproductive method for botnets. You're not distinguishing between the classes of attacker that exist here; they are not all the same. Police malware only spreads, for example, when it needs coverage. Police install malware by black bagging, and by the same methods as botnets. Both methods are noticeable. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
To the best of my knowledge in Russia (no, I'm not Russian nor have lived there so I'm not 100% sure) you need to submit a copy of the private key if you are operating a website providing encryption on their territory to allow for legal intercept. They also have other provisions about wiretapping and monitoring which would mean that Skype really has not options if they want to _legally_ operate there... It's just the way the local legislation is rather than a function of how Skype is. They are just following the law. Now if somebody does not like the law there are other ways to approach this but breaking/violating it is usually one that is not effective. I think this discussion is focusing too much into the technical details and forgets a simple detail - doing some of those things to increase privacy may itself be _illegal_ in certain jurisdictions which make this even more fun. It's not impossible but it is usually very difficult to provide technical solutions to political/politics problems. That's of course just my experience :) Cheers, Krassimir On Sat, May 18, 2013 at 10:12 PM, Jane th...@angels.la wrote: At the risk of sounding rude, crude, and yellow-pressish, I'd like to provide this link http://www.themoscownews.com/russia/20130314/191336455/FSB-Russian-police-could-tap-Skype-without--court-order.html If software has a soul, Skype's is long since sold. Sincerely yours, Jane On Sun, May 19, 2013 at 8:05 AM, John Levine jo...@iecc.com wrote: I was a technical expert in a pump and dump spam trial last fall, and a large part of the evidence was Skype chat logs among the members of the spamming group. Who provided the chat logs? Were they provided by Skype or where they provided by one or the other members? The reason I ask is that if there is any sensitivity in sources, the prosecutors will routinely obscure the sources. I got them from the prosecutors. They appeared to have been provided by Skype. R's, John ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Krassimir Tzvetanov: To the best of my knowledge in Russia (no, I'm not Russian nor have lived there so I'm not 100% sure) you need to submit a copy of the private key if you are operating a website providing encryption on their territory to allow for legal intercept. They also have other provisions about wiretapping and monitoring which would mean that Skype really has not options if they want to _legally_ operate there... It's just the way the local legislation is rather than a function of how Skype is. They are just following the law. Now if somebody does not like the law there are other ways to approach this but breaking/violating it is usually one that is not effective. I think this discussion is focusing too much into the technical details and forgets a simple detail - doing some of those things to increase privacy may itself be _illegal_ in certain jurisdictions which make this even more fun. It's not impossible but it is usually very difficult to provide technical solutions to political/politics problems. That's of course just my experience :) Cheers, Krassimir Hi, I'm late to the party on this list but I've been worried about these kinds of backdoors in Skype for quite some time. My worry partially comes from the common rumors, of which there are many, though it is largely the existential proof, the economic, the political and the social contextual issues that raise the largest concerns in my mind. As we've seen with Cisco, we know how some of these so-called lawful interception systems are implemented: http://www.cisco.com/web/about/security/intelligence/LI-3GPP.html This patent by Microsoft may be of interest to those looking into Skype, automated interception and probably many other kinds of interception - note that this is not just a matter of recording, it in fact *tampers* with the data: Aspects of the subject matter described herein relate to silently recording communications. In aspects, data associated with a request to establish a communication is modified to cause the communication to be established via a path that includes a recording agent. Modification may include, for example, adding, changing, and/or deleting data within the data. The data as modified is then passed to a protocol entity that uses the data to establish a communication session. Because of the way in which the data has been modified, the protocol entity selects a path that includes the recording agent. The recording agent is then able to silently record the communication. http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2Sect2=HITOFFu=%2Fnetahtml%2FPTO%2Fsearch-adv.htmlr=1f=Gl=50d=PG01p=1S1=20110153809OS=20110153809RS=20110153809 Note that this is from 2009 and the Skype purchase was not finalized until 2011. Perhaps the authors (Ghanem; George; (Redmond, WA) ; Bizga; Lawrence Felix; (Monroe, WA) ; Khanchandani; Niraj K.; (Redmond, WA)) of that patent are open to discussing how they might improve on their patent for a peer to peer system as deployed today? :) Skype is clearly inspecting the entire message and right now, we have an existential proof that they extract at least HTTP and HTTPS urls and process them in some fashion. I suspect that it would be a useful idea to insert many different kinds of protocols to see the depth of the rabbit hole probing, so to speak. http://user@password:www.example.com/secret-area magnet://[hash] ftp://ftp.example.com https://user@password:www.example.com/secret-area telnet//user@password:telnet.example.com I would also suggest that we might try a few hacks to determine where the parsing, inspection and extraction of interesting data is or isn't taking place. As an example - run Skype in a virtual machine, type a message - delay the message sending to the network, freeze the virtual machine and flip a single bit in the url already in the outbound message queue. This isn't trivial to do with Skype by any means but it most certainly isn't impossible for someone with the inclination. We know that Skype clients sync up the social graph of a given user; they call this a buddy list. This suggests that information in the directory of clients and the linked list for relationships is stored on their servers - is it encrypted in a way that may not be recovered by anyone other than the user? Skype dynamically routes calls to devices, does this imply that the location of the user is disclosed to the network or stored in some kind of time series data structure? Chat message history is in sync across clients, how is this data stored? Messages may be queued for a given user - how are these messages encrypted, authenticated and retained to ensure integrity during the queuing? We also know that Skype is able to call out with the feature SkypeOut - so we know that someone has to comply with CALEA - even if it isn't Microsoft, the calls/sms hit a VoIP gateway or the SS7 network somewhere. Who peers with them? Have any telecom switch operators
Re: [cryptography] skype backdoor confirmation
Hi John, On 18/05/13 03:49 AM, John Levine wrote: Maybe we will see subpoenas or public hearings for Microsoft and their Skype. For what? Skype has kept chat logs for years, and the government routinely subpoenas them. Is that a fact? As far as I know, Skype is e2e secure. So Skype can't get at the chat logs without doing some form of attack. Is there any documentation on this? Court records? I was a technical expert in a pump and dump spam trial last fall, and a large part of the evidence was Skype chat logs among the members of the spamming group. Who provided the chat logs? Were they provided by Skype or where they provided by one or the other members? The reason I ask is that if there is any sensitivity in sources, the prosecutors will routinely obscure the sources. Also keep in mind that Microsoft bought Skype from eBay, so there is nothing new about it being owned by a U.S. company. Sure. This is the one thing that makes me thing that Skype can do a whole lot more than they say. I am skeptical of the situation, but we need facts. iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
John Levine wrote For what? Skype has kept chat logs for years, and the government routinely subpoenas them. It depends how much scared will become the politicians and decision makers in Washington DC and Brussels from the latest publicly revealed security backdoors of Skype. Danilo! -Original Message- From: cryptography [mailto:cryptography-boun...@randombit.net] On Behalf Of John Levine Sent: Saturday, May 18, 2013 2:49 AM To: cryptography@randombit.net Cc: dani...@item.ntnu.no Subject: Re: [cryptography] skype backdoor confirmation Maybe we will see subpoenas or public hearings for Microsoft and their Skype. For what? Skype has kept chat logs for years, and the government routinely subpoenas them. I was a technical expert in a pump and dump spam trial last fall, and a large part of the evidence was Skype chat logs among the members of the spamming group. Also keep in mind that Microsoft bought Skype from eBay, so there is nothing new about it being owned by a U.S. company. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On Sat, May 18, 2013 at 9:49 AM, Adam Back a...@cypherspace.org wrote: On Fri, May 17, 2013 at 04:52:07AM -0400, bpmcontrol wrote: On 05/17/2013 04:19 AM, Eugen Leitl wrote: It is unreasonable for an closed source product by a commercial vendor to go any other way [putting backdoors in security products] Makes perfect sense. as its sometimes required by law, other times required to keep the users safe or companies away from legal harm. Well that seems like a bold and controversial claim to me, maybe with its own liability and legal implications! Would you expect microsoft IIS web server to contain an SSL backdoor? Or microsoft VPN client? Or cisco? A lot of businesses and individuals are relying on these things to do what is advertised. Not doing what is advertised can itself get companies in trouble, in many jurisdictions. Skype has/had as a differentiator that it was end2end encrypted, it is my impression that a number of people used it for that purpose. Correct. It does not match a user's mental model; nor does it meet a user's expectations (to borrow from Dr. Gutmann). Cisco is kind of an odd case since it advertises its backdoors. http://www.cisco.com/web/about/security/intelligence/LI-3GPP.html. Jeff ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
As far as I know, Skype is e2e secure. It hasn't got end-to-end key management, so it can't be end-to-end secure against the network operator. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On May 18, 2013, at 6:49 AM, Adam Back a...@cypherspace.org wrote: On Fri, May 17, 2013 at 04:52:07AM -0400, bpmcontrol wrote: On 05/17/2013 04:19 AM, Eugen Leitl wrote: It is unreasonable for an closed source product by a commercial vendor to go any other way [putting backdoors in security products] Makes perfect sense. as its sometimes required by law, other times required to keep the users safe or companies away from legal harm. Well that seems like a bold and controversial claim to me, maybe with its own liability and legal implications! Would you expect microsoft IIS web server to contain an SSL backdoor? Or microsoft VPN client? Or cisco? A lot of businesses and individuals are relying on these things to do what is advertised. Not doing what is advertised can itself get companies in trouble, in many jurisdictions. Skype has/had as a differentiator that it was end2end encrypted, it is my impression that a number of people used it for that purpose. Adam there are numerous other IM systems that are server centric and do a lot of work to look for and filter bad urls sent in the message stream. this is intended to be for the benefit of the users in filtering spam, phishing, malware links, particularly those that spread virally through buddy lists of taken over accounts. sometimes these links (when believed to be malicious) are simply (and silently) not forwarded to the receiving user. this involves databases of link and site reputation, testing of new links, velocity and acceleration measurements, etc.the usual spam filtering technology. my impression is that almost all users thank us for doing that job of keeping them safe. they understand that IM is yet another channel for transmitting spam. the url filtering is aggressive enough (and unreliable enough) in some cases that you have to check with your counterparty in conversation if they got that link you just sent. so users are aware of it, if only as an annoyance. (once again, spam filtering gets in the way of productive communication) i am merely telling you how it is. obviously user expectations differ on AIM, Yahoo Messenger, etc. from those of users on Skype, some of whom believe there is magic fairy dust sprinkled on it, and that it is easier to use than something else with OTR as a plugin. i would give microsoft the benefit of the doubt. however, as a company with operations in numerous countries, and subject to pressures from numerous governments, it would help a lot if microsoft were more transparent about what jurisdictions have access to what traffic (in real time or retained), how keys are managed, and the differences between clients and client versions, rather than continuing to simply publish tom berson's valiant and completely outdated review of (i believe) a no longer supported client. it may in fact be true that a human rights worker using the intl skype client and in the middle east is safer from their govt's intrusions than someone who is a POI to US LE. (but the chinese human rights worker who made the bad choice to use the Tom client which speaks their language seems to have about as much safety as carrying a big sign on Tianenmen Square). ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On Sat, May 18, 2013 at 1:24 PM, mark seiden m...@seiden.com wrote: ... there are numerous other IM systems that are server centric and do a lot of work to look for and filter bad urls sent in the message stream. this is intended to be for the benefit of the users in filtering spam, phishing, malware links, particularly those that spread virally through buddy lists of taken over accounts. sometimes these links (when believed to be malicious) are simply (and silently) not forwarded to the receiving user. this involves databases of link and site reputation, testing of new links, velocity and acceleration measurements, etc.the usual spam filtering technology. my impression is that almost all users thank us for doing that job of keeping them safe. they understand that IM is yet another channel for transmitting spam. the url filtering is aggressive enough (and unreliable enough) in some cases that you have to check with your counterparty in conversation if they got that link you just sent. so users are aware of it, if only as an annoyance. (once again, spam filtering gets in the way of productive communication) i am merely telling you how it is. obviously user expectations differ on AIM, Yahoo Messenger, etc. from those of users on Skype, some of whom believe there is magic fairy dust sprinkled on it, and that it is easier to use than something else with OTR as a plugin. Perhaps the user should be given a choice. The security dialog could have three mutually exclusive choices: * Scan IM messages for dangerous content from everyone. This means company will read (and possibly retain) all of your messages to determine if some (or all) of the message is dangerous. * Scan IM messages for dangerous content from people you don't know. This means company will read (and possibly retain) some of your messages to determine if some (or all) of the message is dangerous. * Don't scan IM messages for dangerous content . This means only you and the sender will read your messages. Give an choice, it seems like selection two is a good balance. Jeff ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Actually I think that was the point, as far as anyone knew and from the last published semi-independent review (some years ago on the crypto list as I recall) it indeed was end2end secure. Many IM systems are not end2end so for skype to benefit from the impression that they still are end2end secure while actually not being is the focus of this thread. Adam On Sat, May 18, 2013 at 06:52:58PM +0200, Florian Weimer wrote: As far as I know, Skype is e2e secure. It hasn't got end-to-end key management, so it can't be end-to-end secure against the network operator. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Actually I think that was the point, as far as anyone knew and from the last published semi-independent review (some years ago on the crypto list as I recall) it indeed was end2end secure. Skype has never claimed it is end to end secure in fact they have hinted many times that they can and do listen to users conversations: Skype, Skype's local partner, or the operator or company facilitating your communication may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information. Skype will provide reasonable assistance and information to fulfill this request and you hereby consent to such disclosure. - http://www.skype.com/en/legal/privacy/#collectedInformation After Microsoft in May 2011 acquired Skype, she provided legal technology of Skype audition, says the executive director of Peak Systems Maxim Emm . Now, any subscriber can switch to a special mode in which the encryption keys that were previously generated on the phone or computer, the subscriber will be generated on the server. [..] With access to the server, you can listen to the conversation or read the correspondence. Microsoft provides the opportunity to use this technology, intelligence agencies around the world, including Russia, the expert explains. google translated from Russian http://www.vedomosti.ru/politics/news/10030771/skype_proslushivayut Skype spokesman did not deny the company's ability to intercept the communication. On the question of whether Skype could listen in on their users' communication, Kurt Sauer, head of the security division of Skype, replied evasively: We provide a secure means of communication. I will not say if we are listening in or not. - http://en.wikipedia.org/wiki/Skype_security#cite_ref-22 Local German police also appear to use malware to attack skype, so it appears that at some point in the past skype may not have been cooperating with all LE requests. - http://wikileaks.org/wiki/Skype_and_the_Bavarian_trojan_in_the_middle Pretty much as far back at the 1700's communications companies have provided backdoors to state security and intelligence agencies. This was true in the age of telegrams and telex and it is true in the age of voip. As a general rule any third party in any communication scheme is likely cooperating with all friendly intelligence agencies. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
except bad guys will always opt of having their content inspected. so it just doesn't work in this case. On May 18, 2013, at 10:46 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, May 18, 2013 at 1:24 PM, mark seiden m...@seiden.com wrote: ... there are numerous other IM systems that are server centric and do a lot of work to look for and filter bad urls sent in the message stream. this is intended to be for the benefit of the users in filtering spam, phishing, malware links, particularly those that spread virally through buddy lists of taken over accounts. sometimes these links (when believed to be malicious) are simply (and silently) not forwarded to the receiving user. this involves databases of link and site reputation, testing of new links, velocity and acceleration measurements, etc.the usual spam filtering technology. my impression is that almost all users thank us for doing that job of keeping them safe. they understand that IM is yet another channel for transmitting spam. the url filtering is aggressive enough (and unreliable enough) in some cases that you have to check with your counterparty in conversation if they got that link you just sent. so users are aware of it, if only as an annoyance. (once again, spam filtering gets in the way of productive communication) i am merely telling you how it is. obviously user expectations differ on AIM, Yahoo Messenger, etc. from those of users on Skype, some of whom believe there is magic fairy dust sprinkled on it, and that it is easier to use than something else with OTR as a plugin. Perhaps the user should be given a choice. The security dialog could have three mutually exclusive choices: * Scan IM messages for dangerous content from everyone. This means company will read (and possibly retain) all of your messages to determine if some (or all) of the message is dangerous. * Scan IM messages for dangerous content from people you don't know. This means company will read (and possibly retain) some of your messages to determine if some (or all) of the message is dangerous. * Don't scan IM messages for dangerous content . This means only you and the sender will read your messages. Give an choice, it seems like selection two is a good balance. Jeff ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Skype backdoor confirmation
Jeffrey Walton wrote: * Scan IM messages for dangerous content from people you don't know. This means company will read (and possibly retain) some of your messages to determine if some (or all) of the message is dangerous. …. Give an choice, it seems like selection two is a good balance. Does that selection require that company has a list of people you DO know? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On Sat, May 18, 2013 at 5:38 PM, mark seiden m...@seiden.com wrote: except bad guys will always opt of having their content inspected. Right, that's why it becomes the receiver's option for unknown senders. If there's an existing relationship between the sender and receiver, I imagine the rates of malicious URLs and other content drop dramatically. In this case, the service should stop aggregating data at the user's choice. That's if they had a choice. Jeff On May 18, 2013, at 10:46 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, May 18, 2013 at 1:24 PM, mark seiden m...@seiden.com wrote: ... there are numerous other IM systems that are server centric and do a lot of work to look for and filter bad urls sent in the message stream. this is intended to be for the benefit of the users in filtering spam, phishing, malware links, particularly those that spread virally through buddy lists of taken over accounts. sometimes these links (when believed to be malicious) are simply (and silently) not forwarded to the receiving user. this involves databases of link and site reputation, testing of new links, velocity and acceleration measurements, etc.the usual spam filtering technology. my impression is that almost all users thank us for doing that job of keeping them safe. they understand that IM is yet another channel for transmitting spam. the url filtering is aggressive enough (and unreliable enough) in some cases that you have to check with your counterparty in conversation if they got that link you just sent. so users are aware of it, if only as an annoyance. (once again, spam filtering gets in the way of productive communication) i am merely telling you how it is. obviously user expectations differ on AIM, Yahoo Messenger, etc. from those of users on Skype, some of whom believe there is magic fairy dust sprinkled on it, and that it is easier to use than something else with OTR as a plugin. Perhaps the user should be given a choice. The security dialog could have three mutually exclusive choices: * Scan IM messages for dangerous content from everyone. This means company will read (and possibly retain) all of your messages to determine if some (or all) of the message is dangerous. * Scan IM messages for dangerous content from people you don't know. This means company will read (and possibly retain) some of your messages to determine if some (or all) of the message is dangerous. * Don't scan IM messages for dangerous content . This means only you and the sender will read your messages. Give an choice, it seems like selection two is a good balance. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On Sat, May 18, 2013 at 5:40 PM, mark seiden m...@seiden.com wrote: opt *out* of… (obviously) Not possible in many cases. I don't like IM but I have to use it on occasions for my job. Ditto for license agreements from handset manufacturers, carriers, operating systems, business software and the like. How Corporations Affect Us Directly, http://www.polisci.ccsu.edu/trieb/ecocon.htm: The services of these companies are so necessary in conducting business - and, in fact, in just functioning - in the world today that we have to go along with their rules. Jeff On May 18, 2013, at 2:38 PM, mark seiden m...@seiden.com wrote: except bad guys will always opt of having their content inspected. so it just doesn't work in this case. On May 18, 2013, at 10:46 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, May 18, 2013 at 1:24 PM, mark seiden m...@seiden.com wrote: ... there are numerous other IM systems that are server centric and do a lot of work to look for and filter bad urls sent in the message stream. this is intended to be for the benefit of the users in filtering spam, phishing, malware links, particularly those that spread virally through buddy lists of taken over accounts. sometimes these links (when believed to be malicious) are simply (and silently) not forwarded to the receiving user. this involves databases of link and site reputation, testing of new links, velocity and acceleration measurements, etc.the usual spam filtering technology. my impression is that almost all users thank us for doing that job of keeping them safe. they understand that IM is yet another channel for transmitting spam. the url filtering is aggressive enough (and unreliable enough) in some cases that you have to check with your counterparty in conversation if they got that link you just sent. so users are aware of it, if only as an annoyance. (once again, spam filtering gets in the way of productive communication) i am merely telling you how it is. obviously user expectations differ on AIM, Yahoo Messenger, etc. from those of users on Skype, some of whom believe there is magic fairy dust sprinkled on it, and that it is easier to use than something else with OTR as a plugin. Perhaps the user should be given a choice. The security dialog could have three mutually exclusive choices: * Scan IM messages for dangerous content from everyone. This means company will read (and possibly retain) all of your messages to determine if some (or all) of the message is dangerous. * Scan IM messages for dangerous content from people you don't know. This means company will read (and possibly retain) some of your messages to determine if some (or all) of the message is dangerous. * Don't scan IM messages for dangerous content . This means only you and the sender will read your messages. Give an choice, it seems like selection two is a good balance. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Skype backdoor confirmation
On May 18, 2013, at 2:51 PM, Ed Stone t...@synernet.com wrote: Jeffrey Walton wrote: * Scan IM messages for dangerous content from people you don't know. This means company will read (and possibly retain) some of your messages to determine if some (or all) of the message is dangerous. …. Give an choice, it seems like selection two is a good balance. Does that selection require that company has a list of people you DO know? don't know if it requires it, but it helps. it's your buddy list, contacts list, address book, which is often on their service anyway. unfortunately, the account takeover scenario means a it's less useful than one would naively hope, now that abusers routinely use taken-over accounts to circumvent such controls. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Skype backdoor confirmation
Obviously a secret is no secret the person sending it is not on your buddy list. Conversely, it should not be possible to inspect messages if the person sending it is on your buddy list. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
I was a technical expert in a pump and dump spam trial last fall, and a large part of the evidence was Skype chat logs among the members of the spamming group. Who provided the chat logs? Were they provided by Skype or where they provided by one or the other members? The reason I ask is that if there is any sensitivity in sources, the prosecutors will routinely obscure the sources. I got them from the prosecutors. They appeared to have been provided by Skype. R's, John ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
At the risk of sounding rude, crude, and yellow-pressish, I'd like to provide this link http://www.themoscownews.com/russia/20130314/191336455/FSB-Russian-police-could-tap-Skype-without--court-order.html If software has a soul, Skype's is long since sold. Sincerely yours, Jane On Sun, May 19, 2013 at 8:05 AM, John Levine jo...@iecc.com wrote: I was a technical expert in a pump and dump spam trial last fall, and a large part of the evidence was Skype chat logs among the members of the spamming group. Who provided the chat logs? Were they provided by Skype or where they provided by one or the other members? The reason I ask is that if there is any sensitivity in sources, the prosecutors will routinely obscure the sources. I got them from the prosecutors. They appeared to have been provided by Skype. R's, John ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 05/17/2013 04:19 AM, Eugen Leitl wrote: On Fri, May 17, 2013 at 10:26:07AM +0300, ianG wrote: Is it unreasonable for us to expect Skype to go another way? Are we asking too much? It is unreasonable for an closed source product by a commercial vendor to go any other way. Makes perfect sense. as its sometimes required by law, other times required to keep the users safe or companies away from legal harm. Fortunately, we have more or less useful open source/P2P alternatives which can be be forked if they start going sideways. I do wonder, can we reasonably expect that integrity of open source software today? Im not blaming anyone, let me explain: The threat of forking or noticing any wrong doing was probably enough in previous years. But these days, software is much bigger, back doors are much subtler, and worst of all - There is a lot of money to be made if you know of a back door. So the temptation of putting one has grown. Has the community's ability to review code for such issues grown proportionally? I use more code in a day than I can reasonably review in a life time. (Not that I'm any example, but I think the point is clear.) I cant even pay for someone else to review it, since if they do find a bug, they can sell it for much more than what I can give them. Of course, I may just be paranoid, as I cant prove anything of the sort. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
I do wonder, can we reasonably expect that integrity of open source software today? I'm not blaming anyone, let me explain: The threat of forking or noticing any wrong doing was probably enough in previous years. But these days, software is much bigger, back doors are much subtler, and worst of all - There is a lot of money to be made if you know of a back door. So the temptation of putting one in has grown. Has the community's ability to review code for such issues grown proportionally? I use more code in a day than I can reasonably review in a life time. (Not that I'm any example, but I think the point is clear.) I can't even pay for someone else to review it, since if they do find a bug, they can sell it for much more than what I can give them. Trust but verify is dead. --dan ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
On 17 May 2013 11:39, d...@geer.org wrote: I do wonder, can we reasonably expect that integrity of open source software today? I'm not blaming anyone, let me explain: The threat of forking or noticing any wrong doing was probably enough in previous years. But these days, software is much bigger, back doors are much subtler, and worst of all - There is a lot of money to be made if you know of a back door. So the temptation of putting one in has grown. Has the community's ability to review code for such issues grown proportionally? I use more code in a day than I can reasonably review in a life time. (Not that I'm any example, but I think the point is clear.) I can't even pay for someone else to review it, since if they do find a bug, they can sell it for much more than what I can give them. Trust but verify is dead. Maybe for s/w, but not everything: http://www.links.org/files/CertificateTransparencyVersion2.1a.pdf ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Maybe we will see subpoenas or public hearings for Microsoft and their Skype. For what? Skype has kept chat logs for years, and the government routinely subpoenas them. I was a technical expert in a pump and dump spam trial last fall, and a large part of the evidence was Skype chat logs among the members of the spamming group. Also keep in mind that Microsoft bought Skype from eBay, so there is nothing new about it being owned by a U.S. company. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
