Information Security all in one place!

Cryptography

NSA: Ultimate Internet Spy Center


The NSA‘s new spy center will see everything

Imagine a massive supercomputer in the desert, watched around the clock by armed guards, capable of intercepting and decrypting virtually every piece of information in the world. Sounds like science fiction doesn’t it? Well, according to Wired, the NSA is in the process of building just such a place, and they’ve madeleaps and bounds of progress at breaking the standard AES encryption algorithm that keeps your emails and other private information secure.

This new surveillance center is being constructed in the Utah desert, near a town called Bluffdale. When it’s finished, you’ll be able to fit five US Capitols inside, and most of that space will be occupied by supercomputers capable of storing more data than you can even imagine (you can imagine a lot, can’t you?). Your private emails, Google searches, receipts, travel information – pretty much ever scrap of data generated – will be stored here, while sophisticated software sifts through it in search of anything remotely suspicious.

More on this interesting story here: http://www.neowin.net/news/the-nsas-new-spy-center-will-see-everything

Advertisements

NSA Addresses Mobile Security


A national Security Agency (NSA) pilot program aims to model secure classified communications over commercial mobile devices. However, the NSA has found that off-the-shelf products are inconsistent in their implementation of the standards and protocol that NSA requires. The agency would prefer not to have to be tied to one platform, but for the time being, they have no choice.

The standards and protocols exist to provide the security that NSA requires, but they are not being implemented consistently by vendors, Margaret Salter, a technical director in NSA’s Information Assurance Directorate, said Feb. 29 at the RSA Conference.

The agency went shopping with a list of requirements for encryption for the voice channel and for the Session Initiation protocol. “We couldn’t buy one” that met all the requirements, Salter said. “We could pay someone to make it, but that wasn’t the plan.”

More Herehttp://gcn.com/articles/2012/02/29/rsa-10-nsa-secure-android-phones.aspx

http://www.cio.com/article/701252/National_Security_Agency_Defines_Smartphone_Strategy_Think_Android_Maybe_


RSA Conference 2012: On the Agenda


This is the first RSA Conference since 2011’s high-profile security breaches. How did those incidents influence this year’s agenda? Hugh Thompson explains in an exclusive event preview.

By any account, 2011 was a banner year for prominent information security attacks.

“We’ve seen the rise of hactivism; we’ve seen just a huge amount of these highly-targeted, sophisticated attacks,” says Thompson, RSA Conference’s program committee chair. And these incidents have fundamentally influenced the conference agenda.

“If you look at many of the breaches over the past 12 months, most of them ended with some type of sensitive data leaving the enterprise,” Thompson says. “But it’s interesting to look at how many of [the incidents] began. A lot of them began with a person – a smart, well-intentioned person inside the company, making a choice. And the choice was either to install an executable, open a file, and I think you’ll see that play out in a fascinating way in this year’s agenda. We’ve got quite a few talks on the human element of security.”

Read More Here: http://www.bankinfosecurity.com/interviews.php?interviewID=1404


Updated: RSA Keys – Lack Randomness


RSA responds to recent key analysis:

A first-rate encryption algorithm is much like the tools and personnel found in the kitchen of a tony restaurant. Regardless of the skills of the chef and staff and the quality of the cookware found in the kitchen, patrons won’t savor a gourmet feast if unsavory ingredients are used. The same is true with public-key cryptography.

That’s the gist of the argument from security maker RSA to research revealed earlier this week that suggests a flaw exists in the RSA algorithm used for public-key cryptography [see When 99.8% Security May Not Be Sufficient].

Read more here: RSA fires Back

—————————————————————————————————————————————————-

Original Post:

A team of cryptographic experts has analysed more than 10 million public keys and discovered serious problems in some of the X509 certificates it collected. This is because some keys were far less random than they should have been – more than 12,000 were easily crackable.

Of the 6,185,372 X.509 certificates analysed, the researchers found 266,729 public keys in which moduli were reused. The modulus is the core component of a public key – if it is the same, then the secret key matches. In one extreme case, the same modulus was found 16,489 times. This means that each of the owners of the 16,489 certificates could spoof or spy on each of the other 16,488. The researchers note that it is not unusual to recycle keys when, for example, extending a certificate, but a significant number of these keys belong to entirely independent owners.

The researchers then went one step further and determined the greatest common divisor (GCD) of the moduli collected using the Euclidian algorithm. This is a lot of work, as it requires each modulus to be combined with each of the other moduli, but possible, and if two moduli with a GCD greater than one are found, they are both effectively cracked, since the prime number factoring problem which underlies RSA encryptionis then essentially solved. The researchers were able to find such GCDs with 12,720 of their (1024-bit) RSA keys. Where possible, the researchers have notified the owners of the affected keys.

English: An RSA SecurID SID800 token with USB ...

Image via Wikipedia

Interestingly, this problem was not found when the team analysed 5 million OpenPGP keys. Marcus Brinkmann of g10 Code (the company behind GnuPG) has told The H’s associates at heise Security that the few redundant OpenPGP keys appear to be being deliberately recycled. Alternative cryptographic algorithms based on the Diffie-Hellman protocol, such as (EC)DSA and ElGamal, are not affected by this issue – hence the paper’s title Ron was wrong, Whit is rightPDF. This refers to Ron Rivest, the R in RSA, which displaced the key exchange protocol developed by Whitfield Diffie and Martin Hellman.

Both the moduli and the prime factors used during key generation should be randomly selected so that they are not duplicated. If this is occurring with this level of frequency, it indicates that there is a problem in the way the random numbers are being generated, as explained in The H Security article on the OpenSSL fiasco at Debian, “Good numbers, bad numbers“.

According to Nadia Heninger, who has been carrying out similar research, the poor quality prime factors are probably being generated by routers, VPN gateways and other embedded devices which use OpenSSL without having an adequate source of random numbers for key generation. This means that the risk posed by these redundant keys is significantly less than it might otherwise be, with Heninger reassuring her readers that “the key for your bank’s web site is probably safe”. Nonetheless, the significance of this research should not be underestimated. “This paper makes a significant contribution to quality control of actual security of cryptographic implementations,” suggests GPG developer Brinkmann. The researchers’ work would, for example, have detected the Debian OpenSSL problem.

Related articles

RSA Keys – Lack Randomness


A team of cryptographic experts has analysed more than 10 million public keys and discovered serious problems in some of the X509 certificates it collected. This is because some keys were far less random than they should have been – more than 12,000 were easily crackable.

Of the 6,185,372 X.509 certificates analysed, the researchers found 266,729 public keys in which moduli were reused. The modulus is the core component of a public key – if it is the same, then the secret key matches. In one extreme case, the same modulus was found 16,489 times. This means that each of the owners of the 16,489 certificates could spoof or spy on each of the other 16,488. The researchers note that it is not unusual to recycle keys when, for example, extending a certificate, but a significant number of these keys belong to entirely independent owners.

The researchers then went one step further and determined the greatest common divisor (GCD) of the moduli collected using the Euclidian algorithm. This is a lot of work, as it requires each modulus to be combined with each of the other moduli, but possible, and if two moduli with a GCD greater than one are found, they are both effectively cracked, since the prime number factoring problem which underlies RSA encryptionis then essentially solved. The researchers were able to find such GCDs with 12,720 of their (1024-bit) RSA keys. Where possible, the researchers have notified the owners of the affected keys.

English: An RSA SecurID SID800 token with USB ...

Image via Wikipedia

Interestingly, this problem was not found when the team analysed 5 million OpenPGP keys. Marcus Brinkmann of g10 Code (the company behind GnuPG) has told The H’s associates at heise Security that the few redundant OpenPGP keys appear to be being deliberately recycled. Alternative cryptographic algorithms based on the Diffie-Hellman protocol, such as (EC)DSA and ElGamal, are not affected by this issue – hence the paper’s title Ron was wrong, Whit is rightPDF. This refers to Ron Rivest, the R in RSA, which displaced the key exchange protocol developed by Whitfield Diffie and Martin Hellman.

Both the moduli and the prime factors used during key generation should be randomly selected so that they are not duplicated. If this is occurring with this level of frequency, it indicates that there is a problem in the way the random numbers are being generated, as explained in The H Security article on the OpenSSL fiasco at Debian, “Good numbers, bad numbers“.

According to Nadia Heninger, who has been carrying out similar research, the poor quality prime factors are probably being generated by routers, VPN gateways and other embedded devices which use OpenSSL without having an adequate source of random numbers for key generation. This means that the risk posed by these redundant keys is significantly less than it might otherwise be, with Heninger reassuring her readers that “the key for your bank’s web site is probably safe”. Nonetheless, the significance of this research should not be underestimated. “This paper makes a significant contribution to quality control of actual security of cryptographic implementations,” suggests GPG developer Brinkmann. The researchers’ work would, for example, have detected the Debian OpenSSL problem.

Related articles

Trustwave – Man in the middle Certificate


Trustwave – Man in the middle Certificate:

Certificate authority Trustwave issued a certificate to a company allowing it to issue valid certificates for any server. This enabled the company to listen in on encrypted traffic sent and received by its staff using services such as Google and Hotmail. Trustwave has since revoked the CA certificate and vowed to refrain from issuing such certificates in future.

According to Trustwave, the CA certificate was used in a data loss prevention (DLP) system, intended to prevent confidential information such as company secrets from escaping. The DLP system monitored encrypted connections by acting as a man-in-the-middle, meaning that it tapped into the connection and fooled the browser or email client into thinking it was communicating with the intended server. To prevent certificate errors, the DLP system needed to be able to produce a valid certificate for each connection – the Trustwave CA certificate enabled it to issue such certificates itself. The same principle is utilised by espionage attacks and government monitoring activities.

The usual procedure for legitimate data loss prevention is for administrators to set up an internal certificate authority which, in consultation with staff and management representatives, is then installed on work devices. Such a system is not, however, able to offer protection where staff are using personal devices which do not belong to the company.

English: Scheme Data Loss Prevention block in ...

Image via Wikipedia

Trustwave is keen to point out that the company to which the certificate was issued had signed a usage agreement and both the secret CA key and the fake certificates generated using it were securely stored in a specially tested hardware security module (HSM). According to Trustwave, this meant that it was impossible to misuse the certificate for nefarious purposes. The company has nonetheless decided that it will not be pursuing this business avenue in future. The certificate has been revoked and Trustwave says that it will not be issuing any further certificates of this nature.

Security experts and privacy advocates have been warning for a while that any CA and any sub-CA authorised by it are able to issue certificates for any server. This is a cause of particular concern in the case of some government CAs, where there is every likelihood that they could assist with monitoring activities. This is the first case that we are aware of where a respectable certificate authority has enabled third parties to issue arbitrary SSL server certificates for monitoring purposes. Trustwave claims, however, that this is common practice among other root CAs.

Mozilla considers removing Trustwave CA:

Scandalised by the snooping certificate issued by Trustwave, a heise Security reader, Sebastian Wiesinger, has submitted a report to Mozilla’s bug database in which he requests that Trustwave’s root certificates be removed from all Mozilla products. Mozilla’s Kathleen Wilson, who handles the issue, has accepted the submission and requested a statement from Trustwave. Trustwave’s Brian Trzupek has already announced the release of further information which, he says, is still waiting for internal approval.

Yesterday, The H’s associates at heise Security reported on the first publicly known case in which a widely accepted Certificate Authority sold a root certificate for surveillance purposes. Although Trustwave has said that the case was a one-off, that any misuse was impossible and that the certificate in question has since been revoked, critics think that the issuer has violated the Mozilla CA Certificate Policy. Among other things, this policy states that CAs must not knowingly issue certificates without the knowledge of the entities whose information is referenced in the certificates.

Interestingly, Trustwave also said that its actions are common practice with many CAs. Symantec, who purchased the biggest Certificate Authority, VeriSign, and is one of the major suppliers of Data Loss Prevention products, has so far not responded to questions on this subject that were asked before the article was published yesterday.

 

 


Anonymous – Hacked Lawyers in Haditha Case


The data includes transcripts of testimony, evidence from the trial, and defense donation records.

Members of Anonymous have published e-mails from the law firm representing a U.S. Marine accused of killing 24 Iraqi civilians.

“The hacktivists claim to have made off with a 2.6GB email spool after breaking into the systems of Puckett Faraj, the law firm that represents Frank Wuterich, 31, the Marine staff sergeant at one point accused of manslaughter over events in Haditha, Iraq,” writes The Register’s John Leyden. “A total of 24 Iraqi non-combatants, including women and children, were killed in Haditha in November 2005.”

English: Anonymous Español: Anonymous

Image via Wikipedia

“The emails, released as a torrent and with extracts published on Pastebin, include transcripts of testimony, evidence from the trial and defence donation records,” Leyden writes.

Anonymous releases law firms emails about Haditha killings:

Source: http://www.theregister.co.uk/2012/02/06/anon_haditha_email_leak/

Anonymous has leaked a trove of emails relating to the deaths of 24 Iraqi civilians at Haditha after hacking into a law firm’s systems.

The hacktivists claim to have made off with a 2.6GB email spool after breaking into the systems of Puckett Faraj, the law firm that represents Frank Wuterich, 31, the Marine staff sergeant at one point accused of manslaughter over events in Haditha, Iraq.

English: Haditha, Iraq (Nov. 3, 2005) – ...

Image via Wikipedia

A total of 24 Iraqi non-combatants, including women and children, were killed in Haditha in November 2005. The event started out as an anti-insurgency operation following a roadside bombing.

The emails, released as a torrent and with extracts published on Pastebin, include transcripts of testimony, evidence from the trial and defence donation records.

The website of Puckett Faraj remains unavailable at Monday lunchtime and the firm itself has neither confirmed nor denied the alleged security breach. AFP reports that the website of the firm was defaced on Friday at the same time as as the alleged email hack, with a note from Anonymous saying the group wanted to expose the “brutality of US imperialism“.

Eight soldiers were charged over the incident in Haditha, but by the end of 2008, the cases against six were dropped, while a seventh was found not guilty.

Manslaughter charges against Wuterich were also dropped, but he was convicted of negligent dereliction of duty over the incident in 24 January, receiving a demotion and pay cut but avoiding a custodial sentence as part of a plea bargaining deal.