Archive for the ‘Anonymity & Privacy’ Category

« Older Entries

Quickies: Edu, rep, trust, ossl 1.0.0, ssl, rekey, body scan, leaks, net card exploit, runway

Monday, March 29th, 2010

So, I was out on a date, and we started discussing IT, security, and productivity. She was explaining some of the frustrations with getting approval for business critical applications and tools at a certain employer, as well as the obstacles certain security configuration had on getting the job done efficiently. The end result was that people looked for ways to bypass the IT department and its controls.

Stating the obvious, technology, and security, need to be incorporated into business processes, into helping people get their jobs done and protecting their ability to do so. When tension arises between, say, IT department policies and procedures and how people actually do their jobs, people are going to start looking for ways to circumvent those policies and procedures. After all, if a firm is not productive, not providing value, it won’t exist for long.

Which reminded me of this paper that has popped up in numerous places,

It is often suggested that users are hopelessly lazy and unmotivated on security questions. They chose weak passwords, ignore security warnings, and are oblivious to certificates errors. We argue that users’ rejection of the security advice they receive is entirely rational from an economic perspective. The advice offers to shield them from the direct costs of attacks, but burdens them with far greater indirect costs in the form of effort. Looking at various examples of security advice we find that the advice is complex and growing, but the benefit is largely speculative or moot. For example, much of the advice concerning passwords is outdated and does little to address actual threats, and fully 100% of certificate error warnings appear to be false positives. Further, if users spent even a minute a day reading URLs to avoid phishing, the cost (in terms of user time) would be two orders of magnitude greater than all phishing losses. Thus we find that most security advice simply offers a poor cost-benefit tradeoff to users and is rejected. Security advice is a daily burden, applied to the whole population, while an upper bound on the benefit is the harm suffered by the fraction that become victims annually. When that fraction is small, designing security advice that is beneficial is very hard. For example, it makes little sense to burden all users with a daily task to spare 0.01% of them a modest annual pain.

Herley’s advice summary,

First, we need better understanding of the actual harms endured by users. [...] A main finding of this paper is that we need an estimate of the victimization rate for any exploit when designing appropriate security advice. [...]

Second, user education is a cost borne by the whole population, while offering benefit only to the fraction that fall victim. [...]

Third, retiring advice that is no longer compelling is necessary. [...]

Fourth, we must prioritize advice. In trying to defend everything we end up defending nothing. [...] In fact prioritizing advice may be the main way to influence the security decisions that users make. [...]

Finally, we must respect users’ time and effort. [...] We must understand that when budgets are exhausted, attention to any one piece of advice is achieved only by neglect of something else. [...]

More focused on communities (e.g., companies, agencies, etc.) smaller than the general population of Internet users, I wrote this about user education way back when.

First off, we need a threat model. We need to figure out what we want to protect, its value, the potential attacks, the likelihood of those attacks, and the potential damage of those attacks. Determine the risks, and then mitigate them. Very important here is figuring out who needs to be held responsible for what mitigations and countermeasures. And, this threat model has to be reviewed periodically to keep it up to date. The assets that need to be protected change, the way business is done changes, the risks change, the mitigations change. Security is not static.

With that (and building that is certainly not trivial), we have these people, you, me, our parents, that are part of this threat model. They pose risks, and they help to mitigate risks. We need to minimize the former and maximize the latter. To do this right, I think we need people to feel responsible for security. To build this sense of responsibility, we need these security responsibilities audited and we need effective training to convey and reinforce these responsibilities – the combination of these two may be a linchpin to people security.

So, we talk to people about our threat model. Not only do we teach it, but we get feedback on it. And, we make sure everyone understands that threat model, and their place in it. To do this, we bring vivid examples from security audits into our security education, which help to build security training programs that provide exactly that which we learn the most from, experience.

(Side note, I may have gone kind of crazy with the audited training in that post.

Now, pull the results of these attacks into your security training. Will there be an impact?

Well, I think so. You don’t quickly forget seeing yourself and/or those around you up in lights, as it were, and the attacks can certainly be used to increase the sense of responsibility felt by every employee. The demonstrations hit home because they can be related to – the attacks happened to you, your neighbors, your community. Whether the attacks succeed or fail, they amount to a shared experience for the organization, and teach people their importance to the security of their organization.

I think people would feel like their security responsibilities are not just words but actual obligations which have real consequences to the security of an organization. The threat model lays this out, but the experience drives it home. Also, people would be aware that their organization takes security seriously and is willing to proactively audit that security. And, those audits involve real life employees, doing the right thing and maybe even the wrong thing. It lets people know that they are at the root of security.

However, when I look at things like the foiled airplane bombing attempt on December 25, 2009, I do see a kind of user education inline with that excerpt playing an important role. The people tackled the alleged bomber because they knew their lives and the lives of others might depend on it. The experiences of, say, 2001-09-11 were taken to heart. They were the last line of defense, and they knew it.)

-

Perhaps a related bit on cooperation and reputation,

The possibly irritating message is that for promoting cooperative behavior, punishing works much better than rewarding. In both cases, however, reputation is essential.

-

And, I saw this on trust.

I’ve long advocated instead saying “is vulnerable to”, which makes it much clearer what is going on, so I would say “CNNIC is a certificate authority everyone is vulnerable to”. “Trusted third party” would become “Third party you are vulnerable to” and so on. Kinda clunky, but you know where you stand.

This ramble of mine discussed trust in these terms.

There is this big word we have all said before, trust. Trust can mean lots of things, but, at its heart, trust implies risk or vulnerability. Trust is about having faith that someone or something will act a certain way when it counts. While you may be able to influence that someone or something to act that certain way, in the end, the actions are out of your total control.

And, this other ramble of mine may have been criticized as naive optimism, but it also made this sort of point.

There are lots of inputs to trust – inputs like direct experiences, such as not dying when eating food from a particular restaurant or how you build friendships, or indirect experiences, such asking a friend about what plumber to use or credit ratings. We use these inputs to calculate levels of trust, which are basically estimates of how much vulnerability we are willing [to] expose to the trusted. This leads to trade-offs, such as limiting the amount of trust you place in someone/something – you might only take a nibble of that unknown food to limit the risk of getting sick if it disagrees with you, or divide tasks amongst a group of people to limit the risk of any one person having too much access – versus the costs of these limitations – that nibble is not enough to meet your nutritional requirements forcing you to seek out additional food, and all those people/processes mean less work getting done. This is a balancing act, if you will.

-

Look at that,

The OpenSSL project team is pleased to announce the release of version 1.0.0 of our open source toolkit for SSL/TLS. This new OpenSSL version is a major release and incorporates many new features as well as major fixes compared to 0.9.8n. For a complete list of changes, please see http://cvs.openssl.org/getfile?f=openssl/CHANGES&v=OpenSSL_1_0_0.

Congratulations to the OpenSSL team!

-

So, this has been making the rounds.

At a recent wiretapping convention, however, security researcher Chris Soghoian discovered that a small company was marketing internet spying boxes to the feds. The boxes were designed to intercept those communications — without breaking the encryption — by using forged security certificates, instead of the real ones that websites use to verify secure connections. To use the appliance, the government would need to acquire a forged certificate from any one of more than 100 trusted Certificate Authorities.

The paper can be found here. Matt Blaze discusses some implications.

What this means is that an eavesdropper who can obtain fake certificates from any certificate authority can successfully impersonate every encrypted web site someone might visit. Most browsers will happily (and silently) accept new certificates from any valid authority, even for web sites for which certificates had already been obtained. An eavesdropper with fake certificates and access to a target’s internet connection can thus quietly interpose itself as a “man-in-the-middle”, observing and recording all encrypted web traffic traffic, with the user none the wiser.

A while back, I had to do some research on web filtering technologies. It was quite standard for enterprise level web filtering to include SSL MITM functionality. Generally, this involved taking advantage of having an enterprise’s CA certificates rolled out to end users, but it could have leveraged any trusted root certificates.

Anyway, I noted the following posted about.

The Monkeysphere project’s goal is to extend OpenPGP’s web of trust to new areas of the Internet to help us securely identify each other while we work online. The suite of monkeysphere utilities provides a framework to leverage the web of trust for authentication of HTTPS0< (TLS) and SSH communications.

In other words, Monkeysphere allows you to use your web browser or secure shell as you normally do, but you can use the OpenPGP Web of Trust to identify the servers you connect to and to prove your own identity to them. This brings to the web and ssh the possibility for key transitions, transitive identifications, revocations, and expirations of public keys1. It also actively invites broader participation in the OpenPGP web of trust.

That reminds me of something I wrote a while back.

This is an active research area. Petnames have been proposed, which I like (think PGP web of trust in some form). This has similarities to the SSH-type trust model, which has also been proposed and which I also like. In recent minutes to an IETF-PKIX meeting, the Opera people were looking at “extended validation” certificates. There has been all sorts of talk, pros and cons, about “high-assurance” certificates.

-

I saw this rant about rekeying by one of the people that had to deal with the SSL rekeying mess.

It’s IETF time again and recently I’ve reviewed a bunch of drafts concerned with cryptographic rekeying. In my opinion, rekeying is massively overrated, but apparently I’ve never bothered to comprehensively address the usual arguments. Now seems like as good a time as any…

This post to the Matzger’s Cryptography mailing list by Adam Back seemed most in line with my thinking.

Another angle on this is timing attacks or iterative adaptive attacks like bleichenbacher’s attack on SSL encryption padding. If re-keying happens before the attack can complete, perhaps the risk of a successful so far unnoticed adaptive or side-channel attack can be reduced. So maybe there is some use.

Simplicity of design can be good too.

Tradeoffs.

-

Complete shocker (note: the link is to a news article, but there is a quote therein containing a possibly profane word).

BAA is investigating an incident in which a Heathrow security operative “ogled” a female colleague who’d wandered into a body scanner, the Sun reports.

John Laker, 25, allegedly copped an eyeful of Jo Margetson, 29, when the latter “entered the X-ray machine by mistake”. She was “horrified” as Laker “pressed a button to take a revealing photo” and remarked: “I love those gigantic[...]

I should note that the ubiquity of digital video equipment (e.g., cell phones) renders moot whether or not these scanners record images.

-

Speaking of leaks, I saw this.

Here’s the background: Secure web connections encrypt traffic so that only your browser and the web server you’re visiting can see the contents of your communication. Although a network eavesdropper can’t understand the requests your browser sends, nor the replies from the server, it has long been known that an eavesdropper can see the size of the request and reply messages, and that these sizes sometimes leak information about which page you’re viewing, if the request size (i.e., the size of the URL) or the reply size (i.e., the size of the HTML page you’re viewing) is distinctive.

Consider a search engine that autocompletes search queries: when you start to type a query, the search engine gives you a list of suggested queries that start with whatever characters you have typed so far. When you type the first letter of your search query, the search engine page will send that character to the server, and the server will send back a list of suggested completions. Unfortunately, the size of that suggested completion list will depend on which character you typed, so an eavesdropper can use the size of the encrypted response to deduce which letter you typed. When you type the second letter of your query, another request will go to the server, and another encrypted reply will come back, which will again have a distinctive size, allowing the eavesdropper (who already knows the first character you typed) to deduce the second character; and so on. In the end the eavesdropper will know exactly which search query you typed. This attack worked against the Google, Yahoo, and Microsoft Bing search engines.

The paper can be found here.
-

Remembering the exploitation of wireless cards and their drivers, here comes some other fun stuff with network cards presented at CanSecWest. [via cypherpunks mailing list]

The presentation was entitled “Can you still trust your network card?”. The talk explained how an attacker could be able to exploit a flaw to run arbitrary code inside some network controllers (NICs). The attack uses routable packets delivered to the victim’s NIC. Consequently, multiple attacks can be conducted including: Man in The Middle attacks on network connections, access to cryptographic keys on the host platform, or malware injection on the victim’s computer host platform (see SS 2).

The slides can be found here. From slide 38,

On this particular NIC and firmware version, an attacker is able to
perform arbitrary code execution:

Initial jump
->an attacker can overwrite a return address in the stack;
->she can find a stable (for a firmware version) memory address for username;
->she can put exploit code in username and jump there.

Game over at slide 40,

Now the attacker can:
->run arbitrary code on the RX RISC;
->provide new code using simple packets;
->rewrite the firmware if needed;

In between the excerpts is a summary of the attack. Slide 49 is a hoot too.

Also from CanSecWest, kernel exploitation is the new black by the people that post content at the cr0 blog, such as this.

-

To end this rainy day on a fun note, the following caught my eye.

The same post at Quomodocumque has this completely odd video of an interview with William Thurston and fashion designer Dai Fujiwara. Apparently, Thurston provided the inspiration for Issey Miyake’s fall fashions, “8 Geometry Link Models as Metaphor of the Universe”.

You can see the finale of their Paris fashion show here, including Thurston joining Fujiwara on stage.[...]

Posted in Anonymity & Privacy, Crypto, Security | No Comments »

FBSD 7 stable to 8 stable, cryptome, twitenc, fact fault, tor, hidden, limulus

Thursday, March 11th, 2010

Upgrading from FreeBSD 7 stable to FreeBSD 8 stable went smoothly. What follows are the general steps I followed. (FreeBSD handbook guidance can be found here for the base system and here for the ports.)

  • Modify my custom kernel configuration for the FreeBSD 8 kernel.

    (The generic FreeBSD kernel configuration for the i386 platform as a starting point can be found in “/usr/src/sys/i386/conf/GENERIC”. e.g.,

    • cp /usr/src/sys/i386/conf/GENERIC /usr/mykernconf8
    • ln -s /usr/mykernconf8 /usr/src/sys/i386/conf/mykernconf8
    • vi /usr/mykernconf8 and modify as desired)
  • vi /usr/stable-supfile and update my custom “stable-supfile” to point to “RELENG_8″ by changing the relevant line to “*default release=cvs tag=RELENG_8″

    (A sample “stable-supfile” as a starting point can be found in “/usr/share/examples/cvsup/stable-supfile”. e.g.,

    • cp /usr/share/examples/cvsup/stable-supfile /usr/stable-supfile
    • vi /usr/stable-supfile and modify as needed, such as setting the default release to 8 and setting the host to one of the FreeBSD cvs server mirrors)
  • cd /usr/src
  • cvsup -g -L 2 ../stable-supfile (update source tree)
  • make buildworld (build system binaries, manpages, etc.)
  • make kernel KERNCONF=mykernconf8 (build and install kernel)
  • reboot (into single user mode)
  • cd /usr/src
  • mergemaster -p (prepare for merge of updated scripted and configuration files)
  • make installworld (install system binaries, manpages, etc.)
  • mergemaster (merge in updated scripts and configuration files)

    There was a version increment of the standard contents in “/etc” from 7 to 8, so there was much to sift through. I had made modifications to a few configuration files and scripts that had to be merged, but, for the majority, I just installed the new version.

  • reboot

Next came the joy of rebuilding all the ports. I chose to go with installing pre-built packages (where available), and subsequently rebuilding those few ports that I had customized.

  • cd /usr/ports
  • cvsup -g -L 2 ../ports-supfile (update ports tree)

    Examine “/usr/ports/UPDATING” to see if there were any special instructions relevant to upgrading the installed ports and “/usr/ports/MOVED” to see what ports have been (re)moved.

  • portsdb -Fu (fetch new index and build db)
  • pkgdb -F (check package registry)
  • portupgrade -nvOpPfa (to see what is expected to happen without performing the actual upgrade)
  • portupgrade -vOpPfa (this upgrades installed ports from pre-built packages where available; otherwise, it builds and installs the ports from the source, and creates packages for them.)
  • portupgrade -pf <all those ports that I had custom configs or otherwise made tweaks>

    • (build and install the specified ports from source, and create packages for them)

  • pkgdb -FL (check package registry and look for lost dependencies)
  • portsclean -CDDLP (clean up working dirs, distros, packages, and libraries)

-

Long time readers of this blog may remember that I attended a talk given by John Young of Cryptome.

I attended the panel discussion on “The Secret World of Global Eavesdropping” yesterday, as mentioned in a previous post. It was composed of Patrick Radden Keefe, moderator, and John Young, primary speaker. (Robert Windrem did not attend.)

[...]

For those that don’t know, Cryptome.org publishes information on national security, intelligence, cryptography, etc. with a technical focus.

Well, it seems Cryptome has been in the news a bit of late.

1

Microsoft has managed to do what a roomful of secretive, three-letter government agencies have wanted to do for years: get the whistleblowing, government-document sharing site Cryptome shut down.

Microsoft dropped a DMCA notice alleging copyright infringement on Cryptome’s proprietor John Young on Tuesday after he posted a Microsoft surveillance compliance document that the company gives to law enforcement agents seeking information on Microsoft users.[...]

2

In a bizarre up-and-down — literally — series of events, the controversial site Cryptome.org was forced offline yesterday after posting a sensitive Microsoft document on its site and was back online today.

3

PayPal has finally made good on its pledge to restore Cryptome’s account many hours after the firm’s head of global communications told Register readers it had already done so.

-

Ok.

As i announced yesterday, the new version of shrimp7 (31) support compression for your Twitter, Facebook and Friendfeed posts. With that technique you will be able to post messages that are longer then 140 characters. When i implemented message compression i had the idea to implement a AES-256bit encryption method for shrimp7 version 32. I use the same principles as the compression method i use. After encryption I’ll add 2 characters in front of the string so applications could recognize compressed or encrypted messages.

If you weren’t laughing already, from the cypherpunks mailing list…

Date: Sun, 7 Feb 2010 21:17:30 -0800
Subject: Re: 256-bit encryption for Twitter posts
From: coderman
To: Ted Smith
Cc: Cypherpunks list

On Sun, Feb 7, 2010 at 3:17 PM, Ted Smith wrote:
> …
> 256-bit encryption for Twitter posts
>….
> .?WsSMSoaGhoZFjHZzQzx7iOZ
> +GKmXXcyD hq0iEBExlReVG2f0ACO256i84cOC7QlxO/txTuRdkQwL
> +fBGZlcUQBQoDHLLm/3cFbEEW3ZU8I/CD63wfgpGbAx+eH9oPAmVyYv14Y=

i say again:
twitter is ruining the internets…

-

Factoring.

On December 12, 2009, we factored the 768-bit, 232-digit number RSA-768 by the number field sieve (NFS, [20]). The number RSA-768 was taken from the now obsolete RSA Challenge list [38] as a representative 768-bit RSA modulus (cf. [37]). This result is a record for factoring general integers. Factoring a 1024-bit RSA modulus would be about a thousand times harder, and a 768-bit RSA modulus is several thousands times harder to factor than a 512-bit one. Because the first factorization of a 512-bit RSA modulus was reported only a decade ago (cf. [7]) it is not unreasonable to expect that 1024-bit RSA moduli can be factored well within the next decade by an academic effort such as ours or the one in [7]. Thus, it would be prudent to phase out usage of 1024-bit RSA within the next three to four years.

Implementation fault abuse.

1

In this work we described an end-to-end attack to a RSA authentication scheme on a complete FPGA-based SPARC computer system. We theorized and implemented a novel fault-based attack to the fixed-window exponentiation algorithm and applied it to the well known and widely used OpenSSL libraries. In doing so we discovered and exposed a major vulnerability to fault-based attacks in a current version of the libraries and demonstrated how this attack can be perpetrated even with limited computational resources.

2

We employed with success the induced faults in order to lead attacks against industry grade implementations of the RSA and the AES cryptosystems. Moreover we devised two new attack techniques, one for each cryptosystem and have been able to validate their practical effectiveness with a thorough experimental campaign. We were able to successfully break the AES cipher employing only 4kB of faulty ciphertext, to retrieve an RSA encrypted plaintext using at most 5 faulty ciphertexts regardless of the size of the modulus and to factor the RSA modulus employing at most two faulty signatures. After conducting the whole experimental campaign no signs of tampering were left on the attacked device, thus proving that the employed technique is not invasive and does not alter the further functioning of the device. The attack technique is fully realizable with low cost off-the-shelf instruments which is a significant strong asset of the proposed attack technique.

-

Back in January, Tor 0.2.1.22 was released (as of this writing, 0.2.1.24 is the current stable release). In the announcement,

Tor 0.2.1.22 rotates two of the seven v3 directory authority keys and locations, due to a security breach of some of the Torproject servers: http://archives.seul.org/or/talk/Jan-2010/msg00161.html

From the referenced message,

In early January we discovered that two of the seven directory authorities were compromised (moria1 and gabelmoo), along with metrics.torproject.org, a new server we’d recently set up to serve metrics data and graphs. The three servers have since been reinstalled with service migrated to other servers.

-

I’ve brought up hidden assumptions often enough here, so this resonated.

The rules surrounding markets matter a lot–and the reason we don’t know this is that the rules that work have disappeared into the background, faded out of our consciousness, become part of the miasma of “the market”. For example, I recall a web debate years ago in which someone made the standard point that cartels are very difficult to hold together, which means anti-trust rules about this sort of thing have dubious utility. I believe it was Eugene Volokh who pointed out that this was true . . . but only because courts refused to enforce cartel agreements. If courts did enforce them, cartels would work pretty well–which is why we still have professional sports leagues.

-

Interesting.

Limulus is an acronym for LInux MULti-core Unified Supercomputer. The Limulus project goal is to create and maintain an open specification and software stack for a personal workstation cluster. Ideally, a user should be able to build or purchase a small personal workstation cluster using the Limulus reference design and low cost hardware. In addition, a freely available turn-key Linux based software stack will be created and maintained for use on the Limulus design. A Limulus is inteneded to be a workstation cluster platform where users can develop software, test ideas, run small scale applications, and teach HPC methods.[...]

And watch the hardware costs drop.

September 2007 Total: $2302 (US dollars)
September 2008 Total: $2092 (US dollars)*

* includes RAM upgrade price from 1GB/node to 2GB/node

I still remember my Beowulf cluster in college.

Posted in Anonymity & Privacy, BSD, Crypto, Off-topic, Security | No Comments »

Violent rambling, etc.

Friday, August 7th, 2009

Behold! Behold!
What lo?
A ramble! A ramble!
What? No!
‘Tis so! ‘Tis so!

-

I think we often take for granted the hidden knowledge built into our cultures, our institutions, our norms, to the degree that we take the results of these structures, of this genetic code for our society, as just a given. I must say that, when I was younger, the more radical beliefs I held at the time were in part motivated by the accumulated noise, junk, I perceived in those structures about me while ignoring the information also contained therein; now, I have more respect for the hidden knowledge in such systems and the hidden assumptions on those systems and their knowledge.

So, I recently read Girard’s “Violence and the Sacred”. In it, Girard discusses the idea that all society, all culture, even all symbolic thought is the byproduct of what he calls a sacrificial crisis, which entails a cycle of reciprocal violence and violent undifferentiation within a community, that culminates in the elimination of a sacrificial victim, whereby the community unites against one member of the community and, in a generative and bonding moment, releases their violence upon that member, thus expelling their violence from the community. According to Girard, religion enshrines this sacrificial crisis and victim, and ritual allows for the re-enactment of the crisis and victim to expunge the violence within the community. (Girard’s, say, over the top, argument is that this crisis-victim is the foundation of all community and culture, and that trying to understand the crisis-victim is what caused symbolic thought to emerge. Side note – I mention symbolic thought with regards to the financial system in this post.)

Thinking on it, I can see the sacrificial crisis culminating in a sacrificial victim, and the ritualized enactment of such an event, applied within communities in the world in which I live today. As Girard discusses, while sacrificial victims may be selected at random in the midst of a crisis, surrogate victims used during the ritualized replay of the sacrificial crisis are often chosen both because they have ties to the community (and so can be substituted for it) and yet because they are outside it (and so have little potential to inspire reciprocal violence). When I look at, say, news of late, where “obese” people seem to be sacrificed in the war on health care costs, I cannot help but see parallels to the surrogate victim in primitive religious rituals (irrespective of any opinion held on the matter).

There is an interesting misdirection noted by Girard as well, the belief that violence stems from something outside of humankind, such as the gods or the dead. This too it seems is visible today in much rhetoric. People speak as if violence itself stems from a gun or from a video game or from a car, from these sacred and powerful items that are outside the world of people, external objects capable of infecting people with violence when they descend upon a community. (I am ignoring any correlation that may exist between these objects and people’s propensities toward violence.)

Regardless of views, the importance of violence, or rather, the expulsion of violence from, within the community appears to be hugely important to, and completely buried in, the very foundations of society as we know it today, at least in the culture in which I reside. This seem to be so much the case, that we take the end result for granted.

For example, Girard points out the significance of the judicial system in replacing religion, such that the judicial system takes on a higher authority as a impartial and superior body, that metes out revenge, relabeled a transcendent term, justice, upon parties of established guilt in the name of the community. The very sublime nature of the institution makes the act of revenge the judicial system deals out beyond revenge, and so it breaks the potential chain of reciprocal violence.

We often take the incorporation of the judicial institution into our culture for granted, as we assume such institutions and such cultures are a given, natural. But, violence has been with us long before such institutions existed. Nature is violent at times, and it makes sense that we have evolved a potential for violence ourselves; we have survived over the long course of time both in spite of and because of violence. As such and in broader terms, I am beginning to think that taking current culture, current norms, current institutions for granted is quite dangerous.

This idea of the generative and community building aspects of violent unanimity also seems in line with Peter Turchin’s ideas “War and Peace and War” (mentioned in this post, particularly bullet point 2) that a common struggle against, say, a foreign enemy can bring people together, that it builds the capacity for collective action. Great nations are forged in the frontier life, in the world of violent interactions between similar peoples with less similar peoples. In this light, Girard briefly notes wars with foreign nations as an example of unifying violence, in that the foreign nation becomes the sacrificial victim, the embodiment of violence that is outside the community ,and yet a violence that has been brought to the community and must be violently expunged.

Girard notes that change is often feared by primitive communities as a potential trigger of violence, and often there is lots of ritual performed around change to relieve any potential for violent buildups, such as at times of seasonal transitions or the coming of age of a child. In bullet point 2 of the aforementioned post, I noted that “radical change can cause instability” along with a slightly broader discussion of change or adaption in a follow-up post. Additionally, Schoeck notes in Envy that extreme envy and envy avoidance, such as that in exhibited in primitive communities and small towns, can often stifle innovation, creativity, and achievement, all of which have undertones of change. So, combining this with Girard, we can see envy threatens violence, and, violence being contagious, such a threat could wipe out a whole community, which leads us to innovation, creativity, and achievement, as purveyors of change, being punished and avoided.

Now, it is easy to forget walking down the street in NYC just how much everything around us requires this breaking of the chain of reciprocal violence. In the past, when men could easily descend into a tornado of violence and everything else was swept aside by it, the world as we see it now in NYC could not exist. The weak would have to huddle together and perhaps flee the storm, and the strong could tear everything down in a moment of rage.

That is not to say that violence is not still present, but that most people tend towards non-initiation of violence, and the rare initiation of violence tends to end at the time it begins. Self-defense is acceptable at the moment of being attacked, but, after the fact, we rely on law enforcement and the judicial system to catch and punish the aggressor; vigilante-ism and personal revenge are frowned upon and punished, norms that reinforce a breaking of reciprocal violence. (In some communities in NYC and the USA in general, reciprocal violence may still run free, such as gang violence or the eruption of riots; however, those are the exceptions and not the norm.)

Evolution is the way of nature and, as such, ourselves, and I rather enjoy this spiraling progression, much as I like the evolution of what I consider to be my self as I grow older. As noted by Turchin’s “War and Peace and War” or in Michael Flynn’s scifi-esque “Introduction to Cliology” (inspired by Asimov) or even Barrow’s “The Artful Universe”, we live in cycles within cycles, in this chaotic nature, and so we must. But, I maintain a certain sense of caution when unraveling the fabric of our modern world, as pulling at the strings of our norms, cultures, institutions, communities, etc. without properly considering their hidden store of knowledge, and the hidden assumptions one might be making, can have quite profound and completely unintended consequences, for better or worse.

-

I mentioned “the map is not the territory” in this post. How about another? “Correlation is not causation.” This is one of those great insights that we so often fail to see. I have made this mistake at times in this blog.

So, if I had remembered nothing else from Judith Rich Harris’ “The Nurture Assumption”, then the wit, and the clear and concise explanation of “correlation is not causation” that makes the concept easy for me to explain to others, would have made the book worth it. An excerpt of her fictional example to illustrate correlation is not causation,

[...]Our method will be straightforward: we will ask a large number of middle-aged people how much broccoli they consume and then, five years later, check to see how many of them are still alive.[...]

[fictional results showing a statistically significant correlation between eating broccoli and longevity in men but not women]

Our study appears in an epidemiological journal. A newspaper reporter happens to read it. The next day there’s a headline in the paper: EATING BROCCOLI MAKES MEN LIVE LONGER, STUDY SHOWS.

But does it? Does the study show that eating broccoli caused the male subjects to live longer? Men who eat broccoli may also eat a lot of carrots and brussel sprouts. They may eat less meat or less ice cream than broccoli shunners. Perhaps they are more likely to exercise, more likely to buckle their seatbealts, less likely to smoke. Any of these other lifestyle factors, or all of them together, may be responsible for the longer lives of the broccoli eaters. Eating broccoli might even have been shortening our subjects’ lives, but this effect was outweighed by the beneficial effects of all the other things broccoli eaters were doing.

-

The 0.2.1.x branch of Tor has gone to release.

Tor 0.2.1.18 lays the foundations for performance improvements, adds status events to help users diagnose bootstrap problems, adds optional authentication/authorization for hidden services, fixes a variety of potential anonymity problems, and includes a huge pile of other features and bug fixes.

Bravo.

-

Attacks only get better.

In this paper we describe several attacks which can break {\it with practical complexity} variants of AES-256 whose number of rounds are comparable to that of AES-128. One of our attacks uses only two related keys and $2^{39}$ time to recover the complete 256-bit key of a 9-round version of AES-256 (the best previous attack on this variant required 4 related keys and $2^{120}$ time). Another attack can break a 10 round version of AES-256 in $2^{45}$ time, but it uses a stronger type of {\it related subkey attack} (the best previous attack on this variant required 64 related keys and $2^{172}$ time). While neither AES-128 nor AES-256 can be directly broken by these attacks, the fact that their hybrid (which combines the smaller number of rounds from AES-128 along with the larger key size from AES-256) can be broken with such a low complexity raises serious concern about the remaining safety margin offered by the AES family of cryptosystems.

Posted in Anonymity & Privacy, Crypto, Off-topic, Security | No Comments »

FreeBSD 7.1, etc.

Saturday, January 31st, 2009

Just a few notes:

  1. Upgrading to FreeBSD 7.1 stable from FreeBSD 7.0 stable went smoothly.

    Sort of standard steps…

    • vi /usr/mykernconf7 and modify to merge in 7.1 changes into my custom kernel config.

      (The generic FreeBSD kernel configuration for the i386 platform as a starting point can be found in “/usr/src/sys/i386/conf/GENERIC”.

        e.g.,

      • cp /usr/src/sys/i386/conf/GENERIC /usr/mykernconf7
      • ln -s /usr/mykernconf7 /usr/src/sys/i386/conf/mykernconf7
      • vi /usr/mykernconf7 and modify as desired)
    • vi /usr/stable-supfile and update my custom “stable-supfile” to point to “RELENG_7_1″ by changing the relevant line to “*default release=cvs tag=RELENG_7_1″

      (A sample “stable-supfile” as a starting point can be found in “/usr/share/examples/cvsup/stable-supfile”.

        e.g.,

      • cp /usr/share/examples/cvsup/stable-supfile /usr/stable-supfile
      • vi /usr/stable-supfile and modify as needed, such as setting the default release to 7.1 and setting the host to one of the FreeBSD cvs server mirrors)
    • cd /usr/src
    • cvsup -g -L 2 ../stable-supfile
    • make buildworld
    • make kernel KERNCONF=mykernconf7
    • reboot (to single user mode)
    • cd /usr/src
    • mergemaster -p
    • make installworld
    • mergemaster

      I found there was a massive version increment of the contents in “/etc” from 7.0, so there was a lot to go through. I had a few mods to configuration and script files that needed merging, but, for the majority, just installing the new version was fine.

    • reboot
  2. With the release of FreeBSD 7.1, the FreeBSD ports have undergone a huge burst of activity. Over the course of the last month, perl, X, and Gnome have all been upgraded.

    The first step is always the same here, updating the ports tree and grabbing the new index.

      e.g.,

    • cd /usr/ports
    • cvsup -g -L 2 ../ports-supfile
    • portsdb -Fu

    The second step is always the same here too, examining “/usr/ports/UPDATING” to see if there were any special instructions relevant to upgrading my installed ports, and additionally, browsing “/usr/ports/MOVED” to see what ports have been (re)moved.

    Ok, so there have a number of instructions that applied to my installed ports over the last month or so, including those for perl, X server, and Gnome. I updated multiple times and so upgraded many of these components at different intervals, which kept the mixing and matching of these instructions somewhat minimal. (On the flip side, there was a bunch of redundant (re)building of my ports.)

    Of the big boys (i.e., perl, X, and Gnome)…

    My first upgrade was of perl from 5.8.8 to 5.8.9, and I did this by itself, as the upgrade involved manually using a script and its guidance after installation of the upgrade perl, as per the 20090113 instructions in “/usr/ports/UPDATING” for perl5.8. (If perl troubles crop up after using this script, rebuilding the perl dependents may be best.)

    Next came the upgrade of Gnome from 2.22 to 2.24 (and all other updated ports at the time), which went smoothly enough, according to the 20090114 instructions in “/usr/ports/UPDATING” for GNOME and GTK+. (During this upgrade, I discovered some issues with my perl upgrade, so I ended up just rebuilding my perl dependents, but that was not the fault of the GNOME update.)

    A few days later followed the upgrade of libxcb by itself along with the rebuilding of all its dependents according to the “/usr/ports/UPDATING” 20090123 instructions for libxcb.

    Then, the upgrade of X (and all other updated ports at the time). There were issues here and there after this upgrade, but these seem to have been mostly resolved by subsequent updates, as the port maintainers have been tweaking things.

    As mention already, these steps were mostly incremental for me, happening in two primary bursts. If you are upgrading all of that and more at once, it might be easier to just rebuild all ports while taking “/usr/ports/UPDATING” instructions into account.

  3. Tor stable (and development) has been updated to fix a remotely inducible heap corruption issue. Details forthcoming.

    This update also fixes an important security-related bug reported by Ilja van Sprundel. You should upgrade. (We’ll send out more details about the bug once people have had some time to upgrade.)

    Changes in version 0.2.0.33 – 2009-01-21
    o Security fixes:
    – Fix a heap-corruption bug that may be remotely triggerable on some platforms. Reported by Ilja van Sprundel.

  4. Truecrypt 6.1a has been available for over a month. The 6.1 changes include support of tokens and smart cards, and trickery to get passed, say, USA customs.
  5. Xen and Ubuntu have gone their separate ways.

Posted in Anonymity & Privacy, BSD, Crypto, Debian & Ubuntu, Security | 2 Comments »

Quickies: dns, tor 0.2.0.x, truecrypt 6, cold boot sw, fips stuff, j-pake

Wednesday, July 23rd, 2008

I am posting these snippets in a period of quiet between bedraggling, booming storms. Alas, dear reader, another set of quickies, as summertime rolls.

-

So, the DNS implementation flaw has (allegedly) been revealed. Grinding through weak state combined with additional RR trickery gets the job done. Good stuff. Adding more entropy to the state information is one way to fend off feasibility, as demonstrated by djbdns (yes, I mentioned djbdns at one point). Patches abound.

Update: An exploit.
-

The 0.2.0.x branch of Tor has gone from alpha to release, with 0.2.0.30 being the first version deemed fit for primetime.

I tagged Tor 0.2.0.30, the stable release of the 0.2.0.x series, on Tuesday.

You can read all about it here:
https://svn.torproject.org/svn/tor/tags/tor-0_2_0_30/ReleaseNotes

We haven’t made an official announcement yet, because we’re waiting for Torbutton 1.2.0 to go stable so we can build packages for the Windows and OS X folks.

From the release notes

Changes in version 0.2.0.30 – 2008-07-15
This new stable release switches to a more efficient directory distribution design, adds features to make connections to the Tor network harder to block, allows Tor to act as a DNS proxy, adds separate rate limiting for relayed traffic to make it easier for clients to become relays, fix a variety of potential anonymity problems, and includes the usual huge pile of other features and bug fixes.

Great work.

-

The TrueCrypt team has been quite busy it seems, with two major releases this year within a few months of each other. So, TrueCrypt 6 has been rolled out, and I took note of the following new features.

Parallelized encryption/decryption on multi-core processors (or multi-processor systems). Increase in encryption/decryption speed is directly proportional to the number of cores and/or processors.

Each volume created by this or later versions of TrueCrypt will contain an embedded backup header (located at the end of the volume). Note that it is impossible to mount a volume when its header is damaged (the header contains an encrypted master key). Therefore, embedded backup headers significantly reduce this risk. Also note that a backup header is not a copy of the original volume header because it is encrypted with a different header key derived using a different salt. For more information, see the subsection Tools > Restore Volume Header.

More great work.

-

Remember cold boot? Well, the software created as part of the research has now been released.

July 16, 2008 — This page contains source code for some of the software that we developed in the course of this research. These prototype applications are intended to illustrate the techniques described in the paper; we are unable to provide technical support.

-

You may have noticed this.

4Q08 The second draft of FIPS 140-3 will be published for public comment (subject to change).

-

A few new modes of operation for the AES have popped up at NIST in somewhat recent months. One of these, XTS, is now being proposed by NIST for approval for government use, meaning it could become an approved mode of operation for AES under FIPS 140.

The P1619 Task Group of the Security in Storage Working Group (SISWG) of the Institute of Electrical and Electronics Engineers, Inc. (IEEE) has submitted the XTS-AES algorithm (XTS, for short) to NIST as an encryption mode of operation of the Advanced Encryption Standard (AES) block cipher. Although XTS does not provide authentication in order to avoid expansion of the data, it is designed to provide some protection against malicious manipulation of the encrypted data. Subject to the 90-day period of public comment that is described below, NIST proposes to approve XTS for government use under the auspices of FIPS Pub. 140-2.

-

Draft SP 800-107, Recommendation for Applications Using Approved Hash Algorithms, has been published and is open to public comment until 09-Oct-2008.

This Recommendation provides security guidelines for achieving the required or desired security strengths of several cryptographic applications that employ the approved cryptographic hash functions specified in Federal Information Processing Standard (FIPS) 180-3 [FIPS 180-3], such as digital signature applications [FIPS 186-3], Keyedhash Message Authentication Codes (HMACs) [FIPS 198-1] and Hash-based Key Derivation Functions (HKDFs) [SP 800 56A] & [SP 800 56B].

Update: Related to the SP 800-107 news, a revision to FIPS 198 has been released, FIPS 198-1.

APPENDIX A: The Differences Between FIPS 198 and FIPS 198-1
The length of truncated HMAC outputs and their security implications in FIPS 198 is not mentioned in this Standard; instead, it is described in SP 800-107. The discussion about the limitations of MAC algorithms has been moved to SP 800-107. The examples and OIDs have been posted on the NIST web sites referenced in Section 6.

-

Yes please.

Abstract. Password-Authenticated Key Exchange (PAKE) studies how to establish secure communication between two remote parties solely based on their shared password, without requiring a Public Key Infrastructure (PKI). Despite extensive research in the past decade, this problem remains unsolved. Patent has been one of the biggest brakes in deploying PAKE solutions in practice. Besides, even for the patented schemes like EKE and SPEKE, their security is only heuristic; researchers have reported some subtle but worrying security issues.

In this paper, we propose to tackle this problem using an approach different from all past solutions. Our protocol, Password Authenticated Key Exchange by Juggling (J-PAKE), achieves mutual authentication in two steps: first, two parties send ephemeral public keys to each other; second, they encrypt the shared password by juggling the public keys in a verifiable way. The first use of such a juggling technique was seen in solving the Dining Cryptographers problem in 2006. Here, we apply it to solve the PAKE problem, and show that the protocol is zero-knowledge as it reveals nothing except one-bit information: whether the supplied passwords at two sides are the same. With clear advantages in security, our scheme has comparable efficiency to the EKE and SPEKE protocols.

Posted in Anonymity & Privacy, Authentication & Identity, Crypto, Security | No Comments »

Quickies: headaches, links, stories, crypto stuff, other

Wednesday, May 21st, 2008

So, I recently saw Juno for the first time, and was surprised and happy to hear Kimya Dawson permeate the soundtrack. And, I ate at wd~50, which was, well, an experience – highly recommended if you want to try something truly new.

Anyway, yes, still here. Unfortunately, this rare act of posting will be limited to a quickie – a few miscellaneous items accumulated over a couple of months.

-

A few headaches…

  1. Wow, just wow.

    The result of this is that for the last two years (from Debian’s “Etch” release until now), anyone doing pretty much any crypto on Debian (and hence Ubuntu) has been using easily guessable keys. This includes SSH keys, SSL keys and OpenVPN keys.

    Update immediately. And be sure to do things such as regenerate all persistent keys that used random data taken from the vulnerable Debian OpenSSL during their generation – some of this type of work is handled automatically when updating your packages (e.g., OpenSSH server keys), but only you know what you have done outside this automated window.

  2. I booted up a Windows XP box only to find that some resource of the Logitech QuickCam software had become corrupted, and this resulted in a nasty msi installer loop hitting the box as soon as a user logged in. I found this tool extremely useful in cleaning up the mess.

    [..]With the Windows Installer CleanUp Utility, you can remove a program’s Windows Installer configuration information. You may want to remove the Windows Installer configuration information for your program if you experience installation (Setup) problems. For example, you may have to remove a program’s Windows Installer configuration information if you have installation problems when you try to add (or remove) a component of your program that was not included when you first installed your program.

  3. Much to my very unpleasant surprise, I upgraded a server over here from Ubuntu Gutsy to Hardy and discovered networking for Xen DomU’s in Ubuntu Hardy 8.04 is somewhat broken. I ended up using the 2.6.24-17-xen kernel from the hardy-proposed repository, but you could also just stick with the Gutsy Xen kernel for DomU’s.
  4. When I upgraded to Gnome 2.22 on a particular FreeBSD 7.0 system, certain things, like the clock applet, did not work. This was due to the dbus daemon not being started. Then, the hal daemon and Gnome did not want to play nice together. This page provided the information necessary to get them playing nice – in this particular instance, not mounting procfs was the problem.

Side note, I was helping someone install Ubuntu recently, and it brought to my attention yet again how much I take what I consider to be basic skills for granted when using *nix. Small things, like running an executable from within your environment path versus by directly specifying the path (the most confusing to many example of this seems to be trying to run an executable in the current working directory), are just not common knowledge. Even the whole command line itself is often scary and bizarre to people. This makes it extremely difficult to provide useful guidance for people to blindly follow (posts on this blog should never be assumed to provide step-by-step instructions – they are just some basic notes at best, as extremely helpful comments like this make obvious). And, even Ubuntu is not as trivial to use as it would appear to many that work in the *nix world.

-

Three useful Ubuntu and FreeBSD pages…

USN.

These are the Ubuntu security notices that affect the current supported releases of Ubuntu.[...]

FreeBSD VuXML.

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML).[...]

FreeBSD Security Advisories.

This web page contains a list of released FreeBSD Security Advisories.[...]

-

Story-telling is one of the fundamental tools in a teacher’s toolkit. Having done quite a bit of consulting, I have learned how invaluable a good story is to driving home particular points and building relationships. There is something fundamental about how stories effect us, perhaps stemming from our innate ability to empathesize and our massive pattern recognition horse-power.

Anyway, this site has a useful set of stories. [via exi]

Here are some stories, analogies, research findings and other examples that provide wonderful illustrations for learning, and inspiration for self-development.

In fact, the first story mirrors a recent post.

An old lady had a hearing-aid fitted, discreetly, hidden underneath her hair.

A week later she returned to the doctor for her check-up.

“It’s wonderful – I can hear everything now,” she reported very happily to the doctor.

“And is your family pleased too?” asked the doctor.

“Oh I haven’t told them yet,” said the old lady, “And I’ve changed my will twice already..”

This reminds me of a story I often tell about someone I met a while back, a graduate student in psych. She was studying aspects of the initial meeting/courtship routines of people, and would go out to bars and such and interact with potential suitors. Here these suitors were, following their typical pickup routines and sometimes spilling more than their drinks, and here she was, analyzing their interaction and subsequently writing up notes to be turned into research papers, etc.

-

NIST draft SP 800-108 has been released.

SP 800-108

DRAFT Recommendation for Key Derivation Using Pseudorandom Functions

NIST announces the release of draft Special Publication 800-108, Recommendation for Key Derivation Using Pseudorandom Functions. This Recommendation specifies techniques for key derivation from a secret key using pseudorandom functions (PRF). Please submit comments to draft-SP800-108-comment@nist.gov with “Comments on SP800-108″ in the subject line. The comment period closes on June 28, 2008.

Yet more KDFs.

-

They just don’t quit, do they?

1

This is the first article analyzing the security of SHA-256 against fast collision search which considers the recent attacks by Wang et al. We show the limits of applying techniques known so far to SHA-256. Next we introduce a new type of perturbation vector which circumvents the identified limits. This new technique is then applied to the unmodified SHA-256. Exploiting the combination of Boolean functions and modular addition together with the newly developed technique allows us to derive collision-producing characteristics for step-reduced SHA-256, which was not possible before. Although our results do not threaten the security of SHA-256, we show that the low probability of a single local collision may give rise to a false sense of security.

2

We study the security of step-reduced but otherwise unmodified SHA-256. We show the first collision attacks on SHA-256 reduced to 23 and 24 steps with complexities $2^{18}$ and $2^{50}$, respectively. We give an example colliding message pair for 23-step SHA-256. The best previous, recently obtained result was a collision attack for up to 22 steps. Additionally, we show non-random behaviour of SHA-256 in the form of pseudo-near collisions for up to 31 steps, which is 6 more steps than the recently obtained non-random behaviour in the form of a semi-free start near-collision. Even though this represents a step forwards in terms of cryptanalytic techniques, the results do not threaten the security of applications using SHA-256.

3

[...]First we describe message modification techniques and use them to obtain an algorithm to generate message pairs which collide for the actual SHA-256 reduced to 18 steps. Our second contribution is to present differential paths for 19, 20, 21, 22 and 23 steps of SHA-256. We construct parity check equations in a novel way to find these characteristics. Further, the 19-step differential path presented here is constructed by using only 15 local collisions, as against the previously known 19-step near collision differential path which consists of interleaving of 23 local collisions. Our 19-step differential path can also be seen as a single local collision at the message word level. We use a linearized local collision in this work. These results do not cause any threat to the security of the SHA-256 hash function.

4

[...]We build on the work of Nikoli\’{c} and Biryukov and provide a generalized nonlinear local collision which accepts an arbitrary initial message difference. This local collision succeeds with probability 1. Using this local collision we present attacks against 18-step SHA-256 and 18-step SHA-512 with arbitrary initial difference. Both of these attacks succeed with probability 1. We then present special cases of our local collision and show two different differential paths for attacking 20-step SHA-256 and 20-step SHA-512. One of these paths is the same as presented by Nikoli\’{c} and Biryukov while the other one is a new differential path. Messages following both these differential paths can be found with probability 1. This improves on the previous result where the success probability of 20-step attack was 1/3. Finally, we present two differential paths for 21-step collisions for SHA-256 and SHA-512, one of which is a new path. The success probability of these paths for SHA-256 is roughly $2^{-15}$ and $2^{-17}$ which improves on the 21-step attack having probability $2^{-19}$ reported earlier. We show examples of message pairs following all the presented differential paths for up to 21-step collisions in SHA-256. We also show first real examples of colliding message pairs for up to 20-step reduced SHA-512.

Completely academic, but you know what they say – attacks only get better.

-

Interesting stuff.

NSA/CSS periodically releases declassified documents or indexes to these documents to the public. The documents listed on this page were located in response to numerous requests received by NSA on the various subjects stated and for which there appears to be a general public interest. The date after each entry reflects the most current release date of that material. When additional material for a given subject is updated then a new subject index date is posted. To select a subject index, click on the subject title.

In particular, the Cryptologic Spectrum Articles and Cryptologic Quarterly Articles have some fun reads.

-

An easy to cut ‘n paste into a blog post set of old web server log entries depicting an instance of Tor being used to proxy/anonymize automated probes of this web site.

anonymizer.blutmagie.de – - [13/Mar/2008:00:59:00 -0700] “GET /forum/phpbb/index.php HTTP/1.0″ 404 285 “http://forum.d-kriptik.com/phpbb/index.php” “Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1)”

tor.anonymous.proxy.quex.org – - [13/Mar/2008:00:59:01 -0700] “GET /forum/phpbb2/index.php HTTP/1.0″ 404 286 “http://forum.d-kriptik.com/phpbb2/index.php” “Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1)”

tor.anonymizer.ccc.de – - [13/Mar/2008:00:59:02 -0700] “GET /forum/forums/index.php HTTP/1.0″ 404 286 “http://forum.d-kriptik.com/forums/index.php” “Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1)”

tor.anonymizer.ccc.de – - [13/Mar/2008:00:59:08 -0700] “GET /forum/board/index.php HTTP/1.0″ 404 285 “http://forum.d-kriptik.com/board/index.php” “Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1)”

-

Like heat and humidity, free music and Central Park mean summer. The 2008 schedule is up at the Summer Stage web site. And, the opening Saturday looks good to me.

Vampire Weekend
Kid Sister
Ecstatic Sunshine

Saturday, June 14, 2008
From 4:00 PM to 7:30 PM
Central Park SummerStage

Posted in Anonymity & Privacy, Authentication & Identity, BSD, Conferences, Crypto, Debian & Ubuntu, Off-topic, Security | 2 Comments »

Quickies: smell, bot, book, wikipedia, moon

Tuesday, December 11th, 2007

I found this article interesting.

“The study suggests that people conscious of the barely noticeable scents were able to discount that sensory information and just evaluate the faces,” Li said. “It only was when smell sneaked in without being noticed that judgments about likeability were biased.”

In other words, awareness of the situation allows a person to adjust their response to suit the situation. There are two key elements at work here – being aware, and effectively using that awareness.

Anyway, this reminded me of Cialdini’s Influence. The attacks of influence are often carried out beneath the radar of the person being attacked. The attacker triggers automatic responses in the person to influence their decisions/behavior, and the actions that hit these triggers go unnoticed at a conscious level by the person being attack at the time of attack, which results in the person being attacked not properly recognizing the level of influence coming from the attacker. Once a person is aware of triggers and/or able recognize attempts to pull triggers, a person can work to mitigate the influence of triggers and/or the responses to triggers.

Side note, I always find this sort of thing interesting with regards to emotions and relationships. We all have emotional triggers, things that set off strong emotional responses. Learning to understand our triggers, and those of the people around us, can go a long way to having healthy, satisfying relationships. And, with such relationships, comes a great deal of our basic security.

-

Speaking of people, this article has been making the rounds.

The artificial intelligence of CyberLover’s automated chats is good enough that victims have a tough time distinguishing the “bot” from a real potential suitor, PC Tools said. The software can work quickly too, establishing up to 10 relationships in 30 minutes, PC Tools said. It compiles a report on every person it meets complete with name, contact information, and photos.

Ok, so, social engineering is nothing new, and love letters have flooded inboxes. But, it got me thinking for a second…

So, I often speak of using real people for people based attacks leveraging things like beauty and charm. However, since real people tend to be a scarce resource, we are quite limited in the number of attacks that can be carried out and, the less attacks we can carry out, the more important each particular attack becomes. For in person attacks, this people cost can reach extremes. On the other hand, if we go virtual, we can come up with all sorts of ways to farm out the people work to reduce its cost.

Coming back to the article at hand, as a potential way to combine this sort of bot and real people, perhaps a bot that bridged conversations serving as a middle man would be interesting. For example, the bot could hang out in multiple chat rooms or web forums, and cross connect conversations. Or, reply to Craigslist ads and link responders.

Of course, with none of the human participants likely to have the agenda of the attacker here, the conversations would probably have less of a chance of being useful to the attacker than result of automated scripts, even if you could effectively pull off the bridging. Oh well.

-

I remember mentioning cell phone tanka a while back. This takes it to a new level.

“I typed it all on my mobile phone,” Rin explains matter-of-factly over the same device. “I started writing novels on my mobile when I was in junior high school and I got really quick with my thumbs, so after a while it didn’t take so long. I never planned to be a novelist, if that’s what you’d call me, so I’m still quite shocked at how successful it’s turned out.”

[...]

Remarkably, half of Japan’s top-10 selling works of fiction in the first six months of the year were composed the same way – on the tiny handset of a mobile phone. They sold an average of 400,000 copies. By August, the president of Goma Books, Masayoshi Yoshino, was declaring in a manifesto that he was determined “to establish this not simply as a fad, but as a new kind of culture”.

My “waiting to be read” book queue is at ~20. As far as I know, none of these books were written on a mobile phone. I really have to get with the times.

-

When you build a technology based on community input and open communication in a medium that lets gossip circle the world at roughly the speed of light, you can’t expect to hide behind a curtain. And, beautifully, the end result is an open study in people, power, and paranoia, with a good helping of “trust me, it’s for your own good” arguments and “shoot yourself in the foot” phenomena.

A couple of choice excerpts from the article,

Meanwhile, Durova continued to insist that she had some sort of secret evidence that could only be viewed by the Arbitration Committee. “I am very confident my research will stand up to scrutiny,” she said. “I am equally confident that anything I say here will be parsed rather closely by some disruptive banned sockpuppeteers. If I open the door a little bit it’ll become a wedge issue as people ask for more information, and then some rather deep research techniques would be in jeopardy.”

And,

This sort of extreme paranoia has become the norm among the Wikipedia inner circle. There are a handful sites across the web that spend most of their bandwidth criticizing the Wikipedia elite – the leading example being Wikipedia Review (http://wikipediareview.com/) – and the ruling clique spends countless hours worrying that these critics are trying to infiltrate the encyclopedia itself.

Now, I partially pointed to this because I know my circles are always amused by this stuff. But, I also wanted to note this.

But he’s not admitting how deep this controversy goes. Wales and the Wikimedia Foudation came down hard on the editor who leaked Durova’s email. After it was posted to the public forum, the email was promptly “oversighted”
- i.e. permanently removed. Then this rogue editor posted it to his personal talk page, and a Wikimedia Foundation member not only oversighted the email again, but temporarily banned the editor.

It ain’t easy blowing whistles. Even in a supposedly open forum such as Wikipedia, the powers that be crack skulls. You know, silence the critics and keep them silent.

Here, that cracking of skulls is figurative. In other venues, it could be literal. Anonymity has its uses.

Oh, and in the conclusion of a related article, we have a good summary of what seems to be going on.

“Wikipedia, in its way, is of great benefit to the web community,” he says. “But I’ve also been greatly dismayed that Wikipedia has apparently attracted some intelligent but problematic personalities with ambition, secret personal agendas, and cold, ruthless behavior towards other editors and ideas that they perceive as threatening their power, position, or agendas. What’s disheartening is that Jimbo and the rest of the Wikimedia Foundation not only don’t do anything about it, but they appear to support these charlatans to some degree.”

-

I mentioned the contest previously. Well, here comes the first entrant.

The Google Lunar X-Prize folks held an event at a space investment conference in San Jose to announce their first fully-registered competitor.

Odyssey Moon, a startup based on the Isle of Man, and run by Carl Sagan mentee, Bob Richards and the CFO of  satellite-provider Inmarsat, Ramin Khadem, plans to land a rover on the moon within the next seven years.

Posted in Anonymity & Privacy, Off-topic, Security | No Comments »

Quickies: ossl fips prng seeding, privoxy, gcm, hash stuff, misc

Monday, December 3rd, 2007

Ouch.

A significant flaw in the PRNG implementation for the OpenSSL FIPS Object Module v1.1.1 (http://openssl.org/source/openssl-fips-1.1.1.tar.gz, FIPS 140-2 validation certificate #733, http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#733) has been reported by Geoff Lowe of Secure Computing Corporation. Due to a coding error in the FIPS self-test the auto-seeding never takes place. That means that the PRNG key and seed used correspond to the last self-test. The FIPS PRNG gets additional seed data only from date-time information, so the generated random data is far more predictable than it should be, especially for the first few calls.

I updated this post accordingly.

[...]This means the PRNG is not reseeded after the KAT, so the PRNG ends up seeded with constant self-test values.

A couple of patches [1,2] are available for the OpenSSL FIPS module. The patches boil down to running FIPS_rand_method()->cleanup() after the PRNG KAT and then reseeding the PRNG.

-

In “related to Tor” news, this is a good write-up on recent vulnerabilities in what is often the default Privoxy configuration, including that shipped with the Tor bundle up until recently.

The installed ‘config.txt’ file (‘config’ on Mac OS X) had the following option values set to 1:

  • enable-remote-toggle
  • enable-edit-actions

Additionally, on Windows the following option was set to 1:

  • enable-remote-http-toggle

Malicious sites (or malicious exit nodes) could include active content (e.g., JavaScript, Java, Flash) that caused the web browser to:

  • make requests through the proxy that causes Privoxy filtering to be bypassed or completely disabled>
  • establish a direct connection from the web browser to the local proxy and modify the user defined configuration values

It should be noted that these are not Tor specific attacks on Privoxy and you may want to disable these Privoxy configuration options even in non-Tor environments.

-

SP800-38D, specifying the GCM mode of operation, has been finalized.

Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC has been finalized. This Recommendation specifies and approves Galois/Counter Mode (GCM), an authenticated encryption mode of the Advanced Encryption Standard (AES) algorithm.

I remember superficially comparing GCM and CCM back a few years ago. Both seemed to have a push at NIST, but you knew CCM would go through the vetting process relatively quickly being a combined mode of what was already accepted while GCM would take a bit of time. Well, CCM has been approved for quite a while, and now GCM is finally there too.

-

These [1,2] have been making the rounds. More fun with MD5.

We announce two different Win32 executable files with different functionality but identical MD5 hash values. This shows that trust in MD5 as a tool for verifying software integrity, and as a hash function used in code signing, has become questionable.

We have used a Sony Playstation 3 to correctly predict the outcome of the 2008 US presidential elections. In order not to influence the voters we keep our prediction secret, but commit to it by publishing its cryptographic hash on this website. The document with the correct prediction and matching hash will be revealed after the elections.

-

Speaking of hashing, there is a mailing list for the NIST hash competition.

A hash-forum@nist.gov email mailing list has been established for dialogue regarding NIST’s Cryptographic Hash Workshops and Hash Algorithm Competition. It is an unmoderated mailing list; messages addressed to this list are immediately distributed to all the addresses on the list. Only members are allowed to post messages to the list; however, anyone who wishes to do so may add themselves to the list.

-

A location service by Google relying on cell towers to estimate your location when GPS is not available.

Why the uncertainty? The My Location feature takes information broadcast from mobile towers near you to approximate your current location on the map – it’s not GPS, but it comes pretty close (approximately 1000m close, on average). We’re still in beta, but we’re excited to launch this feature and are constantly working to improve our coverage and accuracy.

-

Finally, I found this somewhat interesting to me.

“The empirical fact is that people will often switch to strategies they never picked before. They couldn’t have learned these strategies by reinforcement” from experienced rewards, says Camerer. In these situations, people use imagined rewards, or rewards that could have been theirs, to guide their decision making. This process, called fictive learning, is similar to the emotion of regret. “Regret is essentially the bodily sensation or name we give to fictive learning when there was a better choice than the one we chose.”

Posted in Anonymity & Privacy, Crypto, Off-topic, Security | No Comments »

data sets, walks, kdfs, banksy, odds

Wednesday, November 28th, 2007

I heard Lotus Cafe is gone. And, Rififi may not be happy either. Ah, old timers.

-

Say you have data set you wish to release for research purposes but you don’t want the individual people identified (e.g., a medical data base) and thus tied to particular sensitive attributes (e.g., medical conditions). So, you have this data set consisting of what you consider to be sensitive attributes (e.g., medical conditions) and non-sensitive attributes (e.g., social security number, date of birth, zip code). In order to anonymize the data, you strip out the attributes that serve as blatantly unique identifiers (e.g., names, social security numbers).

Now, there is an immediate issue here. The obvious identifiers have been removed, but lets say this data set also contains attributes (e.g., date of birth, zip code) that when linked to external information lead to the identification of particular individuals (e.g., there is only one person with a given birthday in a given zip code, and this information is readily available someone trying to identify that individual in the data set).

This is where k-anonymity comes in. Now, you have already identified the sensitive and non-sensitive attributes, and you have removed the outright identifiers. From the remaining set of non-sensitive attributes, you can then identify those attributes, which are called quasi-identifiers, that could be linked to individuals through correlation against external data sources.

Here we come to one of the key assumptions made in the k-anonymizing process – the sanitizer can identify the attributes in the data set that can be tied to other, external sources. Not only do they have to identify these attributes, but they also have to assess the level of resources required to use those attributes to penetrate the anonymity of the data set, and make judgment calls on modifying the data for anonymity and/or privacy versus the usefulness of the resulting data set. This is hard stuff.

You can see many issues with this assumption. Does the sanitizer really know what will be quasi-identifiers in a data set? Even if they do, are their judgments about the risk posed by those identifiers realistic? For example, the sanitizer might not know about various public records or even google. Another example, one may assume that only large governments would have access to name, date of birth, and zip code information for individuals. However, most of us have access to this information for at least out friends and family.

Anyway, once you have picked out the quasi-identifiers, you then ensure that at least k records in the data set possess the same set of values for quasi-identifiers (e.g., generalize the date of birth to be year of birth, such that at least 10 records turn up for all years of birth and zip code combinations). In other words, instead of being able to uniquely identify a unique record using particular values for the quasi-identifiers, one always ends up identifying a set of k records with any particular values for the quasi-identifiers (e.g., you pull up 10 records at least for every year of birth and zip code combination).

Important note for the paper that follows later in this post: You may be wondering, what happens when dealing with all these sparse data sets with long-tail distributions? For example, a particular attribute may have a large number of values that are unique or at least very minimally spread across records, which could mean huge impacts on the data set if these values were generalized or removed for k-anonymity purposes. Which means there may be a big trade-off between anonymity and/or privacy, and the usefulness of the data here, which will minimize k if not render k-anonymity infeasible in order to keep the data at all useful. And, it is notable that most transactions databases fall into this category (e.g., credit card records, amazon purchases).

But, say k-anonymity is reasonable for the data without too much loss of usefulness of the data. Great, that covers establishing the exact identity of records, but there is an issue here – we may still be able to tie sensitive attributes to individuals. For example, if the sensitive attributes you are trying to unlink from an individual are applicable to all of the k records pulled up by the quasi-identifiers (e.g., all 10 records have the same medical condition), then one can assume that the individual possesses this attribute even if they can’t uniquely identify which of the k records is that individual. Or, if one knows particular sensitive values do or do not apply to the individual, they can rule out those records, perhaps pinpointing the applicable value of the sensitive attribute for the individual concerned (e.g., the medical condition in the group is either a broken arm or severe depression, and one knows the individual does not have a broken arm).

Which leads to the concept of l-diversity, wherein a set of k records should have l number of values for sensitive attributes contained within it. Now, when one pulls up that set of k records, all of those records do not have the same sensitive values and, even if I know certain sensitive values to do/do not apply to the individual in question, there is potentially still a range of records with other values for sensitive attributes that are applicable, making it hard for me to establish exactly which values for the sensitive attributes apply to a particular individual.

l-diversity can result in the data set undergoing significant modifications. Like with k-anonymity, judgment calls must be made on privacy versus the usefulness of the data set.

But, say l-diversity is applicable to the data set without too much loss of usefulness of the data. Nice, but we may still have some semantic ties or non-uniformity that can be exploited. For example, if all the k records have some related values for the sensitive values (e.g., all the medical conditions were mental problems) while the overall data set covered a larger variety of values, then information is learned about the members of k. Or, if the sensitive attributes in k records have one of set of odds of having particular values (e.g., 75% of members have cancer), while in the overall data set the sensitive attributes have some set of odds (e.g., 10% of members have cancer), this can be used to reveal information about the set of k records distinguishable for the overall data set.

Which leads to t-closeness, wherein the distribution of values of sensitive attributes in a set of k records will mimic the distribution of those values across the whole data set within a range t.

t-closeness can result in the data set undergoing even major changes. Like with k-anonymity and l-diversity, judgment calls must be made on privacy versus the usefulness of the data set.

And so forth.

I typed out that summary because I just noted this paper interesting. [via what is left of the cypherpunks list]

We present a new class of statistical de-anonymization attacks against high-dimensional micro-data, such as individual preferences, recommendations, transaction records and so on. Our techniques are robust to perturbation in the data and tolerate some mistakes in the adversary’s background knowledge.
We apply our de-anonymization methodology to the Netflix Prize dataset, which contains anonymous movie ratings of 500,000 subscribers of Netflix, the world’s largest online movie rental service. We demonstrate that an adversary who knows only a little bit about an individual subscriber can easily identify this subscriber’s record in the dataset. Using the Internet Movie Database as the source of background knowledge, we successfully identified the Netflix records of known users, uncovering their apparent political preferences and other potentially sensitive information.

A few paragraphs of note…

Micro-data are characterized by high dimensionality and sparsity. Informally, micro-data records contain many attributes, each of which can be viewed as a dimension (an attribute can be thought of as a column in a database schema). Sparsity means that a pair of random records are located far apart in the multi-dimensional space defined by the attributes. This sparsity is empirically well-established [6, 4, 16] and related to the “fat tail” phenomenon: individual transaction and preference records tend to include statistically rare attributes.

This applies to most of those real-world databases out there containing information about us, which is something to note when policies say that information that could identify you has been removed from a data set before that data set is distributed.

Our de-anonymization algorithms are designed to work against databases that have been anonymized and “sanitized” by their publishers. The three main sanitization methods are perturbation, generalization, and suppression [23, 8]. Furthermore, the data publisher may only release a (possibly non-uniform) sample of the database. For example, he may attempt to k-anonymize the records, and then release only one record out of each cluster of k or more records.
If the database is released for collaborative filtering or similar data mining purposes (as in the case of the Netflix Prize dataset), the “error” introduced by sanitization cannot be large, otherwise its utility will be lost. We make this precise in our analysis. Our definition of privacy breach (see below) allows the adversary to identify not just his target’s record, but any record as long as it is sufficiently similar (via Sim) to the target and can thus be used to determine its attributes with high probability.

The tradeoff between privacy and/or anonymity, and usefulness comes into play, and the authors make sure to take advantage of it. The real-world is a fun place.

Moreover, the linkage between an individual and her movie viewing history has implications for her future privacy. In network security, “forward secrecy” is important: even if the attacker manages to compromise a session key, this should not help him much in compromising the keys of future sessions. Similarly, one may state the “forward privacy” property: if someone’s privacy is breached (e.g., her anonymous online records have been linked to her real identity), future privacy breaches should not become easier. Now consider a Netflix subscriber Alice whose entire movie viewing history has been revealed. Even if in the future Alice creates a brand-new virtual identity (call her Ecila), Ecila will never be able to disclose any non-trivial information about the movies that she had rated within Netflix because any such information can be traced back to her real identity via the Netflix Prize dataset. In general, once any piece of data has been linked to a person’s real identity, any association between this data and a virtual identity breaks anonymity of the latter.

Anonymity tends to be a one way street. This can be particularly dangerous when it comes to persistent pseudonyms.

We have presented a de-anonymization methodology for multi-dimensional micro-data, and demonstrated its practical applicability by showing how to de-anonymize movie viewing records released in the Netflix Prize dataset. Our de-anonymization algorithm works under very general assumptions about the distribution from which the data are drawn, and is robust to perturbation and sanitization. Therefore, we expect that it can be successfully used against any large dataset containing anonymous multi-dimensional records such as individual transactions, preferences, and so on.
An interesting topic for future research is extracting social relationships, networks and clusters from the anonymous records. This knowledge can be a source of information for further de-anonymization [13]. In the case of the Netflix Prize dataset, de-anonymization of individual records may also have interesting implications for winning the Netflix Prize. We discuss this briefly in appendix B.

Data is recorded, filtered, and mined. You, your actions are not random. There will be non-uniformity, patterns. Identities and attributes will always appear.

I tend to think pseudonymity is the best you get in practice, and even that is quite difficult.

-

So, a while back I wrote this.

Side note, this is even more interesting in combination with things like the reality it generally takes couples trying to have a baby on the average of a few months to achieve pregnancy. Such drawn out periods seems to protect against a number of attacks, such as misrepresentation and quick judgement – for example, it exposes potential mates that seem good at first glance but aren’t quite so good once a closer look is provided.

Fitting right in here, I noted this.

However, Provost and her colleagues say there is in fact no contradiction between this research and other studies, as they are investigating two different kinds of signal. The previous research investigating men’s response to fertile women focused on signals such as smells and facial expressions, which can only be detected at close range. That makes evolutionary sense, as it would benefit a woman to advertise her fertility to a man that she has decided is worth having children with and has therefore allowed to get close to her.

In contrast, men can pick up on the attractiveness of a woman’s walk from long distance, and it can therefore act as an unwitting signal to less appealing males who she might not want to choose. So the advantage of having a less sexy walk around the time of ovulation becomes clear: it allows a woman to hide her fertile period from undesirable men who might take advantage of her at that time.

-

I noticed this request.

As many of you know, NIST has specified two standard KDFs for use with key agreement algorithms (e.g., Diffie-Hellman or MQV) in NIST SP 800-56A. NIST is considering supplementing the 800-56A KDFs with a more broadly applicable KDF. In particular, NIST is considering a proposal for an HMAC-based KDF. Before committing resources to this effort, we would like to get a better handle on the requirements seen by protocol developers and evaluate the level of support for such a standard. We would also like to identify alternative designs that should be considered.

PBKDF2 (something you may already use possibly without knowing it) and S2V were pointed to in replies.

-

Look at that, Banksy in New York.

VANINA HOLASEK GALLERY·502 West 27TH Street New York, NY 10001 T: 212-367-9093

FOR IMMEDIATE RELEASE:
BANKSY DOES NEW YORK
DECEMBER 2ND – DECEMBER 29TH, 2007
OPENING RECEPTION: SUNDAY, DECEMBER 2ND, 1 PM -5 PM

BANKROBBER GALLERY, London, in collaboration with VANINA HOLASEK GALLERY, are pleased to present for the first time in New York, an exhibition of works by Banksy, on view from December 2nd through December 29th, 2007.

There may even be a comment on security in here.

He’s the maniac who got on the news for managing to smuggle one of his pieces of art into Tate Britain and embarrassed everyone because nobody seemed to notice…He’s the wit behind the stencilled “Mind the Crap” writing that appeared overnight on the steps to Tate Modern. He is the prankster who smuggled 500 alternative copies of the Paris Hilton CD into record stores. He is the subversive who placed a life-size replica of a Guantanamo Bay detainee in Disneyland. He’s the jester who gave LA a painted elephant. He is the trickster whose hoax cave painting of a man pushing a supermarket trolley sat in the British Museum unnoticed for three days. He is the infiltrator who disguised as a pensioner hung his perfectly framed pieces in the Metropolitan, MOMA, Brooklyn Museum and his “dead beetle with glued on sidewinder missiles and satellite dish” had pride of place in the Museum of Natural History NYC. Get the picture, get this. Banksy images are even being used to sell 900k condos in Williamsburg.

Anyway, there is a party Saturday (2007-12-01) night from 6-9pm at the gallery celebrating the opening. [via thisheartsonfire]

-

Finally, here are some generic odds.

The National Safety Council has been compiling and reporting on injury data every year since the 1920s. The table below was prepared in response to frequent inquiries to the Council concerning the odds of dying from or being killed by a specific incident or occurrence such as a lightning strike or a plane crash.

The odds given below are statistical averages over the whole U.S. population and do not necessarily reflect the chances of death for a particular person from a particular external cause. Any individual’s odds of dying from various external causes are affected by the activities in which they participate, where they live and drive, what kind of work they do, and other factors.

Posted in Anonymity & Privacy, Authentication & Identity, Crypto, Off-topic, Security | No Comments »

Quick notes on Ubuntu Gutsy with Xen and djbdns, phishing lesson, misc

Thursday, November 8th, 2007

Just when you started thinking I was beginning to clean up my messy posting habits, I went and did this…

-

So, I decided to migrate my Tor server, etc. and thought it would be nice to upgrade to Ubuntu Gutsy in the process. (I also took this as an opportunity to setup disk encryption, which was quick and easy.)

As part of the effort, I rebuilt the Xen guest domains I was using on this server. This part turned out to have some quirkiness, as my Xen dom-0 and dom-Us running Ubuntu Gutsy (7.10) would not place nice under the Xen 3.1 that was installed from the latest Ubuntu Gutsy Xen packages (2.6.22-14-xen kernel). By not place nice, I mean the guests would hang during the boot process and/or not provide a usable console.

So, for my reference and yours, I figured it good to point out where I found fixes/workarounds for these issues with Xen 3.1 (2.6.22-14-xen kernel) and Ubuntu Gutsy (7.10) (used for both the host and guests) – this link is where I found some guidance to help fix the issue.

In particular, I found this, which led me to copy “etc/event.d/tty1″ to “etc/event.d/xvc0″ and then replace all occurences of “tty1″ with “xvc0″ within “etc/event.d/xvc0″, useful and it worked across a couple of running dom-U’s. Alternatively, this seems like it might be a workaround, although I did not use it myself.

I found this, which led me to remove offending “hwclock” entries, took care of some hang time.

Also, I did this, which led me to replace “sda” with “xvda” in my guest’s Xen configuration and its “etc/fstab”, just to continue following the general direction Xen is going, although it did not fix any issues.

-

I decided to use djbdns on a dns cache server. As I was setting this up in one of my newly create Xen virtual machines, I found these instructions useful (minus the small part about tinydns, as I wanted a dns cache service – dnscache was my concern, e.g., dnscache); however, I did note one issue on my Ubuntu Gutsy install with regards to the contents of “etc/event.d/svscan” conveyed in those instructions – the use of “runlevel-” was incorrect.

In other words, under Ubuntu Gutsy (7.10), the “etc/event.d/svscan” contents should be something like what follows.

# svscan – daemontools — http://www.froyn.net/blosxom/blosxom.cgi/2007/1/12
#

# This service maintains an svscan process from the point the system is
# started until it is shut down again.

start on runlevel 2
start on runlevel 3
start on runlevel 4
start on runlevel 5

respawn
exec /command/svscanboot

-

I briefly noted this paper on training user’s about phishing.

Our embedded training system works roughly as follows.
People are periodically sent training emails, perhaps from
their system administrator or from a training company.
These training emails look just like phishing emails, urging
people to go to some website and log in. If people fall for
the training email and click on a link in that email, we
provide an intervention that explains that they are at risk for
phishing attacks and gives some tips for protecting
themselves.

Any manager that has ever had to train (or discipline) an employee can probably relate to some of these lessons learned.

· Embed the training into users’ regular activities so they do not have to go to a separate website to learn about phishing attacks.
· Make it clear why users are being warned—for example, what the risks are and what caused the warning.
· Do not delay the warnings; present them immediately after the user clicks on the link.
· Use training messages with the same content that users have just seen, as this helps them concretely relate to what is being discussed in the training message.
· Supplement training text with story-based graphics and annotations.
· Keep the training messages simple and short. One reason the security notices did not work well was too much text.
· Give clear actionable items that participants can easily do to protect themselves.

The “Embed the training into users’ regular activities” reminded me of what I discussed here in quite some length.

Now, lets look at a much better example. In preparation for security training, you have someone sit outside your organization auditing whether people were taking off their ID badges before leaving work, as was mandatory. As part of this audit, the auditor photographs the ID badge of someone leaving the offices still still wearing their ID badge. The next day, that person comes to work to find you sitting at their desk wearing an ID badge with their name but your face. Now, that would make an impact.

However, the actual implementation used in the paper seemed to lack the impact of my example, in that, the people in the study were asked to play someone else, which separated those people from the actions being taken and the consequences of those actions. There was no real world experience here to drive the lessons home.

Oh, and here is our old phishing lesson.

And, what techniques did we employ?

  • Wariness – Email should not be trusted by default. Examine email messages closely, especially if they request sensitive information, contain attachments, or provide links, and be sure to establish trust before performing any actions requested by the messages. This is just how I think, and it helps in avoiding scams.
  • Research – When in doubt, do some research. (An easy way to do this for messages claiming to be from a company or person you deal with is just call the company or person.) By looking at the raw message, I could see weird characteristics in the headers and the message body that indicated this was a fraud. I then used information taken from the headers and message body to identify proper abuse contacts at the relevant ISPs.

    • And the easiest one…

  • Multiple email accounts with dedicated purposes – By having specialized email accounts that are used only for certain purposes, many scam messages can be quickly identified just by being out of place. (You can also track the dissemination of your email addresses quite well by doing this.) That is how I knew this message was a scam before I even read it its contents.

-

Finally, UAVs have been getting a little attention in my circles for quite a while. So, this article might interest some of you.

Having evolved from military use, drones, or unmanned aerial vehicles (UAVs), are taking to the air in increasing numbers for public-service and civilian roles. They are being operated by groups as diverse as police, surveyors and archaeologists. A UAV helped firemen track the blaze that recently ravaged southern California. [...]

Reminded me of some of the things we did with model airplanes back in the day.

Posted in Anonymity & Privacy, Debian & Ubuntu, Security | No Comments »

« Older Entries