TrueCaller Vulnerability Reenforces Doubts on Apple App Store Certification
On April 28th, 2012 a vulnerability was discovered in TrueCaller, an iPhone application that as worldwide number search and spam filter on Apples iPhone platform. The path to rectifying this issue has reenforced doubts about Apple’s ecosystem (more on this below).
Another scratch in the RSA Token
Research was released this past week of an new method attackers can use to clone the abilities of the software that RSA’s SecurID system uses to generate one-time passwords. Essentially, the threat is not new, but a proof of concept attack was released that shows how an attacker can exercise existing control over a user computer to clone the behaviour of the software despite security around the software. In essence, an attacker can get at chunks of data being returned by data protection application programing interface (DPAPI) to reverse engineer the software. This is true even when additional, optional protection called token binding is in place.
It is noted that this attack is currently limited to RSA’s soft token software found on desktop and laptop operating systems, and requires some level of control over the computer. However, given the prevalence of boy-nets and Trojan back-doors in the modern computer world, this is not the most difficult of criteria to meet. Software available for smartphones is likely similarly vulnerable but will probably require the phone to be rooted or jail-broken.
Twitter - 55,000+ user accounts leaked with passwords
This morning several websites were reporting that over 55,000 twitter accounts have been compromised, and the username and passwords leaked. The accounts have been posted to PasteBin. According to AirDemon, accounts attributed to celebrities were attacked in the process.
The attack seems to have been a relatively simple brute force attack. The PasteBin data suggests that accounts in question had relatively short passwords, and were weak in that they included at best alphanumerics [upper case/lower case letters and numbers] and only rarely any special characters. Statistics show a vast majority were under 10 characters in length. Critics point out that a strong password policy and educating users could easily avoid releases of information like these. Even with strongly secured password databases, generally recommend passwords in excess of 12 characters, and having a mixture of upper/lower-alphanumerics and special characters.
Good passwords are difficult to come up with, and often somewhat unwieldy to use. Passwords always balance the line between security and convenience, but releases such as this would seem to suggest that some strong complexity validation built into the Twitter login system could have prevented such an easy breach. Most of these passwords probably should not have been allowed. As for the creation of “good” passwords, there are a number of password generators available. Users may wish to consider one of several password storage tools. For instance, KeePass comes with a built in password generator and a strong encryption pedigree. It also allows users to control the database (never off device) and read it from a number of operating systems. Other tools exist, but please do research into them, recently many of such password banks claiming “military grade” protection were found to be easily compromised.
Rather than linking the 5 pages here, as others have done ad nauseam, please visit the article sources for their own take on the events. All this said, I would take this report with a strong grain of salt. These accounts were definitely poorly managed and low hanging fruit. Often Celebrity accounts are verified and be easily recovered by the owner. Additionally, many boards seem to suggest a number of the accounts exhibit spambot characteristics. Finally, the database reveals a number of blocks where accounts use the same password, suggesting the same user farming accounts for any of a number of possible purposes.
Debug flag blunder exposes passwords system wide on OSX …
In the latest security update to OSX 10.7[.3], apple seems to have accidentally turned on a debug log function that stores it’s log outside of encrypted area. Among the various system-wide parameters logged in this file are passwords passing through the password entry subsystem, essentially most system passwords and website credentials.
User who had begun using FileVault encryption prior to Lion, who have not uplifted their file-structure to FileVault 2 (whole disk encryption) are vulnerable. The hiccup is also a bit worse than is seems as the storage area is accessible with the system is booted from an external device using firewire disk mode. The passwords stored also likely give attackers enough information to then elevate to encrypted areas of the drive. This information is also likely to be available remotely using existing “will-not-be-fixed” vulnerabilities for remote access to the file-system.
The article goes on the postulate that any business that has decided to include OSX device in its network, likely is relying on this encryption scheme. The update shipped February 1st, 2012 and apple was notified on Feb 6th, 2012. At the time of the writing of the article Apple has not responded to either the initial report or to follow up inquiries.
One of the few pieces of good news here is that the log file gets rewritten every few weeks so not necessarily the entire 3 months of information is available (period back up cases aside). Users are advised to change passwords upon release of a patch to ensure no backup copies of this log fall into a position to compromise their systems.
App-phone Vulnerabilities Continue to Surface as Western Marketshare Grows
North America is quickly catching up to Asia and Europe in terms of app-phone market share. As a result we are quickly encountering the same problems these countries have experiences with SMS Trojans for several years now.
As app-phones have been designed for easy of development, with security being almost an afterthought, malware writers have found this an obvious evolution of their activities. Currently, a new SMS Trojan has been noticed with limited infections targeting users several European and Western countries, including Belgium, Canada, France, Germany, and the UK. This Android Trojan has a couple of functions, each designed to deceive the user and run up charges on the bill. The infection accomplishes this by sending out and receiving SMS messages to premium SMS numbers and hiding the texts before the system can display or alert to user to their presence.
The unpolished security of virtually all app-phones on the market today, is a large factor in the spread of these types of malicious programs. However, an equally large part is due user negligence. A closed, locked-in market filled with an overwhelming number of similar applications leave little time to inexperienced users to sort out legitimate applications from the cruft. More over, many of the natural forces that allowed open app markets catering smart phones of generations past, no longer function to weed out substandard software.
What is MD5 and Why Should You Care That It’s Broken
I came across an interesting article today discussing a talk with one of Kapersky Lab’s analysts, Evgeny Aseev. The discussion centers around the use of MD5 hashes, how they are no longer enough, and involves a few dropped comments about the H B Gary attack by Anonymous this year. This quickly becomes a bit technical so here’s a quick run-down of MD5.
What is MD5?
MD5 is a cryptographic function (it’s math!) that takes a blob of data and creates a relatively short string from it. This string is called a hash value. Hash functions, such as MD5 are sometimes called one-way hashes, which means it’s easy to go from the blob to the hash value, but it’s difficult to go from the hash back to the blob of data. One peculiarity of MD5 is that, while not very common, different blobs of data can have the same hash value.
So what is MD5 used for and why is it important? One use of MD5 is as a checksum of files. For instance you can download a large file, say an installer from a company. The company supplies you with the installer file and an MD5 hash value. Once you have finished downloading the file you can run MD5 on the installer and if the result matches the MD5 hash value given by the company, you can be fairly sure it’s the file you wanted to receive and it hasn’t been corrupted in the download.
More generally, MD5 is used in many password systems as storage for a user’s password. When your password is first set, the system creates a hash value and stores that to the database. When you try to log in, it takes your password and runs MD5 on it. If the resulting value matches the one present in the database, you are allowed to log in. As you can see, on the surface this means that even if someone manages to steal a password database they still wouldn’t be able to steal your password.
As a side note, many people make a difference between encryption and hashes. The media is particularly notorious for this. Many may note that during the Sony PlayStation Network attack, the media reported that the password database had been stolen, and it wasn’t encrypted. This is true, in that you didn’t need to decrypt the database, but the passwords were all stored in a hash value generated by any of a number of hashing functions. In general, passwords are stored hashed rather than encrypted because hashing a password response and comparing it to a stored hash is fairly secure, while still being fast. Decrypting a database each time a password is entered, on the other hand, is a slow process and grows exponentially slower as more accounts are added to the system.
How is MD5 Broken?
So, now what’s the deal with MD5 hashes? Well, remember we said that two different blobs of data can have the same MD5 hash value? Well in theory, an attacker doesn’t need your password to access your account, he just needs a password that has the same hash value as yours. Therein lays one of the major weaknesses of MD5. Currently, there are easily available databases called Rainbow Tables. These Rainbow Tables are essentially a combination of random letters, numbers, and symbols paired with their pre-calculated hash values. In theory, all an attacker needs to do is see the hash value of your password in the database, look up this hash in the Rainbow Table, and use a password that hashes to the same value as your password. Current Rainbow Tables seem to hold values of essentially every password up to ten characters comprised of only lower-case letters, and every password up to eight characters comprised of uppercases, lowercases, digits, and spaces.
Generally, this kind of attack is an “escalation” attack. At some point the attacker has gained enough access to copy the password database and can now start matching password hashes against Rainbow Tables. Another vector an attacker could use, is taking a Rainbow Table and using each value against an account until one of the passwords work. This latter approach doesn’t tend to work very well on modern systems. Most modern systems of any significant design, lock an account out after 3-30 password attempts and require administrator intervention. In general, it has been fairly accepted that MD5 is broken and should not be used for authentication for well over a decade now. That said, MD5 is still widely employed by web applications and even some enterprise equipment vendors.
Enter H B Gary
So how does H B Gary figure into this? Aseev makes a throw away comment about password standards that were being used at H B Gary. The principals whose accounts were compromised used passwords consisting of six letters and two numbers. If they were being hashed using the MD5 function, suitable password candidates would exist within the Rainbow Tables. A second throw away comment is that these same principals used the same passwords on both their Google accounts and H B Gary’s internal systems. The comments beg one question however, and this is how did the attackers from Anonymous know what the hashes were. Above we mentioned that most modern systems lock out an account if someone is trying to brute force the password. This train of thought and other reports on the situation make it seem as if Google accounts are missing these simple lockout functions.
Is My Password Safe?
So then, is my password safe? The short answer is no. The long answer is, it depends. Some systems are using more secure hashing functions, others still rely on MD5 and its hard or impossible to know which any given system is using. It’s best to assume that any service that doesn’t say how your password is being stored is running MD5. So, now that we are sufficiently paranoid, how do we protect ourselves? First approach is, unfortunately, only a stop gap. Use a password that is not in a Rainbow Table and hope for the best. This means picking a password that is greater than 10 characters and contains upper cases, lower cases, numbers, spaces, and symbols. This will only continue to work until new Rainbow Tables are developed that cover these password rules too. A better form is two-factor encryption: The use of a password and a hard token for instance. These systems have flaws too, mostly they are too complex for the average user, and the companies that provide them can, and do get cracked. In the long run, the final answer is simple: long, strong passwords, and training computer users to understand basic security principals.
Early this week, I did a quick and dirty write-up trying to do a high level explanation of what is going on with DigiNotar and why it’s important. Since then there have been a lot of pieces that had dropped that are directly or indirectly related to the incident.
DigiNotar Certificate Authority Comprimise - Some Early Take-aways
During the past week, the compromise of Dutch certificate authority DigiNotar has been keeping the security community watching the news. SSL certificates allow encryption of web-traffic between users and servers, and the certificate authorities’ job is to give people some reasonable confidence that the server a user is talking to is who they claim to be. As a result of this attack, several fraudulent certificates have been issued allows an attacker to make fake websites in the names of 531 (so far) high profile entities such as Microsoft, Windows Update, Mozilla, Google, the CIA, MI6, and Mossad to name a few. These fake websites are trusted by web-browsers because they seem to have been authorized by DigiNotar. In response to this attack, web-browser companies like Mozilla have been pushing critical updates to disable trust on these websites. While the situation is on-going, preliminary reports by the Dutch government point to wide spread use of unprotected computers, out of date software, poor password policies, and malicious software infections at a company that, until last week, exceeded some of the most stringent oversight and security standards in Europe.
Microsoft releases a Promo video for Windows 8.
That person on the bus may not be late for his appointment after all. SMS Technology Australia has started production on its M500 line of GSM watches. The M500 is a classy looking square faced watch that runs on quad mode GSM technology. It features a 1.5 inch color touch screen, 128 MB of memory for contacts and files, and full sms support. While it does play MP3/AAC and MP4 video, my strong suspicion is these are use with contact identifying queues. USB support for recharging and utilizes U disk Technology. Communication is apparently through Bluetooth to a wireless headset.
All in all, I think that the phone looks rather nice, but I am not sure how many people will be hopping on this fashion item. Additionally, SMS recently announce the M501 Ladies watch.
Apple bleeding you dry.
This morning’s “USA Today” (Ugh I know … its what the hotel left on the doorstep) is running a story on the front page about blood banks trying new techniques to get donors in the door. One of the options some blood banks are thinking of raffling off iPods. The article doesn’t go on to say whether Apple will be donating these ipods, or if they come through the normal supply channel. However, given Apple’s interesting methods for measuring sales metrics in the past; I wonder how many times each of these iPods will be counted.
Christopher Dawson discusses his Anti-Mac bias!
Christoper Dawson, one of ZDnet's educational bloggers, wrote last night about his Anti-Mac bias. Much like Mr. Dawson, I've faced the stigma of being “the wrong expert” when my friends ask me about what Laptop or desktop they should consider buying, and I rarely have Mac's on the list.
Dawson points out that while Mac’s are great at what they do, it’s often overpowered for the average user. When looking at the starving college student or simply us overworked and underpaid s.o.b.’s, the economics simply don’t make sense. A high school or college student looking for a computer to write his homework on needs a word processor that can print. A $600 dollar laptop can handle that. Granted many people don’t want to hear this; to you I have to say be honest with yourselves and whoever you might be asking to buy you the device. If all you want is something to write papers, then say it. If you are wanting something to write papers, make movies and do all kinds of other activities, then say it.
For those that talk about needing Mac to work on creative challenges that Windows and Linux don’t fill; I am afraid I can’t really buy that argument. Especially not for the low end. Mr. Dawson points to a specific example of a friend who deals a lot with digital photography for work. Due to various issues, including her work environment she ended up going with a much cheaper PC based solution to adequately fill her needs when her old Mac was no longer up to the challenge. I am not too sure I buy it for the upper end either. Applications like Cinelerra and Maya are available free for Linux, and many have for-gone Mac for Linux shops that are cheaper to develop and operate.
Finally for those that like to remind me, that Mac is now simply a very advanced GUI running on top of BSD, I’ll say that it’s a very crippled version of BSD. When trying to trouble shoot network issues with a friends Mac in Terminal, I ended up frustrated in about 10 minutes of trying get the commands to work with the switches I am used to. I ended up booting off a copy of OliveBSD that I happened to have on the top of the pile of CD’s on my desk and booting off that to get back various switches to the networking tools missing from Tiger.
In short if you are willing to use the Mac, say that you are getting it because you want a Mac. If you are a starving student you won’t win any points crying that you don’t have enough money to by that 17” Macbook that you need to write up your composition class assignment. Know what you are getting your PC for and play to it.