Slashdot Mirror

However relatively bad the security of Microsoft's products are in comparison to what the free licensed and open source communities ( as well as practically every other vendor on the planet ) provide, Microsoft is not alone in the presence of vulnerabilities, this is a major issue for Linux/BSD and Unix as well as ever other OS and vendor.

From the Plimsoll Club history

Samuel Plimsoll brought about one of the greatest shipping revolutions ever known by shocking the British nation into making reforms which have saved the lives of countless seamen. By the mid-1800's, the overloading of English ships had become a national problem. Plimsoll took up as a crusade the plan of James Hall to require that vessels bear a load line marking indicating when they were overloaded, hence ensuring the safety of crew and cargo. His violent speeches aroused the House of Commons; his book, Our Seamen, shocked the people at large into clamorous indignation. His book also earned him the hatred of many ship owners who set in train a series of legal battles against Plimsoll. Through this adversity and personal loss, Plimsoll clung doggedly to his facts. He fought to the point of utter exhaustion until finally, in 1876, Parliament was forced to pass the Unseaworthy Ships Bill into law, requiring that vessels bear the load line freeboard marking. It was soon known as the "Plimsoll Mark" and was eventually adopted by all maritime nations of the world.

The risks,issues and solutions for providing a more secure operating and application enviroment have been known for decades.

Those who do not already comprehend the issues and are willing to learn, should take some time out to listen to some of the speeches at Dr. Dobbs Journal's Technetcast security archives, starting with Meeting Future Security Challenges by Dr. Blaine Burnham, Director, Georgia Tech Information Security Center (GTISC) and previously with the National Security Agency (NSA)

The design and implementation of some applications and servers are just too unsafe to use in the "open ocean" of the internet.

Numerous security experts have railed against Microsoft's lack of security, best summed up by Bruce Schneier Founder and CTO Counterpane Internet Security, Inc who rightly said:

Honestly, security experts don't pick on Microsoft because we have some fundamental dislike for the company. Indeed, Microsoft's poor products are one of the reasons we're in business. We pick on them because they've done more to harm Internet security than anyone else, because they repeatedly lie to the public about their products' security, and because they do everything they can to convince people that the problems lie anywhere but inside Microsoft. Microsoft treats security vulnerabilities as public relations problems. Until that changes, expect more of this kind of nonsense from Microsoft and its products. (Note to Gartner: The vulnerabilities will come, a couple of them a week, for years and years...until people stop looking for them. Waiting six months isn't going to make this OS safer.)

However Microsoft's products are not alone in the presence of vulnerabilities, this is a major issue for Linux/BSD and Unix as well as any other OS and vendor.

In a recent speech "Fixing Network Security by Hacking the Business Climate", also now on Technetcast, Bruce Schneier claimed that for change to occur the software industry must become libel for damages from "unsecure" software

SHA1.

Latest attack method yields collisions in 2^69 operations.

Google or NSA might be able to do it on the scale needed to corrupt a divx/xvid stream. It could work for multi-part rar's; only one bad chunk would be necessary.

If people aren't educated enough to know NOT to email back their bank information to an unsolicited source, than just whose fault is it?

Again, think about credit cards. Store clerks barely verify signatures when people use cards. People can use credit cards to buy things by mail, phone, or Internet, where no one verifies the signature or even that you have possession of the card. Even worse, no credit card company mandates secure storage requirements for credit cards. They don't demand that cardholders secure their wallets in any particular way. Credit card companies simply don't worry about verifying the cardholder or putting requirements on what he does. They concentrate on verifying the transaction.

Sure, roll your own communications program if you want (preferably using ssh, ssl, or similar; getting all the details of establishing secure connections right is surprisingly difficult.)

Don't roll your own encryption unless you don't actually care at all about the data. There are a fair number of academic cryptographers who create systems, and reveal flaws in existing ones. It's highly unlikely, though not impossible, that all known systems can currently be cracked by someone. Avoid known-weak systems or ones with too small of keys like DES, especially with 40 bit key lengths, but even with 64.
Rolling your own -guarantees- it won't be secure. Read http://www.schneier.com/crypto-gram-9912.html#2 among many other places for this opinion. Good crypto is very, very hard.

The low-hanging fruit is people who aren't using crypto, followed by those who are using crypto known to be flawed (sometimes in the algorithms, more often in the implementation; perfect algorithms are useless if you're using a program which leaks bits of the key in known locations in the file headers, and can be greatly compromised by even non-malicious mistakes.)

Use a known crypto system, preferably piggybacked on a known to be decent implementation of the underlying cryptographic primatives and the algorithms to use them securely. Then, stego it in something unexpected; the example of quake bots above might be good.

http://www.schneier.com/passsafe.html

http://www.cyber-ark.com/networksecurity/passwordv ault.asp

That is also what Bruce Schneier does.

Thsi is why i use a free a free program called Password Safe (http://www.schneier.com/passsafe.html) You remember 1 password to login to your safe and then you can see all your entries from there..and as far as i know there is no limit on #1 the entries in each list, #2 The amount of lists you can have..you just have to remember that one password..a definitely good utility for windows..all you apple and linux heads..dont know if it will work for you.It only takes a second to login and your are ready to go.. and when the fiel that stores them auto encrypts your data..as far as i know no one has broken it..From thier front page

With Password Safe, a free Windows utility designed by Bruce Schneier, users can keep their passwords securely encrypted on their computers. A single Safe Combination--just one thing to remember--unlocks them all. Password Safe protects passwords with the Blowfish encryption algorithm, a fast, free alternative to DES. The program's security has been thoroughly verified by Counterpane Labs under the supervision of Bruce Schneier, author of Applied Cryptography and creator of the Blowfish algorithm. Password Safe features a simple, intuitive interface that lets users set up their password database in minutes. You can copy a password just by double-clicking, and paste it directly into your application. Best of all, Password Safe is completely free: no license requirements, shareware fees, or other strings attached.

Hmm.... For all these guys worrying about using a different password for each website - would it be legal to "make up" fake SS#s when dealing with stupid organizations who shouldn't really have access to it anyway. Personally, I think I'd feel quite a bit safer if my school (where I know the guys running IT) didn't have access to the same SS# for me as etrade.

And for that matter, I'd feel even safer if flakey companies like Visa who use even flakier companies like ChoicePoint didn't have access to the same social security number that ETrade has.

Seems the real answer to me is what the parent poster suggested --- Visa should only have an encrypted version of my SS#, and ETrade should only have a version encrypted by a different key.

There is also Password Safe, from Bruce Schneier, author of the venerable Applied Cryptography tome. It's an open source project and very good, IMO.

This article covers whois. Nothing more exciting right? *rolls eyes*

It is nothing new or particularly insightful. This does bring up 3 questions though

1 - Is the slashdot crowd so amazed by something so old as whois?
2 - How much will IP geolocation amaze then?
3 - Who let this even get posted?

What else can explain the FBI going after porn and Homeland Security going after Vegans, trademark infringers, and copyright infringers?! Obviously the war on terror is over. Thank you W. Bush!

None of these is a complete solution, but they may help you.

http://www.schneier.com/passsafe.html Password safe - This uses strong encryption with a master password to store all your other passwords. You still have to cut'n'paste them everywhere, though. Keep it on a USB key with the encrypted passwords.

https://addons.mozilla.org/extensions/moreinfo.php ?application=firefox&id=670 Password Composer - Takes the md5 of your master password and the hostname of a site to generate a unique password for each site. It's available as a Firefox extension, or as a bookmarklet. The method is simple, so you can get your password back with nothing more than echo and md5sum on the command line, so you're not at the software's mercy. However, there's not a good way to change either your master password or a site password if they're compromised. And it's only good for the web. But it's still a good improvement for handling tons of sites that don't need the very highest security.

http://web.mit.edu/kerberos/ Kerberos - Use a password to log in once, and then you're authenticated for all the services you need. This works great, but it has to be supported by each site that uses it. It's great for intranets, but it doesn't help for random web sites.

Well, actually, that's not such a bad way of going about it as might first seem. (Before I get flamed, that's randomly choosing people to spot check I'm talking about - not randomly choosing to give 12-hour detentions for people for whom the spot check failed to turn up anything incriminating, and not shooting people in the head; and only in the context of it being an alternative to using a fixed set of profiling rules to distribute the same number of spot checks). As Bruce Schneier said: "Whenever you design a security system with two ways through -- an easy way and a hard way -- you invite the attacker to take the easy way. Profile for young Arab males, and you'll get terrorists that are old non-Arab females."

Ssh! Don't try to apply logic here. We prefer complex technological solutions that will work only under certain conditions designed to meet threats we have already seen. Somehow this makes us feel safer than general preparations to deal with any number of unspecified threats or emergencies which might arise.

Exactly! This is a typical example of what Bruce Schneier calls movie-plot threats.

thus begins the hijack alert arms race. first the hijackers try to jam it. then the device is changed to always send a "ok" signal, so that even a lack of signal means "not ok!" then the hijackers try to jam it and simultaneously send an "ok" signal, so the device manufacturers add various levels of encryption to the signal to try to make it unforgeable. if this all sounds familiar, it's because it's been done before :)

See Bruce Schneiers article on The Fallacy of Cracking Contests

DO NOT scan/test a company's network without their permission! This is the fast track to a jail cell. Like QuantumG said (albeit a little sarcastically), get a sales manager and expect to pay out a lot of money in advertising.

If you think you're post was well composed, I would recommend some English/technical writing classes. If you recognize your post has some grammar problems and you know your writing skills are good, I would not worry about it.

Check out Bruce Schneier, Counterpane Internet Security, or SecurityFocus. Gibson Research Corporation is another site to check out. This is just a start to getting some background on the basics and depth of IT "security".

I would say from the post you are not coming from a security background. Assuming you have an IT Bachelors degree, the minimum I would recommend is for you to study for some basic security certifications (such as the CompTIA Security+ and the MCSE/MCSA: Security on Windows Server 2003 specialization) and take them if you have not already. On top of this, I would recommend doing research into security conferences and possibly even local university classes on IT security (although I recommend these with a grain of salt as there is a lot of variance between the quality and type of information offered currently). There are whole books written on this subject, so visit your local bookstores and research what they have available. My rule of thumb in evaluating books is to see how in depth they get with their subjects. If they just talk in general about their subjects with no specific examples, I typically look for something else (unless it is an introductory book, of course).

Finally, just remember security is different to everyone (even in the business/corporate world). One company might just need you to identify their weak spots, patch them, and setup a plan to make sure they stay patched. Another company might need you to analyze everything from weak spots/patches to physical security of IT assets. Your job as a consultant would be to identify what they need (Business 101).

Hope this helps.

Treat it just like any other project that uses a cyclic lifecycle management. I'm supposing you already have your foot in the door, you are just unsure as to how to conduct yourself. At the end of each round, the customer can decide if they like the kind of progress being made and has the option to cancel the contract after each round if they disagree with methods or results. Start small and simple and develop their trust. If they really have security problems, you are best off finding a way to make them want to change rather than just telling them off.

Round 1: Spend one week writing a paper on the intellectual or physical property deemed essential to the company, and then document what measures the company believes they are practicing to protect them. At this point, you should also define your known enemies, be it a competitor or vast amounts of time wasted during virus outbreaks. Don't dwell on anything but the obvious as we all learned in the Six Dumbest Ideas In Computer Security document.

Round 2: Propose a paper exercise approach to physical security, both in the server room and in the cubicle farms. Spend a week and not too much money. This will confirm or deny that declared in Round 1.

Round 3: Address disaster recovery options because arson and other DOS techniques are just as bad for protecting IP as is an electronic attack. This is a check to see if the current protections methods covered this usually underfunded area. Don't forget offsites.

Round 4: Propose, via contractual methods, solutions for closing gaping holes in the protection measures. That is, cover the areas for which no protection is provided, be it physical, procedural, or electronic. Implement if approved and have alternate, albeit less-effective approaches for those rejected due to cost or time.

Round 5: Propose a development area be established to test current and future configurations of electronic equipment for known attack vectors (e.g. new patches on a firewall don't open new ports). [At this stage, your customer has confidence that you know what you're doing, but it took you this long before you really started touching the inside of their network.] You never subject the production network to most scans, except maybe for proper patch deployment. All the exploit attempts happen in the lab.

Round 6: Like every good reader of Bruce Schneier's Secrets and Lies , you now propose methods and procedures for monitoring and reacting to attacks against the core intellectual or physical property documented in Round 1. Depending on your company goals, you can hope to win this one, or you can let them run the service while you move on to another customer.

Tips: If you get lots of resistance at Round 1 telling you that you aren't moving fast enough, beware because you will be the victim of the blame game in Round 6. Don't forget that sometimes the attack vector is physical theft - encrypt core files anywhere they are found, most especially on laptops. Round 1 may have identified Internet access as a risk, so in Round 4, consider using a private, internal network and force all users to use thin-client tools for Internet access - no removable media, highly-enforced group policies, and the ability to quarantine viruses at the door. For that matter, proxy all Internet access and monitor it in Round 6.

If you find this interesting you might be interested in Bruce Schneier's Solitaire Encryption Algorithm, a real encryption algorithm using a deck of cards.

Not at all. It's easy to have a unique ID that is still anonymous. Skim through a copy of Applied Cryptography (chapter 6) some time. Schneier has gone over the issue on his website too.

The likelihood of a mistake in a properly-designed system is minute. Even the largest voting location probably wouldn't be processing more than one ballot per second. Electronic voting is fine in theory. The implementations have been awful.

One of the most important rules of stream ciphers is to never use the same keystream to encrypt two different documents. If someone does, you can break the encryption by XORing the two ciphertext streams together. The keystream drops out, and you end up with plaintext XORed with plaintext -- and you can easily recover the two plaintexts using letter frequency analysis and other basic techniques.
...
Microsoft uses the RC4 stream cipher in both Word and Excel. And they make this mistake. ...

There's already a crack for AES.. check the archives.

I wouldn't call it a crack, more of a theoretical vulnerability. When the attack's complexity exceeds the number of atoms in the universe, it doesn't seem much like a "crack".

Say the secret police arrest you and start going through your hard drive. You've got a bunch of pornographic pictures on your hard drive, so you've got a decent cover story. But you've also got the steganographic program on your hard drive, so the secret police are suspicious. They might try to download the same pictures from the net and look for the telltale differences that indicate a hidden message. Or they might just assume that you've got some messages hidden somewhere. Steganography: Truths and Fictions

A seemless open standard DRM could open up huge markets

In economic theory, there's the citadel model and the insurance model. As Bruce has pointed out in http://www.schneier.com/essay-024.html , The Citadel model basically says, "If you have this stuff and do these things, then you'll be safe." The Insurance model says, "Inevitably things will go wrong, so you need to plan for what happens when they do. [...] But in practice, no one has ever built a citadel that is both functional and dependable.

So while a desire for security is understandable, thinking that you will do this-and-that (antivirus programs, firewalls, code signing, you name it) and you will never have trouble is a lose-lose situation: You both impede your job and end up with some kind of trouble sooner or later.

By the way, I do code sign my programs. I have distributed my (department's) public key, and almost forced our clients to trust it. Next project: Teach them that a program that says "MyCompany S.A." and is not automagically trusted, is, well, not from MyCompany :-)

And, more importantly, being able to file .pdfs helps eliminate one of the great threats inherent in .doc files. That is the hidden parts of the document.

No, they won't.

As bruce pointed out MS might have an own agenda.

I think this is a reason:

TC faq

The second, and most important, benefit for Microsoft is that TC will dramatically increase the costs of switching away from Microsoft products (such as Office) to rival products (such as OpenOffice). For example, a law firm that wants to change from Office to OpenOffice right now merely has to install the software, train the staff and convert their existing files. In five years' time, once they have received TC-protected documents from perhaps a thousand different clients, they would have to get permission (in the form of signed digital certificates) from each of these clients in order to migrate their files to a new platform. The law firm won't in practice want to do this, so they will be much more tightly locked in, which will enable Microsoft to hike its prices.

i don't believe schneier has any bias except towards making sure bad security and policy doesn't become commonplace. this means making clear the user's rights and the content owner's rights and making sure they don't overstep each others bounds.

have you ever read any of his stuff?

I'm not sure of the writer's bias

Bruce Schneier is a security expert with a practical perspective on security analysis. I subscribe to his newsletter, and near as I can tell, he's not particularly biased for or against Windows. He is very vocal about the balance needed between individual rights and security concerns. He also regularly points out security measures and implementations that are just for show.

I read the article and it doesn't seem like he's bashing TCG at all. Appears more like he has issues with Microsoft wanting to release VISTA as a approved TCG OS without actually following the best practices document.

Regarding a well publicized computer espionage case.

It seems, the authors of the spying tool used in this case, were arrested in the UK and are being turned over to Israel for justice.

This raises the same moral question, whether an author of the tool is responsible for the way it's being used.

Should Fire Arms companies be held responsible whenever someone uses their branded rifle to commit a crime?

It's the link I provided at the start: http://www.schneier.com/paper-low-entropy.html

As I've shown, this attack doesn't work, because the probability that you're in the loop at that stage is too low, and in any case it requires 2^80 work with a 2^160 bit hash, which is impractical. If your demonstration is correctly implemented it should show the same thing - how many iterations did you test it with? With a 32-bit hash, 20 iterations or so should show this effect.

If you find an attack that does work, please do publish it!

but I wonder if it will take $200M for each of the hundreds (if not thousands) of other cities' transit systems around your country which are now more viable targets.
Of course next time they might not target transit systems at all...

THIS is why its called ASYMMETRIC warfare.

You folks might want to check out Bruce Schneier's book "Beyond Fear", or back issues of Crypto-Gram (http://www.schneier.com/crypto-gram.html).

Still, if the customer feels good - does it matter if its just a placebo? And shareholders of Lockheed Martin - woo hoo!

--
My slant on global affairs.
http://newtonsthirdlaw.blogspot.com/

Actually I have seen many applications that fail to salt passwords before hashing them; it's depressing. Salt should be long enough to be globally unique when randomly generated. Old-style Unix passwords used a 12-bit salt, which was pathetic; 128 bits would be plenty.

In addition, it's best to iterate the hash many times, which slows down dictionary attacks. See Kelsey, Schneier et al, "Secure Applications of Low-Entropy Keys":

http://www.schneier.com/paper-low-entropy.html

The proofs in that paper are based on the assumption that the hash function is collision free, which of course MD5 isn't; another hash function might be preferable.

maybe it's not humour, Mr Schneier says that there really is nothing to see, and normally he's a man who knows...

i seroiusly doubt they were 20 years ahead. the military operated in a misguided semi-vacuum state back in the 80's; when 3DES was slammed. i'd say some individuals were ahead of the game, but not the establishment, and not 20 years.

Actually, Adi Shamir announced the results in their name, since she and her student did not receive U.S. visas in time to attend the conference.

1) When DES came out, academia were demonstrably at least 20 years behind the NSA in terms of cryptographic skills.

2) I'm impressed that you know what they use for top secret data - do you have any references for that? I'd note that, if USA top-secret data were encrypted by a different system, the NSA might well decide it was worth the risk of AES being cracked to be able to read their enemies' data.

3) If the authors, on their own, were capable of finding a break then their work would most likely have been independently duplicated by the academic community by now. If, however, one of the biggest employers of mathematicians worldwide, with more past experience of cryptoanalysis than anyone but GCHQ, were to find a break, they could probably expect that it wouldn't be duplicated any time soon.

Having said that, I'm not a cryptographer yet so I could be completely wrong.

It does have implications for IPsec but the main question you are starting from the wrong place. The first question you should be asking youself is "Who is my enemy?". For the sake of this discussion let's assume the worst and go with the NSA.

The next thing you should be asking yourself is "What am I protecting?" Since we are assuming that the NSA is your enemy let's go ahead and say that you want to blow up rather large and expensive things that the USian .gov would really rather you not blow up.

And the last factor is "How long do I want to keep this secret?"

For the sake of argument let's assume that the NSA can do twice as well as any known attack. Given all of that if the answer to the last question is "years" you have something to worry about. If it is months you very likely have something to worry about. If it is "weeks", "days", or "hours" you are very likely safe.

So yes at some point in the future if you have a long planning horizon it could matter.

What this all means is that you want to pay attention to all of this but there is no need to panic. At this point SHA1 is still better than MD5 for most things. So use it, pay attention to it, and most of all you might want to evalute what traffic you are passing. I've *always* been against passing secrets over a IPSec tunnel with a lifetime of more than a few months. This is simply because, IMO, IPsec is too complex to ever be safe over a long planning horizon. I'm in pretty damn good company here.

So pay attention and be ready to change when things change. And they *will* change. And I would not send anything that has a long lifetime over the wire.

http://www.schneier.com/paper-ipsec.html

You forgot to add a link to where he describes this process and how he derrived it. A fascinating read, really.

If one were interested in the history of cryptography, one would read The Code Breakers, by David Kahn (very thick book, yet very interesting). Or, if one were interested in how to utilize cryptography into business processes, one would probably have read Secrets and Lies, by Bruce Schneier.

...when you use RSA for encryption, you use it in conjunction with a symmetric encryption algorithm.

I don't really get the whole idea (no pun intended) of patenting a mathematical algorithm. It would be like patenting the recipe for Oreos. You can trademark it, and copyright it, but patenting it doens't make sense to me. Then again, IANAL.

considering remotely exploitable cache timing attacks against all software implementations of AES and other S-Box constructions will Intel grow some brain cells and put crypto directlty into the core?

i don't think they are that smart...

  - It's not even any kind of proposed bill.

Thompson, now a director of Applied Digital Solutions, the company that makes the chips, intends to publish the proposal in the next 50 days, by which time he plans to have had a VeriChip inserted in his arm.

- Even in some kind of alternate universe where compulsory, mandatory implants for all residents of the United States were a rider on ANY bill, no matter WHAT the bill, it would NEVER pass.

Even for those people who think (wildly erroneously, I might add) that the US is a totalitarian police state and one step away from 1984 (or already there).

According to Bruce Schneier, the security risks if WiFi are vastly exaggerated.

1. Victim gets email (allegedly from user@target.com--doesn't really matter) containing link to www.target.com
2. Victim clicks on link and in response victim's local name server send a query for www.target.com
3. Malicious guy interposes and spoofs a response to victim NS query: saying "I'm www.target.com and here is my [fake] IP"
4. Then victim connects to fake IP (spoofed paypal site)

1. Send you an email from www.badguy.com and get you to respond to it... or embed an image hosted at www.badguy.com in the email so that your name server has to figure out how to get that image. Whatever: basically get you to try to resolve badguy.com
2. Then your name server figures out how to get to www.badguy.com (maybe through .com) and then once he gets the name server for www.badguy.com, that name server actually responds and says: "badguy.com delegates to www.ns1.TARGET.com and www.ns2.TARGET.com" AND says "www.ns1.TARGET.com is at [IP address of name server under control of badguy] and www.ns2.TARGET.com is at [IP address of name server under control of badguy]."
   
3. So then when you LATER try to go to www.TARGET.com, you'll ask the name server www.ns{1,2}.TARGET.com, the IP of which is a name server under the control badguy.com.

http://www.schneier.com/blog/archives/2005/08/eave sdropping_o.html

PPTP is a lot heavier than ssh, and is fundamentally flawed. Although pptp is close, ssh is still far superior and easier to get working.

Say the cashier remembers you because she thought you were cute. ... or scary. ... or nervous.

Bruce Schneier talks about similar security-defeating effects of secret questions.

Yes, it's dead easy and can be done using readily-available and household materials. You just need some graphite dust and sellotape {from your desk}, photoresist PCB board and processing chemicals {from Maplin or similar; unless electronics is considered bomb-making nowadays}, and plant gelatin {from a health food store}. Dust laptop for {presubably the rightful user's} fingerprints with graphite and lift with sellotape. {Option: enhance image electronically}. Make a printed circuit board using the fingerprint pattern. Ideally use negative working photoresist or take a negative as part of enhancing the image, though in practice negative images are acceptable to fingerprint scanners {which seem to respond to edges in blissful ignorance of actual direction}. Use PCB to cast a gelatin mould of the rightful user's fingerprint. Use artificial gelatin fingerprint {possibly on the end of your own finger} to operate scanner. In the event of a bust, it can be disposed of safely by eating {you did use plant gelatin, didn't you?}

References here and here.