Database of Private SSL Keys Published

Trailrunner7 writes "A new project has produced a large and growing list of the private SSL keys that are hard-coded into many embedded devices, such as consumer home routers. The LittleBlackBox Project comprises a list of more than 2,000 private keys right now, each of which can be associated with the public key of a given router, making it a simple matter for an attacker to decrypt the traffic passing through the device. Published by a group called /dev/ttyS0, the LittleBlackBox database of private keys gives users the ability to find the key for a specific router in several different ways, including by searching for a known public key, looking up a device's model name, manufacturer or firmware version or even giving it a network capture, from which the program will extract the device's public certificate and then find the associated private SSL key."

what?

What is the consequence of this?

Re:what?

[Rijnzael]

Presumably it will allow an attacker the ability to listen passively for traffic between a router administrator and the router itself, allowing the attacker to gather login credentials and use them to whatever ends they intend.

Re:what?

[Lord+Byron+II]

So what's the attack scenario? I'm at work and a malicious co-worker can use this against me, how?

Re:what?

[skids]

People who use the stock firmware on APs and other embedded devices will be using cryptography that is actually easily breakable, because these devices usually do not offer the option of regenerating a private key specific to the device (and even when they do, hasty consumers won't regen a key anyway.)

Re:what?

none of my (consumer) routers or access points use https anyway... all the administration interface is done unencrypted.

Re:what?

[bunratty]

They can get your password as you send it to the router, even though the password is encrypted.

Re:what?

[skids]

You are at work and you decide to login to your home router's web server to look at statistics or make a change or whatnot.

A coworker sniffing your https traffic can decode it because he has the key. He can then see your administrative password and login to your router.

Re:what?

[Rijnzael]

1) Router administrator negotiates an HTTPS or SSH session with a router or other hardware
2) Attacker is either listening passively or is a man in the middle (via ARP poisoning or what have you). Because they have the private key, they can advertise themselves as being the router without raising the alarm with your SSH client or browser
3) You provide credentials to the router (or MITM). The credentials are logged by the attacker
4) You proceed to do whatever you intended to do in the router's configuration, and log out.
5) Some time later, the attacker logs into the router as you, and makes nefarious changes to the router configuration (such as uploading compromised firmware which logs traffic, or has a backdoor, etc). Any changes done look like they've been done by the router administrator.

I don't know how likely this is in a work scenario though; I haven't searched the database for common mid-level to enterprise routers/remotely configurable switches. More than likely, in a work situation, you'd be using hardware which generates a key pair upon initial configuration. The scenario above is more likely to apply to SOHO, or to consumer wireless hardware in the home.

Re:what?

[cgenman]

More than likely, in a work situation, you'd be using hardware which generates a key pair upon initial configuration. The scenario above is more likely to apply to SOHO, or to consumer wireless hardware in the home

I'm vaguely shocked that any home routers would be using hardcoded private keys. That would be like every Schlage front door knob having identical keys. It's not just a mistake, it's extremely negligent security 101.

Re:what?

[Thinboy00]

The companies that make these things are interested in interoperability, price, and security theater. Note that real security isn't on that list.

Re:what?

Blame browsers.

Every browser insisting that a self-signed certificate is less secure than non-encrypted http would probably play a big role in why router manufacturers have chosen hard-coded keys rather than auto-generated ones.

Re:what?

[0123456]

Every browser insisting that a self-signed certificate is less secure than non-encrypted http would probably play a big role in why router manufacturers have chosen hard-coded keys rather than auto-generated ones.

Yeah, because we should allow our browsers to accept a self-signed key for www.mybank.com in order to make life easier for router manufacturers.

Totally.

Re:what?

I don't think anything but a Man-In-The-Middle Attack would work. The keys in the database are only used for authentication, not for encryption of the remaining traffic. After the authentication, new keys are negotiated, e.g. via Diffie-Hellman.

Re:what?

[Rijnzael]

If you can get the symmetric key negotiated between the two hosts, what's stopping you from using it to decrypt subsequent traffic?

Re:what?

So it seems like this vulnerability is of no concern to me if I'm not trying to configure my router from outside my network. If I'm sitting in my home using my network, and I access my router's config web page, that traffic never passes through the router to the public internet. Correct? It seems like the solution is to not manage your router from any location except locally. That's a minor inconvenience, but not surprising for a sub-$100 piece of hardware.

Re:what?

[DarkOx]

Self signed certificates are ALWAYS more secure if you can trust the issuer. For instance if I went to my local bank branch and the manager there handed me a key in person and told me to go home and install it to validate their online site, that would be better than the Verisign cert they use now.

It only requires I trust the bank and not a third party CA as well, which I know from experience buying them that they don't always do the due diligence correctly.

The practical way to do this for the home routers is this:

Let the use wire it up and connect to it the first time, the WAN port is shutdown at this point.

When the first connection is made the router uses a hard coded CA signed certificate.

The router generates a new certificate and self signs that certificate.

The user is instructed to download the public part, and import it into their browser, operating system key store, or whatever on the devices they want to use. If they will be connecting from remote sites encorage them to put a copy on a USB stick. For Windows users this is A ONE CLICK OPERATION so not a big deal.

The use returns to the router config URI and continues setup.

Re:what?

[Amouth]

rather than a router i could see this being used to compromise VPN concentrators and things of that manner - as then not only can you give your self access to other resources but at the same time you can skim more credentials than just the admin for that device - which would then allow you to get just about anywhere you want.

Re:what?

[SydShamino]

That would be like every Schlage front door knob having identical keys.

They (mostly) all do - it's the Bump key.

Re:what?

You can not get the key that is used for traffic, because that key is not related to the certificate's private key. D-H key exchange "allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel". Having the private key of the certificate does not per se affect the security of the later communication, except if a MITM-Attacker performs the key exchange on your behalf.

Re:what?

[mlts]

+1

Any device made by a sane security designer would either generate a key pair where a cert would be sent to the device maker to be certified, or have a unique private key installed at the factory where it can be signed with a CA before it ships (although this gives the issue of trusting pre-generated keys even though they are individual and different per device.)

With how brutal attacks through the Internet are, this is bordering on criminal negligence on a massive scale.

Of course, it looks like the only way to get around this (assuming the Web server on the WAN side can be disabled) is to have ssh available, ssh in to a hardened machine on the inside (that has a unique, known key), then view the config page with a browser. Even VPN connections couldn't be trusted.

Re:what?

[mlts]

Ideally, browsers should have three SSL security levels:

Self-signed SSL cert. For the average user, it shouldn't bring up a lock icon, but something different saying the site is using some basic, untrusted cryptography to communicate.

CA certs. Usual lock icon. Perhaps a green lock icon for the EV certs. I'd like to see a "temperature gauge" with CA certs, because I trust Verisign, Thawte, RSA, and Symantec far more than I do some CA in Elbonia who happens to have their root cert marked as trusted in the browser.

Certs that are explicitly trusted, where the key ID, fingerprint, and other information is marked as secure in the browser. The SSH protocol does this; shouldn't browsers do this especially if you know what key you are communicating with? This way, no jacked CA could say a bogus key is real. You either communicate to the right key, or it gets rejected.

As a stopgap measure, Web browsers should have the option to notify you if a cert changed, and show it. The Certificate Patrol add-on in Firefox does this, but this should be built into the browser.

Re:what?

[SilverJets]

Even better than this. I'm at home. There is a single ethernet cable directly between my computer and my router.

This affects me how? It doesn't.

Re:what?

He can still do something similar, he can dictate/print out the private key fingerprint for you.

Re:what?

[0123456]

Ideally, browsers should have three SSL security levels:

Self-signed SSL cert. For the average user, it shouldn't bring up a lock icon, but something different saying the site is using some basic, untrusted cryptography to communicate.

'Average users' are precisely the kind of people who have to be beaten over the head with the fact that they're connecting to a site with a self-signed certificate. Average users typically don't check for a lock icon in the first place, so they're sure as hell not going to check for a self-signed certificate icon.

The real problem is that the entire CA model is fundamentally broken, not that browsers give warnings for certificates that might be OK or might be an Elbonian hacker trying to steal your bank account.

Re:what?

[0123456]

Self signed certificates are ALWAYS more secure if you can trust the issuer.

How do you trust the issuer when you don't have any way to know who the issuer is?

For instance if I went to my local bank branch and the manager there handed me a key in person and told me to go home and install it to validate their online site, that would be better than the Verisign cert they use now.

Dude, that key was created by an Elbonian hacker who's now going to steal your bank account thanks to his friend at the bank handing it out to customers who are dumb enough to trust a random self-signed certificate that's handed to them.

Re:what?

[AliasMarlowe]

You are at work and you decide to login to your home router's web server to look at statistics or make a change or whatnot.

Administering a home router from outside the firewall was already known to be foolhardy. How many people allow remote administration of their router? If a home server is also hosted on the router, or is protected from remote administration only by the router, then it is also placed at risk by allowing remote administration of the router.
Our router only accepts administration from behind its firewall. Our web server only accepts administration from a subset of IP addresses behind the firewall (and not including the router). Hell, even the printer is set up that way.

Re:what?

[mlts]

If we went to a CA model with the supervising CA demand rigorous security specifications and insta-revoke of CA keys if they go out of bounds, CAs would be useful.

Another good model would be going to a WOT system. I trust Verisign a lot more than I do an Elbonian CA. So, having a system where I mark that in my key database and that ends up on key servers will mitigate what a rogue CA can do even if their root cert is in browsers. However, exactly as you said, average users need to learn basic cryptography.

Joe Sixpack doesn't care how high a chance of a key being authentic is; he just wants to see a lock icon on the Duff Beer site when he is buying a sign for his mancave. He just wants stuff to "work", even if it results in disastrously broken things like communal keys, or CAs that are untrustworthy in the Web browser.

Re:what?

[vikisonline]

Not much. I mean think of it. If you have a reasonably secure (WPA/WPA2) secured wireless network at home, how are they supposed to sniff your https traffic to begin with? And if we are talking about small businesses and such most administration is done over a wired network most likely anyway. And higher end (cisco) / customisable (wrt series) hardware lets you change the ssl key anyway, which was advisable to begin with.

Re:what?

Yeah... they can get a database of private keys and then sniff the traffic and decode it to get his login details. Or... they could wait until he's in the bog and get the details... 'cos his password is written on a postit note in top drawer of his desk.

Re:what?

[Belial6]

If you cannot trust the key that the bank physically hands you, the bank has already been comprimised, and there is NO security that you can take to prevent abuse of the bank's system. The OP didn't say that it would provide absolute security from every possible way your accound could be hacked. Nothing ever will. It DOES remove a significant vector of attack.

Re:what?

[icebraining]

Bullshit. Router manufacturers could generate a CA cert, get it signed by a Trust Authority and then generate random certs for each device and sign them with their cert, which would be trusted because the trust works in a chain.

Hell, I did something like this not long ago, so this was just laziness and/or ignorance, not the fault of the browsers.

Re:what?

[nabsltd]

The scenario above is more likely to apply to SOHO, or to consumer wireless hardware in the home.

I must be buying the "good" devices, then, as every "SOHO" device I own that supports SSL allows you to upload a new key pair.

Seriously, we're talking about less than 4KB of flash memory to store the key pair...what recently-built device can't spare that much space?

Re:what?

[Unequivocal]

Yeah really. The only moderately plausible attack vector that I can see is this:

1) I run an unencrypted wi-fi network at home
2) I connect to my router to administer it via https thinking that is secure
3) Anon listens to the wi-fi network and can unwind the https session giving them access to the router.
4) Profit? I guess they can mod the settings and do something nasty - maybe redirect DNS to give them power over what I think are root key certs etc.

Re:what?

[skids]

We're talking consumer-grade equipment here. These are the people who don't think twice about using their birthdate as a password. Neither would they think twice about logging into their router from outside, say to access the file store that modern APs allow to be attached by USB, for example.

Re:what?

[SpaceLifeForm]

Even then, it is not likely. Most people that have a clue never admin a router remotely. They don't even have a hole punched to allow it in the first place.

Re:what?

[Have+Brain+Will+Rent]

My thought on this is "How is this ever going to work?" I mean I have to reconfigure my home routers about once a year. That means that, along with all the other obstacles like wired access only for administration, an attacker is going to have to monitor my router 24/7/365 in the hope of compromising it sometime during the next year... doesn't seem likely.

Re:what?

[GameboyRMH]

I always said that untrusted certs should be treated the same as unencrypted traffic - there should be no indication of enhanced security, but no warning either. A self-signed cert can be as unsecure as plaintext or more secure than a CA cert, depending on how it's used.

Re:what?

Since I work at a technology company I don't ever login to my personal stuff from the office. The IT security staff are always bored and like to piss around with Group Policies or sniff traffic to feel like 31337 hackers. You never know what kind of other bullshit they've installed on your workstation to spy on you either, because they have a massive superiority complex and a lot of fucking time.

Re:what?

[GameboyRMH]

I allow access to my DD-WRT router via a non-standard port, using a key pair with a passphrase. That way I can shut down my home server remotely, then wake it from the router.

Cool trick: SSHing with key pairs isn't worth it because you have to set up the key on every machine you SSH from (which especially sucks when using other people's machines) right? Wrong! Make a file with the name ssh_to_my_host for example and give it the contents:
^^^^^^^^
#! /bin/sh

ssh username@whatever -i ssh_to_my_host
exit

-----BEGIN RSA PRIVATE KEY----
(rest of keyfile contents go here)
^^^^^^^^
Put it on a flash drive (you can execute files on FAT32 partitions by default in most distros), and all you have to do is cd to the drive and run it. Easy access using key pairs, and you only need to carry around one file B-)

Re:what?

[profplump]

Currently your browser will happily let you send your password with no certificate. I don't see how an unauthenticated certificate could possibly be *worse* than that scenario. At least with a certificate only one attacker could see your credentials, and they'd have to be actively participating in the attack. You'd at least be protected from the passive attackers that could otherwise read your data.

Plus "self-signed" is not the same as "unauthenticated". All CA keys are necessarily self-signed, including the dozens you have installed in your browser right now. Your bank could simply provide you their certificate out-of-band and you'd have better authentication than would ever be possible with the traditional trusted-third-party approach.

Re:what?

You forgot what has to occur between steps 1 & 2: Attacker has to get on the network. If you're using Wired-only, that means they have to physically get on your network. If you're using Wireless with proper WPA2/AES, they have to crack the WPA2 key first to get on the network, and then they could capture your SSL login.

How often do you log in to your networking gear? If you have untrusted people on your network, you've already got problems.

Re:what?

[Lord+Byron+II]

But if my password is SSL-encrypted between me and the bank, for instance, then what's the risk?

I get the feeling that this only applies to some particular version of enterprise-grade wi-fi, like the Thawte keys that I have to use on the corporate net.

Re:what?

[shentino]

Only root CA certs are self signed. Non root CA certs are signed by their superiors in the food chain.

Re:what?

[johny42]

So what's the attack scenario? I'm at work and a malicious co-worker can use this against me, how?

If you access your home router administration interface from work, the attacker will be able to sniff the communication (including the password), even if you access the administration interface via SSL.

The attacker will not be able to sniff the communication between you and your bank (or any other SSL website) -- the SSL private key stored in your router (and now published) does not play any part in this.

Posted on Google Code

[Toe,+The]

Here's Google's wikileaks-like test. The database is posted on Google Code. Will they remove it?

Re:Posted on Google Code

[Amorymeltzer]

Before leaving China, Google censored search results. Hell, Google's altered their algorithm within days of a NYT article about how a sham business survived because of all the bad press he got. They've blocked certain searches, such as those used to find site vulnerabilities.

I'm a big Google fan, but I don't think we need any more tests to see that Google will play ball against certain baddies.

It's open

Who left the backdoor open?

Re:It's open

[Opportunist]

The ... nice person who thought it's smart to hardcode private keys.

Great Work!

Great work! Keep it up!

Information shouldn't be kept private, which is why I support projects like this and Wikileaks!

Re:Great Work!

[bunratty]

So you'll have no problem posting all your passwords, social security number, bank account numbers, and so on publicly, then. Right?

Re:Great Work!

[gstoddart]

So you'll have no problem posting all your passwords, social security number, bank account numbers, and so on publicly, then. Right?

No, like most people who say that ... he only supports someone else's information being made public.

Re:Great Work!

[Neil_Brown]

Information shouldn't be kept private

...says the person choosing to post anonymously, thereby keeping information private?

Re:Great Work!

nothing is "being made public" it already *IS* public

if you find my bank details programmed into the firmware of a router then by all means put it online. I would deserve it...

Re:Great Work!

[Thinboy00]

The AC is a straw man. Real "info wants to be free" people only want the info of companies, organizations, governments, etc. to be free. Julian Assange himself watches his own privacy very carefully.

Re:Great Work!

[migla]

So you'll have no problem posting all your passwords, social security number, bank account numbers, and so on publicly, then. Right?

No, like most people who say that ... he only supports someone else's information being made public.

There's a difference between exposing information about the misuse of power by a powerful individual or organization and information that only exposes a little person for abuse.

If absolutely all information wants to be free in some sci-fi quantum future, we'd better see to it that we go there with the big baddies transparent before they have all the dirt on all of us little regular people.

We do this by exposing the big bad lies while fighting to keep our little secrets.

Re:Great Work!

[cyber-vandal]

Netgear, Belkin and the rest might deserve it but I don't. This is really lazy on the part of router manufacturers and I'm looking for a new one right now. Hopefully I can find one where the manufacturer doesn't suffer from a common sense failure.

Re:Great Work!

[Per+Wigren]

So you'll have no problem posting all your passwords, social security number, bank account numbers, and so on publicly, then. Right?

Not the same. This is more like calling the emperor naked. The bad guys already know that "security" is often just a theatre. This is just a blunt way to raise awareness of that fact and force vendors to start taking security more seriously.

Re:Great Work!

[pentadecagon]

I beg to differ. Private information should of course remain private, nobody argues against that. But here we talk about public Information, "public" in the sense that it is freely available anyway, just slightly harder to come by. This database isn't an original publication, it merely collects the published keys in order to make them easily accessible.

Re:Great Work!

[GooberToo]

Recently watched a documentary about Wikileaks and Julian Assange. My favorite Julian Assange quote is now, "Why do it? Killing people is fun." While he said it talking about the only possible motive for military people (soldiers on the ground), the fact is, he honestly believes, "killing people is fun." That's a seriously sick person. The fact is, those in the mental health community will tell you Julian's assessment has absolutely no basis is fact or reality; which further stresses he is projecting his own mentality that, "kill is fun." I also enjoyed the part where he hypocritically states that governments are wrong for doing exactly what he's doing, but its okay because he's not them (paraphrasing) and that furthermore, the means justify the end - so long as its him and not soldiers or the military. Again, a seriously hypocritical, deranged person.

Not hard to see why Wikileaks has discarded him and why some are so willing to get distance between themselves and the fucked up person known as Julian Assange. Some are even starting whole new leak organizations so as to completely cut ties between themselves and the deranged and mentally imbalanced Julian Assange.

Julian Assange is likely the best propagandist machine known to the world since the rise of the third reich. No joke. One of the videos which really catapulted him/them into fame is completely out of context and provided by absolutely no back story to properly stage it. In doing so, they provided propaganda (less than half of the actual story) and no meaningful information or facts. Basically this is what is called lies by omission. You can argue it was the media's job to properly collect facts and back story, but it doesn't help that he purposely paints and factually false picture to the world. This is what is called propaganda. So where are the leaks about wikileaks lying at worst and misleading at best?

Meanwhile, some of the lessor known videos (also viewable in the documentary above) should have taken center stage. Contrary to the propaganda and massive ignorance associated with one of the well known videos (reporter/helicopter gunships), some of the others actually do depict war crimes and violations of the Geneva Convention. And yet what got people upset was war ignorantly framed for purely propaganda's sake.

Wikileaks has no credibility at this point for anyone who believes otherwise is ignorantly working as a tool for propaganda and Assange's agenda. Basically, anyone who still believes Assange has credibility is a tool.

I very much hope replacements for Wikileaks become visible very soon and that they are capable of doing what Assange managed to completely destroy and discredit in a matter of months.

Re:Great Work!

[Opyros]

I kinda suspect the grandparent was being sarcastic.

Re:Great Work!

So you'll have no problem posting all your passwords, social security number, bank account numbers, and so on publicly, then. Right?

No, like most people who say that ... he only supports someone else's information being made public.

Actually, it was sarcasm.

Re:Great Work!

Or too lazy to log on...this post, right here, is just such a post...not worthy of logging in.

Re:Great Work!

Darn, Neil Brown, I was going to say that and you beat me to it.

Re:Great Work!

[Opportunist]

"Information wants to be free". There's hardly a creed more often misinterpreted. Maybe aside of those associated with other religions.

The "information" that is meant here is not personal, privat information but information in the sense of "knowledge". Sharing knowledge can only lead to more knowledge, never less. If I know something you know, and you know something I know, we both know more than we knew before.

Re:Great Work!

I post anonymously because I'm too lazy to login and /.'s code and UI is such that I prefer to interact with it as little as necessary to leave comments.

~ethana2

Re:Great Work!

[Opportunist]

"A documentary about $controversial_topic". It's about as unbiased and fair as any documentary about abortion or creationism. Once you have people who have an agenda besides "documenting", don't bother watching it.

Re:Great Work!

[John+Hasler]

Hopefully I can find one where the manufacturer doesn't suffer from a common sense failure.

It's trivial to configure an old pc or laptop as a home router. There are also "consumer" routers which can be converted to Open Source.

Re:Great Work!

[John+Hasler]

> If absolutely all information wants to be free...

Of course all information wants to be free. Just look how hard it struggles to get away and how expensive and difficult it is to keep it imprisoned.

Re:Great Work!

[cdrguru]

I guess you have a choice. You can post supposedly private information ala Todd Davis and get some points for bravery. Or you can wait and see if someone does it for you showing clearly that you are an idiot for trusting your bank, wife, co-worker or whomever leaked the information.

Simple answer today: trust no one. Someone you trust will publish your secrets.

Re:Great Work!

[cyber-vandal]

It's not my house or my router. The person who bought this router knows very little about the alleged triviality of configuring an old PC to be a router. I'm going to buy her another one but I shouldn't have to. I should be able to trust the router manufacturer. If my bank had such weak security and I had to find out about it on Slashdot would it be my fault or would it be the fault of the bank?

Re:Great Work!

[alexo]

So you'll have no problem posting all your passwords, social security number, bank account numbers, and so on publicly, then. Right?

Either a strawman or just plain misunderstanding of the issues involved. Hanlon's razor suggests preferring the second option, so I will explain:

Information important to the public shouldn't be kept private.

The AC's passwords, accounts, etc. have no affect on the public and therefore should not be public information. The fact that your router's private key is cracked is a completely different matter.

Let me give you an example.

1. Suppose Bill likes to masturbate to Lady Gaga songs.
This is private information and should stay this way.

2. Suppose Bill is also the town's deputy sheriff.
As long as it does not affect Bill's performance of his public duties, the information should still stay private.

3. Suppose Bill, to satisfy his urges, routinely confiscates Lady Gaga CDs from confused teenagers under some pretext.
Now the information directly affects the public and should not be kept private. However, Bill's poor choice of fetish is only coincidental to the real issue -- his abuse of powers granted to him by society.

Another example:

1. You received a $5000 cheque from your aunt Millie -- private information.
2. Barak Obama received a $5000 cheque from your aunt Millie, who happens to be a RIAA executive -- information that needs to be made public.

Capiche now?

Re:Great Work!

WOOOOOOOSSSHHHHHH!

Re:Great Work!

Or I was being sarcastic and you're a fucktard who doesn't even get something that obvious! Too late now, Slashdot recorded your dumb comment and it will never ever go away :-)

Re:Great Work!

[John+Hasler]

I should be able to trust the router manufacturer.

You "should" be able to trust any random person you meet on the street, too. But you can't, because people are human.

If my bank had such weak security and I had to find out about it on Slashdot would it be my fault or would it be the fault of the bank?

It would be your fault once you knew about it for not taking your business elsewhere.

Re:Great Work!

[Threni]

He's explaining why the soldiers do it - for fun. What's your answer? If it's not for fun, then why do it?

In the rest of your rambling post you talk a lot of shit. You can't say than an organisation lacks credibility because of criticisms of one of its leaders. It's releasing information which a lot of people find interesting. Clearly it's made him a target for smears, and you, like a lot of other 'useful idiots' walk right into it. But this say a lot about you, and not very much about Assange, who's not actually been convicted of any crime yet, and the one for which he's being pursued by the Swedes is a bit of a non-crime in my opinion.

Re:Great Work!

[spitzak]

Complete misunderstanding of what "information wants to be free" means.

Think of "water wants to move downhill". This does not mean "dams are bad". What it means is "if you don't want water to move downhill, you will have to more work (such as build a dam) than if you just let the water flow downhill".

Now think carefully, apply to "information wants to be free", and (I can only hope), get a clue.

Re:Great Work!

[GooberToo]

He's explaining why the soldiers do it - for fun. What's your answer? If it's not for fun, then why do t?

No!

He's explaining, why in *his opinion* soldiers do it - for fun. Meaning, in his opinion, its fun to kill people. As far as the rest of the world's opinion goes, its not fun. Period. They have such bravado so as to protect their mind from long term damage.

The soldiers have a choice of coming to terms with themselves as being murderers. Soldiers who do this go insane. Most soldiers don't want to consider killing others during wartime as murder. As such, they much find a new mindset. Without failure, this mindset creates the bravado you see in the video. Go look at other videos and you'll find the same bravado time and time again.

Those who ignorantly look at the video as incrimination. Those who are knowledgable see it as the bravado of people who come from a culture where life is valued and yet are asked to kill others on a daily basis. Again, its all about framing and knowledge. Those who are outraged are generally ignorant and therefore, unqualified to have an opinion one way or the other. And yet, those who are generally the most ignorant and least qualified to have an opinion are the most vocal and most outraged.

Your response is a classic example. You don't know. You were and are ignorant. Anyone who attempts to clarify your ignorance, must be attacked.

The facts of the matter are, the facts and knowledge from those who actually understand what they are seeing, look down on the masses. Which is EXACTLY why the military didn't want these videos released. Its also why in war movies they temper these events because otherwise the audience wouldn't understand what is it they are seeing. Just time and time again, in real video, you see exactly this. And time and time again, its excused in the real world because chances are, you damning yourself should you be in the same seat. You're damning what it is to be human.

Re:Great Work!

Information shouldn't be kept private

...says the person choosing to post anonymously, thereby keeping information private?

HA! Not so private anymore, I just hacked his account!

Re:Great Work!

[xlotlu]

So you'll have no problem posting all your passwords, social security number, bank account numbers, and so on publicly, then. Right?

No, like most people who say that ... he only supports someone else's information being made public.

Anthropomorphising governments and corporations, are we?

Re:Great Work!

[taucross]

Security is not for your protection, it is for the (bank's, government's, employer's) protection. They can't profit from a mutually co-operative society, only a divided and individualistic one.

Every cell in your body shares its entire sustenance with its neighbours. When a cell doesn't, it is called cancer. Hence the slow and painful death of our society.

Re:Great Work!

[totally+bogus+dude]

He's explaining, why in *his opinion* soldiers do it - for fun. Meaning, in his opinion, its fun to kill people.

I think there's a step missing in your logic.

If someone asks me why $RANDOM_SPORTS_STAR dedicates so much time and energy to playing some particular sport, and I say that in my opinion I think they do it because it's fun, does that mean I think playing that sport is fun? If so, how do you explain the fact that I don't play that sport? Why would I willingly deny myself fun? Maybe, just maybe, I'm actually trying to put myself in the shoes of someone else who thinks differently to me, and enjoys things that I don't enjoy. It's entirely possible I think someone plays sports because it's fun, even though I personally don't find it to be fun. In the same way, I tend to assume people listen to operas because they enjoy them. Personally, I find them unpleasant to listen to, but that doesn't mean I'm incapable of understanding that other people do in fact actually like them.

The rest of your post is kind of hard to follow, but I think the general gist is that people see videos of soldiers acting like soldiers, and infer that they actually enjoy killing other people. You say it's very common for people to have that naive view because they don't really understand what the soldiers are going through and what they have to do in order to cope, and that the people who better understand the realities take steps to avoid "the masses" from seeing such things because they know it'll be misinterpreted.

Yet you seem to have dismissed the possibility that Julian has a similarly naive view and thinks that soldiers do it simply because they think killing people is fun, and instead decide to infer that his statement that he thinks soldiers do it because they think killing is fun actually means he himself thinks killing is fun. But if that's the case, why didn't he enlist, or at least become a serial killer?

Re:Great Work!

[DMUTPeregrine]

Aaah, but in a world with a largely open internet with file sharing, like our world, then information will tend to become more free with time. People tend to download things that are available for download, and attempts to suppress the sources tends to lead to the creation of new sources for the same info. Basically the Streisand effect applies to all information, though with varying degrees of effectiveness. Information tends towards maximal distribution, or "wants to be free".

Re:Great Work!

[Jesus_666]

Do you work for Setec Astronomy?

Re:Great Work!

[Jesus_666]

But what if it's not the information trying to escape but organized crime running information abduction and slavery rings? Your information might end up on some run-down sleazy website halfway across the globe having to sell itself to strangers.

"Talkie talkie, ten dollars? Me know you long time."


Won't somebody think of the information?

Re:Great Work!

Not missing anything.

His opinion is that its fun to kill people because its like playing a video game. Video games are fun. Therefore, killing people is fun. Are you arguing he doesn't like video games too, despite his assertion that most people do.

Furthermore, the science of the brain is extremely well documented that he has absolutely no idea what he's talking about. Which means, his comment is completely basis and has absolutely no grounding in fact or science. On the other hand, the only thing was can assuredly walk away with is, he honestly believes, according to his own mouth, "killing people is fun."

DD-WRT?

[Cheerio+Boy]

So how does this affect things like dd-wrt, open-wrt, and tomato where custom firmware is in place?

Re:DD-WRT?

My DD-WRT router generates a new cert every reboot. Not sure if it generates a new private key too though, would have to check.

Re:DD-WRT?

[awinnenb]

Beat me to it. I was wondering the same thing.

Re:DD-WRT?

[Rijnzael]

I recently just reinstalled DD-WRT on my router for various irrelevant reasons. However, I had set it up with remote SSH access on a non-standard port so I could tunnel through it to my home web server to retrieve documents and such. I just did this over the weekend, and today (my first day back at work since) I ssh'd into it, and was presented with a prompt by PuTTY to accept the key fingerprint. So, it appears, a unique key is generated at least between firmware installs.

Re:DD-WRT?

[Rijnzael]

I'm pretty sure DD-WRT doesn't generate a new certificate every reboot, and if it did, generating a new private key would be a required part of that (the private/public keypair are generated in tandem as a necessary step of RSA).

Re:DD-WRT?

[(startx)]

that's the SSH key. The article is talking about the SSL key used by the embedded web server, ie. when you go to https://192.168.1.1/ . TFA also specifically says this DOES affect DD-WRT.

Re:DD-WRT?

[Cheerio+Boy]

that's the SSH key. The article is talking about the SSL key used by the embedded web server, ie. when you go to https://192.168.1.1/ . TFA also specifically says this DOES affect DD-WRT.

From TFA: "Although at the moment the vast majority of the keys belong to various DD-WRT firmware, there are keys from Cisco, Linksys, D-Link and Netgear as well."

Damn. I missed it. Thanks for pointing that out!

Re:DD-WRT?

[blueg3]

DD-WRT, at least, installs with no SSL certificate in place and auto-generates one the first time it starts up.

This is really the correct solution, and a number of home routers actually do it.

Of course, there's a tradeoff. If you use a fixed certificate, you can have it legitimately signed. Then, if someone does a man-in-the-middle attack, you get the browser warning that they're using a self-signed certificate. Unless, of course, they're using the real fixed certificate. If, on the other hand, you use an autogenerated certificate, then the self-signed cert browser warning always appears (as you can only autogenerate self-signed certificates). The user learns that clicking through this warning is a necessary part of changing their router configuration. Then, any man-in-the-middle attack works, since anyone can make a self-signed certificate. (Yes, if they or the browser store the original cert and compare it to the new one, then this is no longer an issue.)

Realistically, I think this is a non-issue. If you're using home routers, they should only be configurable from the wired LAN, and only trusted people should be on that network.

Re:DD-WRT?

[awinnenb]

From the actual annoucement: (what I get for not reading TFA) http://www.devttys0.com/2010/12/breaking-ssl-on-embedded-devices/

Yeah, dd-wrt is affected.

Re:DD-WRT?

[Cheerio+Boy]

Unfortunately I can't a way to restrict web management to the wired interfaces on my beat up little DD-WRT'd Fonera. Unless of course my eyeballs are failed today that is.

And anyways that means I'd have to have a wire strung around just to do the management of my wifi. I can do that of course but it's damn inconvenient if I put the router in say the attic or something.

Re:DD-WRT?

[EdIII]

The self-signed certificate applies to a lot of routers for small business and enterprise. It does not make sense to spend that much money just to get a cert from an authority.

I know that, for at least myself, the answer is VPN. So I am always configuring the routers from the LAN regardless of where I am. As a backup we allow a small number of trusted hosts to manage devices from the WAN. So from the datacenter we can always hit various branch offices and clients without a problem.

Re:DD-WRT?

Damn. I missed it. Thanks for pointing that out!

and he wasn't a dick about it either! What's this world coming to?

Re:DD-WRT?

[Belial6]

It should be at Administration-->Remote Access-->Web GUI Management

As for stringing cables. If the router is not in a place that you can just walk up to it, having a cable 'strung around' is irrelevant. There are wires strung around your whole house behind the walls, under the floors, and in the attic. If it is where you can walk right up to it, don't leave the cable strung around. Plug it in as needed.

That being said, security on your router isn't any different than any other security you might have. You decide how badly you need to protect the asset, and what level of security is worth it. No doubt you have locks on your doors. Locks on your doors is really quite a pain. I, likely you, and most other people feel it is worth the extra effort tough. Some feel the extra cost/effort of having bars on their windows. Most people don't. Certainly, it is easier for a criminal to use the universal key for sliding glass doors (a rock) than it is to get through bars. Of course, even bars won't stop someone from taking a reciprocal saw to your walls to get in. Each person has to decide how much risk they are willing to take in exchange for convenience.

If the router must be in the attic and you still want security at the lest effort/visibility, I would suggest finding a closet, and putting a network connection with a faceplate in the back corner ceiling. Then from the attic, run the cable to the router. This way, if you need to make a change, you can just plug into the network socket in the back of the closet when you need to make changes. The installation will be as trivial as installing the router itself, it won't look any worse than your electrical outlets. No cables will be 'strung around'.

Re:DD-WRT?

[blueg3]

If your network is wireless-only, clearly this won't work, and I think it's a fair request to want a wireless-only network.

Re:DD-WRT?

Who enables router management over wireless? I always use an ssh tunnel through a machine that is wired to the router instead.

Re:DD-WRT?

[blueg3]

At the business and enterprise level, it's reasonable to demand more rigor, is all. For example, if you can install your own cert, then you can have your own non-authoritative CA, sign your router certs with that, and install the non-authoritative CA's cert on the machines that need to configure the router. Or, make sure your machines that are allowed to configure the router are using a system where the SSL cert is stored and checked in the future so that you can detect MitM.

Of course, there's always the wonderful enterprise routers where you configure over a serial interface...

Re:DD-WRT?

[Unequivocal]

Thanks for this post. Could you explain why TFA says that DD-WRT routers are affected by this? If they behave as you describe (which is how I thought they behaved) why does the article indicate they are vulnerable to the static ssl key problem? Thanks for any info.

Re:DD-WRT?

that's the SSH key. The article is talking about the SSL key used by the embedded web server, ie. when you go to https://192.168.1.1/ . TFA also specifically says this DOES affect DD-WRT.

Holy shit! How did you know the address of my router???

Re:DD-WRT?

[yuhong]

(Yes, if they or the browser store the original cert and compare it to the new one, then this is no longer an issue.)

And Firefox does exactly this when you add an exception.

Re:DD-WRT?

[EdIII]

Of course, there's always the wonderful enterprise routers where you configure over a serial interface...

I know you are being a little bit sarcastic here... but that is exactly why the standard equipment I carry includes a serial-to-usb converter :)

Re:DD-WRT?

[blueg3]

Only a little bit. Configuration over a serial line rarely breaks, has no chicken-and-egg problem, and is about as secure as it gets.

Good...

[bhsx]

Until Linksys, D-Link, Netgear, et al get their collective heads out their arses, these types of tools are great for pen testing small business networks. Personally, I can't wait for the Android app; maybe I could hack one together and get it out there...

VENONA

[schmidt349]

Encryption is only as strong as the idiots who implement it. The Soviets learned that the hard way during the early part of the Cold War, when they accidentally reused random one-time pad encryptors. That led to the NSA's VENONA project, and we decrypted a pretty good amount of Soviet diplomatic and spy traffic before they were tipped off.

Re:VENONA

The soviet problem was less cryptographic ignorance, than inability to courier new one-time-pad material during wartime, that that led to the key re-use.
A two-time-pad is not much protection; xor two ciphertexts and the result is the xor of the underlying plaintexts. If those were natural language, they have enough redundancy you can break most of it - and the US did.

Nothing will change

[craftycoder]

Sadly, I'm sure that very few if any hardware vendor will change their behavior after this breach of security. Caveat emptor.

Re:Nothing will change

[Ephemeriis]

Sadly, I'm sure that very few if any hardware vendor will change their behavior after this breach of security. Caveat emptor.

Probably not.

Your average home use is never going to see this information. And if they do get bitten by it, they'll never know why or how.

The folks who are seeing this information are unlikely to be using these devices with stock firmware. And even if they are, they've probably taken measures to secure their network in other ways.

Re:Nothing will change

[craftycoder]

I use a Juniper SSG 5 at home and I have no idea at this moment if my network is exposed or not. I am aware that no one is likely to be interested in my network but it is still scary to think that SSL relies so heavily on one party for it's security. I should be able to offer a public key and encrypt from my side should I choose.

Re:Nothing will change

[Bengie]

I have to use stock firmware. DD-WRT and OpenWRT have spent over a a year working on my type of router and there's still a good chance to brick it or burn out the wireless.

Re:Nothing will change

[Unequivocal]

Buy a Linksys WRT54g v1-4 for $30 on Ebay. Flash it with DD-wrt and you're good to go. Is there a big feature of your router you're trying to keep (like N, gigabit lan or something)?

Old problem

[plsuh]

Apple ran into something similar a long time ago for Mac OS X Server. The servermgrd daemon uses a self-signed SSL cert by default to secure communications with remote management tools. About four or five versions back the certificate was identical across all installations because it was contained in the installer package. Someone had to go down and show them that you could read all of the traffic by using sslsniff and the private key from your own copy of the installer. They changed to an individual, automatically generated certificate shortly thereafter.

--Paul

Re:Old problem

iphone SSL for facetime ???

Re:Old problem

Impossible! Macs are completely secure, by design. Stop Lying!

Re:Old problem

[yuhong]

Reminds me of how the Classic Mac OS's use of Pascal strings made it resistant to many buffer overflow attacks caused by the use of C strings.

It's a nuanced case

[tepples]

So you'll have no problem posting all your passwords, social security number, bank account numbers, and so on publicly, then. Right?

This is one of the stock answers to the "information should be free" in copyright debates. The stock counter to that is that published credentials, such as passwords and the like, have little or no legitimate use other than to defraud people who do business with the rightful owner of the credentials. But this situation is far more nuanced than the typical use of this answer. Publishing an RSA private key almost sounds like publishing passwords, as an RSA key is a credential used to sign communication between a router and an end user administrator, but it's something that the router makers are distributing anyway as part of router firmware. The parallel with Wikileaks is that creating a repository of such keys is a way of pointing out the flaw in a cryptosystem where all devices have the same private key.

Re:It's a nuanced case

[Neil_Brown]

The stock counter to that is that published credentials, such as passwords and the like, have little or no legitimate use other than to defraud people who do business with the rightful owner of the credentials.

However, none of that information (passwords, social security number etc.) is likely to be within the scope of a copyright regime, and so, from a copyright point of view, is unlikely to be restricted. As such, someone publishing someone else's bank account number is unlikely to be infringing the copyright of either customer, or of the bank?

Re:It's a nuanced case

[bunratty]

The parallel to my post is that reminding the OP of the information he wants to be kept private points out the flaw in his argument that no information should be private.

OpenWRT not affected

AFAIK OpenWRT generates a SSL/TLS Certificate the first time the https daemon is started, so it should not be affected by this.

However, i don't use the HTTPS interface, only SSH, so maybe someone else can confirm this.

Misleading?

[spankers]

From the article: "...making it a simple matter for an attacker to decrypt the traffic passing through the device". I'd think it would only be *to* the device.

Also known as...

[digitaldc]

SSLKeyLeaks

The cost of CA-signing each key

[tepples]

I'm vaguely shocked that any home routers would be using hardcoded private keys. That would be like every Schlage front door knob having identical keys.

But I can guess why it probably happened. Before StartCom started offering a gratis SSL certificate to the owner of a domain, it cost a substantial chunk of change to get an HTTPS server's public key signed by a certificate authority on the major web browsers' root CA lists. So instead, home web appliance makers used one key, got it signed once, and shipped it in every device of a given model. In order to generate individual keys per device, an appliance maker would have had to A. include the price of a CA-signed SSL certificate in the wholesale price, B. include a CD that installs the appliance maker's root certificate (and hear whining from Mac/Linux users that the EXE doesn't run), or C. register as a CA with each of the major web browser makers.

Re:The cost of CA-signing each key

[ArsenneLupin]

Where is the misinformative label when you need it?

This has zit to do with certification authorities, because the certificate would not be recognized as valid by any browser, because the DNS name would not match. And no certification authority worth their salt would sign a certificate for 10.0.0.1 or similar nonsense.

So, the solution would be D. generate a unique private/public key pair for each device, and have the user manually accept the certificate as an "exception" on first usage. Which he has to do anyways, even if all routers use the same certificate.

Moderators, please don't mod articles about certificates if you don't understand how certificates work.

Re:The cost of CA-signing each key

[tepples]

the certificate would not be recognized as valid by any browser, because the DNS name would not match. And no certification authority worth their salt would sign a certificate for 10.0.0.1 or similar nonsense.

Which is why the built-in DNS server on e.g. NETGEAR routers points routerlogin.net to the appliance's private IP address.

Re:The cost of CA-signing each key

[ArsenneLupin]

Which is why the built-in DNS server on e.g. NETGEAR routers points routerlogin.net to the appliance's private IP address.

Smart...but it would have to be routerlogin.netgear.net or else no CA would sign this.

hmmm... but:

> dig routerlogin.netgear.net
; > DiG 9.7.1-P2-RedHat-9.7.1-2.P2.fc13 > routerlogin.netgear.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25491
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;routerlogin.netgear.net. IN A

;; ANSWER SECTION:
routerlogin.netgear.net. 3531 IN A 64.95.64.197

;; AUTHORITY SECTION:
netgear.net. 172731 IN NS ns.buydomains.com.
netgear.net. 172731 IN NS this-domain-for-sale.com.

;; ADDITIONAL SECTION:
ns.buydomains.com. 7131 IN A 64.95.64.93
this-domain-for-sale.com. 3531 IN A 206.83.79.30

;; Query time: 24 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Dec 20 16:58:01 2010
;; MSG SIZE rcvd: 155
And you are positively sure that the certificate of your router is really signed by a CA, and that you didn't have to "accept" it on first login?

Re:The cost of CA-signing each key

[AndrewNeo]

Except Netgear owns netgear.com, not netgear.net..

Re:The cost of CA-signing each key

A lot of router's use the domain routerlogin.net (it appears to be owned by netgear, so maybe its just netgear that uses them) That way, even if you change the ip address of the router, you can always access it via the same URI which really is user friendly. There is an argument that if you can't handle updating the ip address in the URI bar, should you be configuring a router, but they deserve credit for being user friendly. They should be able to get a certificate for that domain and re-use it on routers if they want so your assumption that the certificate has to be untrusted and thus need an exemption isn't quite true.

I still don't like the idea of re-using a key; they really should regenerate it on first boot and probably on reset. Then, if you're concerned about security you can directly connect to the device to configure it and make the exception the first time or possibly upload your own certificate to use that is from a CA you trust (quite possibly a local CA).

Re:The cost of CA-signing each key

[asdfghjklqwertyuiop]

That does nothing to solve the problem. Even if they somehow got a trusted CA to sign a separate routerlogin.net cert for every router they made an attacker could still use any one of them to spoof.

Wrongo

[hemo_jr]

"...simple matter for an attacker to decrypt the traffic passing through the device" Wrong. This will only give the attacker the ability to decrypt encrypted sessions to/with the device. Encrypted traffic going through the device to another nonidentical host will use a different private key.

Did your router generate it or did the MITM?

[tepples]

Anonymous Coward wrote:

My DD-WRT router generates a new cert every reboot.

If your router appliance firmware generates a new keypair and certificate every time you restart it, you'd have no easy way to tell whether you generated a given certificate or the man in the middle generated it. Even key continuity management fails in such a case. Who signs such certs? What am I missing?

Re:Did your router generate it or did the MITM?

[yuhong]

Agreed, every memory-clearing reboot would be more sensible.

Setec Astronomy

[Layer+3+Ninja]

No more secrets, Marty.

House guests

[tepples]

If you're using home routers, they should only be configurable from the wired LAN, and only trusted people should be on that network.

Then what's the polite way to tell house guests why you're not letting them check their Facebook?

Re:House guests

[TheRaven64]

Silently drop DNS requests to facebook.com and shrug and say it must be a problem at their end when they ask?

Re:House guests

[ArsenneLupin]

Then what's the polite way to tell house guests why you're not letting them check their Facebook?

Simple: don't log in to the management interface of your router while you have untrusted house guests. Indeed, a man in the middle can only spy upon a conversation that takes place.

Now, if your guests ask you to reconfigure your router because they need something special, just pretend you don't know how to do that, or that you forgot your password.

Or, alternatively, only take in trusted house guests.

Re:House guests

[Neil_Brown]

Then what's the polite way to tell house guests why you're not letting them check their Facebook?

This may make no sense whatsoever, but, could you have your wireless access point sitting between your modem and your network - i.e. so that someone accessing the Wi-Fi network does not have access to the internal network. If you want to access something on the network via Wi-Fi, you VPN back into it - everyone gets to access Facebook etc., but not content on your LAN.

If you need, restrict access to the admin interface of the WAP to only IP addreses in the range assigned to the VPN, or else from the IP address of a machine on the LAN, and then bounce through that machine?

Re:House guests

[tepples]

if your guests ask you to reconfigure your router because they need something special, just pretend you don't know how to do that, or that you forgot your password.

I could claim that online games that need incoming connections have to go through a vetting process. But with my disability, I don't know to what extent it'd be considered a dick move.

Or, alternatively, only take in trusted house guests.

That'd certainly be a dick move, especially if I am culturally expected to take in members of my extended family and friends of others living with me.

Re:House guests

[tepples]

could you have your wireless access point sitting between your modem and your network - i.e. so that someone accessing the Wi-Fi network does not have access to the internal network.

I could, but most home routers don't appear to support such a VPN setup out of the box, and most end users don't want to sit down for hours reading up on network security principles and the details of how to set up a VPN, especially when VPN is considered a "work thing", not a "home thing". The economies of scale in the home market currently favor devices whose design chooses convenience over security.

Re:House guests

[Neil_Brown]

most home routers don't appear to support such a VPN setup out of the box, and most end users don't want to sit down for hours reading up on network security principles

A fair point indeed - I guess I was just proposing a solution to the problem, based on my own considerations about wanting to enable guest/visitor Internet access, but not wanting everyone on the LAN, and that it was not necessarily a solution which would be feasible/desirable for everyone.

Another solution might be Apple's Airport Extreme, which I believe will broadcast a guest Wi-Fi network, which doesn't touch the LAN side.

Re:House guests

[blueg3]

Generally, house guests should be using the wireless network. The router should be configured so that the wired network, but not the wireless, is permitted to access the router configuration.

Re:House guests

[tepples]

Generally, house guests should be using the wireless network.

Then the excuse, based on my experience, would be as follows: "At home, I always used an Ethernet cable with my Xbox 360, so I never felt the need to buy the proprietary wireless adapter that costs as much as two used games."

Re:House guests

[blueg3]

I don't understand. Are you saying that you don't have a wireless network at all, or you're talking about house guests using the Internet through your Xbox 360?

Running your own limited-functionality devices on your wired network is acceptably safe, regardless of who's actually using the device, is permissibly safe.

Re:House guests

[blueg3]

Scratch the second "is permissibly safe". I need more coffee.

Re:House guests

[Have+Brain+Will+Rent]

My solution to that general problem is to have two routers - hey they are dirt cheap - there is the one I use and the one everyone else uses. My machines are all behind my router and nobody else has access to that.

Re:House guests

[tepples]

Are you saying that you don't have a wireless network at all, or you're talking about house guests using the Internet through your Xbox 360?

I'm talking about a house guest R_ bringing his own Xbox 360 so that he can play with his classmate M_ who lives at the house in question. Ordinarily M_ and R_ play co-op in a first-person shooter against random strangers from the Internet.

Re:House guests

If you're using home routers, they should only be configurable from the wired LAN, and only trusted people should be on that network.

Then what's the polite way to tell house guests why you're not letting them check their Facebook?

Don't broadcast your SSID. If they ask, you don't have a wireless network; Offer to let them use an unprivileged temporary account on your desktop.

Re:House guests

There's absolutely no reason to have to reconfigure a router to access a website unless someone disabled it at the router level. While I'm not arguing against blocking sites (especially Facebook) at the router level, there's little reason for it in a home environment. So I'd say that's a straw-man.

Re:House guests

[tepples]

Don't broadcast your SSID. If they ask, you don't have a wireless network

They see someone in the household using a wireless device; therefore, we must logically have a wireless network.

Offer to let them use an unprivileged temporary account on your desktop.

What provisions do popular home PC operating systems make for quickly creating and destroying a temporary account for a guest?

Re:House guests

[tepples]

The specific mention of Facebook was a strawman, but what happens is that a lot of online video games don't work well through a NAT with no forwarded ports.

Re:House guests

[shentino]

That's called lying.

Far politer and much less argument to say "because I said so now STFU and play by my rules if you wanna access my network."

If you're going to fuck with other people's internet access at least have the balls to admit it.

Don't be like comcast.

Re:House guests

[shentino]

You could simply say "my network my rules." and invoke host fiat to declare who can and cannot use your network and with whatever rules you see fit to enforce.

If you're culturally expected to open your network up to potentially untrusted users, then I'd say there's something wrong with your culture, especially if you're the one paying the internet bill.

Re:House guests

I haven't set up a public network segment, yet; funding shortages, y'know.

Re:House guests

Don't broadcast your SSID. If they ask, you don't have a wireless network

They see someone in the household using a wireless device; therefore, we must logically have a wireless network.

They're probably not going to think about it that hard (really.) If it's a smartphone, they're likely to think it's running on a cellular network and not wi-fi.

Offer to let them use an unprivileged temporary account on your desktop.

What provisions do popular home PC operating systems make for quickly creating and destroying a temporary account for a guest?

Offer to let them use an unprivileged temporary account on your desktop.

What provisions do popular home PC operating systems make for quickly creating and destroying a temporary account for a guest?

OS X offers Guest accounts that are created at login and destroyed at logout.

With other OSs, you'll have to do a little legwork (the feature was inexplicably removed from Win7 after beta.)

Not really trivial

[VincenzoRomano]

OK, you own a private SSH key of a router.
Now what?
Remeber, you got the router key, not Alice's or Bob's!

Re:Not really trivial

[Unequivocal]

You can poison their DNS b/c you can now sniff Alice's router admin login, and then get into the router and edit the DNS settings. Now with poisoned DNS when Alice thinks she's talking to Paypal or her bank (or her root key certifier) she's really talking to Carol - not Bob. When DNS is poisoned you're basically screwed in terms of security. The attacker owns you and if they're good you'll never know unless you look at your DNS settings and can recognize the correct settings, which is pretty deep down the well of obscurity..

Not true!

The private key in the SSL protocol is merely used for signing the session D-H key, which is generated for each session. Knowing the private key of an SSL server would not allow the attacker to eavesdrop the conversation. It only protects against MITM attack, which are not a real threat in this case.

We have done a security analysis of this problem at work a year ago and it turned out to be a dud.

Misleading^2

[formfeed]

I'd think it would only be *to* the device

That, and I think the attacker has to be on the network you're using to administer the device.

For a home router, with remote administration hopefully disabled, that would be your local net. So, if you have an attacker in your living room https: // 192.0.0.1 (or whatever) won't be any saver than http: // 192.0.0.1

Re:Misleading^2

[spydum]

Bingo. If they already have a sniffer on your local network, you were compromised long before they decrypted your routers login.
Most people send way more information over regular HTTP during the course of the day that you can imagine (people still using non SSL/TLS pop3/imap or SMTP is a great one).

Re:Misleading^2

[Unequivocal]

If your wifi network is secured with WPA then I think HTTP traffic is encrypted to the router, no? And WPA isn't subject to this vulnerability b/c it has it's own user-generated encryption key, right? So this is only a problem if you're running an open wi-fi network (or using WEP ugh). Am I missing something?

Re:Misleading^2

[yuhong]

Don't forget Hole196, and the classic attacks from the wired network world too like ARP spoofing. Of course if you have remote administration disabled and only trusted people are on your WPA-protected network it should not be a problem.

Re:Misleading^2

[Unequivocal]

Thanks. Nice reference. I was not aware of Hole196. Great reading: http://www.airtightnetworks.com/wpa2-hole196

A great example of the pain induced when a spec itself is incompletely or insecurely designed. Hard to fix. Towards the bottom of the article the authors provide a great solution that can be implemented without loss of backward compatibility. Probably how the spec should have been designed anyway.

Great read - thanks for the reference.

The ssl fixed key vulnerability is remediated by WPA2, but you could then have your ARP poisoned by Hole196 which gets you into exactly the same hot water as if a cracker sniffs your ssl traffic and then takes over your router, poisoning your DNS addresses in DHCP, or similar.

Re:Misleading^2

WPA is ok as long as you don't use pre-shared keys, which is what most people use. If you let anyone into your network, they have the PSK, so they can sniff your key (re)negotiation, which happens every hour or so (depending on your gear), when they sniff that, they can decrypt everything else too.

Router as a closed proxy

[tepples]

Encrypted traffic going through the device to another nonidentical host will use a different private key.

If you're using your router appliance as the endpoint of an HTTPS tunnel, then tunneled HTTP traffic will be unencrypted after it leaves the appliance. It appears this would let someone sniff passwords for blogs, forums, and wikis, many of which don't use HTTPS due to the cost of a hosting plan including a dedicated IPv4 address, if someone can't sniff the route from the proxy to the HTTP site but can sniff the one from you to the proxy.

Then can you fix the problem at my end for me?

[tepples]

Silently drop DNS requests to facebook.com and shrug and say it must be a problem at their end when they ask?

Then they'd try Google, their webmail, and other sites on their Favorites, and see that I'm silently dropping everything. Then they'd bug me to troubleshoot the "problem at their end" for free, and if I refuse to whitelist the MAC of their laptop or tablet, and I further deny them the use of one of my own computers "just for a minute" that inevitably turns into fifteen or more, I'm perceived as inconsiderate.

Re:Then can you fix the problem at my end for me?

Just run a guest network like everyone of us are.

Re:Then can you fix the problem at my end for me?

Show the house guest a map to the closest public library. Or a Starbucks.

Seriously, you have these kinds of issues? If nothing else, don't you have a neighbor with a completely open wireless network?

Re:Then can you fix the problem at my end for me?

When they ask you to troubleshoot, say "sure OK" and then install loads of viruses and stuff on their computer. That should prevent this problem from happening again.

But regardless, you are an idiot. You don't have to let people into the admin panel of your router in order for them to visit facebook, nor do you have to let them onto your wired network.

Re:Then can you fix the problem at my end for me?

[laederkeps]

Silently drop DNS requests to facebook.com and shrug and say it must be a problem at their end when they ask?

Then they'd try Google, their webmail, and other sites on their Favorites, and see that I'm silently dropping everything. Then they'd bug me to troubleshoot the "problem at their end" for free, and if I refuse to whitelist the MAC of their laptop or tablet, and I further deny them the use of one of my own computers "just for a minute" that inevitably turns into fifteen or more, I'm perceived as inconsiderate.

No future invasions of the basement. Problem solved.

Re:Then can you fix the problem at my end for me?

[machine321]

I further deny them the use of one of my own computers "just for a minute" that inevitably turns into fifteen or more, I'm perceived as inconsiderate.

"Sorry, it's my work computer. If they catch me using it for Facebook I can get fired."

Or, just don't admin your router when they're on the network, or be a real admin and generate your own cert. You're not one of those people who just click on "accept this self-signed cert" all the time, are you?

Re:Then can you fix the problem at my end for me?

[tepples]

You don't have to let people into the admin panel of your router in order for them to visit facebook

You have a point there.

nor do you have to let them onto your wired network.

What is the difference between giving them access to the wired network and giving them the preshared key for WEP or WPA2? And wouldn't it be a dick move to reject the kid's classmate's Xbox 360 (I used Facebook as an example; it is not the only one) because the kid's classmate ordinarily uses an Ethernet cable instead of buying the expensive proprietary wireless kit?

Re:Then can you fix the problem at my end for me?

[tepples]

"Sorry, it's my work computer."

"Then why did I just see you playing a game on it?"

Or, just don't admin your router when they're on the network

How inconsiderate would it be to fake a fire drill, requiring the guests to evacuate the house and stay in the freezing outdoors for several minutes, while I open a port?

or be a real admin and generate your own cert.

How can a router manufacturer make it easy for most home users to do this (and to get the cert into the browser)?

Re:Then can you fix the problem at my end for me?

[blueg3]

What is the difference between giving them access to the wired network and giving them the preshared key for WEP or WPA2?

The difference is that many home routers have an option to only allow devices on the wired network to configure the router. Anyone connected to the wireless network, if this option is enabled, isn't in a position to be able to do a MitM attack when you change the configuration. (On wired+wireless home routers, the network appears to be a single LAN, but is usually really a pair of bridged LANs, one for wireless and one for wired.)

Now, some routers are fancier and can be set up with VLANs to permit only the machine connected to a particular Ethernet port to configure the router. That's not a common feature, nor is it trivial to set up.

In the case of the bank

[tepples]

For instance if I went to my local bank branch and the manager there handed me a key in person and told me to go home and install it to validate their online site, that would be better than the Verisign cert they use now.

Would they hand it to you on a CD? Tablets and netbooks don't have internal optical drives, nor do they necessarily come bundled with an external one. On a USB flash drive? Netbooks have USB host ports, but tablets and phones often (usually?) don't, and furthermore, blank USB flash drives are fairly expensive at retail (I don't know about wholesale). Besides, a targeted worm like Stuxnet could dick with the program that installs it to the operating system's key store, especially due to lack of file permissions on removable media such as USB flash drives.

Re:In the case of the bank

To totally be secure, the bank president himself should orally present you the public SSL key from memory.

I mean, for $10 a month for a checking account, they can afford top notch online security.

Re:In the case of the bank

[vlueboy]

Christmas shoppers have been mentioning netbooks to me this year. When I state that they use their CDs, they are unaffected "--that's fine, all I have is MP3s!" or "won't watch DVD's that tiny screen!"

As their only tech, I'm seeing problem-solving on them will be a pain. Live USB workarounds don't mirror Windows's standard troubleshooting CD without a bunch of research. Also, adding their Turbotax and CD software will be a pain, because everyone finally groks flash drives, but nobody distributes software uniquely with them.

Re:In the case of the bank

[mhall119]

All you would really need is the fingerprint, which they could print out for you on a business card. Then when you connect the first time, you verify the fingerprint with the certificate being offered by the server, if they match you trust the certificate and go on your merry way.

Re:In the case of the bank

[Rakarra]

The netbooks are jumping the gun just a little; they're looking forward to a future where all software is downloaded, not distributed on hard media. Like the iPhone does now.

Re:In the case of the bank

[m85476585]

A USB CD drive and support to boot from it solves all of those problems. I'd gladly pay $50 for one and not have to carry it around in my laptop all the time. In fact, I put a SSD in my laptop and put the old hard drive in the optical bay, and it's great! I get all the speed of a SSD and all the capacity of a HDD on the cheap. On the rare occasion I need to use a CD (like when the SSD died and I had to restore the OS on a new one), I plug in my massive external DVD burner from 2004, and it boots off it just fine. If I need to burn a DVD, I use that or my desktop computer.

Re:In the case of the bank

[seandhi]

You could always use a USB CD/DVD-ROM drive.

Why?

Why isn't this stuff automatically generated on first boot? More secure.

Re:Why?

I forgot to take into account that those wont be signed, so then you have that issue of accepting a self signed certificate, rather than say a verisign signed...hmm, I'd understand this, but the average user, maybe not so much.

Ok maybe I am missing something but...

[tecker]

Ok. I'm still not seeing how this would be valuable. To compromise this wouldn't the following things need to be in place?

1. Router is being configured via wireless.
2. No encryption on the wireless signal (or signal encryption is known)
3. Configuring the router via https (common).

So if I have WPA2 on and configure my router via a wire how would knowing my routers SSL key be all that valuable?

Re:Ok maybe I am missing something but...

[JSBiff]

Most routers can be configured to allow you to connect remotely over the Internet, using https to 'protect' your admin session. In practice, I don' know why most people would need to do this - for the most part, once you get one of those configured, you basically leave it alone forever. I suppose if you had a need to turn on port forwarding on some port, remotely, perhaps you'd want this. Maybe someone administering the router for a relative, friend, or client might want to enable it.

In any case, in the scenario above, since you aren't connecting on the local WiFi network, the WiFi encryption is irrelevant - the only thing protecting your session as it traverses the 'public' Internet is the SSL encryption.

People change default router passwords?

[mveloso]

Do people really change the passwords on their home router?

I suspect not...so this is pretty much a moot hack. I mean, why go through the trouble of sslsniff when you can just log in as admin/admin?

http://www.phenoelit-us.org/dpl/dpl.html

Re:People change default router passwords?

[Unequivocal]

This is such a good point. I've cracked into numerous routers at behest of friends who owned the routers. Better than doing a factory reset b/c then all the other settings are lost, I just look up the default password off the web and use that. I've yet to find a non-techie who's adjusted this setting.

Dumb question...

So someone is using DD-WRT to run their home network. If they only authenticate their router admin session via a physical connection to the router, is this all irrelevant? And if so, is there a way to force DD-WRT to require a non-wifi connection?

Re:Dumb question...

[tecker]

Yes. In the configuration there is a way to turn off wireless config access. Dont remember where it is (probably under the administration tab) but its an enable/disable radio choice.

I told you - I was one of those

[HonestButCurious]

True story - I wrote the SSL/SSH code for an Embedded router a few years ago. I *didn't* specify a hard-coded key -- instead the router would freeze for a few seconds to generate the key when you first activated SSL or SSH (only the management CPU froze - traffic still went through). The router's CPU was pretty crappy - it took quite a while to generate a 2048-bit key pair.

You can't imagine the amount of griping this slowdown caused from the product/marketing teams. They really really wanted it hard-coded. Fortunately "security guys" are taken seriously in Israel so as far as I know it's still generated on the fly.

Beware! Could be a trojan.

[Kaz+Kylheku]

I took a look at this LittleBlackBox tarball. It contains a lot of source code (sqlite, openssl, libpcap plus the the LittleBlackBox program itself which uses these libraries). I wouldn't trust any of the source code or the precompiled binaries. So that leaves you with a file called "lbb.db", which is an sqlite database. Get at that data in some other way (surely there are some sqlite tools for browsing databases or dumping them to text?)

I don't see the WRT54GL listed in there, nor Tomato firmware. Of course. The stock firmware generates the key every time you boot the thing! (Well-known, major nuisance.) Tomato generates one once which is then persisted.

TLS and perfect forward secrecy

[roju]

This seems more like a TLS design flaw than anything else. By default SSL doesn't create perfect forward secrecy, which means that all of our encrypted conversations could be decrypted in the future simply by finding one key. That's ridiculous! If TLS as deployed used a cipher spec with PFS, then even if someone recorded all of our encrypted traffic, knowing these private keys wouldn't be enough to decrypt the sessions. It wouldn't stop the active MITM attack, but it would be an improvement over the current situation.

A possible security control for home networks

[grandpa-geek]

A possible security control for home networks would be to disconnect from the public network when you are doing administrative work on the router. Then unless the attacker has already placed a sniffer on the home network, the encrypted login credentials would not be visible from the public network while the administrative work was being done.

If the work involves the public network, perhaps the approach would be to disconnect during the login process and reconnect afterward. That might not prevent the attacker from viewing the activity with the public network but would prevent disclosure of the router credentials. Of course this might leave the attacker visibility into the transactions between the modem and the public network.

God this is stupid...

[WaffleMonster]

When are we going to get real about TLS+SRP binding to replace private keys and trusted third parties? With SRP support in all of the major browsers this issue would go away overnight.

Compromised private key and uncompromised self-signed private key are each subject to MITM. The only two realistic choices for the CPE vendor both suck.

When I go to my bank and enter my account password it is sent in the CLEAR over the TLS channel. The only thing protecting my password from being recovered by someone conducting an active MITM on some random leg of the Internet is blind trust in hundreds of organizations with the power to sign their own private keys to look like my banks. This situation is extremely dangerous, expensive and unecessary.

It is NOT just the CPE vendors that are being stupid here. They have no good choices available to them. The technology stacks and to some degree industry politics (CA industry) deserve equal credit for the problem.

At the end of the day secure password authentication is what most secure sites and systems really want. The authentication of the USER should provide the trust basis for initial session encryption key NOT the integrity of hundreds of unrelated third parties none of us know anything about.

We still need the PKI infustructure for cases where passwords are not used or the user has not established an account.. It is still quite useful.

Does this affect VPN on DD-WRT?

Does this affect VPN on DD-WRT?

Here it be:

[timbudtwo]

Here is the link you should be looking for: http://code.google.com/p/littleblackbox/

Yah, sure....

[RichiH]

I will rush to execute a pre-compiled binary from a self-admitted hacker/cracker group. Sounds like a great plan ;)

Anyone with less scruples and/or more time to poke stuff: Is Fritz!Box affected? I expect them to and want to call customer support, tomorrow :)