Slashdot Mirror
Group Chat Vulnerability Discovered in Cryptocat, Project Fixes and Apologizes
alphadogg writes "The founder of an eavesdropping-resistant instant messaging application called Cryptocat has apologized over a now-fixed bug that made some types of messages more vulnerable to snooping. Cryptocat, which runs inside a web browser, is an open-source application intended to provide users with a high degree of security by using encryption to scramble messages. But Cryptocat warns that users should still be very cautious with communications and not to trust their life with the application. The vulnerability affected group chats and not private conversations. The encryption keys used to encode those conversations were too short, which in theory made it easier for an attacker to decrypt and read conversations."
The bug report/merge request, and an analysis of the bug (although, in light of the Cryptocat's gracious response, overly acerbic and dismissive of the project).
Why not just use OTR with pidgin? Supports any protocol you'd care to mention.
This bug and the history of it point to the cryptocat people being utterly incompetent. It's perfectly possible that they did what they did with the best of intentions and that they reacted as well as they could - that does not change one iota about them being incompetent and that you better don't trust the work of incompetent engineers. It's nice that that civil engineer did not intend to kill anyone and that she helped in rescuing people, but still her incompetence is what caused the bridge to collapse and what makes it reasonable to be suspicious of the other bridges she's responsible for.
Does anyone know what happened to the HTML5 (non-plugin) based server-side version of cryptocat?
I don't care if it's less secure than the new plugin-required version.. it will still probably defend against an eavesdropper in my college dorm or at Starbucks.
How many more years will slashdot have an off-by-one error on your Score in your profile?
The really ugly 'gotcha', with any attempt at encrypted/obfuscated/steganographic communication, cryptocat included but hardly alone, is storage.
If your adversary is just drinking from the firehose, and lacks the ability to do more than a cursory inspection, all you have to do is be better than their cryptoanalysts today. If they have sufficient storage to archive a nontrivial percentage of what passes by(or their cursory inspection is good enough to classify suspicious encrypted traffic for storage) you have to be better, today, than their cryptoanalysts for however long what you are saying is relevant. The former is hard, the latter is downright scary.
It's encrypted end to end and you can totally discuss your plans and share secrets using the instant messaging. For better protection, why not wrap them in a PDF labelled 'secret plans NSA do not read"?
Plus its from a trusted company that never harms their customers, Microsoft, in a country with strong privacy laws, America. So its double plus good private!
Elitist arse as he was, at least Hardy never wanted his work to be used for anything except enjoyment of pure knowledge.
Cryptography's a horrible thing, really: it starts off with the principle that man is evil and will fuck you up if you don't protect yourself from him, and then it ignores all the usual imperfections which will actually catch you out - from the plaintext endpoints to the inadequate implementation to the rubber hose. I don't really want to live in a world where I have to actively hide shit from people or they'll try to take advantage of me. Lack of privacy is a social problem soluble by bringing up people with a better attitude toward their fellow man, not a technical one soluble with an arms race (which you will lose, btw).
case judging heal infer interior you awesome Drunkard studying
trouble illuminating Kuwait 10 quiet know miss Brazil
I say it's only fair:
a security/cryptography product with that amount of failures is only conceivable if the authors don't care or are not prepared in the field.
We're not talking about average bugs. If you miss a string-to-int key conversion and no one notices it, you aren't testing anything or no one cares about the project.
Which is something you can expect out of your average program, but not from a crypto software.
What's noteworthy here? Operating systems and browsers have dozens of security bugs discovered each year. Or is this cleverly hidden Slashvertisment again?
Go to it - it's easy to do... Host a Tor Hidden Service .onion forum!
an example is HackBB:
http://www.tinyurl.com/hackbbonion
which is easy to remember and leads here:
http://clsvtzwzdgzkjda7.onion/
What are you waiting for?
* REMOVED from the author's blog but still on archive.org (for now)
http://web.archive.org/web/20130210124730/http://log.nadim.cc/
blog owner: https://en.wikipedia.org/wiki/Nadim_Kobeissi
Known for: Cryptocat
WHY was this removed? Was it a work of fiction, fishing, or paranoia?
Begin:
"Disclaimer: While this story sounds highly suspect, especially considering that I have been the target of FBI entrapment less than a year ago, please take it with a grain of salt. After all, this may all be just one big prank, with me as the victim.
I am under surveillance, my computer has been backdoored
For public record:
On January 12, 2013, I had an interview with Radio-Canada regarding Cryptocat, my surveillance by the U.S. Government, how the FBI tried to entrap me, and so on. It was a successful interview and everything went well.
On January 31st, 2013, a person identifying as PG sent me an email saying that he would wish to meet to discuss a business opportunity with me. He specified Concordia Universityâ(TM) bar, Reggieâ(TM)s, as the place where he would like to meet. At the time I received his email, I was in a class at Concordia just one floor above that bar.
I answered PG telling him that I leave for New York City that day. He insisted he can meet me before I leave. When I asked him what heâ(TM)d like to discuss, he simply answered âoeIâ(TM)ll be wearing a black suit. See you at Reggieâ(TM)s at 12:45PM.â
I insisted that I would not meet with him unless he specified his reason. He said he needed a website for his new business venture, a traffic ticket contestation service. I replied saying sorry, I am not available for this sort of work. PG replied: âoeOK, thank you.â
At 1:00PM, I received an email, sent from a Blackberry, from someone claiming to be PGâ(TM)s colleague. They identified themselves as GB. GB mentioned that he was surprised that I am not at Reggieâ(TM)s, and that PG had asked him to write an email to me since PG is partially blind and cannot write emails. This is very strange to me since PG had written to me many emails during this incident.
At this point, I angrily replied to both GB and PG asking them to go away, and that I had already said that I am not available for a meeting or for hire.
Hours went by with no answer. Then, PG again sent an email (this time switching to the French language) in which he claimed that the radio interviewees from Radio-Canada had given him my contact information (this was denied by Radio-Canada when I checked with them.) In this new email, PG suddenly claimed that he was both a Juror and that he was previously a correspondent for Le Monde Paris.
PG then claimed that he knew people at CSIS, Canadian Intelligence, who were interested in acquiring Cryptocat. GB had incidentally mentioned that PG was interested in Cryptocat acquisition. In the same email, PG also mentioned that he too went to NYC often due to being invited to CIA conferences there. He said: âoeIâ(TM)m sure you know what Iâ(TM)m talking about re. CIA conferences, since you yourself seem to be funded by the U.S. Government.â
To this I replied: âoeWell, this was never a story of a business venture at all, was it? I am not surprised. I must admit, a former Juror and Parisian journalist who claims to work for CSIS; you inspire a lot of confidence ;-)â PG replied: âoeWe will speak Tuesday upon your return.â
Ever since my return from NYC, for days now, the Secure File Transfer desktop client that I use to connect to Cryptocat and other services in order to manage critical file and data transfers has been attempting to connect to, by itself:
Hostnames that appear to belong to CSIS.
mod parent up
more:
"I am under surveillance by Canadian agents, my computer has been backdoored (nadim.cc)"
https://news.ycombinator.com/item?id=5194489
"Addendum (added Feb. 10, 1:50PM EST): Iâ(TM)ve decided that the way Iâ(TM)m going to deal with this is by doing disk forensics on my computer and moving on, continuing my life as normal. I am not going to slip into total paranoia because of this incident. I have a history of attempted entrapments, of border interrogations and of surveillance, and with this incident, hereâ(TM)s what Iâ(TM)ll say:
If any agency is continuing to monitor me because of Cryptocat, you are invited to meet me under honest pretenses and have a cup of coffee with me. Just donâ(TM)t lure me in with lies and donâ(TM)t backdoor my computers. Be honest with me and I will have no problem discussing my work with you. I am not a criminal, I am an upstanding citizen. If you want answers, then contact me and be honest about it. You have nothing to fear from me.
In order not to cause unnecessary drama, to protect my privacy and to lessen my stress levels, Iâ(TM)m removing this blog post until further notice and investigation. This attracted way more attention that I wanted it to. I just wanted to protect myself, not cause a media uproar. Thank you everyone for your support. This is already a stressful situation and the huge level of attention to this blog post is just making everything more stressful to deal with."
http://www.wilderssecurity.com/showthread.php?p=2187386
@reddit:
Creator of CryptoCat -- the web app that uses military-grade encryption to protect conversations -- is under surveillance by the government and may have had his computer compromised by CSIS agents (log.nadim.cc)
http://www.reddit.com/r/technology/comments/1895vl/creator_of_cryptocat_the_web_app_that_uses/
Sounds like one of the devs is NSA...let's avoid this one shall we...
So, strategies towards social change are better off being legal and transcendent (e.g. Bucky Fuller's idea of creating alternatives that make the status quo obsolete). So a lot of the focus on encrypted communications misses the big picture of the vast 21st century changes we are seeing towards post-scarcity...
Or as I say here: :-)
http://www.pdfernhout.net/on-dealing-with-social-hurricanes.html
---
Our biggest advantage is that no one takes us seriously.
And our second biggest advantage is that our communications are monitored, which provides a channel by which we can turn enemies into friends. :-)
And our third biggest advantage is we have no assets, and so are not a profitable target and have nothing serious to fight over amongst ourselves. :-)"
Let's hope those advantages all hold true for a long time. :-)
. . .
On dealing with the social hurricane of the CIA
If we thought about the CIA, or Al-Qaeda, or really many other agencies or organizations around the globe dealing in intelligence or covert operations as hurricanes in history, it is foolish to think one person can stand against a hurricane. What is likely to happen is you will get a 2X4 ripped from a house driven through your brain at 150 mph, such as, essentially, (spoiler) in the ending of the Directors' Cut of Brazil (though by other means). But, maybe there are other ways to approach this situation?
There are at least eight ways that I can see at the moment to deal with the hurricane of the CIA (or other global hurricanes, including to some extent Al-Qaeda, Mossad, MI6, or whoever):
* To begin with, for an official organization sponsored by a state like the CIA, one could hope for democratic oversight, which presumably exists in some form, as a first line of reigning such an organization in. But in practice such control is subverted by, as the above example with Obama suggested by Wayne Madsen, the fact that you are looking at an overall system where the agency protects its own existence. See Langdon Winner's "Autonomous Technology: Technics-out-of-control as a Theme in Political Thought" for examples of how this "reverse adaptation" happens for all sorts of organizations. If the CIA is running its own candidates, and all choices have such ties, well, then there is not much to choose from, right? As with Kerry vs. Bush, both Skull and Bones alumni whoever wins:
http://en.wikipedia.org/wiki/Skull_and_Bones
So, it's not even the foxes guarding the chickens. It is the fox guarding itself... If we just accept that the agency is not going away, and can not be directly overseen, then we can move on to other ways of looking at the situation of how to co-exist with it.
* Historically, humans have survived hurricanes even with few resources like in Haiti. One can study how they have done that:
"In Haiti, the Art of Resilience "
http://www.smithsonianmag.com/people-places/In-Haiti-the-Art-of-Resiliance.html
Perhaps the very notion of having less makes one have a stronger community? The CIA has had difficulties infiltrating strong tribal communities, although while that may work for Afghans as a close-knit tribal culture knowing people from birth, that probably won't work for the internet (where no one knows both if you're a dog and if you work for the CIA.)
"On the Internet, Nobody Knows You're a Dog "
http://www.unc.edu/depts/jomc/academics/dri/idog.html
"CNC Machinist job related to custom bicycles & CIA version & comments"
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
The last sentence of this article says it all :
Also I learned that it means nothing when I hear "it is open source and peer reviewed".
The mistakes made are utter beginner's mistakes that nobody even halfway competent with regard to cryptography would make. The only other possibility is that these mistakes were made intentionally.
While it is unclear whether utter cluelessness or devious intent is to blame, this software should not be trusted on any level or for any purpose. Of the people writing it can make this kind of mistake, then there will likely be a number of other mistakes in it that affect security and this piece of trash should be regarded as broken for any purpose.
Doing crypto is not a beginner's game. There are countless ways to get it wrong, and most of them cannot be found by testing, but require in-depth understanding and meticulous analysis of the mechanisms used. And encryption software being OSS only helps if some people with a clue care to review it.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Various comments posted along the lines of "clueless nubs, crypto is the realm of spr smrt ppls, just give it up" as if any of these academic geniuses have stepped up and produced their own open source cryptographic chat application that runs in a web browser.
This is how it works: freely available source for everyone to look through leads to someone spotting a problem, followed by a quick fix.
Nobody is actually that impressed when you spew on about how "you have to be smart" to understand cryptography, especially when you're repeating things that others have already said, word for word. It's as annoying as the people who read an article or two and then start posting the same old tired nonsense about the number of atoms in the universe and how long it might take to brute force something. Just shut the fuck up already.
So, do crypto, you have to be competent.
But ... you gain competence how?
Because, by your rules, you can't gain competence by the normal process of trying something, making a mistake and fixing it.
Sorry, you set the whole situation of up as a George Bush "With Us or Agin Us" dichotomy, I'm just carrying it to it's logical extension.
You gain competence the same way pilots do. They don't get to fly hundreds-of-passengers boeings on their first day either. It's OK to be a crypto beginner. But why do they publish a chat system instead of scribbling around in Cryptool?
If you see someone looking into a loaded shotgun barrel with their finger on the trigger, you don't say "oh, let him learn by trial and error". You take the gun from him, slap him across the face and send him learning the basics.
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
You gain competence by studying it, but trying things, etc. Before that you already have to be a pretty good and experienced programmer. People without that skill should not even try, it is a mandatory skill. You cannot learn how to program well doing crypto, crypto has a whole additional set of difficult and subtle requirements.
And no, test-and-fix does not work for crypto. That is not "my rule", but in the very nature of things. The problem is that testing will not show the mistakes for crypto, and hence it is not the "normal" process at all.
All pretty obvious to anybody that actually cares to find out. Your cluelessness is a disgrace.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.