Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Find Same RSA Encryption Key Used 28,000 Times

Posted by timothy on from the well-if-it-workef-for-that-guy dept.

itwbennett writes In the course of trying to find out how many servers and devices are still vulnerable to the Web security flaw known as FREAK, researchers at Royal Holloway of the University of London found something else of interest: Many hosts (either servers or other Internet-connected devices) share the same 512-bit public key. In one egregious example, 28,394 routers running a SSL VPN module all use the same 512-bit public RSA key.

132 comments

  1. Wow by Anonymous Coward · · Score: 0

    Wow

    1. Re:Wow by jc42 · · Score: 1

      Oops.

      FTFY. ;-)

      --
      Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  2. Know what's worse? Cleartext. by Iamthecheese · · Score: 3, Insightful

    This is a real problem and I don't mean to minimize it. But weak encryption is infinitely better than none, and the solution to this is immensely easier than the solution to the many, many wholly unencrypted connections that are happening this very moment. I think we should prioritize getting all connections everywhere encrypted somehow.

    --
    If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
    1. Re:Know what's worse? Cleartext. by poetmatt · · Score: 0

      Except that it's a known key with a known loophole?

      You may as well try to tell me WPA-2 encryption is meaningful. It's not.

    2. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 1

      Uhm. No.

      Weak encryption provides the illusion of safety when there is none in fact to be had. It typically means that you will carry on as if you had the security of encryption but you don't and you end up doing something (for all practical purposes) in the clear that you would not otherwise, like transmit your bank account number or credit card number, etc.

      Assuming you were somebody who likes to drive faster than the speed limit would you rather drive without a radar detector at all and know you need to either not speed or at least be careful speeding or would you rather have one that only just barely works while you think it works great and that it will save your ass from that speeding ticket?

    3. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 1

      Do tell - how are you going to go about breaking AES on WPA2 with a passphrase of 4h2k~l389YUkjh289*(shl3k=ljhs

    4. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 1

      You may as well try to tell me WPA-2 encryption is meaningful. It's not.

      Is there a known attack on WPA-2 encryption or are you just jumping on the "it's wireless therefor its more vulnerable!!1!" bandwagon?

    5. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 0

      But weak encryption is infinitely better than none

      Wow. Seems like infinitely better ought to be pretty darn secure! Job's Done!

    6. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 1

      No.

      I don't put my credit card number in a form that submits plaintext.

      A form that appears to be encrypted but actually isn't because the server fucked up is infinitely LESS secure in practice.

    7. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 4, Funny

      Like this: https://xkcd.com/538/

    8. Re:Know what's worse? Cleartext. by TechyImmigrant · · Score: 1

      Except that it's a known key with a known loophole?

      You may as well try to tell me WPA-2 encryption is meaningful. It's not.

      WPA-2 Encryption is an AE (Authenticated Encryption) mode AES-CCM (CTR with CBC-Mac). It has formally proven cryptographic properties.

      What is your problem with it?

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    9. Re:Know what's worse? Cleartext. by 93+Escort+Wagon · · Score: 2

      The latter, pretty obviously. Whenever we've heard news about WPA2 exploits trumpeted, invariably it's boiled down to brute forcing very weak passwords - which would be equally problematic for any other encrypted communication method, including ssh.

      --
      #DeleteChrome
    10. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 0

      There are no known exploits for WPA2. He's just being a cunt.

    11. Re:Know what's worse? Cleartext. by msauve · · Score: 4, Insightful

      I suspect his problem with it is that he confuses it with WEP.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    12. Re:Know what's worse? Cleartext. by chrysosphinx · · Score: 5, Insightful

      Weak, bad or fake encryption is infinitely much worse than none, because it makes people believe they are safe while they are not.

    13. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 1

      Entering it into the "WPA key" field should be sufficient. Anything else I can help you with?

      Kidding aside: Unless you made sure that WPS is actually off, there's still a good chance that an attacker can get the key in just 11000 tries, and that the router won't stop him from testing them all as fast as he can. Or maybe there's an open port on the WAN interface which hands out the key to anyone who asks. WPS enabled even though it is turned off in the web interface, WPS not rate limiting PIN attempts, a WPS-PIN implementation which is obviously exploitable and a "remote administration interface" open to the world should all be bugs that a manufacturer would be dearly ashamed of, and promptly fixed in new firmware releases for all affected routers. But practically all manufacturers dragged their feet, and then proceeded to hide the bugs instead of fixing them. WPA is like a Fort Knox grade safe door with a factory-installed big hole next to it.

    14. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 0

      So, how does any of what you just said apply to WPA2/AES?

    15. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 0

      I like to use the analogy, would you rather have incorrect data or no data?

    16. Re:Know what's worse? Cleartext. by Charliemopps · · Score: 2

      You can crack WPA-2 in a trivial amount of time. I've got a friend in school for security right now... he pulled an app off a public website, got it running on my computer in minutes and before we were done with dinner he had my wifi password. I knew it could be done, but I had no idea there were public tools for doing it, and it would take so little time. The tool even played a little "TaDa!" sound like vintage windows when it had the password. And this wasn't an easy password either. 12 characters, alpha-numeric, special characters, etc...

    17. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 1

      Well, don't knock brute force as it works quite well given the combination of common human behaviour, powerful hardware (vid cards), comprehensive dictionaries, and wonky manufacturer implementations. ... absent the password issues and flawed firmware, WPA2/AES is demonstrably strong.

      Ahhh, but there you go. An attacker usually does not need to be successful all the time; a little success is often sufficient to go far.

    18. Re:Know what's worse? Cleartext. by Ronin+Developer · · Score: 1

      Weak encryption is infinitely WORSE than none.

      The illusion of security is more likely to cause people to divulge information that they wouldn't do in plain text.

      I remember when the export key laws were in place. Once the regulations were changed doing away with them, software and equipment should have been required to remove the obsolete code or be taken off the market.

      My question is how could OpenSSL still have had this potential backdoor? Why was this not removed at first opportunity?

    19. Re:Know what's worse? Cleartext. by the+order+of+His+Maj · · Score: 2

      He's probably referring to TKIP and thinking it is the only method available for WPA2.

      TKIP has a few vulnerabilities (as detailed here and elsewhere) but as noted in the Wikipedia entry, none of them retrieved the key, and relied on short packets with mostly known content, and were not able to inject many packets (3-7), and the packets they could inject were fairly short (28 bytes, then 596 in a later attack).

      None of that sounds at all like WEP's 56bit worthlessness.

      While I prefer 1 and 10Gbit wired Ethernet, I have no problem with WPA2-Personal and even WPA is fine for low risk activities, although I have it disabled on all my access points.

      (off topic, where in blazes did they hide the setting to change your signature? Damn Dice and their crappy playing around with /. *grumbles*)

      --
      __
      ipsa scientia potestas est
      "knowledge itself is power" - Francis Bacon
    20. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 0

      This is a real problem and I don't mean to minimize it. But weak encryption is infinitely better than none, and the solution to this is immensely easier than the solution to the many, many wholly unencrypted connections that are happening this very moment. I think we should prioritize getting all connections everywhere encrypted somehow.

      JDMSI NXKDJ MSHWW XHWIP OSWML LLKWC

    21. Re:Know what's worse? Cleartext. by TechyImmigrant · · Score: 4, Insightful

      You are talking about breaking passwords, not the encryption scheme, which comes later.

      Password -> PMK -> 4 way handshake (session key establishment) -> Authenticated encryption (link cipher).

      A 12 character, alphanumeric + special character password, uniformly generated is about 70 bits of entropy. The pbkdf2 invocation to generate the PMK has 4096 iterations, causing the brute force attack to need to perform on average ~ 2^81 hashes before finding a password. This would not happen over lunch.

      Did your friend's tool actually break WEP instead of WPA-2? Or did you have a weak password? Or were you using a weak EAP method? Or what other form of BS are you talking?

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    22. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 0

      He cracked your WPA-2 key or he cracked your WPS you left enabled on the router? (here's a hint unless you had a trivial password he didn't brute force it in less than a month)

    23. Re:Know what's worse? Cleartext. by sjames · · Score: 1

      Not really. If it' cleartext, you know it's cleartext and have the appropriate security expectations. If it's encrypted, you have a different set of expectations which are not met if the key is actually shared in common.

      Often it's better to know you have no security than it is to tyhink you are highly secure when you are actually quite vulnerable.

    24. Re:Know what's worse? Cleartext. by WaffleMonster · · Score: 1

      This is a real problem and I don't mean to minimize it. But weak encryption is infinitely better than none,

      Not when people think "It's encrypted".

      Sometimes it is much better to know something is insecure and behave accordingly than to depend on a lie and get burned.

      VPN technology especially is particularly abysmal everywhere I go customers using PPTP, some form of challenge-response authentication over the clear or over shared keys or using EAP methods without properly verifying trust chains. At least with secure websites we have security checkers like Qualsys... if you were to run that same scanner on the TLS channel protecting authentication it would universally fail. Even the CBC record splitting hack is explicitly disabled for backwards compatibility. Have never been on site where VPNs were deployed (both client and server configuration) properly.

      many wholly unencrypted connections that are happening this very moment. I think we should prioritize getting all connections everywhere encrypted somehow.

      When normal people hear the word "encrypted" what they actually hear is "secure". Nobody understands what "encrypted but insecure" means.

      Lies can be worse than doing nothing. Much better to do it right in my opinion.

    25. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 2, Funny

      Well, you just told us the passphrase ...

    26. Re: Know what's worse? Cleartext. by Anonymous Coward · · Score: 0

      If that were true you would tell is the name of the website/tool. Or did you conveniently forget?? Prove it, or you are full of shit.

    27. Re:Know what's worse? Cleartext. by Ginger+Unicorn · · Score: 3, Insightful

      Weak or bad encryption is not worse in the situation where the person doesn't care if they're safe, or isn't even aware that there's a safety issue. Which is the vast majority of the time.

      --
      (1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
    28. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 0

      And if a normal person did what the university researchers have done we'd be in getting a visit from the constabulary and possibly a date with a surly magistrate.

    29. Re: Know what's worse? Cleartext. by Anonymous Coward · · Score: 1

      No, that WPS garbage is so stupidly weak it may as well have been designed by the NSA. It is a very real bypass problem. Solution of course is to make sure it's off and that it really IS off or, even better, get equipment that doesn't support it.

    30. Re:Know what's worse? Cleartext. by Chris+Mattern · · Score: 1

      If something is wireless, it is more vulnerable. It may not be significantly vulnerable, but it is still more vulnerable than going over a wire, because you have relieved any attackers of the need to put a tap on your wire. This does not mean you are at significant risk, only that you have increased that risk by a small amount.

    31. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 0

      But weak encryption is infinitely better than none

      Arguably not. If you know something is going in cleartext, you're more likely (if you care) to be careful what you say and how you say it than you are if you think it's encrypted. While J. Random Badguy might have a bit more trouble with weak encryption vs no encryption, the various letter agencies aren't, nor are the organized bad guys. (But perhaps I repeat myself.)

    32. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 0

      Um, if they are WPA, then WPS is irrelevant.

    33. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 0

      Well if the same key is used, is it even "weak" encryption really?

    34. Re:Know what's worse? Cleartext. by Culture20 · · Score: 1

      he pulled an app off a public website, got it running on my computer in minutes and before we were done with dinner he had my wifi password

      Presumably something you had recently typed and was in memory, had stored in a file, or had typed while the program was running. Your friend showed you a magic trick. "Look over here at my right hand while it does something awesome. Now look in my left hand to see what my right hand did!" It was his left hand all along.

    35. Re:Know what's worse? Cleartext. by tlhIngan · · Score: 1

      Weak encryption is infinitely WORSE than none.

      The illusion of security is more likely to cause people to divulge information that they wouldn't do in plain text.

      I remember when the export key laws were in place. Once the regulations were changed doing away with them, software and equipment should have been required to remove the obsolete code or be taken off the market.

      My question is how could OpenSSL still have had this potential backdoor? Why was this not removed at first opportunity?

      Yes, bad encryption is worse than none.

      It's why Facebook has "privacy controls" - it's purely a marketing thing. By making people think their information is safe, they're going to divulge more of it.

      As for why OpenSSL did it - most likely it's not OpenSSL's fault. I'd almost guarantee what happened is because the first-time startup took so long, some guy said "make it faster" (it can take a couple of minutes to generate the keys the first time on a slower embedded platform). So to "make it happen" they simply pre-generated the keys and embedded it in the firmware.

    36. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 2, Informative

      Any of the WPS methods will give an attacker the WPA/WPA2 key if he can "authenticate" against them. WPS-PIN is specified in a way that it is likely to result in bad implementations which dramatically reduce the number of PINs an attacker has to try in order to gain access. Many routers used an implementation of WPS-PIN that was flawed that way, and quite a lot of those routers ignored the "WPS off" switch in the web interface and always offered their flawed WPS-PIN method. Additionally, even if WPS-PIN is implemented the correct way, it is no match for the security of WPA/WPA2: A seven character numeric PIN (the eighth digit is a checksum) has only 23 bits of entropy, and on many routers that's all that stands between an attacker and your 128bit WPA/WPA2 preshared key, particularly on those which don't rate-limit WPS-PIN tries.

      WPS is only irrelevant if it is (actually) disabled.

    37. Re:Know what's worse? Cleartext. by TechyImmigrant · · Score: 1

      Right. TKIP was deprecated years ago. Even when it was standardized it was described as a TSN (Transitional Security Network), to tide lower compute power devices over until they deployed new silicon with the RSN (Robust Security Network) protocols.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    38. Re:Know what's worse? Cleartext. by Zeromous · · Score: 1

      I agree, I liken this to a Master Lock. All keys are the same for the master lock (A Hammer/Crowbar), that doesn't mean it doesn't provide a measure of "sufficient security".

      like Hey, if you want to steal my lawnmower thats cool bro. I'll put a master lock on the shed and worry about securing the really important stuff.

      --
      ---Up Up Down Down Left Right Left Right B A START
    39. Re:Know what's worse? Cleartext. by jthill · · Score: 1

      Well, no. He's saying it's _meaningless_. As used here, that word means "utterly inconsequential". See? You might as well not have it for all the difference it makes in TFA's hardware. They're putting three-inch case-hardened core-hardened tungsten alloy deadbolts on tarpaper-and-baling-wire shacks and they've got entire crowds full of people chanting "unbreakable! Unbreakable!! AES!!! no known attacks!!!!!!!!".as if it meant something. Which it doesn't.

      --
      As always, all IMO. Insert "I think" everywhere grammatically possible.
    40. Re:Know what's worse? Cleartext. by ericloewe · · Score: 2

      WPS never really worked well, with ultra-crummy driver support on the device end.

      Disabling WPS-PIN really is no loss.

    41. Re:Know what's worse? Cleartext. by TechyImmigrant · · Score: 1

      he pulled an app off a public website, got it running on my computer in minutes and before we were done with dinner he had my wifi password

      Presumably something you had recently typed and was in memory, had stored in a file, or had typed while the program was running. Your friend showed you a magic trick. "Look over here at my right hand while it does something awesome. Now look in my left hand to see what my right hand did!" It was his left hand all along.

      It's ok, he'd never do that. He's just a friend studying security at college...

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    42. Re: Know what's worse? Cleartext. by wierd_w · · Score: 1

      Sounds like WPAcrack.

      You push out some reset packets at the targeted base station to get the connected peers to re-handshake. the toll gathers the handshake data, then uses a dictionary attack against the captured frames. It can take awhile if your dictionary is large.

      if the passphrase is strong, it will survive very strong dictionaries. Otherwise, you can get the passphrase in minutes.

    43. Re:Know what's worse? Cleartext. by Solandri · · Score: 1

      He's probably confusing it with WPA (the original WPA, before WPA-2). It was found to have a flaw similar to WEP, especially if you use it with TKIP instead of AES, so it's only slightly harder to crack than WEP. Kinda makes you think they should just give these things a completely different name when one is cracked. Simply incrementing the version number just leads to confusion.

    44. Re:Know what's worse? Cleartext. by gweihir · · Score: 1

      I do not agree. The problem is that encryption done by incompetents (like this one) gives you a false sense of security. The result is that you may trust the connection a lot more and that you may put things through it that are a problem if intercepted. If you know it is just plain text, you will be careful. This way, many people will not.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    45. Re:Know what's worse? Cleartext. by petermgreen · · Score: 1

      My question is how could OpenSSL still have had this potential backdoor? Why was this not removed at first opportunity?

      The trouble with removing old/weak modes is that you break interoperability with systems that only support those modes. Implementations that were limited to export modes only didn't disappear the instant the export restrictions were lifted. In some cases old versions of software stick around for many years because there is some problem that blocks upgrading.

      So someone has to make the difficult call as to when the risk posed by supporting the old/weak modes outweighs the interoperability issues that will be caused by removing support for them. Inevitablly making changes is harder than doing nothing so said calls tend to err on the side of "too late" rather than "too early".

      Furthermore SSL/TLS is supposed to protect against downgrade attacks. So removing support for old modes doesn't seem as urgent as it otherwise would be. Recently however we are finding that the protection against downgrade attacks is not as good as it should be.

      --
      note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
    46. Re:Know what's worse? Cleartext. by MikeBabcock · · Score: 1

      That's nonsense.

      Weak encryption is *worse* than no encryption because it gives people a false sense of security they shouldn't have. It makes them feel safe to say or do things they wouldn't do if they realized how bad the encryption they're using really is.

      --
      - Michael T. Babcock (Yes, I blog)
    47. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 0

      You don't need a tap with many wired either have you not heard of a tempest attack?
      Not to mention virtually no one puts any sort of physical security on wired networks so a tap is trivial. Thus a wired network is in typical usage signifantly more vulnerable than a wireless network with wpa-2 and no wps.

    48. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 0

      Oh haha I didnt catch that I wrote a tool for that, you put it on a flash drive and when you open the flash drive you click on "open in explorer" quickly before they lok too closely from the menu and a tricky autorun.inf has made a second open in explorer link that actually runs a hidden app on the drive, the hidden app copies all your wireless network settings into a hidden folder then launches explorer in the flash drive so you can browse to the app you supposedly put the flash drive in the computer for.

    49. Re:Know what's worse? Cleartext. by Anonymous Coward · · Score: 0

      As slashdot is still not https. The irony.

    50. Re:Know what's worse? Cleartext. by jrumney · · Score: 1

      ... got it running on my computer ...

      Wait, so he actually installed software to do this? Getting the WiFi password for a network that is already set up on your computer is easy, and doesn't require any apps. It's not the same as cracking WPA2 though.

    51. Re:Know what's worse? Cleartext. by DarwinSurvivor · · Score: 1

      If you can remember, let alone recite, 4h2k~l389YUkjh289*(shl3k=ljhs while being hit with a $5 wrench, you have a better memory than me.

    52. Re: Know what's worse? Cleartext. by zeigerpuppy · · Score: 1

      True, infinity x none = none

    53. Re:Know what's worse? Cleartext. by LordLimecat · · Score: 1

      he pulled an app off a public website, got it running on my computer in minutes and before we were done with dinner he had my wifi password.

      Found your problem. Theres about a million approaches he could have taken from here, including an automated script hacking your router from the LAN side and pulling the key, to pulling the key off of your local computer out of protected storage.

      This isnt a weakness in WPA2.

    54. Re: Know what's worse? Cleartext. by LordLimecat · · Score: 1

      WPAcrack isnt breaking mixed case alphanumerical 12-character passwords over lunch.

      Heck it would take a rainbow table-based attack about that long to recover a 12 character password (l0phcrack, running from dvd).

    55. Re:Know what's worse? Cleartext. by Ronin+Developer · · Score: 1

      Of course systems continued to support the older mode at first.

      That being said, the regulations regarding key length were relaxed starting in 1998. By 1999, all restrictions on key length were removed for import and export to all countries not on the terrorist state list. Risk analyses had already been done by any company that had requested a license to export cryptographic products. So, when the restrictions were lifted, the dangers of the export key length restrictions were well known.

      In particular, use of longer key lengths were approved for use in key industries such as banking and medical and online commerce. That was 15 years ago.

      Interoperability isn't the issue here - it's all about cost and profit. Privacy and protection of data (especially, personally) were not a priority provided the costs of compromise didn't break the bank (pun intended).

      Found an interesting link that explains the timeline and legislation regarding crypto laws for many different countries. The listing is alphabetical.

      http://www.cryptolaw.org/cls2....

    56. Re:Know what's worse? Cleartext. by david_thornley · · Score: 1

      It's meaningful. It doesn't mean everything people expect it to be.

      With an unguessable key, AES, with encryption and decryption done offline on an uncompromised computer (there are side-channel exploits), is secure. That's worth knowing, and lets people focus on key management and clean computers (which you always need to be concerned about, because if an enemy has control of your computer you have absolutely no security).

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    57. Re:Know what's worse? Cleartext. by david_thornley · · Score: 1

      The one case where I can think of where weak encryption might be useful is if there's a general sweep that involves you just because you're there. Weak encryption would take some minor effort to crack, and if the sweep picks up enough plaintext the sweeper may not bother with any ciphertext. It's similar to having a password like Ca$tl3 on a system where people have passwords like password1; if the attacker just wants one account they're likely to crack somebody else's first.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    58. Re: Know what's worse? Cleartext. by wierd_w · · Score: 1

      Like I said, a strong passphrase will take awhile.

      a weak one though, like many people use? It's the reason WPACrack exists.

    59. Re:Know what's worse? Cleartext. by wad4ever · · Score: 1

      Dangit. Now I have to change my password.

      --
      --- wad
  3. A clue. by Anonymous Coward · · Score: 0

    The encryption key is YouwereownedbythemotherfuckinNSAbitchandyourassesbelongtousnow.

    1. Re:A clue. by Anonymous Coward · · Score: 0

      Ha blaming the NSA for eveverything ...
      In this case it's rather : Youresupposedtogenerateakeyforeachinstallnotcloneityoulazydimwits

  4. So Out Them! by bill_mcgonigle · · Score: 3, Interesting

    "That's just laziness on the part of a manufacturer," Paterson said in a phone interview. "This is cardinal sin."

    Then it deserves at least social shaming and ostracism, if not worse than those minor responses to venial sins. Protecting the manufacturers only creates an environment where the incentives are aligned for them to do it again. If manufacturers aren't keenly aware that they need to protect their reputation, then they will cut every corner that doesn't provide them a competitive advantage.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    1. Re:So Out Them! by tom's+a-cold · · Score: 1

      OK, so who was the manufacturer then? Anybody??

      --
      Get your teeth into a small slice: the cake of liberty
    2. Re: So Out Them! by Anonymous Coward · · Score: 0

      They don't want to piss off the company and then face legal issues, or perhaps from getting blacklisted from getting funding or working for them. I can't blame them but I would like to know who they are!

  5. this whole "security" thing is bogus by swschrad · · Score: 2

    there is no such thing as security any more using the common models and parameters. got to step it up, without fallback to silliness like 512 bit keys. the bigger problem is nobody has been bankrupted and sent to jail yet, so the impetus is not there to fix it as the first priority of business.

    --
    if this is supposed to be a new economy, how come they still want my old fashioned money?
  6. Huh? This is actually a GOOD thing! by Anonymous Coward · · Score: 0

    Recycling is a good thing, you earth rapers.

  7. I imagine .... by PPH · · Score: 4, Insightful

    ... some vendor built a router or server up to the point of generating the public/private key pair, tested it, saved the image and started copying it to production units.

    Similar mistake have been made before.

    --
    Have gnu, will travel.
    1. Re:I imagine .... by Anonymous Coward · · Score: 0

      Either that, or 28k IP addresses are used in a load-balanced setup for a corporate VPN environment locked down to that key, rather than using a full PKI.

      Come to think of -- OMG! how many machines are using the Godaddy Root Cert public key?!?!

      The problem here is more that it's a 512-bit key. Which likely also means it has not been cycled in over a decade.

  8. Poor first sentence by in10se · · Score: 5, Informative

    First line of the article:
    "What if the key to your house was shared with 28,000 other homes?"

    The fact is, you very well might share the key to your house with more than 28000 other homes. Common lock brands you can buy at Home Depot, Lowe's, etc. create a surprisingly low number of different key/tumbler combinations.

    --
    Popisms.com - Connecting pop culture
    1. Re:Poor first sentence by bobbied · · Score: 3, Insightful

      So having a lock really is an advantage... Well, actually it doesn't matter to a thief anyway.

      I once had the window broken in my car so they could steal my wife's purse... The doors where unlocked, but they broke the window anyway.

      I guess the issue here is that the "key" is easily changed in this case. You don't need to have the guy at the home improvement store rekey it for you...

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    2. Re:Poor first sentence by Lumpy · · Score: 1, Insightful

      Yup, most popular locks on homes have a very very limited number of key combinations.

      Cars are worse. It's not uncommon to find another car that your key can unlock.

      --
      Do not look at laser with remaining good eye.
    3. Re:Poor first sentence by Drethon · · Score: 1

      Well yeah, how many wireless garage door frequencies or whatever they use exist?

    4. Re:Poor first sentence by 93+Escort+Wagon · · Score: 4, Funny

      Cars, too.

      Funny anecdote: Quite some years ago, my wife and I were over at another couple's house for our semi-regular game of Pinocle. After we called it an evening, I went out the door and accidentally got into their Ford Escort (at the time, they owned one that was a very similar color to ours - plus it was night). They stood there and laughed at me... and then I started their car with my key.

      --
      #DeleteChrome
    5. Re:Poor first sentence by 93+Escort+Wagon · · Score: 1

      Whoops, that was an epic quote fail!

      --
      #DeleteChrome
    6. Re:Poor first sentence by Snotnose · · Score: 2

      First line of the article: "What if the key to your house was shared with 28,000 other homes?"

      Several years ago I found myself in this situation. I worked night shift, getting home between 2-3 AM. One night I unlocked my door, opened it, and just had time to think "WTF, this isn't my living room" when some guy came running up with "hey, who are you!!!".

      The place I was renting was WW2 era housing, a group of rectangular buildings next to each other, each with 8 apts (think | | | | | |). I had the upper unit in the back, turns out my key worked on *every* upper back unit in each building. Talked to one of my neighbors, his key also worked in every building that corresponded to his unit.

      Trust me, we all had new locks within 24 hours.

    7. Re:Poor first sentence by prefect42 · · Score: 1

      Actually starting the car is far less likely in newer cars, because whilst the number of key combinations are small, the number of key transponders is not.

      --

      jh

    8. Re:Poor first sentence by Greyfox · · Score: 2
      Yeah, I replaced the locks on a couple of doors a couple of years ago and was surprised to find the new key worked just as well on a couple of the other locks that I hadn't replaced. Actually not that surprised, really. There aren't that many tumblers and not that many combinations of them. The keys to your house would probably work on a lot more than 28,000 doors across the country, if you tried them. I wouldn't suggest trying them, though. That'll get you shot in a lot of places.

      Fact of the matter is, locks aren't much of a discouragement at all. A criminal is just as likely to break a window or kick a door down to get in. My parents have been robbed a couple of times over the years. The first time, the robbers came in through a bedroom window that I believe was not locked. It wasn't broken, in any event. The second time, more recently, the robbers just kicked their door down.

      The best thing to do is make your house a less inviting target than your neighbor's house. But lock and home security is a whole other slashdot story!

      --

      I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

    9. Re:Poor first sentence by Obfuscant · · Score: 4, Informative

      turns out my key worked on *every* upper back unit in each building.

      That's just lazy on the part of your landlord. It's easier for him if all his units share the same lock so he has only one key to carry around.

      But common house keys? Yes, relatively few "combinations". I'm looking at mine, bought from a big-box home outlet store. Five lands -- that's the flat areas where the pins rest when the key is inserted. I didn't count them when I rekeyed my locks, but it's about five pin lengths. Let's see, 5^5 is 3125 different keys. Six pin lengths would be only about 15,000 different sets.

      My work keys have 6 or 7 lands, but the security of those is reduced because each pin has at least two valid lengths. There is actually a published method for taking a bunch of key blanks and a valid key and figuring out the master.

      If you want to know how locks work, go buy a new lock for a house and the rekey kit for it. It's fun. While each kit is "different" (or is supposed to be), with a bit of looking you can find two kits with the same pin lengths just in a different order so you can rekey two locks the same. (The kits I bought had colors for the pins.)

      For cars, I heard a long time ago that Toyotas were prime theft targets not because of the value but because there were a limited number of dealer master keys and the crooks had copies.

    10. Re: Poor first sentence by Anonymous Coward · · Score: 0

      I just moved from a 100 and some odd unit building. My key worked on at least ten different doors. The good thing is we were all very close knit. The bad, new locks for all will never happen.

    11. Re:Poor first sentence by Anonymous Coward · · Score: 0

      Even if every key everywhere was random you would still be faced with the issue of "bump keys". Look this up yourself. It's ridiculously easy to open most locks and vehicles. Star locks like the kind found in vending machines are better but obviously nothing is foolproof.

      Cryptographic electronic keys are probably the current safest. I'm not talking about the piece of shit "common-man" electronic hardware that is out there but real systems developed with money.

    12. Re:Poor first sentence by Anonymous Coward · · Score: 0

      When I was high school my Dad's 61 GMC pickup, a friend's 57 Chevy and another friend's Oldsmobile station wagon all had the same ignition key.

    13. Re:Poor first sentence by karolgajewski · · Score: 2

      Hmm... sounds like a key party rather than an unlikely occurrence.

      --
      - .k. -
    14. Re:Poor first sentence by bobbied · · Score: 1

      Cars are worse. It's not uncommon to find another car that your key can unlock.

      The obvious question here is how do you know? ;) Do you go around trying to open random car doors with your keys? I know I don't..

      Oh, but there is the ignition key chip stuff now where an RFID tag is embedded in the key, so you may be able to turn the key, but it's not going to start for you unless that RFID is loaded using a manufacturer specific tool.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    15. Re:Poor first sentence by Cramer · · Score: 2

      That had to be a long time ago. Today, even 'tho the key fits and turns, the electronic security codes won't match. (assuming there is a traditional key.)

      That said, my '84 Ford and my sister's '90 Ford had the same ignition key, but different door keys. That's before such electronic security, and when there was a "door" key.

    16. Re:Poor first sentence by bloodhawk · · Score: 1

      The same thing happened to my mother in a shopping mall a few years ago. She had an older Renault, literally got half way home before she realised it wasn't her car.

    17. Re:Poor first sentence by thegarbz · · Score: 1

      Had a partial similar fail one day at a shopping centre. Got back out to the car and someone had parked an identical car in front of mine. I was able to unlock the door but I wasn't able to start the car.

      I then had to convince the man I really wasn't trying to steal his car. Talk about awkward conversations.

    18. Re:Poor first sentence by bigtrike · · Score: 1

      The pin information is public. Residential Schlage locks have 5 pins. Each pin can be one of 9 heights. The height differences are quite small, so with some wiggling you don't even need an exact match.

    19. Re:Poor first sentence by jrumney · · Score: 1

      Actually starting the car is far less likely in newer cars, because whilst the number of key combinations are small, the number of key transponders is not.

      Yes, but we're talking about a Ford Escort here. Even if you have the right key, its a toss up whether it will start.

    20. Re:Poor first sentence by jabuzz · · Score: 1

      If you buy quality locks there are many orders of magnitude than 28,000 combinations. There are plenty of quality lock systems on the market with over a billion different key combinations.

      The big think at the moment depending whether the thieves in your area have court on is lock snapping. If you have europrofile or similar locks and they are not quality anti-snap, anyone can be in in under 20 seconds.

    21. Re:Poor first sentence by Jack+Griffin · · Score: 1

      A school friend of mine became an apprentice locksmith decades ago. Those big old fashioned locks from pre-1980's only had about 14 keys total, all numbered. When someone came to get a copy he didn't have to cut one, just pull a spare out of the box.

    22. Re:Poor first sentence by Lumpy · · Score: 1

      Why cares about starting the car, you steal everything inside it or tow it to part it out.

      stolen cars are impossible to sell, parts on the other hand are mostly untraceable.

      --
      Do not look at laser with remaining good eye.
    23. Re:Poor first sentence by Greyfox · · Score: 1

      You keep saying "quality". I'm guessing you're not talking about the $20 three-pack you can get down at the local hardware store?

      --

      I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

    24. Re:Poor first sentence by Lumpy · · Score: 1

      Also for your own education.....

      https://books.google.com/books...

      Buy this book if you want to learn how insecure 90% of the lock designs in use are.

      Car keys and house keys are there only to keep your neighbors honest.

      --
      Do not look at laser with remaining good eye.
    25. Re:Poor first sentence by david_thornley · · Score: 1

      It really doesn't matter that much, in the house key case.

      Anybody who can take advantage of the limited number of keys can get into your house in other ways, such as picking the lock or making a key from scratches on the blank. Other people will kick the door in or break a window. Houses really aren't all that secure.

      So, you're vulnerable to somebody who happens to have the same house key as you do, and happens to know it fits your lock. That is not something that's likely to happen.

      The equivalent on the net is trying a key on every house in the city at the same time, and remotely burgling the place if the front door pops open. Physical security has its own issues, but the threats are considerably different.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    26. Re:Poor first sentence by bobbied · · Score: 1

      Car keys and house keys are there only to keep your neighbors honest.

      On that we fully agree... Locks only keep honest people honest, in all their various forms.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  9. So easy to find by kooky45 · · Score: 4, Interesting
    Just scanned the /16 next to my home broadband and found a number of repeated certificate hashes and all belonging to systems identifying themselves as

    *.myfoscam.org/organizationName=ShenZhen Foscam Intelligent Technology Co,Ltd

    Seems to be a network enabled camera.

    1. Re:So easy to find by TemporalBeing · · Score: 1

      Just scanned the /16 next to my home broadband and found a number of repeated certificate hashes and all belonging to systems identifying themselves as

      *.myfoscam.org/organizationName=ShenZhen Foscam Intelligent Technology Co,Ltd

      Seems to be a network enabled camera.

      Which is why I don't allow them out of my local network, and never setup their "remote access" functionality. in fact, it's explicitly disabled.

      --
      Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
    2. Re:So easy to find by kooky45 · · Score: 3, Interesting
      And done the /8 now and another common ones are

      commonName=UBNT/organizationName=Ubiquiti Networks Inc.

      commonName=TS Series NAS/organizationName=QNAP Systems Inc.

      commonName=Vigor Router/organizationName=DrayTek Corp.

      commonName=homenet.telecomitalia.it/organizationName=TELECOM ITALIA SPA

      commonName=localdomain/organizationName=Axentraserver Default Certificate 863B4AB

      In fact, there are duplicate hashes appearing all over the place so it's an endemic problem.

    3. Re:So easy to find by ckatko · · Score: 1

      Balls, I've got one of those cameras.

      So has anyone checked to see if this was by design? Give everyone encryption, but it's the same key, like a master lock that any locksmith or landlord can bypass?

    4. Re:So easy to find by _merlin · · Score: 1

      It makes you vulnerable to MITM attacks, since when you connect to your camera, you can't be sure it's actually yours and not just another device with the same well-known certificate/key.

      It means that if you use a key exchange mechanism that encrypts the session keys with the server key then someone who's extracted the private key from one of these can decrypt communications with any of the cameras using the same certificate/key.

      If you use a key exchange mechanism with forward secrecy, extracting the private key wouldn't allow Eve to decrypt all your communications.

    5. Re:So easy to find by Anonymous Coward · · Score: 0

      Are you doing hashes for all of them? Or just checking the CN and ONs?

      I'm interested to see what those UBNT devices are. Can you post a sample cert and IP here?

    6. Re:So easy to find by Anonymous Coward · · Score: 0

      How are you doing the scan?

  10. Obligatory XKCD by pwnyxpress · · Score: 1

    Create a function to generate a random key.

  11. Do you still not get it? by Anonymous Coward · · Score: 0

    All commercial software is backdoored. They can't very well put in an additional user called backdoor, can they? So they create specification ambiguities, add bugs and make insecure default configurations. "But the need to create unique keys was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard', so using the default configuration is your fault."

    If you're looking to Open Source software to get around that, you will very likely end up using software cobbled together just well enough that it works, with next to no attention paid to actual security. If something looks encrypted, that's good enough, and you're lucky if an author of the myriads of tutorials on the internet even checked with a packet sniffer that things actually look encrypted. Download this virtual machine image and you've got yourselves a server, complete with static SSH host keys, because hey, it works and it's encrypted, isn't it? Authy, a two-factor authentication service, allowed anyone to log in with "../sms", because they relied on "rack-protection", an open source Ruby project which supposedly "protects against typical web attacks", which failed to properly escape user input. A face-palm is in order. If you believe that's just an anecdote and not symptomatic of the general state of security on the internet, you're deluding yourself.

    There is no security with computers, because nobody really cares. It's all lip service. Computer geeks are just very slow to get this. To most people, security is a source of problems, not a solution. This is not going to get better. Young people all use computers and on average know less about how computers actually work than the people who were using them when computers and networks were new.

    1. Re: Do you still not get it? by Anonymous Coward · · Score: 0

      Who gas if software is backdoored? Ever heard of the term FIREWALL? It's titanium and it loves backdooring your pathetic little softwares til they beg for more.

  12. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  13. Re:That's money savings by Imagix · · Score: 2

    Ahem. Unlike you, manufacturers can get keys which can sign other keys. Which means they can buy 1 key and generate as many sub-keys as they like.

  14. Re:That's money savings by Anonymous Coward · · Score: 1

    Putting 1 key into a image vs having a different key go into every image.

    One is cheap, the other isn't. (when pennies count).

  15. Re:That's money savings by tburkhol · · Score: 2

    These are not certificates. They're not validated by any trusted authority. These are host keys: you generate them yourself for the cost of electricity. You could have your router generate its own keys the first time it starts up for the cost of a couple seconds delay.

  16. Re:That's money savings by swb · · Score: 1

    You could use your own CA and generate self signed certificates.

  17. Re:That's money savings by Anonymous Coward · · Score: 0

    Except they don't have to buy them at all. They can just generate them.

    Hell, *anyone* can generate random/unique keys; the only reason we buy certs is for the "trust" part of PKI, not the encryption part. Many (most?) protocols don't have a concept of "trusted" certs, so there's no benefit to buying one from a CA.

  18. Re:That's money savings by silas_moeckel · · Score: 1

    You do realize these are self signed keys? They are trivial to generate and have no cost.

    --
    No sir I dont like it.
  19. Re: I imagine ....the solution is by Anonymous Coward · · Score: 0

    Have a list of ALL keys ever generated, similar to the windows key service. Then you can make sure each device has its own key when manufacturing devices. Just kidding, that would require a desire to actually sell securely encrypted devices.
    Security is really only for those corps and individuals alike who proactively ensure their own security. On the scale of things this is somewhat of a small #. Until the general masses embrace security as a whole, their will be none. Just the constant drivel of stories like this one.
    I can hardly sit still with the desire to root my Z3 phone just for the purpose of security.

  20. Security Journalistic Failure by Anonymous Coward · · Score: 0

    Yet another example of "security" journalism that fails to mention the name of the manufacturer. Just what junk am I supposed to throw away? Details people, details.

  21. The Problem is and Always Will Be People by Anonymous Coward · · Score: 0

    People are lazy and suffer from "it can't happen to me" and that's assuming they even understand what's going on. I just sent some very sensitive documents by email today encrypted with AES and a strong password. I let the financial institution on the other end know the password by SMS to the loan officer's phone. Two minutes later the idiot forwards the email to his assistant with the attached PDF and the puts the password in the body of the email. They didn't even understand what was going on when I got upset. They genuinely think I'm on the level of UFO conspiracy nuts for encrypting scans of my social security card, driver's license, paystubs, and bank statements to be sent over the Internet.

  22. The Problem lies with the Wetware by Anonymous Coward · · Score: 0

    All the security problems reside in the Wetware.
    If we could only take the Wetware out of the equation, we could have real and effective security.
    Damn the Wetware!

  23. Re:That's money savings by Anonymous Coward · · Score: 0

    You could have your router generate its own keys the first time it starts up for the cost of a couple seconds delay.

    Not really. You need randomness to make a good key. Exactly how much randomness is an unconfigured router going to be able to collect in the first few seconds of it's initial power-on? Some, sure, but preferentially you want a *lot*.

    Having said that, if you extended it to a couple of minutes then it should have ample time to collect enough randomness - packet arrival timings, local MACs it can see, other SSIDs it can see; perhaps the SoC even has a hardware random noise generator - to create a key that's not too non-random.

  24. Not the first time ... by briancox2 · · Score: 1

    http://www.reuters.com/article... NSA ~ RSA

    --
    We should learn what we need to know about issues, before we decide what we need to feel about them.
  25. Add the SALT by wwbbs · · Score: 1

    Without SALT even encryption is bland. Try searching encrypted password hashes on google it's always interesting to see who you share the same password word. Often the userid is revealed in the search, if the userid is unique you can search the userid out and find new sites to try your new acquired user:pass combo's.

  26. Re:That's money savings by Anonymous Coward · · Score: 0

    If you used your own CA, why would you bother with self-signed certificates?!

  27. Re:That's money savings by Anonymous Coward · · Score: 0

    And many embedded SoC have atleast one of the following:
    - HW random generator - Perfect... for more security throw in a few of the below to strengthen it...
    - Embedded encryption engine with a device-specific key (set in the actual SoC during production) - Perfect... we do not really need anything else...
    - A/D in one way or another.. use some static from it..
    - Wifi device - other wifi devices and signal-strengths and timing between beacon-packets.
    - Network interfaces - number of them, timing between packets, timing before getting link etc..
    - flash-memory - may have serial-number and may have a random distribution of bad blocks.
    - unique serial-number - Usually deterministic but *usually* hard to get information about remotely.
    - Several clock-sources.. Use them together and be able to get some clock-drift info to throw into the pool of "random" data..
    - Time from boot until a browser connected.
    - Anything the client-browser throws at the router (client-ip, user-agent, registered plugins etc...)
    - MAC address - yea, not really good by itself but hey... we just want as much data as possible.. and usually only possible to know if you are in range of the wifi or on the same subnet.
    - IP / Netmask / gateway / gateway mac / other network-config stuff...

    Throw one or more of these into a scrypt 100-1000 times and then do a sha-512 and use that as the seed for the PRNG.. Using scrypt would just be to make it much harder to guess the key if you knew the approximate values that where used for the seed initially.

    Even if you would use just the MAC address for this it would be a *BIG* jump in security over using a shared certificate... But i would recommend to use at least 2 pseudo-random things from that list, preferably 4-5, before it would become fairly secure..

  28. This is intentional by rosencreuz · · Score: 1

    Once I know the key is good, I stick with it and use it everywhere. Why to mess with it if it's working?

  29. not necessarily a problem by Anonymous Coward · · Score: 0

    The public keys might be identical but that does not mean that the private keys are also all the same. So the resulting encryption could well always be different despite the identical public keys.

    1. Re: not necessarily a problem by Anonymous Coward · · Score: 0

      With one RSA key there's only one way to encrypt the same message. Different private keys will then decrypt this same cipher text into the original message.

  30. You can make things foolproof by Anonymous Coward · · Score: 0

    You can make things foolproof, but you can't make them idiot proof.

  31. Security for the Lay User by Irate+Engineer · · Score: 1

    Most people doing anything on the internet have no functional literacy in security. WEP, WPA, SSL, https,...it's all alphabet soup mumbo jumbo to most people.

    Now, some self-appointed expert is going to chime in in a few moments and say that these ignorant fools need to educate themselves about this, and if they get pwned it's all their own fault.

    The problem *is* that people need to be educated, but right now to truly understand the rudiments of security technology and the risks probably requires some night classes more suited to IT professionals. If that is the burden on the user, security will never work.

    People understand locks and keys on their cars and doors, and know the consequences of not using them. The same can't be said for internet security. Most people are stuck relying on the kindness of strangers to implement security for them, and that is just asking for trouble.

    The person who solves this problem, of making internet security understandable by the lay user, will be doing the world a great service.

    --

    Left MS Windows for Linux Mint and never looked back!

    Vote for Bernie in 2016!

  32. Re:That's money savings by Anonymous Coward · · Score: 0

    You're missing the point. Default certificates are self-signed and cost nothing. Not having unique ones is laziness and nothing else.

    For use in a production environment, any WAN-facing appliance should get a unique cert ideally, but how may WAN-facing appliances do you need? I would venture a suggestion that only the VPN server and WEB server need to be WAN-facing. Everything else can be behind the VPN. So unless your company has 28394 offices, the cost is minimal. And for any company that DOES have 28394 offices, 78k/month may not be too high a price to pay for security.

  33. Re: I imagine ....the solution is by PhuCknuT · · Score: 1

    How would you make a list of what are supposed to be private keys?