Blown To Bits

Archive for the ‘Security’ Category

How the $65M Facebook Settlement Figure Got Out

Sunday, February 15th, 2009 by Harry Lewis

It was reported last week (see the Crimson story, for example) that the amount for which Facebook settled the litigation brought against it by the Winklevosses, two of Mark Zuckerberg’s contemporaries at Harvard, was $65M. That number was supposed to be secret, but Facebook’s former lawyers released it by accident. How?

Turns out, exactly the same way the details of the Calipari report, discussed at the beginning of Chapter 3, became public. The law firm “redacted” the number from a document it then made public, but it did the redaction simply by placing a white bar over it in the PDF file. The actually $65M number was still in the file.

You can do it yourself — it takes only a few seconds — try it, it’s fun! Click on this link to download and open the PDF of the court transcript as redacted and released. Go to the bottom of page 22, where there is some white space preceded by the word “[REDACTED].” Select the white space (it runs from the last part of one line to the first part of the next) and copy it — as though you were just copying a bunch of spaces. Now paste it into any word processor — bingo, like magic, the words “$65 MILLION” appear. They were there all along, covered by the white redaction bar — probably just “highlighting” applied using Adobe Acrobat or some similar tool, with the highlighter color changed to white.

In Blown to Bits we give two other examples of this mistake, in addition to the Calipari report. You would think that law firms would understand this by now! There are easy ways to avoid it. Oh dear — if it was some poor unsupervised paralegal or staffperson who did it, I feel sorry for him or her. But really, there can be no excuse for the firm.

The Barackberry

Saturday, January 24th, 2009 by Harry Lewis

(Nice neologism by the Times of London.)

President Obama is going to have a handheld, but it won’t actually be a Blackberry. It will be special military equipment, capable of entering a super-secure mode in which it can communicate only with identical equipment (presumably in the hands of military and intelligence personnel).

The Times story, as well as some others, state that it won’t be possible to forward presidential emails. I don’t know what that means. If Sasha gets an email on her home computer from her daddy, what would prevent her from taking a screen shot, or cutting and pasting the body of the message? It’s possible to restrict the President’s computer so that its functionality is limited, by I just don’t know how you could stop the recipient of one of his emails from using ordinary office software to manipulate it.

The Battle over Child Safety on the Internet

Wednesday, January 14th, 2009 by Harry Lewis

The Internet Safety Technical Task Force released its important report yesterday. The bottom line is well summarized by the New York Times: “Report Finds Online Threats to Children Overblown.” Vulnerable children are vulnerable independent of technology, and technology doesn’t seem to have made matters any worse than they were before.

Richard Blumenthal, the Connecticut Attorney General who commissioned the report, immediately attacked it, claiming it relies on outdated research. I very much doubt it — it’s a remarkably thorough document. Mr. Blumenthal, show your evidence.

Net Circumvention Tools are Selling User Data

Monday, January 12th, 2009 by Harry Lewis

Several commercial products make it possible to avoid leaving footprints and fingerprints as you browse the Web. These products are especially valuable in China, where Internet browsing is tracked and many requests are blocked by the “great firewall of China.” FirePhoenix, for example, displays these promises on its home page:

Protect Your Online Activities

FirePhoenix (FP) is a software to protect your privacy and identity when you surf the Internet. It effectively encrypts all your Internet traffic and anonymizes your IP address. In addition, it provides you with unrestricted access to Internet when your Internet connection is filtered, monitored or blocked by your company, your institution, your ISP or your country.

In a remarkable and frightening blog post this morning, Hal Roberts reports that FirePhoenix and two other major circumvention tool companies are selling data on users’ browsing histories. As the example of the release of AOL searches (chapter 2 of Blown to Bits) showed, search histories can often identify the users — and in this case, the users are likely dissidents living under repressive regimes with a history of imprisoning dissidents. Here is the sort of offer Hal points out:

Q: I am interested in more detailed and in-depth visit data. Are they available?
A: Yes, we can generate custom reports that cover different levels of details for your purposes, based on a fee. But data that can be used to identify a specific user are considered confidential and not shared with third parties unless you pass our strict screening test. Please contact us if you have such a need.

Now there is a protocol vulnerable to mistakes in human judgment with potentially tragic consequences.

Another Silly and Sad Indian Security Idea

Sunday, January 11th, 2009 by Harry Lewis

Having threatened to ban Google Earth because it was allegedly used by the Mumbai terrorists to plan their attacks, India is now considering banning unsecured WiFi routers. This would be very sad — letting others use your wireless is a bit like letting them have a glass of water. Sure, you may be helping a terrorist, but it is far more likely you are just helping some innocent person. And how hard would it be for terrorists to send their messages from Internet cafes instead? Another example of too much regulation for too little good purpose.

Schneier on Security

Sunday, January 4th, 2009 by Harry Lewis

Excellent book (really a collection of Bruce Schneier’s columns over the past half-decade or so). It’s repetitive in places, and the format (most pieces are a page or two in length) makes it hard to get into the depth of anything. But there are some wonderful facts and anecdotes about security of all kinds, not just cybersecurity. Two of my favorites:

  1. Airlines generally resist security measures, because they are costly, reduce ridership, and in the grand scheme of things don’t repay their costs since air terrorism is so rare. But they welcomed the practice of checking IDs to make sure the passenger flying is the one whose name is on the boarding pass. (Yes, there was a time when you could get on an airplane with just a ticket.) Why was this initiative welcomed? Because airlines didn’t like the aftermarket in discount coupons. They would send selected passengers a coupon good for a reduced price flight or a companion ticket, and people would sell them. Can’t do that now, since the TSA checks the boarding pass against a government issued ID. (Actually, you can do it, though I don’t recommend it. It’s not hard to produce a bogus boarding pass that matches your drivers license so you can get past security, and then use a different, valid boarding pass in someone else’s name to board the plane.)
  2. Campaigns urging ordinary people to speak up when they see or hear anything suspicious are a bad idea. They produce far too many false positives, which are disruptive and costly — once something is reported, the authorities have to respond. (We had a perfect example of this in Boston a few days ago, when a Muslim family was forced to leave an airplane, delaying the flight for everyone, when someone heard them discussing whether it was safer to be seated in the back of the plane or over the wings.)

When Should the State Have Your Passwords?

Friday, January 2nd, 2009 by Harry Lewis

A new law in Georgia requires that registered sexual offenders give their usernames and passwords to the state so that authorities can read their email. The objective is to protect children. Is this reasonable?

Perhaps anyone convicted of a sexual crime can be considered to have sacrificed his right to privacy. But the category is actually fairly squishy. Recall the way UK censors labeled a ’70s LP album cover as “child pornography,” and the fact that until yesterday a woman could be arrested in Massachusetts for indecent exposure or lewd conduct — with a requirement that she register as a sexual offender — if she breast-fed her baby in public.

And if sexual offenders are a real risk of using email to harm children, surely corrupt stockbrokers are a risk of using email to scam customers, etc., etc. Why not make a general rule that if anyone is convicted of a crime, the state gets to monitor all their communications?

Is that the direction we want to go in the name of protecting ourselves?

Broken padlocks in Web security

Thursday, January 1st, 2009 by Hal Abelson

When you browse to a Web page, there’s sometimes a little padlock in the corner of the window.¬† The padlock is supposed to indicate security: that the Web connection is encrypted and the server at the other end of the connection is authentic, not an impostor.¬† That’s why you’re supposed to feel secure in sending your credit card number or your bank account information across the Web.¬† On December 30, we learned¬† that this padlock isn’t so trustworthy after all, when a group of cryptography researchers announced that they have been able to create a forged digital certificate.

Digital certificates, as we explained in Blown to Bits, are the basic mechanism that browsers use to validate the integrity of Web connections.  A message is authenticated by means of a mark called a digital signature (see B2B chapter 5) operating on a compressed version of the message called the message digest. The signature itself is signed in turn by an organization certification authority; a signed signature is called a certificate.. When you browse to the web site for Bank of America, for example, the BofA site presents its certificate, your browser checks the signature, if the signature checks out, then your browser turns on the padlock to let you know that the remote Web site really is the one for BofA and you can proceed in safety — supposedly. The researchers were able to constructed the bogus certificate so that it to appeared to have been signed by one of the certification authorities whose certificates are automatically trusted by almost all browsers.

A single forged certificate on the Web might not seem like such a big deal, but that certificate could be used to sign other certificates, which would also be trusted, and those certificates used to create new bogus trusted certificated, and so on, potentially flooding the Web with bogus certificates. Until now, if evil Eve creates a Web site that masquerades as Bank of America and tricks people into visiting it (that’s a fraud called phishing), careful users would know to check that the connection is secure and the padlock is showing before entering sensitive information. But, now, if Eve gets hold of one of the forgeries, she can create a message claiming whatever she likes, sign this using the forgery, and have her fake site present the result as the “Bank of America” certificate. When browsers connect to the fake site, the certificate is checked, the padlock appears, and even careful users will be fooled into thinking they are talking to the authentic bank site.

The reality isn’t actually that bad.¬† The researchers who made the announcement are top cryptographers, and although they’ve published a great explanation here), of how they accomplished the forgery, they don’t give all the details. Also, to forestall damage if their certificate falls into wrong hands, they constructed it so that appears to have already expired.

The forgery was accomplished by exploiting a weakness in the method of producing message digests, which uses an algorithm called MD5.¬† Tuesday’s announcement wasn’t a big surprise to anyone in the cryptographic community, because the theoretical basis for the exploit was described at a cryptography conference in 2004.¬† We mention this in chapter 5, along with 2004 recommendation that Web product vendors stop using MD5 and switch to a stronger method called SHA.

And yet, as B2B describes has been so common throughout the history of cryptography, the vendors didn’t stop, at least not right away.¬†¬† And so Tuesday’’s announcement was followed yesterday by a predictable “it’s not our fault” scramble.

Microsoft released a security advisory pointing out that “this is not a vulnerability in a Microsoft product”.¬† Ahem … it’s just a vulnerability in a related product that Microsoft relies on in order to function.¬† It’s like when the construction company involved in the Boston Big Dig tunnel ceiling panel collapse protested they didn’t make the glue, they only glued in the panels.¬† Microsoft did point out, however, that it had stopped using MD5 in its own products.

Microsoft’s advisory also pointed out that “the techniques to perform these attacks and the underlying cryptography that facilitate them were not released by the researchers. Attacks would be very unlikely to be implemented at this point in time.”¬†¬† The technical term for that approach is: denial.

As for what Windows users should do, Microsoft’s answer is that there’s pretty much nothing to do, except to install the latest Windows updates, which are unrelated to this issue.

Mozilla’s response was even more lame, pointing out that “this is not an attack on a Mozilla product” and advising users to “exercise caution when interacting with sites that require sensitive information.”

Neither Microsoft nor Mozilla said they would provide some actual protection, for example — as recommended by the researchers — patching their browsers to signal a warning when a certificate uses MD5, or even to reject such certificates outright, thereby forcing the certification authorities to immediately produce alternatives to MD5 signatures.

As for those certification authorities, the only one I noticed a response from was Verisign, whose RapidSSL brand of certificate was the one forged, and which is apparently the largest supplier of MD5 certificates.  Verisign issued a quick response saying that they had been planning to eliminate MD5 certificates by the end of January anyway, and they were on track to do this.  (Where were they in 2004?) They also offered to replace any MD5 certificates free of charge.  (But notice that it is the user who relies on the certificate, not the firm presenting the certificate, who is at risk here.) As the researchers write in their report:

And what none of the responses consider is that if these four researchers were able to pull of this exploit, then someone else, less benign and better funded, may have already done it.  A suspicious person might wonder whether the Internet is already polluted with bogus certificates.

Overall, this was a tour de force of cryptographic skill, but it was not a proud moment for an industry supplying an infrastructure that’s becoming increasingly critical to the entire world and that has been telling us for years how importantly it takes security.¬†¬† As the researchers write,

It was quite surprising that so many so many CAs are still using MD5, considering that MD5 has been known to be insecure since … 2004. Since these CAs had ignored all previous warnings by the cryptographic community, we felt that it would be appropriate to attempt a practical attack to demonstrate the risk they present to everybody using a web browser that includes their root CA certificates.

The eighteenth century-diplomatic officers, who kept on using substitution ciphers 800 years after that method had been broken (see B2B), would have felt right at home here.

Then again, if these past months have taught us anything, it’s that you don’t need Web spoofing to commit financial fraud on a massive scale.¬† Merely subverting Internet security seems downright petty-anty in comparison.

McCain-Palin Campaign Blackberries

Wednesday, December 17th, 2008 by Harry Lewis

Opinions differ about whether digital technologies transformed the Obama campaign into something inclusive and empowering that had never been seen before, or whether it was really an old-style, top-down campaign that made masterful use of the new technologies to get its message out and to coordinate the troops, while making them feel included.

Either way, no one seems to be disputing that the McCain-Palin campaign was much less clued in on how to use the technologies. And the evidence continues to accumulate after the campaign is over. The campaign auctioned its Blackberry phones without wiping the memory clean — so those who bought them bought phone numbers of donors, lobbyists, and journalists too. Apparently they were not amused when the purchaser called them up.

As we explain in Chapter 3 of Blown to Bits, it’s not hard to reset a phone by pressing a few buttons — though even following the vendor’s instructions may not really wipe the memory clean enough to keep the information out of the hands of a determined snoop.

Bad Guys Winning the Malware Wars?

Saturday, December 6th, 2008 by Harry Lewis

John Markoff has a good story in the NYT today about the global war on malware, or malicious software, which has gotten a lot harder as computers have gotten connected to the Internet and have gotten powerful enough to serve as agents of the forces of evil. The theme is the scary side of Zittrain’s Future of the Internet– and How to Stop It, without the “How to Stop It” part. Markoff can’t find anyone to say that the problem of malware, and all the online thefts and destructiveness that go with it, are going to be solved any time soon. Markoff explains,

The sophistication of the programs has in the last two years begun to give them almost lifelike capabilities. For example, malware programs now infect computers and then routinely use their own antivirus capabilities to not only disable antivirus software but also remove competing malware programs.

Some people are trying, however, and the most impressive efforts are not coming from the places you might expect. One might have thought that the corporations that make the most money from the Internet would be most exercised about making sure that in five years people will still be prepared to use it. But in fact the most imagination is being applied by non-profits — essentially the people for whom Internet openness is a mission in life, not a meal ticket. Let me give a shout here to my friends at the StopBadWare project, who have lined up some important partners — Google, most notably –in this difficult fight.