Monthly Archives: September 2011

Who do you trust?

Posted on by
Reply

I trust a few people and organisations – my parents, some close friends and a handful of organisations such as EFF. Your personal circle of trust is probably not hugely dissimilar.

I wonder, have you heard of DigiNotar or Comodo before? Do you realise that you implicitly trust them and hundreds of other organisations every time you use your Internet web browser?

What are you trusting these organisations to do? You trust them to vouch for secure web sites that you visit. These 650 ‘trusted’ organisations are SSL Certificate Authorities (or CAs) and they are responsible for confirming that a given domain name and web site belongs to the legal entity named in the web server SSL certificate.

As a result of security weaknesses, the integrity of the Comodo and DigiNotar Certificate Authorities was breached in hacks which made news all around the world. Even the non-tech press realised the significance of these attacks.

The hacker responsible was able to generate a number of bogus web server SSL certificates, which were used by persons unknown to transparently intercept and spy on communications with popular web services such as Gmail, Skype and Facebook.

(Update: This article was written in 2011, before Edward Snowden’s revelations about NSA interception techniques. The paragraph above now has extra significance with regards to the persons unknown!)

This led me to question the role of certificate authorities and how fit for purpose the SSL protocol is in the modern Internet world of web applications.

The original SSL protocol specification was drafted in 1994 by Netscape engineer Kipp Hickman. In the section describing ‘Man In The Middle’ attacks the author simply says:

During the security connection handshake the server is required to provide a certificate that is signed by a certificate authority.

Any good secure protocol requires three elements: secrecy, integrity and authenticity. Apparently Hickman himself has admitted that authenticity was “thrown in at the end” of the SSL protocol specification. This weakness of SSL is a fundamental and critical flaw. This is the element where commercial interests, criminality and good old fashioned human error have all come into play.

In the early days of SSL, VeriSign was the lone certificate authority entrusted to verify that a web server belonged to a particular domain name and legal entity. The problem with a monopoly such as this is that without competition the CA can set an unreasonably high price for the service they provide. To stimulate competition more and more CAs were added to the trusted root certificate lists and over time we now find ourselves with literally hundreds of ‘trusted’ CAs.

So what makes these businesses trusted? Judging by some of the CAs that have bought their way onto the list – not a lot!

StartCom CA for example will issue free SSL certificates with only cursory validation. In their own words:

Class 1 Certificates provide modest assurances that the email originated from a sender with the specified email address or that the domain address belongs to the respective server address. These certificates provide no proof of the identity of the subscriber or of the organization.

Most Internet users naively assume that seeing https and the padlock icon is a guarantee that the identity of the web site owner has been verified and the web site is secure. Actually both assumptions are no longer true.

It is no longer necessary to go through strict vetting procedures to obtain a valid and trusted SSL certificate. With fake certificates having already been created via compromised CAs there is also no guarantee that your communications are safe from a man-in-the-middle attack.

Former Netscape Chief Scientist Dr Taher Elgamal is credited as being one of the co-authors of the original SSL specification. He too has voiced his concerns that a copycat attack against CAs could result in more rogue SSL certificates:

It could happen again. There’s no back-up plan, which is generally a bad security model. The problem of what to do when certificate issuers were compromised never came up when the original work was being done on SSL/TLS. Nobody asked the question of what to do if a certificate authority turns out to be bad. The problem was not so much with the technology as it was with the firms issuing the certificates.

There’s way too many of them.

But what of the Online Certificate Status Protocol (OCSP), which was specifically designed to protect us from rogue SSL certificates? Well that is unfortunately flawed too and can be bypassed using a simple protocol trick.

So are there any workable alternatives to SSL?

Moxie Marlinspike (the security researcher who found the OCSP flaw referenced above) has been giving it some serious thought. He was inspired by a concept called Perspectives which he has improved on and developed into Convergence – “An agile, distributed, and secure strategy for replacing Certificate Authorities“.

Convergence is still in its infancy and it’s not perfect, but with SSL now coming of age it could be a critical enabler for the future of secure communications.

I’m glad that someone who understands the weaknesses of SSL has proposed an alternative to CAs. Let’s hope that this effort gains some momentum in the industry and together we properly solve the issue of web server authenticity.

Security and The BEAST

Posted on by
Reply

The news of supposedly trusted certificate authorities DigiNotar (now bankrupt) and Comodo being penetrated by hackers was a severe blow to the long established SSL/TLS chain of trust security model.

Now there’s another serious web security vulnerability to be concerned about.

Security researchers Juliano Rizzo and Thai Duong have exploited a weakness in CBC (Cipher Block Chaining) based ciphersuites which they have used to create a proof of concept attack on SSL.

Their exploit is called BEAST (Browser Exploit Against SSL/TLS) and it demonstrates how to steal a web browser session cookie that is supposed to be protected by SSL. The implications of this are that your supposedly secure (i.e. HTTPS) web browser sessions can be hijacked by a third party.

How can we protect against this? Well since BEAST exploits CBC then web server administrators need to use a different cipher.

Google have switched to using the RC4 cipher on their web sites and Microsoft has issued an advisory recommending that you “prioritize the RC4 algorithm in server software in order to facilitate secure communication using RC4 instead of CBC“.

Twitter Typosquatting

Posted on by
Reply

I just mistyped twitter.com as twtter.com and was surprised to find that I was redirected to what looked like a Twitter survey / competition page.

The logo at the top of the page is presumably deliberately designed to fool you into thinking that it’s an official Twitter survey:

Congratulations!

You’ve been selected to take part in our short, anonymous 30 second questionnaire. To say “thank you”, you’ll have the opportunity to receive one of our exclusive offers including a Airline Travel Voucher and Win an iPad2. Start this short survey now.

I tried going to twtter.com a few times and was redirected to a number of alternative domains, each with the same fake ‘quiz’:

I got bored of harvesting all the various quiz and survey related domain names (they actually had some really good names), but I collected around 70 and submitted them to the OpenDNS Community tagged as Adware.

Incidentally, if you’re not already using the fantastic OpenDNS service then I highly recommend it.

All Your MMS Are Belong To China

Posted on by
7

A warning about the GO SMS Pro messaging app in Android Market.

I have discovered that when used in a particular way the app uploads your private MMS image attachments to a public web server in China (gosms.en.3g.cn)

For example, here’s one I sent earlier –

http://gosms.en.3g.cn/D?f=NPQRRMAE200dI_ViaGoSMS

It doesn’t tell you that it’s doing this and the client settings aren’t obvious. Worst of all there is no way to delete images once they have been posted.

Try it for yourself:

  • Open GO SMS Pro and start composing a new message
  • Add some text and then tap on the paperclip icon to add an attachment
  • In the GO tab, tap Pictures and select an image to attach, then tap Send

You’ll see that instead of a true MMS with an embedded image attachment being sent, your image has been uploaded to a Chinese web server and your message now contains a link to it.

If you are using this app in place of your stock messaging client and want to be sure that your images are sent only to the intended recipient, then I strongly urge you to uninstall immediately.

FiReControl FiAsCo

Posted on by
Reply

I was going to let this story pass without my commenting on it, then I heard ex-Deputy Prime Minster John Prescott making his own comment on BBC Radio 4 while trying to absolve himself of all responsibility.

The FiReControl project was started by the Labour government in 2004, with a budget of £120 million. It had the aim of replacing 46 smaller fire and rescue control rooms with nine regional control centres.

The project was eventually terminated in 2010 “with none of the original objectives achieved and a minimum of £469m being wasted“.

The Commons Public Accounts Committee was tasked with reviewing the failed project and has published their report.

Chair of the Committee of Public Accounts, The Rt Hon Margaret Hodge MP summed it up nicely:

The Department’s ambitious vision of abolishing 46 local fire and rescue control rooms around the country and replacing them with nine state of the art regional control centres ended in complete failure. The taxpayer has lost nearly half a billion pounds and eight of the completed regional control centres remain as empty and costly white elephants.

The success of the so-called FiReControl project crucially turned on the cooperation of locally accountable and independent Fire and Rescue Services. The Department’s failure both to recognize this and try to ensure local buy-in fatally undermined the project from the start.

The project was rushed, without proper understanding of costs or risks. The leadership relied far too much on external consultants and the frequent departures of senior staff also contributed to weak management and oversight of the project.

The contract to implement a national IT system linking the control centres was not even awarded until a full three years after the project started. The contract itself was poorly designed and awarded to a company without relevant experience. The computer system was simply never delivered.

No one has been held to account for this project failure, one of the worst we have seen for many years, and the careers of most of the senior staff responsible have carried on as if nothing had gone wrong at all and the consultants and contractor continue to work on many other government projects.

The Department now plans to spend a further £84.8 million to secure the original objectives of FiReControl, so that there is a co-ordinated response to national incidents. However it is not clear to us how this extra spending will deliver value for money or achieve the objectives intended.

This is one of the worst cases of project failure that the committee has seen in many years. FiReControl was an ambitious project with the objectives of improving national resilience, efficiency and technology by replacing the control room functions of 46 local Fire and Rescue Services in England with a network of nine purpose-built regional control centres using a national computer system. The project was launched in 2004, but following a series of delays and difficulties, was terminated in December 2010 with none of the original objectives achieved and a minimum of £469 million being wasted.

John Prescott was the minister in charge at the time. He has the barefaced cheek to claim that it wasn’t his fault, because apparently he wasn’t made aware of it! In an interview on BBC Radio 4 he said:

I had responsibility for the policy. We decided we needed a system with natural resilience built into it. We decided the policy and we told people to get on with it. It started in 2004, but clearly from what the committee says it started to go wrong in 2007/8. Of course you try to keep on top of the projects but we were told by them that it would cost about £120 (million). To go four times as much in four years is unbelievable.

Unbelievable indeed!

It is also unbelievable that as the minister in charge Prescott was totally in the dark about the lack of progress and horrific overspend. Maybe he was asleep?

As if we needed it, just one more example of the disgusting extravagance in public spending and total contempt for the taxpayer at the hands of the last Labour government. Lest we forget.