Archive for the ‘security’ Category

backdoors

Saturday, January 4th, 2014

Linksys and Netgear devices allow unauthenticated remote access:

A hacker has found a backdoor to wireless combination router/DSL modems that could allow an attacker to reset the router’s configuration and gain access to the administrative control panel. The attack, confirmed to work on several Linksys and Netgear DSL modems, exploits an open port accessible over the wireless local network.

The backdoor requires that the attacker be on the local network, so this isn’t something that could be used to remotely attack DSL users. However, it could be used to commandeer a wireless access point and allow an attacker to get unfettered access to local network resources.

physical security, part two

Tuesday, December 31st, 2013

And again with the physical access meme:

Researchers have revealed how cyber-thieves sliced into cash machines in order to infect them with malware earlier this year.

The criminals cut the holes in order to plug in USB drives that installed their code onto the ATMs.

Details of the attacks on an unnamed European bank’s cash dispensers were presented at the hacker-themed Chaos Computing Congress in Hamburg, Germany.

Using commercial-off-the-shelf products to build a system makes sense from a cost management point of view, but only if all aspects of that system’s security are then considered.

physical security

Tuesday, December 31st, 2013

It remains true that physical access remains the hardest to secure:

TAO has a catalog of all the commercial equipment that carries NSA backdoors. And it’s a who’s who of a list. Storage products from Western Digital, Seagate, Maxtor and Samsung have backdoors in their firmware, firewalls from Juniper Networks have been compromised, plus networking equipment from Cisco and Huawei, and even unspecified products from Dell. TAO actually intercepts online orders of these and other electronics to bug them.

rfc1149

Saturday, December 28th, 2013

On June 30, 2013, prompted by revelations of surveillance programs in the United States and Britain, former Union of International Associations Assistant Secretary-General Anthony Judge published a detailed proposal titled “Circumventing Invasive Internet Surveillance With Carrier Pigeons.” In it, Judge discusses the proven competence of carrier pigeons for delivering messages, their non-military and military messaging capacity, and Chinese experiments to create pigeon cyborgs. Judge acknowledges that pigeon networks have their own vulnerability (such as disease, hawks, or being lured off course by sexy decoys), but argues that others have proven pigeons are effective at transmitting digital data.

tenacity and control

Thursday, December 26th, 2013

Our review suggests that the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential to preventing attacks,” the report found, “and could readily have been obtained in a timely manner using conventional section 215 orders.”

Then there’s the tale of three captured soldiers in Iraq, invoked in 2007 to show the need for the predecessor to the FISA Amendments Act, basis for the NSA’s PRISM program. The secret Foreign Intelligence Surveillance Court had supposedly ruled that even totally foreign communications could not be intercepted without a warrant if they were picked up as they passed through the United States. As a result, claimed then-Director of National Intelligence Michael McConnell, a time-sensitive effort to wiretap the insurgents believed to be holding the soldiers was delayed for 12 hours.

Only later did it become clear that the delay was due to internal bureaucratic wrangling, not the new court ruling—which had not even taken effect yet, and in any event, would not have required the government to obtain a warrant in such an emergency situation. As James Bamford recounts in his book The Shadow Factory, it turned out that several of the subjects of that wiretap were already under surveillance, but it didn’t matter: The NSA’s primary target was quickly captured by troops in the field, and found to have been uninvolved in the kidnapping.

Perhaps most egregious is the case of Magdy Mahmoud Mostafa el-Nashar, a former acquaintance of the perpetrators of the 2005 London transit-system bombings. Though he was ultimately cleared of any wrongdoing, FBI Director Robert Mueller later told Congress that investigators had been delayed in obtaining the suspect’s education records because they were not covered by the bureau’s National Security Letter authorities—supposedly showing the need for a broader power to demand records without judicial approval. “We should’ve been able to have a document, an administrative subpoena that we took to the university and got those records immediately,” Mueller testified.

Yet it later came out that an FBI agent had quickly obtained the records under a traditional grand-jury subpoena—then, with the documents in hand, been ordered over the phone to return them and try again with an NSL, even though NSLs clearly didn’t apply to education records. The FBI had, in other words, created its own unnecessary delay, then used the story to claim it needed more power.

collateral damage

Thursday, December 26th, 2013

This is why Internet filtering is a bad idea:

but the changes have led to Internet users being denied access to a wide range of organisations including child protection charities, women’s charities and gay rights groups. Among institutions that have found themselves subject to the blocks are the British Library and the National Library of Scotland.

The opt-in filters also deny access to the Parliament and Government websites and the sites of politicians, including Claire Perry, the MP who has campaigned prominently for the introduction of filters.

side channel attacks

Tuesday, December 24th, 2013

Researchers at Tel Aviv University and the Weizmann Institute of Science have successfully extracted 4096-bit RSA encryption keys using only the sound produced by the target computer.

More detail:

The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.

Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables.

Such attacks aren’t really new: monitors, and in particular CRTs, have been susceptible to such attacks for nearly three decades, and it’s something that various security agencies around the world have taken seriously in that time.

Clearly, moving to newer systems hasn’t diluted the attack.