Flaw Crippling Millions of Crypto Keys Is Worse Than First Disclosed (arstechnica.com) 76

An anonymous reader quotes a report from Ars Technica: A crippling flaw affecting millions -- and possibly hundreds of millions -- of encryption keys used in some of the highest-stakes security settings is considerably easier to exploit than originally reported, cryptographers declared over the weekend. The assessment came as Estonia abruptly suspended 760,000 national ID cards used for voting, filing taxes, and encrypting sensitive documents. The critical weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. When researchers first disclosed the flaw three weeks ago, they estimated it would cost an attacker renting time on a commercial cloud service an average of $38 and 25 minutes to break a vulnerable 1024-bit key and $20,000 and nine days for a 2048-bit key. Organizations known to use keys vulnerable to ROCA—named for the Return of the Coppersmith Attack the factorization method is based on—have largely downplayed the severity of the weakness.

On Sunday, researchers Daniel J. Bernstein and Tanja Lange reported they developed an attack that was 25 percent more efficient than the one created by original ROCA researchers. The new attack was solely the result of Bernstein and Lange based only on the public disclosure information from October 16, which at the time omitted specifics of the factorization attack in an attempt to increase the time hackers would need to carry out real-world attacks. After creating their more efficient attack, they submitted it to the original researchers. The release last week of the original attack may help to improve attacks further and to stoke additional improvements from other researchers as well.


How Cloudflare Uses Lava Lamps To Encrypt the Internet (zdnet.com) 110

YouTuber Tom Scott was invited to visit Cloudflare's San Francisco headquarters to check out the company's wall of lava lamps. These decorative novelty items -- while neat to look at -- serve a special purpose for the internet security company. Cloudflare takes pictures and video of the lava lamps to turn them into "a stream of random, unpredictable bytes," which is used to help create the keys that encrypt the traffic that flow through Cloudflare's network. ZDNet reports: Cloudflare is a DNS service which also offers distributed denial-of-service (DDoS) attack protection, security, free SSL, encryption, and domain name services. Cloudflare is known for providing good standards of encryption, but it seems the secret is out -- this reputation is built in part on lava lamps. Roughly 10 percent of the Internet's traffic passes through Cloudflare, and as the firm deals with so much encrypted traffic, many random numbers are required. According to Nick Sullivan, Cloudfare's head of cryptography, this is where the lava lamps shine. Instead of relying on code to generate these numbers for cryptographic purposes, the lava lamps and the random lights, swirling blobs and movements are recorded and photographs are taken. The information is then fed into a data center and Linux kernels which then seed random number generators used to create keys to encrypt traffic. "Every time you take a picture with a camera there's going to be some sort of static, some sort of noise," Sullivan said. "So it's not only just where the bubbles are flowing through the lava lamp; it is the state of the air, the ambient light -- every tiny change impacts the stream of data." Cloudflare also reportedly uses a "chaotic pendulum" in its London office to generate randomness, and in Singapore, they use a radioactive source.

BlackBerry CEO Promises To Try To Break Customers' Encryption If the US Government Asks Him To (techdirt.com) 107

An anonymous reader writes from a report via Techdirt that claims the company has "chosen to proclaim its willingness to hack into its own customers' devices if the government asks." From the report: From a Forbes article: "[CEO John] Chen, speaking at a press Q&A during the BlackBerry Security Summit in London on Tuesday, claimed that it wasn't so simple for BlackBerry to crack its own protections. 'Only when the government gives us a court order we will start tracking it. Then the question is: how good is the encryption? 'Today's encryption has got to the point where it's rather difficult, even for ourselves, to break it, to break our own encryption... it's not an easily breakable thing. We will only attempt to do that if we have the right court order. The fact that we will honor the court order doesn't imply we could actually get it done.'"

Oddly, this came coupled with Chen's assertions its user protections were better than Apple's and its version of the Android operating system more secure than the one offered by competitors. This proactive hacking offer may be pointed to in the future by DOJ and FBI officials as evidence Apple, et al aren't doing nearly enough to cooperate with U.S. law enforcement. Of course, Chen's willingness to try doesn't guarantee the company will be able to decrypt communications of certain users. Blackberry may be opening up to law enforcement but it won't be sharing anything more with its remaining users. From the Forbes article: "Chen also said there were no plans for a transparency report that would reveal more about the company's work with government. 'No one has really asked us for it. We don't really have a policy on whether we will do it or not. Just like every major technology company that deals with telecoms, we obviously have quite a number of requests around the world.'"


Google To Remove Public Key Pinning (PKP) Support In Chrome (bleepingcomputer.com) 51

An anonymous reader writes: Late yesterday afternoon, Google announced plans to deprecate and eventually remove PKP support from the Chromium open-source browser, which indirectly means from Chrome... According to Google engineer Chris Palmer, low adoption and technical difficulties are among the reasons why Google plans to remove the feature from Chrome.

"We would like to do this in Chrome 67, which is estimated to be released to Stable on 29 May 2018," Palmer says. The proposal is up in the air, and users can submit opinions against Google's intent to deprecate, but seeing how little PKP was adopted, it's most likely already out the door. A Neustar survey from March 2016 had PKP deployment at only 0.09% of all HTTPS sites. By August 2017, that needle had barely moved to 0.4% of all sites in the Alexa Top 1 Million.


Justice Department Demands Five Twitter Users' Personal Info Over an Emoji (techdirt.com) 59

An anonymous reader quotes a report from Techdirt: Back in May, the Justice Department -- apparently lacking anything better to do with its time -- sent a subpoena to Twitter, demanding a whole bunch of information on five Twitter users, including a few names that regular Techdirt readers may be familiar with. If you can't see that, it's a subpoena asking for information on the following five Twitter users: @dawg8u ("Mike Honcho"), @abtnatural ("Virgil"), @Popehat (Ken White), @associatesmind (Keith Lee) and @PogoWasRight (Dissent Doe). I'm pretty sure we've talked about three of those five in previous Techdirt posts. Either way, they're folks who are quite active in legal/privacy issues on Twitter. And what info does the DOJ want on them? Well, basically everything: [users' names, addresses, IP addresses associated with their time on Twitter, phone numbers and credit card or bank account numbers.] That's a fair bit of information. Why the hell would the DOJ want all that? Would you believe it appears to be over a single tweet from someone to each of those five individuals that consists entirely of a smiley face? I wish I was kidding. Here's the tweet and then I'll get into the somewhat convoluted back story. The tweet is up as I write this, but here's a screenshot in case it disappears. The Department of Justice's subpoena is intended to address allegations that Shafer, who has a history of spotting weak encryption and drawing attention to it, cyberstalked an FBI agent after the agency raided his home. Vanity Fair summarizes the incident: "In 2013, Shafer discovered that FairCom's data-encryption package had actually exposed a dentist's office to data theft. An F.T.C. settlement later validated Shafer's reporting, but in 2016, when another dentist's office responded to Shafer's disclosure by claiming he'd violated the Computer Fraud and Abuse Act and broken the law, the F.B.I. raided his home and confiscated many of his electronics. Shafer was particularly annoyed at F.B.I. Special Agent Nathan Hopp, who helped to conduct the raid, and who was later involved in a different case: in March, he compiled a criminal complaint involving the F.B.I.'s arrest of a troll for tweeting a flashing GIF at journalist Kurt Eichenwald, who is epileptic. Shafer began to compile publicly available information about Hopp, sharing his findings on Twitter. The Twitter users named in the subpoena had started a separate discussion about Hopp, with one user calling Hopp the "least busy F.B.I. agent of all time," a claim that prompted Shafer's smiley-faced tweet."

DUHK Crypto Attack Recovers Encryption Keys, Exposes VPN Connections (bleepingcomputer.com) 59

An anonymous reader writes from a report via Bleeping Computer: After last week we had the KRACK and ROCA cryptographic attacks, this week has gotten off to a similarly "great" start with the publication of a new crypto attack known as DUHK (Don't Use Hard-coded Keys). The issue at the heart of the DUHK attack is a combination of two main factors. The first is the usage of the ANSI X9.31 Random Number Generator (RNG). This is an algorithm that takes random data and generates encryption keys used to secure VPN connections, browsing sessions, and other encrypted traffic/data. The second factor needed for a DUHK attack is when hardware vendors use a hardcoded "seed key" for the ANSI X9.31 RNG algorithm. When these two conditions take place, an attacker can brute-force encrypted data to discover the rest of the encryption parameters and deduce the master encryption key used to encrypt web sessions or VPN connections. In a research paper published today, researchers said they found 12 vendors that sold hardware/software products with hardcoded X9.31 seed keys. This issue is widespread because ANSI X9.31 is very widespread. Up until January 2016, the algorithm was on the list of U.S. government (FIPS) approved RNG algorithms. ANSI X9.31 remained on the list until 2016, even if US NIST deprecated the algorithm in 2011, and scientists warned that the algorithm could be broken if the seed key ever leaked way back in 1998.

FBI Couldn't Access Nearly 7,000 Devices Because of Encryption (foxbusiness.com) 299

Michael Balsamo, writing for Associated Press: The FBI hasn't been able to retrieve data from more than half of the mobile devices it tried to access in less than a year, FBI Director Christopher Wray said Sunday, turning up the heat on a debate between technology companies and law enforcement officials trying to recover encrypted communications. In the first 11 months of the fiscal year, federal agents were unable to access the content of more than 6,900 mobile devices, Wray said in a speech at the International Association of Chiefs of Police conference in Philadelphia. "To put it mildly, this is a huge, huge problem," Wray said. "It impacts investigations across the board -- narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation." The FBI and other law enforcement officials have long complained about being unable to unlock and recover evidence from cellphones and other devices seized from suspects even if they have a warrant, while technology companies have insisted they must protect customers' digital privacy.

EU: No Encryption Backdoors But, Let's Help Each Other Crack That Crypto (theregister.co.uk) 83

The European Commission has proposed that member states help each other break into encrypted devices by sharing expertise around the bloc. From a report: In an attempt to tackle the rise of citizens using encryption and its effects on solving crimes, the commission decided to sidestep the well-worn, and well-ridiculed, path of demanding decryption backdoors in the stuff we all use. Instead, the plans set out in its antiterrorism measures on Wednesday take a more collegiate approach -- by offering member states more support when they actually get their hands on an encrypted device. "The commission's position is very clear -- we are not in favour of so-called backdoors, the utilisation of systemic vulnerabilities, because it weakens the overall security of our cyberspace, which we rely upon," security commissioner Julian King told a press briefing. "We're trying to move beyond a sometimes sterile debate between backdoors or no backdoors, and address some of the concrete law enforcement challenges. For instance, when [a member state] gets a device, how do they get information that might be encrypted on the device." [...] Share the wealth. "Some member states are more equipped technically to do that [extract information from a seized device] than others," King said. "We want to make sure no member state is at a disadvantage, by sharing the tech expertise among the member states and reinforcing the support that Europol can offer."

Millions of High-Security Crypto Keys Crippled by Newly Discovered Flaw (arstechnica.com) 55

Slovak and Czech researchers have found a vulnerability that leaves government and corporate encryption cards vulnerable to hackers to impersonate key owners, inject malicious code into digitally signed software, and decrypt sensitive data, reports ArsTechnica. From the report: The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest. The flaw is the one Estonia's government obliquely referred to last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack. Estonian officials said they were closing the ID card public key database to prevent abuse. On Monday, officials posted this update. Last week, Microsoft, Google, and Infineon all warned how the weakness can impair the protections built into TPM products that ironically enough are designed to give an additional measure of security to high-targeted individuals and organizations.

Justice Department To Be More Aggressive In Seeking Encrypted Data From Tech Companies (wsj.com) 206

An anonymous reader quotes a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): The Justice Department signaled Tuesday it intends to take a more aggressive posture in seeking access to encrypted information from technology companies, setting the stage for another round of clashes in the tug of war between privacy and public safety. Deputy Attorney General Rod Rosenstein issued the warning in a speech in Annapolis, Md., saying that negotiating with technology companies hasn't worked. "Warrant-proof encryption is not just a law enforcement problem," Mr. Rosenstein said at a conference at the U.S. Naval Academy. "The public bears the cost. When our investigations of violent criminal organizations come to a halt because we cannot access a phone, even with a court order, lives may be lost." Mr. Rosenstein didn't say what precise steps the Justice Department or Trump administration would take. Measures could include seeking court orders to compel companies to cooperate or a push for legislation. A Justice Department official said no specific plans were in the works and Mr. Rosenstein's speech was intended to spur public awareness and discussion of the issue because companies "have no incentive to address this on their own."

Bitcoin Transactions Lead To Arrest of Major Drug Dealer (techspot.com) 169

"Drug dealer caught because of BitCoin usage," writes Slashdot reader DogDude. TechSpot reports: 38-year-old French national Gal Vallerius stands accused of acting as an administrator, senior moderator, and vendor for dark web marketplace Dream Market, where visitors can purchase anything from heroin to stolen financial data. Upon arriving at Atlanta international airport on August 31, Vallerius was arrested and his laptop searched. U.S. Drug Enforcement Administration agents allegedly discovered $500,000 of Bitcoin and Bitcoin cash on the computer, as well a Tor installation and a PGP encryption key for someone called OxyMonster...

In addition to his role with the site, agents had identified OxyMonster as a major seller of Oxycontin and crystal meth. "OxyMonster's vendor profile featured listings for Schedule II controlled substances Oxycontin and Ritalin," testified DEA agent Austin Love. "His profile listed 60 prior sales and five-star reviews from buyers. In addition, his profile stated that he ships from France to anywhere in Europe." Investigators discovered OxyMonster's real identity by tracing outgoing Bitcoin transactions from his tip jar to wallets registered to Vallerius. Agents then checked his Twitter and Instagram accounts, where they found many writing similarities, including regular use of quotation marks, double exclamation marks, and the word "cheers," as well as intermittent French posts. The evidence led to a warrant being issued for Vallerius' arrest.

U.S. investigators had been monitoring the site for nearly two years, but got their break when Vallerius flew to the U.S. for a beard-growing competition in Austin, Texas. He now faces a life sentence for conspiracy to distribute controlled substances.

Ask Slashdot: Share Your Security Review Tales 198

New submitter TreZ writes: If you write software, you are most likely subject to a "security review" at some point. A large portion of this is common sense like don't put plain text credentials into github, don't write your own encryption algorithms, etc. Once you get past that there is a "subjective" nature to these reviews.

What is the worst "you can't do" or "you must do" that you've been subjected to in a security review? A fictitious example would be: you must authenticate all clients with a client certificate, plus basic auth, plus MFA token. Tell your story here, omitting incriminating details.
United Kingdom

UK Government Could Imprison People For Looking At Terrorist Content (betanews.com) 271

Mark Wilson writes: Not content with trying to "combat" encryption, the UK government also wants to criminalize looking at terrorist content. The leading Conservative party has announced plans which threaten those who "repeatedly view terrorist content online" with time behind bars. New laws will be introduced that could see consumers of terrorist content imprisoned for up to 15 years. The same maximum sentence would face those who share information about police, soldiers or intelligence agencies with a view to organizing terrorist attacks.

ICANN Delays KSK Rollover Because of Lazy ISPs, Technical Faults (bleepingcomputer.com) 42

ICANN had planned to change the master key used to sign secure Domain Name System records next week for the first time in history. But now an anonymous reader writes:Inattentive ISPs and technical faults have led the Internet Corporation for Assigned Names and Numbers (ICANN) to delay the KSK Rollover for next year. ICANN was supposed to remove the root encryption KSK key from core DNS servers on October 11 and allow a new one to take effect. The key is used for the DNSSEC protocol.

According to ICANN, between 6% to 8% of ISPs did not install the new KSK key to replace the one issued in 2010. The organization says that if it had gone forward with the original KSK Rollover plan, over 60 million Internet users would have been unable to make DNS requests. For the vast majority, ICANN blames lazy ISPs, which failed to update their existing keys. ICANN also believes that many ISPs may not be aware they had not installed the latest KSK. ICANN also distributed software to automatically pull down and install the new KSK. Some ISPs opted to use this software, which apparently had some bugs and failed to download and install the new KSK, in some situations.

Because of this, ICANN announced this week it would delay the KSK Rollover final step — of removing and revoking the original KSK key -- to the first quarter of 2018. ICANN has not decided yet on a precise date.


What Isn't Telegram Saying About Its Connections To the Kremlin? (theoutline.com) 115

The supposedly secure messaging app Telegram has employees in St. Petersburg in the same building as Kremlin-influenced social network VK, news outlet the Outline reported on Friday citing multiple sources. William Turton, reporting for The Outline: Anton Rozenberg, a software developer and former employee of Telegram's parent company, is saying that there are Telegram employees working out of the historic Singer House in St. Petersburg, Russia's former imperial capital, a claim that has since been corroborated by others. That's significant because the Singer House is also home to VK, which is now owned by the oligarch and Putin ally Alisher Usmanov. (It's also the building where in 2012 Durov and coworkers infamously folded 5,000 ruble notes, worth about $150 each, into paper airplanes and threw them out the window, sparking violence in the street below.) The revelation casts doubt on Durov, who denies Telegram has an office in Russia, and continues to style himself as a rebel at odds with the complex Russian power structure that includes the government and oligarchy. It also raises questions about how safe Telegram is from Kremlin interference, given that VK is owned by a Kremlin sympathizer and that the Kremlin has an obvious interest in monitoring and controlling popular social networks. "As a security specialist, I have some questions about how their office isn't physically protected from the offices that surround it," Rozenberg told The Outline. "VK employees, for a long time, have had access to Telegram offices."

Distrustful US Allies Force Spy Agency To Back Down In Encryption Fight (reuters.com) 104

schwit1 shares a report from Reuters: An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies. In interviews and emails seen by Reuters, academic and industry experts from countries including Germany, Japan and Israel worried that the U.S. electronic spy agency was pushing the new techniques not because they were good encryption tools, but because it knew how to break them. The NSA has now agreed to drop all but the most powerful versions of the techniques -- those least likely to be vulnerable to hacks -- to address the concerns.

Security.txt Standard Proposed, Similar To Robots.txt (bleepingcomputer.com) 86

An anonymous reader writes: Ed Foudil, a web developer and security researcher, has submitted a draft to the IETF — Internet Engineering Task Force — seeking the standardization of security.txt, a file that webmasters can host on their domain root and describe the site's security policies. The file is akin to robots.txt, a standard used by websites to communicate and define policies for web and search engine crawlers...

For example, if a security researcher finds a security vulnerability on a website, he can access the site's security.txt file for information on how to contact the company and securely report the issue. According to the current security.txt IETF draft, website owners would be able to create security.txt files that look like this:

#This is a comment
Contact: security@example.com
Contact: +1-201-555-0123
Contact: https://example.com/security
Encryption: https://example.com/pgp-key.tx...
Acknowledgement: https://example.com/acknowledg...
Disclosure: Full


French Company Plans To Heat Homes, Offices With AMD Ryzen Pro Processors 181

At its Ryzen Pro event in New York City last month, AMD invited a French company called Qarnot to discuss how they're using Ryzen Pro processors to heat homes and offices for free. The company uses the Q.rad -- a heater that embeds three CPUs as a heat source -- to accomplish this feat. "We reuse the heat they generate to heat homes and offices for free," the company says in a blog post. "Q.rad is connected to the internet and receives in real time workloads from our in-house computing platform."

The idea is that anyone in the world can send heavy workloads over the cloud to a Q.rad and have it render the task and heat a person's home in the process. The two industries that are targeted by Qarnot include movies studios for 3D rendering and VFX, and banks for risk analysis. Qarnot is opting in for Ryzen Pro processors over Intel i7 processors due to the performance gain and heat output. According to Qarnot, they "saw a performance gain of 30-45% compared to the Intel i7." They also report that the Ryzen Pro is "producing the same heat as the equivalent Intel CPUs" they were using -- all while providing twice as many cores.

While it's neat to see a company convert what would otherwise be wasted heat into a useful asset that heats a person's home, it does raise some questions about the security and profitability of their business model. By using Ryzen Pro's processors, OS independent memory encryption is enabled to provide additional security layers to Qarnot's heaters. However, Q.rads are naturally still going to be physically unsecured as they can be in anyone's house.

Further reading: The Mac Observer, TechRepublic

How the NSA Identified Satoshi Nakamoto (medium.com) 427

An anonymous reader shares a report: The 'creator' of Bitcoin, Satoshi Nakamoto, is the world's most elusive billionaire. Very few people outside of the Department of Homeland Security know Satoshi's real name. In fact, DHS will not publicly confirm that even THEY know the billionaire's identity. Satoshi has taken great care to keep his identity secret employing the latest encryption and obfuscation methods in his communications. Despite these efforts (according to my source at the DHS) Satoshi Nakamoto gave investigators the only tool they needed to find him -- his own words. Using stylometry one is able to compare texts to determine authorship of a particular work. Throughout the years Satoshi wrote thousands of posts and emails and most of which are publicly available. According to my source, the NSA was able to the use the 'writer invariant' method of stylometry to compare Satoshi's 'known' writings with trillions of writing samples from people across the globe. By taking Satoshi's texts and finding the 50 most common words, the NSA was able to break down his text into 5,000 word chunks and analyse each to find the frequency of those 50 words. This would result in a unique 50-number identifier for each chunk. The NSA then placed each of these numbers into a 50-dimensional space and flatten them into a plane using principal components analysis. The result is a 'fingerprint' for anything written by Satoshi that could easily be compared to any other writing. The NSA then took bulk emails and texts collected from their mass surveillance efforts. First through PRISM and then through MUSCULAR, the NSA was able to place trillions of writings from more than a billion people in the same plane as Satoshi's writings to find his true identity. The effort took less than a month and resulted in positive match.
Star Wars Prequels

Selling Alterable Versions of Star Wars Is Still Infringement, Says Court (arstechnica.com) 180

A federal court ruled that video-on-demand streaming service, VidAngel, which enables the filtering of objectionable content to make it family friendly, is breaking U.S. copyright law. Ars Technica reports: VidAngel buys movie discs and decrypts and rips them. It then streams versions that allow customers to filter out nudity, profanity, and violence. In doing so, it breached the performance rights of Disney, Lucasfilm, 20th Century Fox, and Warner Brothers, the court ruled. VidAngel purchased a disc for every stream it sold, some 2,500 titles in all. "Star Wars is still Star Wars, even without Princess Leia's bikini scene," the opinion said. Just because objectionable content is removed, that doesn't necessarily transform the content enough to allow this type of behavior under a fair use analysis, the court wrote Thursday. VidAngel also unsuccessfully argued that it was protected under the Family Movie Act (FMA) of 2005. That legislation allows the cracking of encryption to remove objectionable content so long as no fixed copy of the altered version is created. The court didn't agree, however, because VidAngel didn't have the permission in the first place to stream the content.

Slashdot Top Deals