Category Archives: Encryption

“FREAK” flaw in Android and Apple devices cripples HTTPS crypto protection

Security experts have discovered a potentially catastrophic flaw that for more than a decade has made it possible for attackers to decrypt HTTPS-protected traffic passing between Android or Apple devices and hundreds of thousands or millions of websites, including AmericanExpress.com, Bloomberg.com, NSA.gov, and FBI.gov.

In recent days, a scan of more than 14 million websites that support the secure sockets layer or transport layer security protocols found that more than 36 percent of them were vulnerable to the decryption attacks. The exploit takes about seven hours to carry out and costs as little as $100 per site. The so-called FREAK attack—short for Factoring attack on RSA-EXPORT Keys—is possible when an end user with a vulnerable device—currently known to include Android smartphones, iPhones, and Macs running Apple’s OS X operating system—connects to a vulnerable HTTPS-protected website. Vulnerable sites are those configured to use a weak cipher that many had presumed had been retired long ago. At the time this post was being prepared, most Windows and Linux end-user devices were not believed to be affected.

Attackers who are in a position to monitor traffic passing between vulnerable end users and servers can inject malicious packets into the flow that will cause the two parties to use a weak 512-bit encryption key while negotiating encrypted Web sessions. Attackers can then collect some of the resulting exchange and use cloud-based computing from Amazon or other services to factor the website’s underlying private key. From that point on, attackers on a coffee-shop hotspot or other unsecured network can masquerade as the official website, a coup that allows them to read or even modify data as it passes between the site and the end user.

Read 10 remaining paragraphs | Comments

Researcher Links 20 Percent of Ulbricht’s Bitcoins to Silk Road Accounts

Ross Ulbricht was back in a Manhattan federal courtroom today facing drug trafficking and money laundering charges for allegedly running the Silk Road online drug marketplace. We’ll have a story on today’s court action posted shortly.

A few hours ago, computer security researcher Nicholas Weaver published some analysis about bitcoins he says came from Ross Ulbricht’s accounts. If the government has done a similar analysis—and there’s no reason to think they couldn’t—it will be one more obstacle for Ulbricht’s defense team.

Last week, the outlines of Ulbricht’s defense became clear. Ulbricht’s lawyer Joshua Dratel admitted that his client founded Silk Road, but said Ulbricht walked away from the site only to be “lured back.” During opening statements, the defense attorney acknowledged that Ulbricht, who had 144,000 bitcoins on his computer seized by the feds, made money from Bitcoin. Dratel said this was, at least in part, from being a successful trader in the digital crypto-currency.

Read 12 remaining paragraphs | Comments

Silk Road Judge ‘Eviscerates’ Defense’s Evidence That Mt. Gox CEO Was a Suspect

Silk Road Judge ‘Eviscerates’ Defense’s Evidence That Mt. Gox CEO Was a Suspect

Just as quickly as the Silk Road’s defense created an alternate theory that the massive drug market was run by Mt. Gox CEO Mark Karpeles, the prosecution and judge in the case have now shoved key elements of the story back into the closet.

The post Silk Road Judge ‘Eviscerates’ Defense’s Evidence That Mt. Gox CEO Was a Suspect appeared first on WIRED.



Cory Doctorow and EFF Aim to “Eradicate DRM in Our Lifetime”

The Electronic Frontier Foundation announced Tuesday that Boing Boing’s Cory Doctorow has been commissioned to tackle digital rights management technologies (DRM) that the rights group says threatens security, privacy, and undermines public rights and innovation.

Cory Doctorow
Gregory Katsoulis

The group said Tuesday that Doctorow, a vocal DRM opponent, is to become a special consultant for what the group is calling the Apollo 1201 Project, “a mission to eradicate DRM in our lifetime.”

Doctorow, the EFF’s former European affairs coordinator and current Boing Boing editor, said in a statement:

Read 5 remaining paragraphs | Comments

UK Prime Minister Wants Backdoors into Messaging Apps or He’ll Ban Them

David Cameron, the British Prime minister, is one-upping his Western allies when it comes to anti-encryption propaganda. Ahead of national elections in May, Cameron said that if re-elected, he would seek to ban encrypted online messaging apps unless the UK government is given backdoors.

“Are we going to allow a means of communications which it simply isn’t possible to read?” Cameron said Monday while campaigning, in reference to apps such as WhatsApp, Snapchat, and other encrypted services. “My answer to that question is: ‘No, we must not.'”

He said the Paris attacks, including the one last week on satirical newspaper Charlie Hebdo, underscored the need for greater access.

Read 11 remaining paragraphs | Comments

Silk Road Reloaded Launches, But Not on Tor

A new version of Silk Road has appeared on the darkweb, but it doesn’t rely on Tor or Bitcoin. Silk Road Reloaded uses the little-known I2P anonymity network and accepts a range of cryptocurrencies including the meme-inspired Dogecoin.

The site, which has no relation to the two previous versions of Silk Road, is one of a series of copycat marketplaces trying to tap into the lucrative online trade in drugs and other illegal items. Silk Road Reloaded has been in development for a year and can only be accessed using the I2P anonymity software.

I2P, which has been around since 2003, works in a similar way to the more widely used Tor network and hides what people are looking at online. Unlike conventional websites, all I2P sites ends in .i2p. A “clearnet” version of Silk Road Reloaded can also be accessed from normal browsers.

Read 4 remaining paragraphs | Comments

Who Was Silk Road’s Dread Pirate Roberts? As Trial Nears, a Jury Will Decide

The man accused of running the Silk Road, the Internet’s biggest drug market, is about to get his day in court. Prosecutors and defense lawyers are already poring over juror questionnaires, and a panel of New York citizens will be selected on Tuesday.

There still isn’t much that’s been made public about how the trial will proceed. Whatever happens, the trial, expected to last at least four weeks, is sure to reveal more about the dark corners of the so-called “Darknet” and the authorities’ efforts to master it.

Ross Ulbricht, the 30-year-old Texan who prosecutors say was the mastermind of the drug trafficking website, has remained steadfast in his innocence since his arrest more than a year ago. Barring a last-minute deal, his fate will soon be in the hands of a jury. If convicted, he faces decades in prison.

Read 28 remaining paragraphs | Comments

Bitstamp Reopens Bitcoin Exchange, Adds Security Precautions

Major Bitcoin exchange Bitstamp reopened its virtual doors late Friday, four days after it suspended services because of an online theft of 19,000 bitcoins valued at more than $5 million.

Bitstamp, the second largest Bitcoin exchange for US dollars, moved its system to Amazon’s cloud services and added additional security features to make compromises more difficult, Bitstamp’s CEO Nejc Kodrič said in a statement on the company’s website.

“By redeploying our system from a secure backup onto entirely new hardware, we were able to preserve the evidence for a full forensic investigation of the crime,” he said. “While this decision means we have not been able to provide you with services for a number of days, we feel this extra measure of precaution was in the best interest of our customers.”

Read 6 remaining paragraphs | Comments

Bitcoin Exchange Bitstamp Claims Hack Siphoned Up to $5.2 million

UK-based Bitstamp, the second largest bitcoin exchange for US dollars, suspended operations on Monday, following evidence that online thieves had stolen up to 19,000 BTC—approximately $5.2 million—from its operational store of bitcoins.

The company alerted its users of the possible attack on Monday and warned against transferring any bitcoins to the service’s old bitcoin deposit addresses. Early the following morning, Bitstamp revealed that the attack affected fewer than 19,000 bitcoins. The actual attack appeared to have occurred on Sunday, January 4, when attackers compromised the company’s operational funds, also known as the “hot wallet.”

“Thank you all for your patience, we are working diligently to restore service,” Nejc Kodrič, the co-founder and CEO of Bitstamp, tweeted on Monday, adding, “To restate: the bulk of our bitcoin are in cold storage, and remain completely safe.”

Read 7 remaining paragraphs | Comments

Feds Want Apple’s Help to Defeat Encrypted Phones, New Legal Case Shows

OAKLAND, CA—Newly discovered court documents from two federal criminal cases in New York and California that remain otherwise sealed suggest that the Department of Justice (DOJ) is pursuing an unusual legal strategy to compel cellphone makers to assist investigations.

In both cases, the seized phones—one of which is an iPhone 5S—are encrypted and cannot be cracked by federal authorities. Prosecutors have now invoked the All Writs Act, an 18th-century federal law that simply allows courts to issue a writ, or order, which compels a person or company to do something.

Some legal experts are concerned that these rarely made public examples of the lengths the government is willing to go in defeating encrypted phones raise new questions as to how far the government can compel a private company to aid a criminal investigation.

Read 33 remaining paragraphs | Comments

Using a Password Manager on Android? It May be Wide Open to Sniffing Attacks

In early 2013, researchers exposed some unsettling risks stemming from Android-based password managers. In a paper titled “Hey, You, Get Off of My Clipboard,” they documented how passwords managed by 21 of the most popular such apps could be accessed by any other app on an Android device, even those with extremely low-level privileges. They suggested several measures to help fix the problem.

Almost two years later, the threat remains viable in at least some, if not all, of the apps originally analyzed. An app recently made available on Google Play, for instance, has no trouble divining the passwords managed by LastPass, one of the leading managers on the market, as well as the lesser-known KeePassDroid. With additional work, it’s likely that the proof-of-concept ClipCaster app would work seamlessly against many other managers, too, said Xiao Bao Clark, the Australia-based programmer who developed it. While ClipCaster does nothing more than display the plaintext of passwords that LastPass and KeePassDroid funnel through Android handsets, a malicious app with only network privileges could send the credentials to an attacker without the user having any idea what was happening.

“Besides the insecurity of it, what annoyed me was that I was never told any of this while I was signing up or setting up the LastPass app,” Clark wrote in an e-mail. “Instead, I got the strong impression from LastPass that everything was very secure, and I needn’t worry about any of it. If they at least told users the security issues using these features brings, then the users themselves could decide on their own trade-off between usability and security. Not mentioning it at all strikes me as disingenuous.”

Read 12 remaining paragraphs | Comments

Finally, a New Clue to Solve the CIA’s Mysterious Kryptos Sculpture

Finally, a New Clue to Solve the CIA’s Mysterious Kryptos Sculpture

In 1989, the year the Berlin Wall began to fall, American artist Jim Sanborn was busy working on his Kryptos sculpture, a cryptographic puzzle wrapped in a riddle that he created for the CIA’s headquarters and that has been driving amateur and professional cryptographers mad ever since. To honor the 25th anniversary of the Wall’s […]

The post Finally, a New Clue to Solve the CIA’s Mysterious Kryptos Sculpture appeared first on WIRED.



Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud

Underscoring just how broken the widely used MD5 hashing algorithm is, a software engineer racked up just 65 cents in computing fees to replicate the type of attack a powerful nation-state used in 2012 to hijack Microsoft’s Windows Update mechanism.

Nathaniel McHugh ran open source software known as HashClash to modify two separate images—one of them depicting funk legend James Brown and the other R&B singer/songwriter Barry White—that generate precisely the same MD5 hash, e06723d4961a0a3f950e7786f3766338. The exercise—known in cryptographic circles as a hash collision—took just 10 hours and cost only 65 cents plus tax to complete using a GPU instance on Amazon Web Service. In 2007, cryptography expert and HashClash creator Marc Stevens estimated it would require about one day to complete an MD5 collision using a cluster of PlayStation 3 consoles.

The MD5 hash for this picture—e06723d4961a0a3f950e7786f3766338—is precisely the same for the one below. Such “collisions” are a fatal flaw for hashing algorithms and can lead to disastrous attacks.

The practical ability to create two separate inputs that generate the same hash is a fundamental flaw that makes MD5 unsuitable for most purposes. (The exception is password hashing. Single iteration MD5 hashing is horrible for passwords but for an entirely different reason that is outside the scope of this post.) The susceptibility to collisions can have disastrous consequences, potentially for huge swaths of the Internet.

Read 4 remaining paragraphs | Comments

Google Releases “nogotofail” to Detect HTTPS Bugs Before They Bite Users

Following a string of catastrophic vulnerabilities recently discovered in HTTPS encryption protections, Google engineers have released an app that allows developers to detect bugs and glitches that may leave passwords and other sensitive information open to snooping.

The open source tool is dubbed nogotofail, a reference to the so-called goto fail flaw that gave attackers an easy way to surreptitiously circumvent HTTPS-protected connections of Apple iOS and OS X devices. Since its discovery in February, various implementations of the underlying secure sockets layer (SSL) and transport layer security (TLS) protocols have suffered several other devastating vulnerabilities, including a flaw in the GnuTLS library, the catastrophic Heartbleed bug in OpenSSL, and the more recently disclosed in version 3 of SSL.

“The Android Security Team has built a tool, called nogotofail, that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations,” Google engineers wrote in a blog post published Tuesday morning. “Nogotofail works for Android, iOS, Linux, Windows, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy.”

Read 1 remaining paragraphs | Comments