Detecting SSL/TLS legacy session Renegotiation

Back in November I posted on The TLS Renegotiation Attack for the Impatient, which I hoped was a plain English explanation of this new weakness in SSL and TLS (at the end of the post you can find less plain explanations and links). The weakness was quickly addressed by the IETF a few months later. There is a new review of the attack from nCircle and also a link to the detailed steps that can be taken to specifically detect servers which still run legacy versions of the protocols susceptible to the attack.

The half-life of a YouTube video is 6 Days

A very interesting chart from Business Insider which shows that a YouTube video gets half its views in the first 6 days of it being published, down from 14 days in 2008. By way of comparison, computer vulnerabilities have a half-life closer to 30 days, meaning that our video attention span is much shorter than our patching cycles.

The data is provided by TubeMogul.

An advance in Encrypted Search

I recently posted in The Search for Encrypted Search an overview of the breakthrough last year made by Craig Gentry of IBM to search data while it is in encrypted form. The breakthrough was largely theoretical since the required computational overhead to support encrypted search is huge, which for example would increase the time for a Google search by roughly a factor of a trillion.

In such cases, it is always an open question as to whether the breakthrough will stand as an unimprovable milestone, or be the beginning of series of improvements towards a practical solution. We now have the first evidence that we are dealing with the latter case for encrypted search.

A press release from the University of Bristol in the UK reports that

Nigel Smart, Professor of Cryptology in the Department of Computer Science at the University of Bristol, will present a paper in Paris this week [Friday 28 May], which makes a step towards a fully practical system to compute on encrypted data. The work could have wide ranging impact on areas as diverse as database access, electronic auctions and electronic voting.

Professor Smart said: “We will present a major improvement on a recent encryption scheme invented by IBM in 2009.”

“Our scheme allows for computations to be performed on encrypted data, so it may eventually allow for the creation of systems in which you can store data remotely in a secure manner and still be able to access it.”

Together with Frederik Vercauteren, from the Katholieke University Leuven in Belgium, Smart has simplifed Gentry’s scheme so that it becomes more practical - not totally so, but an improvement. More information should be available after the paper is published.

A look back at posts in May 2009

This time last year I made some of my favourite posts. First I celebrated that I had reached about 1,000 visits and 2,000 page views a month, and now I am about double that.

Rethinking Thresholds for Account Lockouts was a simple post asking if the 3-strikes-your-out password policy makes sense. I posted my second Password Roundup #2, and reviewed from Qualys their study on The Half-life of Vulnerabilities is still 30 Days.

I also developed some thoughts why web app bugs don’t get fixed in The $28,000 Question: Project vs. Production Risk, after Jeremiah Grossman estimated that 28,000 well-spent dollars could fix the bugs at many sites.

On the crypto side I broke some news about The cost of SHA-1 collisions reduced to 2^{52}, and took a look at AES-256 and Reputational Risk. The AES post is now on the first page of a Google search for “aes 256” and has brought a steady flow of visits since last May, 1346 in total. I also asked if anyone could verify that the Total Internet computational power = 2^{85} operations, a statement I read in an ECRYPT report. I ended up contacting the authors and nope, no one knows where is came from. Sounds possible though.

I also posted The Sub-Time Crisis in Web 2.0, my thoughts on information overload in Web 2.0. I only used half the text I typed in from my written notes.

How To Password Protect Your Pen Drive

A nice how-to article on protecting USB drives with a password and encryption using Windows Vista or 7 and Bitlocker.

Do you carry sensitive data in your pen drive? Then you should carefully keep your pen drive. Oh! You mean you are not that careful too. Then I would suggest that you should password protect your pen drive. Yes folks, you can do this by a simple method. This is an added advantage to Windows Vista and Windows 7 users that they can easily password protect their pen drives with the help of BitLocker Drive Encryption. Its an inbuilt feature of both of these operating systems.

 

Related articles by Zemanta

• ZoneAlarm's DataLock: BitLocker for the Rest of Us (technologizer.com)
• BitLocker, USB drives not at fault - it's BIOS (seattletimes.nwsource.com)

iPhone, iPad, iBoard, iMat

This is just great.

Shark Fin Posts

I have been making daily posts this month, partly to see what people read on a given day, and what they keep on reading. Quite a few of the posts turn out to have a hit graph that looks like a shark fin. Here is the one for What is the LINPACK rating of Conficker?

What the graph shows is that there are no hits before the post is published (of course!), then a spike when it first appears and for a few days after, ending in just a few hits by a week later or so. After that it’s up to Google, industrious visitors or self-referential posting to raise the hits again.

Google could help enforce new German wireless protection law

A German court has ruled that home users are responsible for creating password-protected home wireless networks, and failing to do so could result in a fine a 100 euros. The rulings stems from a case where a musician sued the owner of a home WiFi network for illegally downloading his music, but since the network owner was away on holiday, the open network was being used by another third party.

The maximum fine of 100 euros (or about $120) is about the same as a hefty speeding ticket, and with 26 million WiFi enabled German households, that could add up. All those Google Street View spycars could help out with enforcement of the law, since they have been collecting wireless information anyway.

Related articles by Zemanta

• Fine for lax home wi-fi security (news.bbc.co.uk)
• German man fined for poor Wi-Fi security (v3.co.uk)
• German Wi-Fi networks liable for 3rd party piracy (go.theregister.com)

Whit Diffie does the Can Can

In Not so sunny for Whit Diffie I briefly posted on his unexpected exit from Sun soon after their acquisition by Oracle, and taking up a visiting academic position in the UK. Computerworld recently reported that Diffie has now landed a new position as vice president at ICANN, managing the security of their networks. 

It seems he was just a bit too late to give his blessing to the recent commissioning of DNSSEC on each of the 13 authoritative names servers of the Internet. However there will be a formal key ceremony in June which may require a cryptographic high priest, or he may yet bag one of the coveted 14 crypto officers roles, to whom key recovery shares will be entrusted. 

He also does a good impression of Gandalf the Brown.

Related articles by Zemanta

• Diffie Named ICANN VP, Information Security and Cryptography (infosecurity.us)
• Encryption guru joins Icann (v3.co.uk)
• ICANN Hires Cryptography Pioneer (techdailydose.nationaljournal.com)

Security Bloggers Network under attack?

Update: This is a hoax mail leading to a rogue site, so please don't click it. Check out the Lijit blog for details (via Alan).

Just got this from Lijit, the hosting firm for SBN

Facebook juggernauts towards 500 million users

AllFacebook.com has observed that, based on linear projections of current sign-up rates, Facebook will pass the 500 million user milestone by the end of June. Using population data published by the CIA, we will therefore soon have the situation where only China and India as countries will have more people than Facebook (1.33 and 1.56 billion respectively). Projecting further, Facebook will have twice as many people as the US by year end (around 600 million), and approximately a billion dollars in revenue as well.

It remains to be seen whether the current privacy backlash against Facebook introduces unpleasant non-linearities into these projections. A recent informal poll taken by Graham Cluley of Sophos, found that almost two thirds of the 1588 respondents are considering leaving Facebook. If we round up the respondents to an even 1600, and noting that Facebook has more than 320 million users currently, the survey represents a sample of less than 0.0005% of all users (that’s just 5% of 1% of 1% of the total). Even so, PC World has reported the survey under the headline Study: 60 Percent of Facebook Users Mulling to Quit which, I hope you will agree, is a bit grandiose. This is an example of how the non-linearities of reputational risk start accruing against a company with widespread and sustained bad press - and more will follow.

Privacy may yet be the Black Swan of Facebook.

Password Strength Infographic

Interesting password graphic from CXO. I am not quite sure what the people axis is meant to show, or exactly what social class is represented by a Douche. In any case, the examples were verified by Google’s password strength meter, and give a good visual the password spectrum (click to enlarge).

Y2Gay: gay marriage from the database perspective

This is a quite interesting post which the author describes as a “stream of consciousness about equal parts nuptial rights and Structured Query Language”. The author is actually taking a serious look at how to redesign your database to accommodate gay (same sex) marriages, with quite a few amusing digressions. After outlining 14 detailed steps to follow for the transformation, the conclusion is that

Perhaps the simplest solution would be to ban marriage outright. Or, better yet, to declare everybody as married to everybody else. But then what would the database engineers do all day?

There are 145 comments as well.

Why have there been so many Natural Catastrophes of late?

The Freakanomics blog reports that Foreign Policy magazine has responded to concerns that we are living in particularly harrowing times, experiencing more than our share of natural disasters. But FP reports that we are not. What we actually have is a heightened awareness that these events are occurring thanks to rapid and prolonged media coverage.

Based on U.S. Geological Survey records dating back to 1900, the Earth experiences 16 major earthquakes per year on average, where a major quake is one whose magnitude is 7.0 or more. There were only 6 major quakes in 1986 but 32 in 1943. And this year? 6 so far, so we might be headed for an above average year, but not an extreme year. However there is an increase in the loss of life from earthquakes (650,000 people last decade) due to the expansion of urban sites into fault zones. This is another factor which increases media coverage of these tragedies.

Conficker, RSA and RC4

I was reading the excellent paper An Analysis of Conficker's Logic and Rendezvous Points from SRI and was surprised to learn that Conficker botnet updates are distributed at its rendezvous points as encrypted and signed binaries using RC4 and RSA (the “R” in both cases here stands for Ron Rivest). Both the A and B variants of Conficker use these checks to ensure that the updates have been created by the Conficker authors – just like any other software vendor issuing updates and patches. The paper depicts the update process as follows

So each Conficker client carries an RSA public key E for signature verification. A Windows binary file F is encrypted and signed as follows

• Hash F to produce a 512-bit hash M
• Encrypt F with RC4 using M as the key
• Sign M using private key D

A Conficker client authenticates the encrypted binary as follows

• Using the embedded public key E, compute the signature verification to recover M
• Decrypt the encrypted binary using RC4 and M as the key
• Verify that the hash of F is in fact M

For Conficker A, the RSA key is 1024-bits and 2048-bits for Conficker B, both of which are listed in the paper. That’s a large public key for Conficker B but it is dwarfed by the 512-bit symmetric key used in RC4. Yes RC4 can support such huge key sizes, and I will explain in a future post how this is possible.