Maintainers of the PHP scripting language are urging users to avoid an update released last week that introduces a serious bug affecting some cryptographic functions.
The flaw in version 5.3.7 involves the crypt() function used to cryptographically hash a text string. When using the command with the MD5 algorithm and some salt characters to help randomize the resulting hash value, the program returns only the salt, instead of the salted hash. The bug doesn’t appear to affect the crypt() function when the DES or Blowfish algorithms are used.
“If crypt() is executed with MD5 salts, the return value consists of the salt only,” a bug report published on Wednesday stated. “DES and Blowfish salts work as expected.”
Despite the advisory, PHP maintainers released the update the following day. It fixed several security vulnerabilities, including a buffer overflow flaw on overlog salt in the crypt() function.
On Monday, the maintainers advised users to steer clear of the update.
“Due to unfortunate issues with 5.3.7 users should wait with upgrading until 5.3.8 will be released (expected in few days),” they wrote.
PHP gives webmasters the ability to render dynamically generated web pages that are customized to hundreds of thousands of variables, including where a visitor is located, the type of browser he’s using, and when the pages are being accessed. The freely available open-source program is used by millions of websites, so a vulnerability in its source code has the ability to cause widespread security problems.
For those who can’t wait until the next release, fixes are available in intermediate versions available here and here. ®
Erstwhile Met Police commissioner Sir Paul Stephenson and his one-time colleagues – John Yates, Andy Hayman and Peter Clarke – have all been cleared of misconduct during an inquiry by the cop watchdog into the phone-hacking scandal at News International.
The Independent Police Complaints Commission concluded that Stephenson, who resigned last month, had not committed any offence.
He walked from his job in July while insisting that his “integrity” was intact. Stephenson said at the time that he was stepping down due to the “excessive distraction” his presence at the helm was causing to the effective running of Britain’s largest police force.
“I… considered whether the public interest requires any other matter to be investigated by the IPCC, including Sir Paul’s acceptance of hospitality from a family friend at Champneys Medical, unconnected to his professional life, while he was on sick leave,” said IPCC deputy chair Deborah Glass in a statement issued this lunchtime.
The health spa was promoted by PR firm Outside Organisation, whose managing director was Neil Wallis – the former deputy editor of the News of the World.
Wallis was arrested on 14 July by Met police investigating alleged phone-hacking at the now-defunct Sunday tabloid.
“The public will make its own judgments about whether any senior public official should accept hospitality to this extent from anyone – or indeed about a policy which regards hospitality as acceptable merely because it is disclosed,” said Glass.
“But whether or not the acceptance of hospitality amounts to recordable conduct, I do not consider that it is necessary to investigate it further. Sir Paul Stephenson has given a public account of his actions and of course, has resigned.”
Scotland Yard’s assistant commissioner John Yates also quit his job at the Met last month, as revelations in the phone-tapping saga at News International, which is owned by Rupert Murdoch’s News Corp, continued to unravel.
Glass said today that given Yates had been questioned in six separate parliamentary grillings over his involvement in phone hacking, the IPCC could not see what any further probe would achieve.
“We would agree that he made a poor decision in 2009,” she said.
Last month, Yates told MPs that he regretted not re-opening the Met’s original investigation into phone-hacking claims in 2009.
“I felt the evidence had been followed,” he said at the time.
Yates, who stood down from his position on 18 July, spent one day in 2009 looking at the initial investigation into phone-hacking, but concluded that there was nothing worth pursuing further.
“He himself has acknowledged that, given what is now known, he made a poor decision for which he has now taken responsibility. Had no new investigation into phone hacking begun this may well have been a recommendation, but the current investigation which started in January 2011 makes this unnecessary,” said Glass.
She said she had also found no reason to carry out any further investigation into the conduct of Peter Clarke, who led the original phone-hacking investigation at the Met, which at the time was handling around 70 live operations relating to terrorist plots.
Glass noted that the Met’s ex-deputy commissioner Andy Hayman’s conduct had not been referred to the IPCC by the Metropolitan Police Authority.
“[H]is social contacts with News International and subsequent employment by the Times [which is owned by News International] have been criticised,” she said.
“While there are serious issues that need to be scrutinised about the extent of contact between senior police officers and the media – and particularly around hospitality – in the absence of any actual evidence of impropriety these are, in my view, for the inquiry to explore,” said Glass.
An independent inquiry has been launched by the police watchdog into claims that Yates had secured a job at the Met for the daughter of Neil Wallis.
The former Murdoch man’s Chamy Media company’s contract with Scotland Yard – offering up PR services to England’s largest police force between October 2009 and September 2010 – is also being investigated by the IPCC, said Glass.
The Commission is separately probing alleged police corruption linked to the phone-hacking scandal, which the Met is investigating as part of Operation Weeting.
“Should any further evidence emerge, through our investigations or from the Leveson Inquiry, of any impropriety by an officer, retired or otherwise of any rank, I would expect it to be recorded by the appropriate authority and referred to the IPCC,” Glass added.
“On this basis I will keep all of these decisions under review as the inquiry progresses.”
Yates said in a statement via the Met that he was “pleased” that the IPCC was no longer investigating him in relation to any involvement in the phone-tapping issues that had been flagged by the MPA.
“I am disappointed with the IPCC’s decision to investigate my peripheral involvement in recruitment process of Neil Wallis’s daughter,” said Yates.
“I strongly deny any wrongdoing and I am completely confident that I will be exonerated.
“I have been entirely open about this matter and I will cooperate fully with the investigation which I hope will be conducted swiftly,” he added. ®
The German arms of Telefonica and Vodafone, along with Deutsche Telekom, have signed an agreement to take their virtual mpass payment platform physical, without the help of the banks.
The letter of intent, signed by all three companies, states that the mpass system will be set up as a jointly-owned-but-independent company handling payments made by customers of any of the network operators, and without having to pass on a cut to the existing payment processors.
That is in contrast to the rest of the world where mobile operators have been busy conceding the mobile-payments business to the existing providers (Visa, Mastercard and their ilk).
In the USA ISIS was set up to provide a similar mechanism, but has now scaled back plans to welcome in the existing players, while the UK operators have been busy creating a standardised advertising platform so that they can make money from NFC without having to worry about slicing the mobile-payment cake too thinly.
But German operators reckon they can do it, even if it means distributing new point-of-sale equipment to shops and, as NFC Times points out, delaying previously-scheduled launches of independent offerings:
“[Q]ueues at the supermarket will soon be a thing of the past,” says Deutsche Telekom’s ebullient Director of Marketing, espousing the benefits of pay-by-tap.
Mpass already operates in Germany, allowing payments authorised by SMS, and was even available (briefly) in the UK a decade or so ago, but despite its longevity it hasn’t proved very popular. Getting new terminals into every shop in the country will increase the visibility of the brand, but it is the cost of doing just that which has put off operators in so many other countries. ®
Security researchers have found that thermal cameras can be combined with computer algorithms to automate the process of stealing payment card data processed by automatic teller machines.
At the Usenix Security Symposium in San Francisco last week, the researchers said the technique has advantages over more common ATM skimming methods that use traditional cameras to capture the PINs people enter during transactions. That’s because customers often obscure a camera’s view with their bodies, either inadvertently or on purpose. What’s more, it can take a considerable amount of time for crooks to view the captured footage and log the code entered during each session.
Thermal imaging can vastly improve the process by recovering the code for some time after each PIN is entered. Their output can also be processed by an algorithm that automates the process of translating it into the secret code.
The findings expand on 2005 research from Michal Zalewski, who is now a member of Google’s security team. The Usenix presenters tested the technique laid out by Zalewski on 21 subjects who used 27 randomly selected PINs and found the rate of success varied depending on variables including the types of keypads and the subjects’ body temperature.
“In summary, while we document that post-hoc thermal imaging attacks are feasible and automatable, we also find that the window of vulnerability is far more modest than some feared and that there are simple counter-measures (i.e., deploying keypads with high thermal conductivity) that can shrink this vulnerability further still,” the researchers wrote.
A PDF of their paper, which is titled Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks, is here. ®
Hackers breached the website belonging to a police union and posted sensitive personal information for more than 100 officers who work for a San Francisco regional transit authority.
The breach of bartpoa.com was the second time in less than a week that websites affiliated with Bay Area Rapid Transit have been targeted by hackers. Over the weekend, people claiming to be members of the Anonymous hacking collective said they were protesting BART by publishing personal information for more than 2,000 passengers who had nothing to do with the agency’s management.
People claiming to be members of Anonymous took credit for the attack that exposed passenger data. It was less clear what role the group had in Wednesday’s breach.
“The leak today of BART officer data could be the work sanctioned by those who truly support anonymous, or agent provocateurs,” a tweet from AnonyOps said. “Stay skeptical.”
A later dispatch on the microblogging site said: “People who are against anonymous know they can do things under the name ‘anonymous’ and never be questioned. This is anonymous, defined.”
A posting on Pastebin.com listed the names, home and email addresses and site passwords of 102 BART police officers. At time of writing, bartpoa.com was inaccessible.
It’s unclear exactly how the hackers compromised the police officer data.
The hackers in the earlier attack claimed to access the passenger information by exploiting a rudimentary security flaw in MyBart.org, which is owned by BART. BART officials have declined to say whether the site was ever reviewed by outside security auditors.
The attacks follow a controversial move to disable cellular service in at least four San Francisco BART stations last week. BART management took that action to disrupt a planned demonstration that protesters were organizing online. BART officials said its decision to turn off the nodes that connected carriers to underground antennas was legal and necessary to prevent unsafe conditions in confined spaces. Critics have compared the move to those taken by former Egyptian President Hosni Mubarak to quash protests against his rule.
The BART demonstrations were protesting the fatal shooting by BART police in July of a homeless man who allegedly brandished a knife as he lunged at officers. ®
Computer scientists have developed an Android app that logs keystrokes using a smartphone’s sensors to measure the locations a user taps on the touch screen.
TouchLogger, as their demo app is dubbed, allowed its creators at the University of California at Davis to demonstrate a vulnerability in smartphones and tablets that has largely gone unnoticed: While most of these devices lack physical keyboards that have long been known to leak user input, they nonetheless remain susceptible to monitoring through similar side-channel attacks.
Whereas eavesdroppers measure sound and electromagnetic emanation to capture input from traditional keyboards, they can monitor the motion of the device to achieve much the same result from a touch screen.
“Our insight is that motion sensors, such as accelerometers and gyroscopes, may be used to infer keystrokes,” the researchers wrote in a paper (PDF here) presented last week at the HotSec’11 workshop in San Francisco. “When the user types on the soft keyboard on her smartphone (especially when she holds her phone by hand rather than placing it on a fixed surface), the phone vibrates. We discover that keystroke vibration on touch screens are highly correlated to the keys being typed.”
User interface for data collection app
Applications like TouchLogger could be significant because they bypasses protections built into both Android and Apple’s competing iOS that prevent a program from reading keystrokes unless it’s active and receives focus from the screen. It was designed to work on an HTC Evo 4G smartphone. It had an accuracy rate of more than 70 percent of the input typed into the number-only soft keyboard of the device. The app worked by using the phone’s accelerometer to gauge the motion of the device each time a soft key was pressed.
With minor refinements, the researchers believe they can expand the effectiveness of TouchLogger, as well as the devices it will work on.
“The tablet has a larger screen, so hopefully we can get a higher accuracy rate on a qwerty keyboard,” said Liang Cai, a graduate student in UC Davis’s computer science department who collaborated with his advisor Hao Chen. “We didn’t really try it on a large scale of devices.”
Besides targeting devices with larger touch screens, the researchers said TouchLogger could also be improved by tapping other sensors built into the targeted device. Prime candidates include gyroscopes to measure the rate of rotation and a camera to further detect motion. The scientists noted that the W3C recently published a specification for web applications to access accelerometer and gyroscope sensors using JavaScript. They are in the process of extending their work into a full research project.
For now, they hope to get the word out that the motion detected by a smart device’s own sensors could expose highly valuable information, including passwords, social security numbers and credit card numbers.
“We hope to raise the awareness of motion as a significant side channel that may leak confidential data,” they wrote. ®
Updated Cryptographers have discovered a way to break the Advanced Encryption Standard used to protect everything from top-secret government documents to online banking transactions.
The technique, which was published in a paper (PDF) presented Wednesday as part of the Crypto 2011 cryptology conference in Santa Barbara, California, allows attackers to recover AES secret keys up to five times faster than previously possible. It introduces a technique known as biclique cryptanalysis to remove about two bits from 128-, 192-, and 256-bit keys.
“This research is groundbreaking because it is the first method of breaking single-key AES that is (slightly) faster than brute force,” Nate Lawson, a cryptographer and the principal of security consultancy Root Labs, wrote in an email. “However, it doesn’t compromise AES in any practical way.”
He said it would still take trillions of years to recover strong AES keys using the biclique technique, which is a variant of what’s known as a meet-in-the-middle cryptographic attack. This method works both from the inputs and outputs of AES towards the middle, reusing partial computation results to speed up the brute-force key search. The technique is designed to reduce the time it takes an attacker to recover the key.
Lawson continued:
This technique is a divide-and-conquer attack. To find an unknown key, they partition all the possible keys into a set of groups. This is possible because AES subkeys only have small differences between rounds. They can then perform a smaller search for the full key because they can reuse partial bits of the key in later phases of the computation.
It’s impressive work but there’s no better cipher to use than AES for now.
AES remains the favored cryptographic scheme of the US government. The National Institute of Standards and Technology commissioned AES in 2001 as a replacement for the DES, or Digital Encryption Standard, which was showing signs of its age.
The research is the work of Andrey Bogdanov of Katholieke Universiteit Leuven; Microsoft Research’s Dmitry Khovratovich; and Christian Rechberger of Ecole Normale Superieure in Paris. Bogdanov and Rechberger took leave from their positions to work on the project for Microsoft Research. ®
Update
Vulture Central has been deluged with missives from outraged readers complaining about the use of the word “broken” in the headline. “Broken” in cryptography is the result of any attack that is faster than brute force. The biclique technique described here allows attackers to recover keys up to five times faster than brute-force. AES may not be completely broken, but it’s broken nonetheless.
What’s more, theoretical attacks against widely used crypto algorithms often get better over time. As Root Labs’ Lawson has noted, MD5 wasn’t compromised in a single 2004 paper. Rather, people successively found better and better attacks against it, starting in the mid 1990’s.
Thanks to Reg reader Kevin 3 for bringing the facts to the discussion with this comment.
An Australian Senate committee has recommended that law enforcement authorities should only hand information to agencies from other countries if those countries have privacy protection that matches our own.
That’s one of the key recommendations made by the bipartisan committee looking into proposed cybercrime legislation, which tabled its report on August 18.
The committee has also recommended that the Cybercrime Amendment Bill 2011 should apply more detailed conditions to any telecommunications data that is disclosed to foreign countries, covering how that data might be retained and stored, and prohibiting any “secondary use” by the foreign country.
According to Australian Greens senator Scott Ludlam, the original Cybercrime Amendment Bill went beyond the European convention on which it was based, and the committee’s recommendations should help address what he called “overreach”.
The committee has also recommended that the Australia Federal Police provide ministerial reports on how often it discloses intercepts to foreign countries, which countries receive that data, how many disclosures are made, and how often that information gets disclosed even further.
A judge has gutted a lawsuit that accused companies including Microsoft, McDonald’s, and advertising network Interclick of fraud for the use of code that tracked the browsing history of website visitors, even when they took pains to keep that information private.
Wednesday’s dismissal of claims under the federal Computer Fraud and Abuse Act and breach and interference of contract statutes came in a case that challenged the use of Adobe Flash cookies by Interclick to track people over extended periods of time as they surfed from site to site. New York City consumer Sonal Bose alleged use of the technology, and JavaScript that detected what websites she visited, were deceptive and invaded her privacy because they allowed tracking cookies to be resurrected even after she deleted them.
US District Judge Deborah A. Batts of the Southern District of New York, dismissed most of the claims brought by Bose under a rationale that’s becoming common in privacy-invasion lawsuits. The crux of her basis is that there wasn’t an injury that could be quantified in monetary amounts required by the statutes. She said the plaintiff failed to prove that the secret tracking created actual damages of $5,000 or more, as required under the CFAA.
“Only economic damages or loss can be used to meet the $5,000.00 threshold,” Batts wrote in the 28-page decision. “The limit based on economic damages under the CFAA ‘precludes damages for death, personal injury, mental distress, and the like,’” she added, quoting from a 2004 decision from the Ninth Circuit US Court of Appeals.”
She went on to say: “Advertising on the internet is no different from advertising on television or in newspapers. Even if Bose took steps to prevent the data collection, her injury is still insufficient to meet the statutory threshold.”
The judge also dismissed claims for breach of implied contract and tortious interference with contract. Several claims brought under New York state laws were dismissed against the website operators that relied on Interclick, which in addition to Microsoft and McDonald’s, included the CBS network and a US subsidiary of Mazda. She allowed claims brought under New York State law and under a trespass statute to remain against Interclick.
The ruling is the latest to dash a lawsuit alleging invasion of privacy because the plaintiff couldn’t meet the required showing of monetary damages. Facebook, prescription processor Express Scripts, and job application processor Vangent have been absolved for alleged failures to safeguard sensitive information on similar grounds. The Technology Marketing Law blog has legal analysis here.
According to the lawsuit gutted Wednesday, Interclick used Flash cookies to back up more traditional browser-based cookies it used to track which websites individual users visited. Until recently, Flash cookies – which are also known as LSOs, or locally stored objects – were significantly harder to delete. This allowed website operators in many case to recreate the deleted browser cookies, a practice known as “cookie respawning,” that was first revealed in 2009.
The lawsuit also accuses Interclick of exploiting a decade-old vulnerability in virtually every web browser that leaks the websites end users have visited recently. Interclick’s use of history-sniffing code was first documented in December by researchers from the University of California at San Diego. Most browser makers have patched the vulnerability past year or so.