STE WILLIAMS

Anonymous has distanced itself from a plot to knock out critical systems in the backbone of the internet.

Documents posted on Pastebin and elsewhere warn of a planned attack against the main DNS root servers on 31 March as part of a protest against SOPA and other hated copyright enforcement measures. If successful, the attack would disable the core components of internet’s systems for domain name to IP address lookup, hobbling web surfing and email delivery in the process.

“On March 31, anonymous will shut the Internet down. In order to shut the Internet down, one thing is to be done. Down the 13 root DNS servers of the Internet,” according to a memo outlining the proposed assault, dubbed Operation GlobalBlackOut.

“By cutting these off the Internet, nobody will be able to perform a domain name lookup, thus, disabling the HTTP Internet, which is, after all, the most widely used function of the Web. Remember, this is a protest, we are not trying to ‘kill’ the Internet, we are only temporarily shutting it down where it hurts the most.”

Established individuals associated with Anonymous have distanced the group from the plan.

“GlobalBlackOut is another Fake Operation. No intention of #Anonymous to cut Internet,” an update to the @Anonops Twitter account on Tuesday states.

Anyone can declare themselves as members of Anonymous and use the groups’s banner as a flag of convenience. In the absence of official spinners, let alone any recognised hierarchy, Twitter accounts and blogs act as the best guide for what’s going on with the collective.

These accounts correctly predicted that there would be no attack on Facebook, so El Reg reckons Operation GlobalBlackOut – which doesn’t make much sense in the first place – is a non-starter.

A minority of members of Anonymous have shown themselves prepared to leak the personal details of consumers in order to expose the insecurity of corporations in the past, but taking out the root DNS of the net is not the group’s style. After all, such a action would throw a spanner in the works of the hacktivists’ favourite playground.

In other Anon-related news, National Security Agency director Gen. Keith Alexander has warned the White House that Anonymous “could have the ability within the next year or two to bring about a limited power outage through a cyberattack”, the Wall street journal breathlessly reports.

Various members of Anonymous denounced this warning as scare-mongering geared towards creating a climate in which Congress allows the passage of the 2012 cyber-security bill despite objections by Senate Republicans. They say it gives federal authorities too much power over private-sector infrastructure firms.

“We’re pretty sure, that cyber bill is the reason for the renewed NSA fear-mongering,” AnonymousIRC retorted. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/anon_disowns_dns_takedown_plan/

The email addresses and passwords of more than a million users of the YouPorn sex chat site were exposed to all and sundry this week following a coding error that went undetected for years.

The data – which identifies customers of the smut site, exposing them to potential embarrassment as a result – might also be used in attempts to hack into more sensitive accounts maintained by the same potential victims. Those that use the same or similar passwords for more sensitive accounts (webmail, Facebook, PayPal etc) are most at risk of attack.

Grumble-flick vault YouPorn – unlike porn portal Brazzers, the victim of a similar recent attack that also exposed customers data – wasn’t hacked. Instead careless programmers left unencrypted sign-up information on a public-facing web server.

The sensitive files were uploaded to an FTP site and released as a (no longer available) torrent. However the index, and some older files, from the YouPorn chat site are still available through archive.org.

The breach became public knowledge this week via a thread on Flashback.org, Sweden’s largest web forum, which includes samples of some of the harvested files.

“Looking at the data, it seems like a careless programmer accidentally left debug logging on to a publicly accessible URL as early as November 2007, and it has been storing all registrations ever since,” explains Anders Nilsson of CTO at Swedish security distributor EuroSecure, in a blog post on the breach.

“The data was found by someone sweeping websites for publicly accessible, but non-linked (‘hidden’) folders, looking for either porn or sensitive material like this, and struck gold,” he adds.

The affected site – chat.youporn.com – was taken down on Tuesday, 21 February. Prior to this, the site offered “regular” chat with different rooms and moderators, and the possibility of sending audio or video to other members of the forum.

The main YouPorn.com site appears to be operating as normal. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/smut_chat_breach/

Microsoft has claimed that Google has been serving third-party cookies capable of tracking users’ online behaviour even when those users have adjusted settings in the Internet Explorer browser to prevent it happening.

Dean Hachamovitch, corporate vice president of Internet Explorer (IE) at the software giant, said Google had “bypassed” the settings by using a quirk in privacy technology. He said the company had identified the problem with its system after a researcher had reported that Google had circumvented user settings on the Apple Safari browser in order to send third-party cookies to those users.

Google has argued that Microsoft’s reliance on outdated technology had forced thousands of websites to circumvent the ‘Platform for Privacy Preferences’ (P3P) system it uses in IE in order to deliver “functionality” to web users. It has also claimed that it had unintentionally served advertising cookies to Safari users when trying to deliver a personalised service to them in other ways, according to media reports.

Google has said that it was removing those advertising cookies from Safari and that, in any case, the advertising cookies the company serves “do not collect personal information“.

A spokesman for the Information Commissioner’s Office (ICO) told Out-Law.com that the watchdog was “making enquiries with Google” to establish whether the way in which it serves cookies complies with UK law.

Websites and third parties, such as advertisers, often like to record users’ online interaction in order to serve personalised content, such as adverts, based on that recorded information. Websites can use a number of methods to collect user-specific data, including through the use of cookies. Operators sometimes pass on information stored in cookies to advertisers in order that they can serve behavioural adverts based on users’ activity and apparent interests.

EU law

However, EU privacy rules that came into force last May state that storing and accessing information on users’ computers is only lawful “on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing”. Consent must be unambiguous and be explicitly given.

Those laws have been implemented into UK law by the amendment of the Privacy and Electronic Communications Regulations (PECR). The ICO’s spokesman said that the watchdog would begin enforcing the law from 26 May this year – a year on from the date the amended PECR was introduced. The ICO previously said it would give website operators a year to work towards complying with the new rules.

In a Microsoft blog, Hachamovitch said that Google had been able to send third-party cookies to Internet Explorer even if users had elected not to receive them.

“By default, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site’s use does not include tracking the user. Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent,” Hachamovitch said.

Web standards

According to web standards body the World Wide Web Consortium (W3C) P3P “allows websites to present their data-collection practices in a standardized, machine-readable, easy-to-locate manner [and] enables web users to understand what data will be collected by sites they visit, how that data will be used, and what data/uses they may ‘opt out’ of or ‘opt in’ to”.

However, Hachamovitch said the technology allows unlabelled P3P ‘policies’ to circumvent blocking measures.

“Technically, Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies,” he said.

Hachamovitch said that IE users can use other ‘Tracking Protection’ technology to prevent Google serving third-party cookies to them and that Microsoft would change the way its P3P system works.

“The P3P specification says that browsers should ignore unknown tokens. Privacy advocates involved in the original specification have recently suggested that IE ignore the specification and block cookies with unrecognized tokens. We are actively investigating that course of action,” he said.

Google said that using Microsoft’s P3P system is “impractical.”

“Microsoft uses a ‘self-declaration’ protocol (known as ‘P3P’) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form,” a Google spokeswoman said.

“It is well known – including by Microsoft – that it is impractical to comply with Microsoft’s request while providing modern web functionality,” she said.

“Today the Microsoft policy is widely non-operational,” she said.

Internet companies have been urged to establish a final standardised system that will allow users to control their privacy settings across websites by the European Commission.

Neelie Kroes, EU Commissioner responsible for the Digital Agenda, last year warned internet companies that she would “not hesitate to employ all available means to ensure our citizens’ right to privacy” if a standardised system for indicating user consent to their online activity being tracked was not agreed by June 2012. Last month Kroes reiterated her demand and reported that the technology was at that stage more of an “aspiration rather than a reality”.

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/ico_enquires_about_google_system_for_serving_third_party_cookies/

Four-digit banking PINs are almost as insecure as website passwords, according to a study by Cambridge University computer scientists.

The first-ever quantitative analysis of the difficulty of guessing four-digit banking PINs estimates the widespread practice of using a date of birth as a PIN code and other factor means that opportunistic thieves will be able to correctly guess a PIN before a card is blocked between 8-9 per cent of the time.

The researchers modeled banking PIN selection using a combination of leaked data from non-banking sources (smartphone unlock-codes and the RockYou dataset) and an online survey. The 1,300 people quizzed online were not asked for their PIN, only if it fell into one of the general categories the Cambridge University team identified.

Most people are significantly more careful choosing PINs than online passwords, with a majority using an effectively random sequence of digits. However a few weak choices – and using birthdays in particular – provide hope for opportunistic thief.

In a blog post, Cambridge University researcher Joseph Bonneau explains:

About a quarter stick with their bank-assigned random PIN and over a third choose their PIN using an old phone number, student ID, or other sequence of numbers which is, at least to a guessing attack, statistically random.

In total, 63.7 per cent use a pseudo-random PIN, much more than the 23 to 27 per cent we estimated for our base datasets. Another 5 per cent use a numeric pattern (like 4545) and 9 per cent use a pattern on the entry keypad, also lower than the other two datasets.

Altogether, this gives an attacker with six guesses (three at an ATM and three with a CAP [hand-held card] reader) less than a 2 per cent chance of success.

Unfortunately, the final group of 23 per cent of users chose a PIN representing a date, and nearly a third of these used their own birthday. This is a game-changer because over 99 per cent of customers reported that their birth date is listed somewhere in the wallet or purse where they keep their cards. If an attacker knows the cardholder’s date of birth and guesses optimally, the chances of successfully guessing jump to around 9 per cent.

If customers use their wallet then it is very likely to have a ID document with a birth date printed on it. That makes choosing a date of birth for a bank card PIN a terrible idea. Other not-so-random codes include PINs representing dates, years, repeated digits, ascending digits or ending in 69. More bad practices in the area include sharing and reusing PINs.

The researchers suggest that blacklisting the top 100 PINs can drive the guessing rate down to around 0.2 per cent in the general, though not if a user’s birthday is known, where the rate stays at 5 per cent. Dropping all dates that can be considered as birthdays doesn’t work because there are too many.

Even so, some blacklisting can be done. Shamefully some banks in both the US and Europe fail to prohibit obviously guessable PINs, such as 1234, the Cambridge boffins report.

The team’s research paper, A birthday present every eleven wallets? The security of customer-chosen banking PINs – by Joseph Bonneau, Sören Preibusch and Ross Anderson, can be found here (PDF). ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/banking_pin_security/

UK local authorities spent a total of £515m installing, operating and maintaining CCTV between 2007-11, according to the privacy campaign group Big Brother Watch.

It has released figures obtained from freedom of information (FoI) requests showing that Birmingham was the highest spender on CCTV with more than £14m, while Westminster spent nearly £12m. The group claimed that 428 councils responded to the requests, accounting for 98.6 per cent of the total.

According to Big Brother Watch, the findings show that Leicester has the highest number of CCTV cameras, with 2,083 in total. Other authorities with more than 1,000 include Fife, Wandsworth, Nottingham and Southampton.

The data also shows that:

• There are at least 51,600 CCTV cameras controlled by 428 local authorities in Britain.
• Leicester, Fife, Wandsworth, Nottingham, Southampton, Aberdeen City and Cardiff have more CCTV cameras than Liverpool, Manchester and Leeds combined.
• 18 councils have spent more than £1m annually between 2007-11 on CCTV, including Wandsworth, Bristol, Wakefield, Cambridge and Caerphilly.

Caerphilly has challenged this figure, claiming it does not provide an accurate reflection of the information it provided in response to the FoI request.

Nick Pickles, director of Big Brother Watch, said: “Surveillance is an important tool in modern policing but it is not a substitute for policing. In too many cities across the country every corner has a camera but only a few ever see a police officer. Despite millions of cameras, Britain’s crime rate is not significantly lower than comparable countries that do not have such a vast surveillance state.

“There is no credible evidence that more cameras will reduce crime, yet councils have poured enough money into CCTV in just four years that would have put more than 4,000 extra police officers on the streets.”

The five lowest spenders on CCTV were Arun council, which spent £250,000 between 2007-11, Mid Sussex (£462,000), West Devon (£737,000), Waverley (£1.1m) and Rutland (£1.4m).

The department of Communities and Local Government declined to comment on the findings.

This article was originally published at Guardian Government Computing.

Guardian Government Computing is a business division of Guardian Professional, and covers the latest news and analysis of public sector technology. For updates on public sector IT, join the Government Computing Network here.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/councils_cctv/

The volume of malware samples detected by McAfee passed the 75 million milestone late last year, the Intel-owned security firm reported this week.

Although the release of new malware slowed in Q4 2011, mobile malware continued to increase albeit from a low base. Android was by far the most targeted platform with 400 new strains appearing in just that quarter, compared to a cumulative total of little over 100 prior to the last three months of 2011. For comparison, there were four million new strains of Windows malware in Q4 2011, compared to 6m in Q2 2011.

Scareware volumes dropped considerably between Q3 and Q4 2011, while AutoRun and password-stealing Trojan malware each showed modest declines over the same period. Mac-specific malware, which spiked in Q2 2011, dropped off in the last two quarters of last year. In June 2011, more than 250 new samples were detected but this figure trailed off to less than 50 in Q4 2011. Almost all the June samples were designed to power fake anti-virus for Mac scams.

McAfee advises Mac fans to not discount security threats, despite the decline.

“Mac malware had a big spike in the second quarter but has remained quiet since then. As always, comparing overall malware growth for the Mac with that for PCs makes the Mac threat look rather tame, but it’s always wise to protect your system, even if it’s a MacBook Air.”

McAfee Labs recorded an average of 9,300 new bad websites per day in Q4, up from 6,500 in the previous quarter. The vast majority of new malicious sites were hosted in the US, followed by the Netherlands, Canada, South Korea and Germany.

While the malware outlook remains bleak there was much better news on the junk mail front. Global spam reached its lowest point in years at the end of last year, according to McAfee. Somewhere around 1 trillion spam messages were dispatched per day in December 2011, compared to 2 trillion in May 2011. The volume of legitimate email hovered at between 450 and 500 billion messages a day during 2011. Although that put spam volumes at more than 70 per cent the figure is much improved from the dark days of the Naughties when spam volumes routinely exceeded 90 per cent.

McAfee doesn’t comment on the reasons for the decline but other observers credit the dismantling of various pharma spam operations and botnet takedowns for lower volumes of junk mail.

Instead of merely coping with the sheer volumes of junk email hitting servers, the latest challenge is countering targeted attacks. “Despite the drop in global levels, spear-phishing and spam are as dangerous as ever,” McAfee concludes. McAfee’s third-quarter threat report can be found here [PDF]. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/malware_spam_trends_mcafee/

IBM is beefing up its enterprise security offerings by creating a security platform that is aware of real-time virus information, meaning that the system will be much quicker at recognising new threats.

Marketing its updated QRadar Security Intelligence Platform as a comprehensive security solution, IBM argue that the platform will protect companies much better than a bunch of piecemeal security patches. Systems patched that way have loopholes, warned Brendan Hannigan, general manager, IBM Security Systems.

“Trying to approach security with a piece-part approach simply doesn’t work,” Hannigan said. “By applying analytics and knowledge of the latest threats and helping integrate key security elements, IBM plans to deliver predictive insight and broader protection.”

The QRadar platform – designed by Q1 Labs and acquired by IBM last autumn – will have live information about viruses fed into it from 400 different sources. It will use that information to react more quickly and effectively to detect and quash bugs. The information feed is drawn from the IBM X-Force threat repository, which combs through over 13 billion security threats a day. According to Big Blue, it is the first time that X-Force‘s threat intelligence has been incorporated into a security intelligence solution.

Another key feature of the platform is additional data-crunching capacity – which will allow the monitoring and corroborating of suspicious activity across multiple different areas.

For example, the software will track activity for unusual changes:

With security intelligence, security teams can quickly determine whether access patterns exhibited by a given user are consistent with the user’s role and permissions within the organization.

And then using information from other areas, the system will be able to combine reports of threats. The statement explains:

With IBM Guardium Database Security integrated with the security intelligence platform, users can better correlate unauthorized or suspicious activity at the database layer – such as a database administrator accessing credit card tables during off-hours – with anomalous activity detected at the network layer, such as credit card records being sent to unfamiliar servers on the public Internet.

IBM’s QRadar Security Intelligence Platform will be available before the end of March 2012. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/ibm_announce_security_platform/

Microsoft has claimed that Google has been serving third-party cookies capable of tracking users’ online behaviour even when those users have adjusted settings in the Internet Explorer browser to prevent it happening.

Dean Hachamovitch, corporate vice president of Internet Explorer (IE) at the software giant, said Google had “bypassed” the settings by using a quirk in privacy technology. He said the company had identified the problem with its system after a researcher had reported that Google had circumvented user settings on the Apple Safari browser in order to send third-party cookies to those users.

Google has argued that Microsoft’s reliance on outdated technology had forced thousands of websites to circumvent the ‘Platform for Privacy Preferences’ (P3P) system it uses in IE in order to deliver “functionality” to web users. It has also claimed that it had unintentionally served advertising cookies to Safari users when trying to deliver a personalised service to them in other ways, according to media reports.

Google has said that it was removing those advertising cookies from Safari and that, in any case, the advertising cookies the company serves “do not collect personal information“.

A spokesman for the Information Commissioner’s Office (ICO) told Out-Law.com that the watchdog was “making enquiries with Google” to establish whether the way in which it serves cookies complies with UK law.

Websites and third parties, such as advertisers, often like to record users’ online interaction in order to serve personalised content, such as adverts, based on that recorded information. Websites can use a number of methods to collect user-specific data, including through the use of cookies. Operators sometimes pass on information stored in cookies to advertisers in order that they can serve behavioural adverts based on users’ activity and apparent interests.

EU law

However, EU privacy rules that came into force last May state that storing and accessing information on users’ computers is only lawful “on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing”. Consent must be unambiguous and be explicitly given.

Those laws have been implemented into UK law by the amendment of the Privacy and Electronic Communications Regulations (PECR). The ICO’s spokesman said that the watchdog would begin enforcing the law from 26 May this year – a year on from the date the amended PECR was introduced. The ICO previously said it would give website operators a year to work towards complying with the new rules.

In a Microsoft blog, Hachamovitch said that Google had been able to send third-party cookies to Internet Explorer even if users had elected not to receive them.

“By default, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site’s use does not include tracking the user. Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent,” Hachamovitch said.

Web standards

According to web standards body the World Wide Web Consortium (W3C) P3P “allows websites to present their data-collection practices in a standardized, machine-readable, easy-to-locate manner [and] enables web users to understand what data will be collected by sites they visit, how that data will be used, and what data/uses they may ‘opt out’ of or ‘opt in’ to”.

However, Hachamovitch said the technology allows unlabelled P3P ‘policies’ to circumvent blocking measures.

“Technically, Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies,” he said.

Hachamovitch said that IE users can use other ‘Tracking Protection’ technology to prevent Google serving third-party cookies to them and that Microsoft would change the way its P3P system works.

“The P3P specification says that browsers should ignore unknown tokens. Privacy advocates involved in the original specification have recently suggested that IE ignore the specification and block cookies with unrecognized tokens. We are actively investigating that course of action,” he said.

Google said that using Microsoft’s P3P system is “impractical.”

“Microsoft uses a ‘self-declaration’ protocol (known as ‘P3P’) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form,” a Google spokeswoman said.

“It is well known – including by Microsoft – that it is impractical to comply with Microsoft’s request while providing modern web functionality,” she said.

“Today the Microsoft policy is widely non-operational,” she said.

Internet companies have been urged to establish a final standardised system that will allow users to control their privacy settings across websites by the European Commission.

Neelie Kroes, EU Commissioner responsible for the Digital Agenda, last year warned internet companies that she would “not hesitate to employ all available means to ensure our citizens’ right to privacy” if a standardised system for indicating user consent to their online activity being tracked was not agreed by June 2012. Last month Kroes reiterated her demand and reported that the technology was at that stage more of an “aspiration rather than a reality”.

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/ico_enquires_about_google_system_for_serving_third_party_cookies/

A man accused of hacking into the computers of a former British Army intelligence officer on behalf of a News of the World editor has been named as Philip Campbell Smith, also a former British Army intelligence officer.

Ex-agent Ian Hurst told the Levenson media-ethics inquiry that in July 2006 he received and inadvertently activated a trojan, which then copied his emails to the hacker who created it. Hurst confronted Smith over the issue, and recorded him admitting to sending the trojan malware to his system. It is claimed that Smith was acting on behalf of a private investigator, Jonathan Rees, who was under contract to the News of the World, aka NotW.

“He states for a three-month period, and all documents he could access via the back door trojan: our emails, the hard drive, social media, the whole range of – I mean, he didn’t say this, but the trojan that we’ve identified would have allowed the cam, your web cam, so he could have actually seen me or my kids at the desk,” Hurst told the inquiry into press standards, The Guardian reports.

Hurst was targeted as one of the few men who knew the real identity of an IRA informer dubbed “SteakKnife”. An investigation by the BBC’s Panorama claimed that Rees hired Smith to carry out the hacking at the instigation of Alex Marunchak, then an Ireland editor for the NotW under editor Andy Coulson, who was forced to resign as Prime Minister David Cameron’s spin doctor when the hacking scandal broke. In one recording made by Hurst, Smith said: “I got introduction in [sic] Andy Coulson … on my phone, he’s the first name that appears before yours. I ended up deleting it.”

Smith’s identity had been sealed under court order, following a separate case against him for having three rounds of ammunition in his possession, in which he pleaded guilty. He has also pled guilty to conspiracy to commit fraud by illegally obtaining confidential information.

The NotW senior management have admitted that phone hacking of people’s voicemail messages did occur in some cases, but computer hacking has always been denied. Several politicians and celebrities as well as lawyers involved in the inquiry have reported to the Leveson inquiry their suspicions that their email was hacked, but nothing has been proven.

In the opinion of this El Reg hack, it’s certainly likely that such hacking took place. Once someone has taken the (im)moral decision to hack into someone’s voicemail for fun and/or profit, then it’s a logical next step to check out their email as well, and virus-generation kits to do it can be had online for less than $500. It may not be too long before the NotW‘s parent company, Rupert Murdoch’s News International, faces another round of settlements as a result of this latest move. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/21/notw_computer_hacker_named/

Analysis Flaws in the way some of EMC’s RSA security division encryption keys are generated are down to a weakness in generating random numbers that’s restricted to network devices rather than digital certificates on websites, according to both RSA and cryptographic researchers.

After analysing 7.1 million keys, cryptography researchers found that 27,000 (or 0.03 per cent) of them were improperly generated, offering “no security at all”. The finding was based on an audit of public keys used to protect HTTPS connections, using data from the Electronic Frontier Foundation’s SSL Observatory project, led by Arjen Lenstra of Ecole Polytechnique Federale de Lausanne (EPFL). The team used a 2,400-year-old Euclidean algorithm to look for cases where prime factors were unexpectedly shared by multiple public keys.

The team published a paper, Ron Was Wrong, Whit Was Right , outlining their analysis and (disputed) conclusions.

A strong random number generator, properly seeded with adequate entropy, is used to generate two primes from which digital keys based on RSA are derived. Strong random number generation underpins the security of public key cryptography.

The finding from the EPFL team might suggest that the security of digital certificates on e-commerce websites was at risk, but this is not the case, according to a second group of security researchers working on the same problem.

The other group carried out a deeper analysis that tracked down the root cause of the problem: poor random number generation in embedded devices. The second team, from the University of Michigan and UC San Diego, were able to compromise a higher percentage: 0.4 per cent of digital keys. “Predictable ‘random’ numbers were sometimes repeated,” the researchers said, leading to the creation of weak keys.

However these weak keys were almost entirely restricted to embedded devices: “firewalls, routers, VPN devices, remote server administration devices, printers, projectors, and VOIP phones” from over 30 manufacturers.

Such devices typically have fewer sources of randomness than general purpose computers. This factor, together with starting off with weak entropy, lies at the heart of the problem. Only one of the factorable SSL keys by the Michigan team was signed by a trusted certificate authority – and that had already expired.

In an update to its original statement, the EPFL team accepted this more limited diagnosis of the problem with weak keys.

“It seems the scope of the problem with respect to keys associated with X.509 certificates is limited primarily to certificates that exist for embedded devices such as routers, firewalls, and VPN devices. The small number of vulnerable, valid CA-signed certificates have already been identified and the relevant parties have been notified.”

RSA speaks

In a statement, RSA said the problems uncovered by the EPFL team were down to poor implementation of random number generation rather than flaws in the RSA algorithm itself, which remains secure. RSA accepts the EPFL’s teams findings but disputes its conclusions.

On February 14, 2012, a research paper was submitted for publication stating that an alleged flaw has been found in the RSA encryption algorithm. Our analysis confirms to us that the data does not point to a flaw in the algorithm, but instead points to the importance of proper implementation, especially regarding the exploding number of embedded devices that are connected to the internet today.   We welcome this form of research into security technologies in general, as it contributes to better overall security for everyone. The RSA algorithm has withstood such scrutiny for decades from multiple sources. But good cryptography, including RSA’s, depends on proper implementation. True random number generation underpins nearly all cryptographic algorithms and protocols, and must be performed with care to protect against the weakening of well-designed cryptography.   Our analysis of the data points to the need for better care in implementation, generally tied to embedded devices.  We see no fundamental flaw in the algorithm itself, and urge all cryptography users to ensure good implementation and best practices are followed.

In a blog post, Sam Curry of RSA expanded on these points and compared random number generation to a key ingredient in a dish prepared by a restaurant. If the ingredients are poor, he argued, then the result will be unpalatable – no matter how good the chef (encryption scheme) might be.

Independent security researcher Dan Kaminsky praised the EPFL team for its analysis but faulted its conclusions.

In a lengthy blog post, Kaminsky explains that the weak random number generation bug is a problem for networking kit, rather than digital certificates on websites.

“The ‘weak RSA moduli’ bug is almost (and possibly) exclusively found within certificates that were already insecure (ie, expired, or not signed by a valid CA),” Kaminsky argues. “This attack almost certainly affects not a single production website.”

Noted cryptographer Jon Callas looked at all public keys ever signed by Entrust, finding none of them had reused RSA primes.

Experts from encryption firm Voltage Security said that the weak key issues is down to device manufacturers implementing RSA encryption in a non-standards-compliant manner. If the standards had been followed, then these weak keys would not be out there, the firm said.

“Cryptographic algorithms are almost never the root cause of security problems – at least those that are not ‘in the basement’ proprietary algorithms,” said Terence Spies, CTO of Voltage Security. “Correct implementation of any security technology is crucial, and has proven to be quite difficult.”

A useful FAQ on the practical implications of the RSA key research has been put together in a post on Kaspersky Labs’ Threatpost blog here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/21/rsa_crypto_analysis/