STE WILLIAMS

Oklahoma’s Department of Securities (ODS) exposed three terabytes of files in plain text on the public internet this month, which contained sensitive data including social security numbers, details of FBI investigations, credentials for remote access to computers, and the names of AIDS patients.

Researchers at security company UpGuard found the files using the Shodan search engine, which indexes internet-connected devices. In this case, they ran across an unsecured rsync server registered to ODS.

Rsync is a utility commonly found on Unix and Linux systems that enables administrators to synchronize files between different computers. It is used for ‘delta’ syncing, in which one computer copies to another only the parts of files that have changed, enabling them to maintain identical copies of the files in different locations.

The unsecured computer that UpGuard found to be using rsync meant that anyone could access the data by visiting its IP address. It’s impossible to know who else may have found it first. The one upside is that the data was identified just one week after it was exposed.

The data trove contained millions of files dating back to 1986, according to UpGuard’s report, with the most recent files dated 2016. They offered up sensitive data ranging from personal information (PII) to internal documentation, the researchers explained.

The files included PII on over 100,000 securities brokers, including the social security numbers for around 10,000 of them. One database included the names of AIDS patients.

It also contained system credentials, including remote login access for ODS workstations, login credentials for people submitting securities filings, and access credentials for third-party IT services.

The files even gave away details of FBI investigations, detailing timelines and people that the agency interviewed.

Among the files were backups of Microsoft Exchange emails dating from 1999 to 2016. The 2016 file alone had 16Gb of information. The researchers also found virtual machine backups.

The researchers said:

The amount, and reach, of administrative and staff credentials represents a significant impact to the Oklahoma Department of Securities’ network integrity.

That integrity wasn’t stellar to begin with, according to the report. UpGuard scores websites based on their security, and the Oklahoma Securities Commission (part of ODS) scored a paltry 171 out of 950 (the worst score on the ok.gov domain), indicating severe risk of breach. One of the reasons for this low score was the Commission’s use of IIS 6.0, which Microsoft stopped supporting in July 2015.

The IP address with the insecure rsync server was registered to the Oklahoma Office of Management Enterprise Services (OMES), which is a department providing services, including IT operations, to Oklahoma government agencies.

The Commission has said that it will not comment beyond a statement released earlier this week, in which it promised a thorough investigation. It said:

The ODS is also exploring remedial actions and notifications for anyone whose information may have been exposed. The ODS is reviewing internal procedures, controls and security measures to ensure such incidents cannot occur in the future.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/4aN2J5bh2Kc/

Last week, Chilean Senator Felipe Harboe took to Twitter with alarming news – he had got wind that the company running the country’s ATM inter-bank network, Redbanc, had suffered a serious cyberattack at the end of December.

Two days later, not long before a local news site published a story offering more detail, Redbanc issued a public admission that the attack had happened, confirming little beyond the statement that its network had not been disrupted and continued functioning normally.

[translated] This event had no impact on our operations, keeping our services running smoothly. As established in our protocols, we kept the different industry players and authorities informed at all times, with total transparency and spirit of collaboration.

Cyberattacks happen all the time, of course, but this one piqued people’s curiosity for several reasons.

The first was that this was a cyberattack on a company that connects and manages the ATM network for a whole country.

In banking terms, that’s quite a big deal, partly because ATM networks are a juicy target but also because it arrived in the wake of last June’s big ransomware attack against Banco de Chile.

A second bump for the story arrived a few days later when security company Flashpoint said it believed the malware used against Redbanc was PowerRatankba, a platform connected to North Korea’s Lazarus group.

These days attribution has become a big attention-grabber in ways that often drown out more down-to-earth themes buried deeper in this kind of story.

The attack

One of these is the Chilean news site’s claim that the attack started with a LinkedIn advert offering a developer role to which a Redbanc employee replied.

The attackers set up a Skype call to conduct an interview during which the individual was tricked into downloading a file called ApplicationPDF.exe, sent via a weblink, which subsequently infected the employee’s computer.

There’s a technical side to what happened next which Flashpoint analyses in some detail based on what it knows about the malware used.

The malware is said to have executed successfully enough that the attackers were able to explore the network for new security gaps. At some point, this was noticed and further probes were blocked.

A more fundamental point staring back at us is that a company running a critical piece of banking infrastructure allowed attackers into its network after one bogus Skype call.

It’s social engineering, yes, but what type of social engineering?

Had the employee encountered the same ruse in an email inbox, they would have been less likely to have fallen for the trick because that’s the place we all assume social engineering attackers will strike first.

In fact, phishing and social engineering attackers will try to crawl through any crack. What matters is not the channel but the action the target is being asked to take, in this case downloading and clicking on a file.

There are numerous ways organisations could react to a story like this that don’t simply involve stopping employees from using social media applications or downloading files.

One idea is to pen-test organisations to see where these social engineering weaknesses lie before the attackers find them.

Another is to ask employees to authenticate with whom they are communicating before accepting files from them. This simple step could rule out a lot of these attacks before they get to the stage of opening a live communication channel.

The most important might be to reinforce that these attacks happen all the time, and that they are often easy to pull off. Teach employees with a training tool such as Sophos’s PhishThreat to better spot the signs of phishing and spear-phishing.

 

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/QU4WQtcYjMc/

In October, after Twitter refused to give a user information about how it tracks him when he clicks on links in tweets (as is the right of EU citizens under the newly passed, sweeping General Data Protection Regulation [GDPR] privacy law), Irish privacy authorities launched an investigation into the platform’s privacy practices.

Things could get hairier still, given the major privacy glitch Twitter disclosed on Thursday.

We’ve become aware of and fixed an issue where the “Protect your Tweets” setting was disabled on Twitter for Androi… twitter.com/i/web/status/1…

—
Twitter Support (@TwitterSupport) January 17, 2019

Twitter said that it had become aware of a bug that, under certain circumstances, switched private tweets to public view in Twitter for Android. That bug went unnoticed for four years, from 3 November 2014 until last Monday.

The bug disabled the “Protect your Tweets” setting for Android users if certain account changes were made, Twitter said. Namely, Android users would be well-advised to check their settings if they changed the email address associated with their account during that time period.

This doesn’t affect iOS or web users. Twitter says it fixed the issue on 14 January.

Twitter also turned “Protect your Tweets” back on for users it knows were affected. The thing is, the company isn’t entirely sure that it got to every affected account. Hence, it posted the notice in the Twitter Help Center and is encouraging people to review their privacy settings to make sure “Protect your Tweets” is still set correctly.

Graham X. Doyle, head of communications at the Irish Data Protection Commission (DPC), told Bloomberg Law on Thursday that the commission hasn’t yet launched a formal investigation into this new security flaw, but that it’s mulling the matter:

The [DPC] has been notified of this data breach and we are currently assessing its contents.

A company violating GDPR can face fines of up to 4% of its annual revenue.

Liz Kelley, a spokesperson for Twitter, told Bloomberg that it acted “immediately” to fix the problem once it was discovered. She said that Twitter’s also working with regulators to address the issue.

Twitter hasn’t put a number on how many users were affected.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/4DnIeA_NdqE/

If you have an Instagram account, if you’re on Facebook or you if use Twitter, or any other social media, or read the news, own a phone or have eyes, you will probably have encountered the ten year challenge.

The challenge is the latest social media craze and it simply involves posting a contemporary photo of yourself alongside another from ten years ago. Ostensibly it’s about nostalgia and showing how much things have changed in the intervening years.

Like all good viral crazes, it’s visually interesting, conceptually simple, easy to do and replete with opportunities for poignancy, reflection, virtue signalling, celebrity humble bragging, commentary (…guilty!) and humour.

Here’s Star Trek Discovery and the Walking Dead’s Sonequa Martin-Green showing us how it’s done:

Before my family, my king and my prince, before Star Trek, before Walking Dead, before so many enlightening experiences, hard struggles, revelations and lessons, before deepened friendships, great travels, great people and countless other great things…man getting older is the BEST. #iseeyou #grateful #howharddidaginghityouchallenge

A post shared by Sonequa Martin-Green (@therealsonequa) on Jan 13, 2019 at 2:06pm PST

This meme du jour follows in the footsteps of other social media fripperies, such as the similarly self-descriptive Ice Bucket challenge and the No Makeup challenge.

Social media’s capacity to spawn viral crazes isn’t limited to challenges though. Older readers may remember becoming concerned for friends whose speech turned into incoherent jabbering about crop yields around the turn of the last decade, as they battled crippling Farmville addictions.

And surely nobody managed to escape the onslaught of quiz invitations promising to reveal what kind of animal/superhero/Disney princess/star wars character/boss/sandwich/weather system/plumbing accessory/microbe they were.

Of course we now know that the latter example, the pox of Facebook quizzes, turned out to be a giant data-gobbling bait and switch by Cambridge Analytica and its ilk. The scars from that scam are still fresh, and I suspect its those wounds that are behind the latest twist in the unfolding story of the ten year challenge: What if it’s a trap?

In the last few days, the chorus of enthusiasm for the ten year challenge has been joined by a low rumble of dissenting voices worried that it’s another scam.

A side-by-side comparison of the same person, separated by a fixed period of time is excellent fodder for training a facial recognition engine about ageing, the cynics muse.

Facial recognition of the kind used by Facebook relies on machine learning, a process that creates sophisticated computer programs through training by example. The more examples of accurately described data you have, the better.

Perhaps, they ponder, the challenge isn’t just some random outgrowth from Facebook’s planet-scale userbase, but some juicy bait to lure us into putting our heads into the maw of its facial recognition combobulator.

It seems to have started rolling with a Wired article by Kate O’Neil. Expanding on her own semi-sarcastic tweet, the author explains why the challenge might be good for Facebook:

Imagine that you wanted to train a facial recognition algorithm on age-related characteristics and, more specifically, on age progression (e.g., how people are likely to look as they get older). Ideally, you’d want a broad and rigorous dataset with lots of people’s pictures. It would help if you knew they were taken a fixed number of years apart—say, 10 years.

The article stops short of actually claiming that Facebook is behind the challenge, and it includes a rebuttal from a Facebook spokesperson, but it was enough to get the ball rolling:

Facebook did not start this trend, and the meme uses photos that already exist on Facebook. Facebook gains nothing from this meme (besides reminding us of the questionable fashion trends of 2009). As a reminder, Facebook users can choose to turn facial recognition on or off at any time.

An even more direct rebuttal appears on coverage by CBS of O’Neil’s conjecture:

Our face recognition systems are not tracking, studying, or ‘aware’ of this meme.

Of course they would say that, wouldn’t they, but that doesn’t make it untrue. Like all good conspiracies, it’s impossible to prove that it’s not true, but I’d bet my last penny that Facebook isn’t behind this and, perhaps more importantly, I don’t think it actually matters.

Firstly, as any marketing department in the world can attest, forcing something to ‘go viral’ is what everybody wants and almost nobody gets. I suppose if anyone could pull that off it would be Facebook, but there’s something else that’s likely to be far, far better at it: Facebook’s users.

The social network’s pool of over a billion users is a boiling cauldron that’s capable of conjuring memes as bizarre as the Talking Angela hoax spontaneously (that’s the one about the app with a tiny weeny paedophile in it). Indeed I suggest that Facebook (and Instagram, 4Chan, Reddit and a bunch of others) are Darwinian meme generators. The overwhelming majority of memes die early, with hardly anyone noticing, while the fittest few thrive, arriving in our timelines, looking like they were perfectly designed and ripe for post hoc rationalisation.

It’s not quite an infinite number of monkeys with typewriters but it’s the closest thing we’ve got.

Facebook wins whether it’s behind this challenge or not. It’s an ad platform and it lives and dies by the information that’s shared with it and the time we spend on it, and it’s facial recognition tech is just a means to that end. If the Ten Year Challenge has you sharing more on Instagram or Facebook than normal then it’s succeeding without having to improve its facial recognition (and if you’re happy doing it, and aware of the cost, you’re winning too, I guess).

Facebook’s algorithms have been hoovering up data like a blackhole since 2004. By 2012, Facebook’s users had made it the number one photo sharing site in the world by uploading, cataloguing, tagging, handing over rights to, and contextualising an almost unimaginable 350 million photos (and their EXIF meta data) every day.

The Ten Year Challenge won’t reach the size of a drop in the ocean if it lasts ten years.

In other words, it seems a curious point at which to worry about oversharing. If you’re worried that your Ten Year Challenge might be helping to train Facebook’s facial recognition algorithms, you’re about eight years and a trillion photographs too late.

So, rather than fretting about who’s behind this little incentive to overshare, I suggest you set your privacy settings and behaviour to match the amount of exposure you’re prepared to tolerate on whichever social media platforms you use. If you aren’t comfortable with your platform of choice using facial recognition on your photos, turn it off.

If you’re not a Facebook user, or you’re considering not being one, read Maria Varmazis’ article about how to share photos – without using Facebook.

And then enjoy the Ten Year Challenge, some of them are hilarious.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/_kRF7ZEO17I/

These days, a lot of your data gets encrypted when you save it to disk or send it over the internet.

The data gets decrypted again when you read it back in or after it’s received at the other end.

For that, you need some sort of cryptographic algorithm – what’s known in the jargon as a symmetric cipher or secret-key encryption.

Symmetric ciphers use the digital equivalent of a key, typically a string of characters, to lock and unlock the data.

In this article, we’ll take a journey through the history of symmetric ciphers during the pen-and-paper era, before mechanical and electronic encryption devices came onto the scene.

From Julius Caesar in the first century BC to Joseph Mauborgne at the end of the second millennium AD, we’ll look at:

• How each generation of algorithms worked.
• Why they fell by the wayside.
• What was better – or not! – about what came next.

The good news is that you won’t need to wade through any advanced mathematics to appreciate this fascinating story…

..and even though we’ll end our journey just over 100 years ago, during World War One, there’s still plenty we can learn from it.

We’ll start where many cryptographic histories kick off, with the Caesar cipher, named after military commander and political supremo Julius Caesar, who lived, fought and ruled in the first century BC.

As you can imagine, given the writing technology available at the time, Caesar needed a system that was simple both to use and to explain.

If you want to send an encrypted message to someone else, they have to be able to learn the system easily and to unscramble messages reliably.

Casear simply moved each letter of the alphabet back three places:

There are also letters to Cicero and to friends on private matters in which, if things were confidential, he used a cipher, rearranging the alphabet so the words were unintelligible. Anyone who wanted to decipher them had to shift the letters along four places, writing D for A and so on. [Informal translation by Naked Security.]

(In English, we describe D as three letters after A in the alphabet, but the Ancient Romans included both ends of the range when counting, so that moving from A to D in Latin is a shift of four places.)

The most obvious weakness of the Caesar cipher is that there are only 25 different possible keys, assuming the 26-letter alphabet used for English.

In the jargon, we say that the keyspace is 25:

In other words, the easiest attack on a Caesar cipher is what’s now known as brute force – try every possible key until you hit the jackpot, assuming that the original message makes sense and can be recognised easily.

LESSON 1 – KEYSPACE

Encryption algorithms need enough keyspace to make a brute force attack unfeasible, or else the crooks can always win.

Remember that when you are encrypting data that might fall into an attacker’s hands, you are protecting against what’s called an offline attack That’s where you have no control over how much time, energy, computing power or trickery the Bad Guys might invest in cracking the puzzle.

A five-digit PIN code is just about good enough to keep your bank card secure because the PIN isn’t stored on the card and can’t be recovered from it. The only way to figure out the PIN, given the card, is an online attack, where you present the card at an ATM, enter a PIN and ask the system to see if it’s correct. After three mistakes, the card gets invalidated, and the attack has failed.

But when the crooks are trying to decrypt already-stolen data, you have no way of limiting how hard they can try, so you need to assume they may try for months, or even years. Offline attacks can draft in thousands of powerful servers, or even build special-purpose cryptographic cracking machines.

Increasing the keyspace

One way to increase the keyspace of a Caesar cipher is to shuffle the alphabet rather than just to shift it.

The key becomes more complex to create and to remember, being a 26-letter alphabetic permutation, but the number of possible keys increases enormously:

You have 26 letters to choose from when you pick the replacement character for A, then 25 replacements for B, and so on, for a total of 26 × 25 × 24 … 3 × 2 × 1 different keys.

That’s a whopping number: 403,291,461,126,605,635,584,000,000, in fact.

That number is bigger than 2⁸⁷, meaning that when written out in binary, it needs 88 bits.

The US security standards body NIST currently recommends at least 128-bit keys for new cryptographic software, but 80 bits is still considered acceptable for legacy applications, more than 2000 years after Caesar.

Unfortunately, just having lots of possible keys is not enough on its own.

Whether you shift or shuffle the alphabet, a Casear cipher always replaces the letters in the same way.

If the first E in your document encrypts to X, for instance, then every other E will come out as X as well.

In other words, the letter frequencies in the plaintext will be mirrored exactly in the ciphertext, as in this example from the text of the King James Version (KJV) of the Bible:

If the attackers know the likely topic of the message they want to crack, they can use the statistical properties of other material on the subject to help them recover the key.

Here are the letter frequencies in the KJV, compared with the frequencies in our encrypted fragment:

To crack a Caesar cipher, we start by making a reasonable guess – here, we’ll start with the likely assumption that C=E, simply because C is the most common letter in the ciphertext, and E the most common in unencrypted English:

... . .E..... ......... .. .E .....E.E. ...E ..E.E .E ... ... ..E. .E ... ... .E ... 
.......... .. ... ... .E.. .. ... ... ..... .. ... ...... ....... .. ... ... ...E ... 
.E. ... .. ... ... .E... ... ....... ... .. .. ... ... .... ...E .. ...

... .. ..E ...... ..E. .E .E....E. .E .... ... ... .E..E ... ...E ..E. .. ..E .... 
... .... .... ... ...E ...E .. ... ... ......E.E. .... ..E..E.. ...E ..E. . ...E 
..... . .... .E... ..EE

This is 17th century language, so it’s a good guess that the final word ..EE is going to be THEE, which helps us figure out two more of our top six letters, assuming that R=T and F=H:

..T . .E.T... ......T.. .. HE .....E.E. ...E .HE.E HE ... ... .HE. HE ... H.. HE H..
.......... .. H.. ... .E.T T. H.. ... ..... .. H.. ...... ....... .. ... ... ...E ... 
.ET H.. .. H.. ... .E..T ... .....HT H.. T. .. ... ... T... ...E .. H..

... .. THE ...... .HE. HE .E...TE. HE T... ..T T.. .E..E ... ...E THE. T. THE H..T 
... .... ..T. H.. T..E ...E .. H.. ... .H.T..E.E. TH.. ..E..E.T ...E .HE. . ...E 
..... . .... .E... THEE

The Ts, Hs and Es are combining neatly so far, so we’ll accept these substitutions for now, and look at the rest of our top six list, the letters A, N and O.

The letters A and N are common partly because the words AN and AND are common, and KJV verses frequently begin with AND.

(The word BUT commonly starts sentences too, so we’re happy to say that you can forget the “rule” you were taught at school about not using conjunctions to begin sentences.)

The first verse starts ..T, which could indeed stand for BUT, so let’s guess that the second verse starts with AND, which comes out as YLB in the ciphertext.

Given that AND is a common word, our guess is supported by the presence of several other instances of YLB in the encrypted data.

Let’s try setting A=Y, N=L and B=D:

..T A .E.TA.N .A.A..TAN A. HE ....NE.ED .A.E .HE.E HE .A. AND .HEN HE .A. H.. HE HAD
....A....N .N H.. AND .ENT T. H.. AND ...ND .. H.. ...ND. .....N. .N ... AND ..NE AND 
.ET H.. .N H.. ..N .EA.T AND .....HT H.. T. AN .NN AND T... .A.E .. H..

AND .N THE ...... .HEN HE DE.A.TED HE T... ..T T.. .EN.E AND .A.E THE. T. THE H..T 
AND .A.D .NT. H.. TA.E .A.E .. H.. AND .HAT..E.E. TH.. ..ENDE.T ...E .HEN . ...E 
A.A.N . .... .E.A. THEE

Looking good!

At this point, .HEN can’t be THEN, so it’s probably WHEN.

We’ve also got SAMARITAN as a likely match for .A.A..TAN, given what we know about Middle Eastern history, and DEPARTED jumps out as a probable fit for DE.A.TED.

Adding in our earlier guess that the first verse starts BUT, and we are as good as finished:

BUT A .ERTAIN SAMARITAN AS HE ..URNE.ED .AME WHERE HE WAS AND WHEN HE SAW HIM HE HAD
..MPASSI.N .N HIM AND WENT T. HIM AND B.UND UP HIS W.UNDS P.URIN. IN .I. AND WINE AND
SET HIM .N HIS .WN BEAST AND BR.U.HT HIM T. AN INN AND T... .ARE .. HIM

AND .N THE M.RR.W WHEN HE DEPARTED HE T... .UT TW. PEN.E AND .A.E THEM T. THE H.ST 
AND SAID UNT. HIM TA.E .ARE .. HIM AND WHATS.E.ER TH.U SPENDEST M.RE WHEN I ..ME 
A.AIN I WI.. REPA. THEE

The rest follows easily, based on letter frequencies alone.

LESSON 2 – MIX-UP

Encryption algorithms need to mix their data up sufficiently to disguise any patterns that might leak from the plaintext to the ciphertext. Simply put, the output of a decent encryption algorithm should be indistinguishable by statistical analysis from a string of random numbers.

Note, however, that an algorithm with no obvious biases in its output is not secure on that basis alone. If you encrypt data that’s already been compressed, for example, you are starting with random-looking input and so even cryptographically inadequate mixing may make the output pass most or all well-known tests for randomness.

But any encryption algorithm that does have biases in its output is almost certain to be no good.

Increasing the mix

By the 1500s, cryptography expert Giovan Battista Bellaso had come up with a way of improving the Caesar cipher without greatly increasing the complexity of the encryption process.

His cipher is now known as the Vigenere, named (or mis-named, if you prefer) after the diplomat and cryptographer Blaise de Vigenère, who came up with a different but related idea later in the 16th century.

This system uses multiple Caesar ciphers in sequence to disguise patterns in the input, and to skew the frequency distribution of the ciphertext.

You think of a password, such as CRYPT, and then use each letter of the key in turn to pick a different Caesar shift for each input letter, using a table like this:

Our first input word is BUT, and the first three letters of the key are CRY, so we use the third row, labelled C, to shift B forward two places to D; we shift U using row R, giving L; and T is “Caesared” with row Y to produce R.

Last time, every letter in BUT was shifted the same amount to give ZSR; this time we end up with DLR.

When we reach the end of the key, we wrap round and repeat the sequence of different Caesar shifts again.

You can clearly see how this throws off the distribution of letter counts in the encrypted data, as well as helping to disguise repeated letters and words in the input:

But there’s still not enough mixing going on – with only five different Caesar shifts, there’s a 1-in-5 chance that any repeated text will remain the same in the encrypted output.

For example, in the second verse, THE comes out first as VYC and then as IAG, but in the word THEE at the end, the letters THE are re-aligned with the key in a way that once again produces VYC.

Also, at heart, a Vigenere cipher with a key of N characters is really just N separate Caesar ciphers, each of which can be solved separately using letter frequencies, as we did above.

To figure out the likely length of the key, we can try counting the frequency of every second byte, then every third byte, and so on, looking for a split that gives a similar frequency to unencrypted text:

When we guess the keylength correctly, we suddenly see a frequency distribution that lines up with the input data much better than any of the others.

LESSON 3 – COMPLEXITY

Encryption algorithms don’t necessarily get better just because you add a bit more complexity.

The Vigenere cipher is harder to crack than a pure Caesar cipher, but at heart it isn’t sufficiently different, and can be cracked using exactly the same techniques applied slightly differently.

Processing more data at a time

The problem with both the Caesar and Vigenere ciphers is the one-letter-at-a-time approach.

Even if you don’t have digital computers at your disposal, frequency analysis based on individual characters is just too easy.

Encrypting more letters at one go – essentially using an much bigger alphabet than just A to Z – was the approach taken by nineteenth century scientist and prolific inventor Charles Wheatstone.

His cipher became known as Playfair, after Lyon Playfair, a scientist and politician who promoted its use.

Playfair encrypts two characters at a time, so that an attacker needs a frequency table for all two-letter pairs, or digraphs, from AA to ZZ.

One letter of the alphabet, such as Q, is dropped, or two letters, such as I and J, are combined, so the 25 remaining letters will fit into a 5×5 alphabetic grid.

After entering a permutation of the alphabet into the grid, you use the mixed-up grid to encrypt two letters at a time.

The method involves imagining a rectangle with the plaintext letters at the top and bottom corners, and then writing out the letters at the opposite corners of the rectangle as your ciphertext:

If the two letters are in the same row or column, you simply use the two letters to the right or below instead:

The two-letters-at-a-time substitution makes statistical analysis harder, because there are 26 × 26 = 676 letter pairs to keep track of.

Unfortunately, using a 676-entry “alphabet” still isn’t enough to put Playfair beyond the reach of an attacker working manually with pen and paper.

There are also various anomalies in the Playfair algorithm that reduce its randomness in a way that helps crackers.

One problem is that there’s no easy way to encrypt paired letters, such as the OO in BOOK or the NN in FUNNY, because you need two different letters in the grid to make a substitution rectangle.

The algorithm therefore requires you to add dummy characters, such as X or Z, between paired letters in order to force them to be encrypted as two different letters.

But the absence of letter pairs in the input means that you’ll never see letter pairs in the ciphertext.

In other words, the ciphertext can never end up truly random-looking – you should get the same letter twice in a row 1/26th of the time (3.8%) if you’re relying on chance – and so the Playfair cipher can never satisfy the mix-up rule we laid out above in Lesson 2.

Also, because of the way the character substitution process works, reversing any letter pair will produce a reversed ciphertext pair.

If RS encrypts as EK, as shown above, then SR will come out as KE, being the diagonal corners of the same substitution rectangle in the opposite order.

So, if you were to see the ciphertext AM RV VR, and the letter pair AM occurred elsewhere fairly regularly, you might immediately guess that the plaintext word was INDEED.

Playfair was subsequently extended to a version that used two squares of alphabetic patterns, and even to a four-squared variant that produced better randomness by allowing you to encrypt letter pairs such as OO and EE directly.

But the 2-square and 4-square variants were much more cumbersome to use, and still didn’t address the problem that the underlying cipher always produced the same output for the same input.

The words THE and AND, for instance, can only form the letter pairs TH Ex, xT HE, AN Dx and xA ND, which is why the digraphs TH, HE, AN and ND stand out at the top of the frequency chart above.

LESSON 4 – RANDOMNESS

Extra algorithmic complexity can help, but isn’t enough on its own.

Playfair ciphers feel quadratically more complex than Caesar ciphers at first, because you’re dealing with 26² encryption units at a time instead of just 26.

But the same frequency-counting techniques that help you crack Caesar and Vignere work with Playfair too, because the output simply isn’t random enough.

One cipher to rule them all

We generally don’t rely on pen-and-paper encryption any more, because we simply can’t match by hand the amount of mixing-mincing-shredding-and-liquidising that computers can perform when scrambling data.

Modern encryption algorithms like the Advanced Encryption Standard (AES) use a cryptographic alphabet in which each “letter” is 16 bytes long, and the cryptographic keys are up to 32 bytes long:

AES can encrypt the input 15CHARSATATIME-x all in one go, as if it were a single letter in a truly enormous alphabet, using a beefy key such as AESKEYCANBE256BITSWHICHIS32BYTES.

This sort of algorithmic complexity just wasn’t practical in the pen-and-paper era:

Despite the enormous key and alphabet sizes, however, even AES doesn’t offer perfect security.

With the right combination of wits, time, computing power and luck, AES-encrypted data can sometimes be cracked.

Interestingly, however, a perfectly secure cipher – perfect in both the mathematical and the practical senses – does exist, and it was invented more than 100 years ago during the First World War by US Army officer Joseph Mauborgne.

It’s known as a one-time pad, and in simple terms it’s just a Vigenere cipher in which the key is totally random and never repeats – in other words, the key is as long as the text:

The reason it’s perfectly secure in a mathematical sense is that every possible key is equally likely, and because the key is as long as the input, every possible decryption is equally likely.

There’s simply no way to tell which key, and therefore which plausible decryption, is the right one:

Of course, for all that the one-time pad can be made be perfectly secure in practice, it’s not very practical.

In particular, the keys really do have to be random; every byte of every key must be used at most twice (once for encryption and once for decryption); and the sender and recipient need to keep their keystreams synchronised and secret at all times.

Generating and distributing that much key material securely is both costly and complicated, which is why one-time pads have traditionally been used only by intelligence agents in the field or for top-level diplomatic communications.

In fact, the strength of the one-time pad can also serve as its enemy: if you run out of key material, you might be tempted to use the same key for more than one message.

Doing so, however, ruins the “perfect unpredictability” that comes from truly random keystream data.

By all accounts, in a project known in the trade as Venona, the US successfully decrypted small amounts of top-secret Soviet diplomatic traffic sent between about 1942 and 1948.

Apparently, the organisation that produced Soviet one-time pads struggled to keep up with wartime demand, and sometimes reused old printing plates to speed up the creation of key pages.

This resulted in occasional messages that were encrypted with the same keystream, and those messages could, in theory at least, be cracked.

The lessons learned

The pen-and-paper history of cryptography and cryptanalysis is fascinating, not least because you don’t need to wade through advanced mathematics to get a feel for the hack-and-counter-hack nature of the field.

It’s also relevant, because the evolution of cryptographic and cryptographic algorithms teaches us some fundamental lessons that apply even in the modern era:

• Key size matters. A cryptosystem in which a crook can feasibly try every possible key just isn’t good enough, so you need to be sure that the underlying algorithms put what’s known as a brute-force search out of reach.
• Key size alone is not enough. A cryptosystem in which a crook can take shortcuts to sidestep a brute force attack is no good either.
• Randomness matters. A cryptosystem that shows any sort of bias in its output shouldn’t be trusted, because there may be systematic weaknesses in how well it mixes up its input.
• Randomness alone isn’t enough. A cryptosystem must produce output that seems random, but data isn’t secure simply because it passes all known tests for randomness.
• A correct algorithm alone isn’t enough. A cryptosystem can’t meet its security promises if it isn’t used correctly, for example by turning a one-time pad into a two-time pad.

The good news about cryptography in 2019 is that there are few technical reasons for cutting corners and not “doing it right”.

Modern computers – even if you add low-cost Internet of Things devices to your list – generally have sufficient computing power to support the latest, fit-for-purpose algorithms.

Modern encryption algorithms are generally free to use, and high-quality implementations are freely available if you search wisely.

What next?

Our biggest problem these days seems to be avoiding the interference of well-meaning governments who want to regulate the use of encryption in ways that deliberately weaken it.

At Sophos, we’ve long been against forcing vendors to use cryptographic algorithms in a way that purposely prevents them meeting their security promises – such as mandating the inclusion of so-called backdoors.

As cryptographers love to say, “Attacks only ever get better,” so we might as well keep our defences up to scratch…

---

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/WhjvWJXh1Cs/

Roundup This week we wrangled with alleged Russian election meddling, hundreds of millions of username-password combos spilled online, Oracle mega-patches, and cliams of RICO swap-gangs.

While all that was happening, here are a few more bits and bytes of infosec news.

Swipe right… to steal private info for Safari

It seems a new weakness in the Mac Pro has been uncovered by a swipe-happy bug-hunter.

Security boffin Dhiraj Mishra says that Apple’s high-end notebook can be tricked into handing over private information via its multi-gesture trackpad. Mishra explains that Safari fails to clear out some dynamic data (such as the contents of logged-out email accounts) when it activates the swipe gesture to move between pages.

What does this mean? Well, take for example the video demo below.

Youtube Video

An insecure Android file manager app, ES File Explorer, with 100-million-plus downloads, opens a HTTP web server to the local network, allowing any miscreant able to reach the device to download files at will, and all list your apps and documents (CVE-2019-6447). A new version of the manager is available with this security hole plugged, so if you’re using this software, go grab it from the official Play Store.

Canadian fraudster betrayed by sloppy typeface

A crook in the Great White North has been put on ice after he was betrayed by his fonts.

According to this account from the National Post, a former telco exec going through bankruptcy proceedings, had produced two legal documents claiming a pair of his properties were held in a public trust, and thus protected from seizure by the bank.

Unfortunately, a review of the documents found that the typeface in both had been invented after the papers were said to have been drafted up and signed. One document was said to have been written, printed and signed in 1995 but used a font only released in 2002, and the other said to have been written and signed in 2004 used a font released in 2007. The papers were thus proved to be forged, and his claims the properties were shielded from seizure were invalidated.

The moral of the story: always forge in Times New Roman.

VOIPO-No! IP yak tool leaks data

Yes, we have yet another case of an unsecured cloud data store being unearthed via a Shodan search.

This time, the info silo was an insecurely configured AWS Elastic Search instance run by Voipo, a VoIP service based in California.

Justin Paine, Cloudflare security bod by day and breaker of internet things by night, found that the exposed database include things like call and SMS logs as well as some internal documents. The open database was privately reported and sealed up before public disclosure this week.

Now would be a good time to go back over your cloud database and storage instances to make sure everything is locked down properly.

China job-seekers get some unwanted recruiting help

When is exposure not a good thing for job-hunters? When it’s the unintended breach of more than 200 million CVs containing detailed personal information.

Researcher Bob Diachenko discovered an unprotected database that contained hundreds of millions of extremely detailed CVs from people in China looking for work.

Aside from job experience and references, the documents included things like personal phone numbers and marital status, height and weight, and ID and driver’s license numbers.

Once again, the culprit was a MongoDB database that had been left open to public access, and thus was able to be crawled via BinaryEdge.

Project Zero flushes out kernel bugs

Bug-finder Jann Horn of Google’s esteemed Project Zero crew has provided an interesting look into a particularly insidious class of bugs in operating system kernels, in particular in this case, Linux.

The vulnerabilities lie in TLB (Translation Lookaside Buffer) flushing. Should something go wrong with those operations, potentially sensitive system information can end up being exposed to user processes.

“Such bugs can, if the timing works out for the attacker, provide very strong exploitation primitives for local attacks; and they are hard to discover unless you are manually looking for them,” Horn explained.

“They are probably not a big bug class, but occasionally, bugs in TLB flushing logic do happen.”

You can read the full post here.

DDoS-for-hire scheme lands African telco in hot water

Last week we reported on the 32-month sentence handed out to the hacker behind a massive Mirai botnet attack on a Liberian telco.

Now, it seems that the rival who paid for the attack could also find themselves in legal trouble. Cellcom is reportedly facing a suit from Lonestar Cell for allegedly bankrolling the massive sustained DDoS that Lonestar suffered at the hands of hacker Daniel Kaye in late 2016.

In addition to Cellcom itself, the suit is also said to name Kaye and a pair of company executives as defendants in the case. Lonestar is seeking damages to cover the lost revenues it incurred while dealing with the attack.

Tenable blows holes in building security system

A report this week from Tenable outlines how multiple zero-day flaws in the Identicard PremiSys building security and surveillance systems could be used to bypass access protections.

According to the researchers, the PremiSys hardware contained bugs such as hardcoded credentials, weak encryption, and default credentials could all be used to open databases, harvest credentials, and collect information needed to manipulate both building controls and surveillance databases.

Perhaps worst of all was the complete lack of response the Tenable crew got after issuing their report.

“According to Tenable’s disclosure timeline, multiple attempts were made to contact the vendor to address these vulnerabilities,” Tenable said.

“The Computer Emergency Response Team (CERT) was notified of these vulnerabilities. As of January 9, the vendor hasn’t responded. The 90-day disclosure period ended on January 3, 2019.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/01/19/180119_security_roundup/

Avid runner and hitman Mark Fellows was this week found guilty of murder after being grassed up by his Garmin watch.

Fellows, 38, was convicted of the murder of two men by Liverpool Crown Court in England. His accomplice, Steven Boyle, 36, said to have served as a spotter in one of the killings, was also convicted of murder.

Evidence presented by Crown prosecutors against Fellows included CCTV footage, phone data, and location data that indicated a lengthy reconnaissance of one of his victims.

Described by the Liverpool Echo as a fitness fanatic, sous-chef, and family man, Fellows – known by the nickname “Iceman” – was suspected of murdering Paul Massey, 55, an underworld figure from the city of Salford. Massey died in a fusillade of bullets on July 26, 2015, outside his home.

The murder last year of a Massey associate, Paul Kinsella, 54, helped investigators break the case, which is said to revolve around a gangland feud. Kinsella was killed on May 5, 2018, by a masked gunman on a bicycle wearing a high-visibility vest.

Baltimore cops: We flew high-res camera planes to film your every move

READ MORE

The vest and bicycle, with distinctive yellow markings and black tape, were easily spotted on CCTV footage. So too apparently was Fellows, which prompted detectives to search his home where they found a Garmin Forerunner watch.

The watch “provided key evidence for the Massey case,” the Liverpool Echo says.

Searching through the device’s GPS data trail, investigators found Fellows had been conducting reconnaissance near Massey’s home on April 29, 2015. After scouring mobile cell site data, CCTV, and vehicle license plate reader data, detectives found a car that belonged to Fellows had been driving past Massey’s house at least two times a day in the week prior to the killing.

Boyle, cleared of involvement in the Massey murder but convicted in the killing of Kinsella, made matters worse for Fellows by giving testimony – “grassing” in British English or “snitching” in American parlance.

The BBC and Liverpool Echo both report that Fellows made a throat-cutting gesture, and mouthed the word “grass” to his former associate in the witness box.

Fellows was sentenced to life in prison without parole on Thursday; Boyle received a sentence of 33 years to life. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/01/19/who_watches_the_hitmen_garmin/

But rate of funding appears unsustainable, according to Strategic Cyber Ventures.

Investors continued to pour money into the US cybersecurity market last year, as well as into several other countries, notably the UK, China, and Israel.

New data from Strategic Cyber Ventures shows that venture capital investments and average deal sizes involving cybersecurity firms both reached record highs in 2018.

At $5.3 billion, VC funding in 2018 was about 20% higher than the $4.4 billion in 2017 — and a whopping 81% higher than in 2016, when the market witnessed a slowdown of sorts. The total number of deals in 2018, at 332, was slightly lower than the 345 deals VC firms struck with cybersecurity firms in 2017. However, the average deal size of $15.8 million in 2018 was a record.

Much of the “heavy right skew” in deal sizes had to do with a handful of megadeals involving transactions of over $100 million, according to Strategic Cyber Ventures. In total, there were eight such transactions last year — and seven companies — that accounted for nearly $1.4 billion in VC funding. In comparison, the seven transactions that were over $100 million in 2017 totaled about $730 million.

VPN provider AnchorFree secured the largest deal last year — a $295 million round of funding led by WndrCo, with participation from several other firms, including Accel, SignalFire, and Green Bay Ventures.

Other companies that secured substantial funding in 2018 included Tanium, which raised $375 million in two separate funding rounds, giving it a valuation of $6.5 billion; CrowdStrike, with a $200 million Series E funding round in July that valued the firm at $3 billion; and Netskope, with a $168 million deal in November. For several of the vendors with megadeals last year, the investments were their second or third rounds of funding and were likely a prelude to an IPO this year, Strategic Cyber Ventures said in its report.

Cybersecurity mergers and acquisitions activity remained strong last year. Among the biggest were Cisco’s $2.4 billion purchase of Duo Security; BlackBerry’s $1.4 billion acquisition of Cylance; and RELX Group’s $817 million buyout of ThreatMetrix. Thoma Bravo’s $1.6 billion acquisition of Barracuda was the biggest of several major private equity investments in the cybersecurity space last year.

Cybersecurity companies with IPOs in 2018 generally fared better that companies in 2017. The four biggest IPOs on the major stock exchanges last year — Avast, Tenable, Zscaler, and Carbon Black — raised about $1.4 billion—or nearly double that raised by the top four companies with IPOs in 2017.

“There are several reasons 2018 was a record year for cybersecurity investment,” says Chris Ahern, principal at Strategic Cyber Ventures.

VC markets were flush with funds, and money from some massive funds that were formed over the past few years made its way to the cybersecurity market, Ahern says. There also were some strong exits in the space via IPOs and MAs. “The problems aren’t going away,” Ahern notes. “2018 had several massive, high-profile breaches, and I think we’ll continue to see this into 2019.”

Impressive as the investor interest has been, the outlook for the future is somewhat unclear. Ahern does not think the rate of investment in cybersecurity is sustainable for much longer. “We’re seeing increased competition in the space, vendor fatigue expressed by CISOs, and ‘noise’ from companies that throw around buzzwords like ‘AI’ that distract from real builders of cybersecurity companies,” he says.

Eric McAlpine, managing partner at Momentum Cybersecurity Group, which is about to release its own report on VC and MA activity in cybersecurity, says last year indeed was a “banner year” for vendors in the space.

Momentum’s numbers for investment activity in 2018 are higher than that of Strategic Cyber Ventures. According to McAlpine, investors poured in a record $6.2 billion into cybersecurity compared with $5.4 billion in 2017, which in itself was a record.

But a close examination of the numbers shows fewer deals involving Series A investments, which is the first round of investor funding, in favor of later stage or growth-oriented investments, McAlpine says.  “At Momentum Cyber, we certainly expect continued growth in investment activity in cybersecurity,” he says.

Related Content:

• Spending Spree: What’s on Security Investors’ Minds for 2019
• Why Security Startups Fly – And Why They Crash
• First Women-Led Cybersecurity Venture Capital Firm Launches
• 20 Cybersecurity Firms to Watch

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/vc-investments-in-cybersecurity-hit-record-highs-in-2018/d/d-id/1333693?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The most common vulnerabilities seen last year run the gamut from cross-site scripting to issues with CMS platforms.

It’s entirely 2019, but that doesn’t mean it’s too late to look at lists of superlatives from 2018. In one of the latest, a security firm has released its list of the top application security vulnerabilities of 2018.

WhiteHat Security put together this list of the most common web exploits used by malicious hackers in 2018, and their list contains both new vulnerabilities and “classics” that continue to haunt the waking dreams of security professionals.

Setu Kulkarni, vice president of corporate strategy at WhiteHat Security, says that the majority of the breaches on the list come from one of two “epicenters” in software development. The first is in the wide use of open-source tools, functions, and applications in projects. “Developers can use public APIs to quickly deliver application functionality that is creating or opening a new set of vulnerabilities that that customers and the industry have to deal with,” he explains.

The other vulnerability epicenter, Kulkarni says, is the rapid-fire develop/deploy cycle exemplified by DevOps. “Devops, micro services, and open source are also contributing a new set or a new kind of vulnerability into the mix because developers have now more power to push code into production,” he says.

The 10 top vulnerabilities include issues as new as the jQuery File Upload vulnerability (CVE-2018-9206), a WordPress DoS attack (CVE-2018-6989), and two versions of Drupalgeddon, to malware like Magecart. There are also classic vulnerabilities like cross-site scripting still found on the list of most common vulnerabilities of 2018. 

Asked about the reasons that put a vulnerability as old as cross-site scripting on last year’s list, senior WhiteHat Security researcher Mark Rogan says that schools and training programs continue to emphasize speed over security when teaching developers. And that’s a shame, he points out, since cross-site scripting is relatively easy to close. “All you have to do is validate your input and encode your data. If you do that, goodbye cross-site scripting,” Rogan says.

Kulkarni says that, despite vulnerabilities that are common in applications developed through a devops process, devops is absolutely the right development model for the modern world. The important thing, he says, is to make sure that devops is done right. “It’s absolutely necessary to build developers and train them in schools to write more secure code, but it’s also important to have security tests that are performed at the right time.”

He continues, “And what’s even more important is that when these tests are performed, the feedback that goes back to the developer has to be accurate and very contextual.”

Related content:

• PCI Council Releases New Software Framework for DevOps Era
• Container Deployments Bring Security Woes at DevOps Speed
• 5 Things the Most Secure Software Companies Do (and How You Can Be Like Them)
• Automating a DevOps-Friendly Security Policy

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities-and-threats/2018s-most-common-vulnerabilities-include-issues-new-and-old/d/d-id/1333694?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The South Korea Ministry of National Defense says 10 of its internal PCs have been compromised by North Korea unknown hackers.

Korea’s Dong-A Ilbo reports that the targeted machines belonged to the ministry’s Defense Acquisition Program Administration, the office in charge of military procurement.

The report notes that the breached machines would have held information on purchases for things such as “next-generation fighter jets,” though the Administration noted that no confidential information was accessed by North Korea the yet-to-be identified infiltrators.

North Korea The mystery hackers got into the machines on October 4 of last year. Initially trying to break into 30 machines, the intruders only managed to compromise 10 of their targets.

After traversing the networks for more than three weeks the intrusion was spotted on October 26 by the National Intelligence Service, who noticed unusual activity on the procurement agency’s intellectual property servers.

An investigation eventually unearthed the breach, and concluded that North Korea the mystery hackers did get into a number of machines but didn’t steal anything that would be of use to North Korea a hostile government .

It is with a heavy heart that we must inform you hackers are targeting ‘nuclear, defense, energy, financial’ biz

READ MORE

The incident was disclosed earlier this week in a report from a South Korean politician.

“It is dubious whether the agency issued a conclusion to conceal damage and minimize the scope of penetration,” Dong-A Ilbo quotes Lthe politico as saying.

“Further investigation to find out if the source of attacks is North Korea or any other party.”

The report notes that the attack on the Defense Acquisition Program Administration appears to be part of a larger effort by North Korea an unknown group to infiltrate networks throughout the South Korean government in order to steal data.

The government says it is working on “extra countermeasures” to prevent future attacks by North Korea mystery foreign groups. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/01/17/south_korea_defense_ministryt_hacked/