STE WILLIAMS

AES crypto broken by ‘groundbreaking’ attack

Updated Cryptographers have discovered a way to break the Advanced Encryption Standard used to protect everything from top-secret government documents to online banking transactions.

The technique, which was published in a paper (PDF) presented Wednesday as part of the Crypto 2011 cryptology conference in Santa Barbara, California, allows attackers to recover AES secret keys up to five times faster than previously possible. It introduces a technique known as biclique cryptanalysis to remove about two bits from 128-, 192-, and 256-bit keys.

“This research is groundbreaking because it is the first method of breaking single-key AES that is (slightly) faster than brute force,” Nate Lawson, a cryptographer and the principal of security consultancy Root Labs, wrote in an email. “However, it doesn’t compromise AES in any practical way.”

He said it would still take trillions of years to recover strong AES keys using the biclique technique, which is a variant of what’s known as a meet-in-the-middle cryptographic attack. This method works both from the inputs and outputs of AES towards the middle, reusing partial computation results to speed up the brute-force key search. The technique is designed to reduce the time it takes an attacker to recover the key.

Lawson continued:

This technique is a divide-and-conquer attack. To find an unknown key, they partition all the possible keys into a set of groups. This is possible because AES subkeys only have small differences between rounds. They can then perform a smaller search for the full key because they can reuse partial bits of the key in later phases of the computation.

It’s impressive work but there’s no better cipher to use than AES for now.

AES remains the favored cryptographic scheme of the US government. The National Institute of Standards and Technology commissioned AES in 2001 as a replacement for the DES, or Digital Encryption Standard, which was showing signs of its age.

The research is the work of Andrey Bogdanov of Katholieke Universiteit Leuven; Microsoft Research’s Dmitry Khovratovich; and Christian Rechberger of Ecole Normale Superieure in Paris. Bogdanov and Rechberger took leave from their positions to work on the project for Microsoft Research. ®

Update

Vulture Central has been deluged with missives from outraged readers complaining about the use of the word “broken” in the headline. “Broken” in cryptography is the result of any attack that is faster than brute force. The biclique technique described here allows attackers to recover keys up to five times faster than brute-force. AES may not be completely broken, but it’s broken nonetheless.

What’s more, theoretical attacks against widely used crypto algorithms often get better over time. As Root Labs’ Lawson has noted, MD5 wasn’t compromised in a single 2004 paper. Rather, people successively found better and better attacks against it, starting in the mid 1990’s.

Thanks to Reg reader Kevin 3 for bringing the facts to the discussion with this comment.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/19/aes_crypto_attack/

Oz cybercrime laws in need of repair

An Australian Senate committee has recommended that law enforcement authorities should only hand information to agencies from other countries if those countries have privacy protection that matches our own.

That’s one of the key recommendations made by the bipartisan committee looking into proposed cybercrime legislation, which tabled its report on August 18.

The committee has also recommended that the Cybercrime Amendment Bill 2011 should apply more detailed conditions to any telecommunications data that is disclosed to foreign countries, covering how that data might be retained and stored, and prohibiting any “secondary use” by the foreign country.

According to Australian Greens senator Scott Ludlam, the original Cybercrime Amendment Bill went beyond the European convention on which it was based, and the committee’s recommendations should help address what he called “overreach”.

The committee has also recommended that the Australia Federal Police provide ministerial reports on how often it discloses intercepts to foreign countries, which countries receive that data, how many disclosures are made, and how often that information gets disclosed even further.

The committee’s full report can be found here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/18/cybercrime_amendment_needs_amendments/

Microsoft, McDonald’s absolved of tracking cookie abuse

A judge has gutted a lawsuit that accused companies including Microsoft, McDonald’s, and advertising network Interclick of fraud for the use of code that tracked the browsing history of website visitors, even when they took pains to keep that information private.

Wednesday’s dismissal of claims under the federal Computer Fraud and Abuse Act and breach and interference of contract statutes came in a case that challenged the use of Adobe Flash cookies by Interclick to track people over extended periods of time as they surfed from site to site. New York City consumer Sonal Bose alleged use of the technology, and JavaScript that detected what websites she visited, were deceptive and invaded her privacy because they allowed tracking cookies to be resurrected even after she deleted them.

US District Judge Deborah A. Batts of the Southern District of New York, dismissed most of the claims brought by Bose under a rationale that’s becoming common in privacy-invasion lawsuits. The crux of her basis is that there wasn’t an injury that could be quantified in monetary amounts required by the statutes. She said the plaintiff failed to prove that the secret tracking created actual damages of $5,000 or more, as required under the CFAA.

“Only economic damages or loss can be used to meet the $5,000.00 threshold,” Batts wrote in the 28-page decision. “The limit based on economic damages under the CFAA ‘precludes damages for death, personal injury, mental distress, and the like,’” she added, quoting from a 2004 decision from the Ninth Circuit US Court of Appeals.”

She went on to say: “Advertising on the internet is no different from advertising on television or in newspapers. Even if Bose took steps to prevent the data collection, her injury is still insufficient to meet the statutory threshold.”

The judge also dismissed claims for breach of implied contract and tortious interference with contract. Several claims brought under New York state laws were dismissed against the website operators that relied on Interclick, which in addition to Microsoft and McDonald’s, included the CBS network and a US subsidiary of Mazda. She allowed claims brought under New York State law and under a trespass statute to remain against Interclick.

The ruling is the latest to dash a lawsuit alleging invasion of privacy because the plaintiff couldn’t meet the required showing of monetary damages. Facebook, prescription processor Express Scripts, and job application processor Vangent have been absolved for alleged failures to safeguard sensitive information on similar grounds. The Technology Marketing Law blog has legal analysis here.

According to the lawsuit gutted Wednesday, Interclick used Flash cookies to back up more traditional browser-based cookies it used to track which websites individual users visited. Until recently, Flash cookies – which are also known as LSOs, or locally stored objects – were significantly harder to delete. This allowed website operators in many case to recreate the deleted browser cookies, a practice known as “cookie respawning,” that was first revealed in 2009.

The lawsuit also accuses Interclick of exploiting a decade-old vulnerability in virtually every web browser that leaks the websites end users have visited recently. Interclick’s use of history-sniffing code was first documented in December by researchers from the University of California at San Diego. Most browser makers have patched the vulnerability past year or so.

Websites and ad networks continue to use LSOs and at least one was recently accused of enhancing its cookie-respawning technique. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/18/cookie_respawning_suit_dismissal/

Afghan coppers trained with Playmobil

In case you ever wondered just what kind of preparation Afghan police recruits get in order to prepare them to face the Taliban, rest assured they’re offered the very latest in high-tech training technology.

BrickArms' Toy taliban figureFor proof, check out the fourth snap in this slideshow from FOCUS online. Regular readers will note the same scrupulous attention to detail lavished on our own Playmobil reconstructions, including plastic trees, real sand and a lovingly-crafted building.

It’d be too easy to laugh at this initiative by German coppers to enlighten their Afghan counterparts as to just how you hold up the traffic while your colleague suspiciously eyes what appears to be a partially buried Smart Car, but the scene is notable for the conspicuous absence of Lego Taliban (pictured), meaning that in the world of Playmobil at least, the forces of justice always prevail. ®

Bootnote

Thanks to Matthias Toth for the tip-off.

Related stories

All of our own illuminating Playmobil set-ups can be found here.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/22/afghan_playmobil/

Cookie respawning, history sniffing case dropped

A computer user who alleged that an advertising network breached US privacy laws did not prove she had suffered sufficient damages for those charges to be further examined, a US court has ruled.

Sonal Bose claimed that Interclick’s use of Flash cookies and “history sniffing” code “invaded her privacy, misappropriated personal information and interfered with the operation of her computer”, according to a district court in New York.

Cookies are small text files that websites store on internet users’ computers. The files record users’ activity on the site. Flash cookies are files stored by websites that use Adobe Flash media, such as in adverts or video clips. Flash cookies can also back up the data that is stored in a regular cookie. When you delete cookies using your browser controls, your Flash cookies are not affected. A website that served a cookie to you that you deleted may recognise you on your next visit if it backed up its now-deleted cookie data to a Flash cookie.

Advertising networks use cookies to track user behaviour on websites in order to target adverts to individuals based on that behaviour.

Interclick used Flash cookies to “respawn” cookies Bose had deleted, and used “history sniffing” code to determine content that Bose had viewed online. Both techniques helped Interclick serve Bose with targeted ads, she claimed, according to the ruling. Bose claimed Interclick’s activity violated the US Computer Fraud and Abuse Act (CFAA), the ruling said.

Under the CFAA a person is prohibited from causing damage by intentionally accessing a protected computer without consent. Unless a damages claim for violations of the CFAA exceeds $5,000 in a period of a year no action for damages can be taken against the company under the terms of the Act, the Act provides.

The CFAA states that only claims for “economic damages” can be made. The judge ruled that Interclick’s collection of Bose’s personal information did not raise an economic “injury” that was worth more than the $5,000 threshold. Bose had argued that Interclick had obtained information about her online activity without her permission as she had taken steps to delete cookies and protect her privacy.

“Even if Bose took steps to prevent the data collection, her injury is still insufficient to meet the statutory threshold,” the judge said in the ruling.

Bose also claimed that Interclick had “impaired the functioning and diminished the value” of her computer. The judge ruled that Bose had failed to “make any specific allegation as to the cost of repairing or investigation the alleged damage” and ruled that, as a result, Bose had failed to meet the damages threshold for that charge to be further investigated by the courts.

Bose’s third claim, that Interclick caused interference with the operation of her computer, was unsubstantiated and therefore failed to meet the damages threshold for pursuing the charge, the judge ruled.

“Even if a flash cookie may reach up to 100 kilobytes in size and may occupy space on Bose’s hard drive, Bose fails to demonstrate that the flash cookie caused damage, a slowdown, or a shutdown of her computer,” the judge said. “Thus, Bose’s claim of interruption of service is insufficient to meet the … threshold,” the judge said.

Bose’s case was part of a so-called “class action” against Interclick. Class action lawsuits are common in the US, where lawyers will earn large fees for organising many similarly affected people into bringing proceedings against organisations.

Bose had argued that her damages claims should be “aggregated” with other members of the class action, but the judge said that they could not.

“[Bose] here has failed to allege facts that would allow this Court to conclude that damages meet the … threshold, even when aggregated across the putative class,” the judge said.

Copyright © 2011, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/22/privacy_charge_dropped_against_cookie_trackers/

Detective on phone-hacking probe team is arrested

A police officer working on Scotland Yard’s investigation into alleged phone-hacking at the now-defunct Sunday tabloid the News of the World was arrested by cops from the anti-corruption unit of the Metropolitan police late last week.

The Met said that on Thursday 18 August they cuffed “a serving MPS officer from Operation Weeting on suspicion of misconduct in a public office relating to unauthorised disclosure of information as a result of a proactive operation”.

They didn’t release the name of the officer, who was described as a 51-year-old male detective constable, and Scotland Yard only confirmed he had been arrested after releasing the man on bail until 29 September, pending further inquiries.

The officer was suspended from his job on Friday (19 August).

“I made it very clear when I took on this investigation the need for operational and information security. It is hugely disappointing that this may not have been adhered to,” said Deputy Assistant Commissioner Sue Akers, who is in charge of Operation Weeting.

“The MPS takes the unauthorised disclosure of information extremely seriously and has acted swiftly in making this arrest,” she added.

Meanwhile, a 35-year-old man was released on Friday, after being in police custody on suspicion of conspiring to unlawfully intercept voicemails.

He was bailed to return at a yet-to-be-determined date in October.

Reports suggested that former NotW features writer Dan Evans was the man arrested then bailed by police on Friday.

James Desborough, who joined the Sunday tabloid as a showbiz reporter in 2005 before being promoted to Hollywood editor in 2009, was arrested last Thursday as part of the Operation Weeting probe. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/22/operation_weeting_police_officer_arrested/

Sneaky tracking code (finally) purged from Microsoft sites

Microsoft has deleted code on its MSN website that secretly logged visitors’ browsing histories across multiple web properties, even when the users deleted browser cookies to elude tracking.

Microsoft announced the move in a tersely worded blog post published on Thursday. That’s the same day that a researcher revealed that MSN and three other Microsoft websites hosted JavaScript that uniquely identified users in the event they deleted tracking cookies from their hard drives. The code was copyrighted in 2007, indicating the practice may have been in place for more than four years.

To survive the cookie purges that many users perform to preserve their privacy, the JavaScript was stashed in a browser’s cache folder and contained two separate means to uniquely identify visitors. First, it included the MUID, or machine unique identifier, contained in the tracking cookie, along with instructions to recreate the file in the event it was no longer found in the browser’s cookie folder. The script also included the MUID in what’s known as an ETag that was also stored in the cache.

“We don’t really know what they were doing with this information, but it’s not obvious what this explanation would be,” said Jonathan Mayer, a graduate student in Stanford University’s computer science department, whose research brought the practice to light.

“The burden is on Microsoft to explain how it came to be there and how they used it and what they’re going to do to make sure it doesn’t happen again. As we turned over this ETag mechanism, we thought long and hard about how could they be using this legitimately. We couldn’t come up with anything.”

A spokeswoman at Microsoft’s outside PR firm declined to answer any questions about the practice, including whether it’s been discontinued on all Microsoft properties or only on MSN. She said no one inside Microsoft was available to speak about the issue.

The revelation comes as hundreds of sites including Hulu.com, Spotify, and GigaOm were recently observed using similar “cookie respawning” techniques, which are controversial because they resurrect the browsing history of users who take pains to erase them. In addition to the use of cache cookies and ETags, the respawning can also rely on cookies based on Adobe Flash, Microsoft SilverLight, and the HTML5 specification, making it hard for many people to evade.

The practice of issuing so-called supercookies and zombiecookies is the subject of numerous lawsuits. Last week, Microsoft and several other companies were dismissed from a suit alleging cookie respawning abuse because the plaintiff couldn’t quantify the monetary damages she suffered.

According to Mayer, the cookies respawned by the wlHelper.js JavaScript hosted on Microsoft sites allowed Microsoft to sync browsing histories across at least six sites, including bing.com, microsoft.com, msn.com, live.com, xbox.com, and atdmt.com, its ad-serving network.

In Thursday’s 225-word blog post, Microsoft Associate General Counsel Mike Hintze said Microsoft curtailed the practice after Mayer brought it to the company’s attention.

“We determined that the cookie behavior he observed was occurring under certain circumstances as a result of older code that was used only on our own sites, and was already scheduled to be discontinued,” he wrote. “We accelerated this process and quickly disabled this code. At no time did this functionality cause Microsoft cookie identifiers or data associated with those identifiers to be shared outside of Microsoft.”

For Mayer, who along with colleagues at the University of California at San Diego, UC Berkeley, and elsewhere have repeatedly documented websites that respawn cookies or sniff browsing history to track users against their wishes, he no longer believes companies when they say they can be trusted to police themselves.

“I really don’t think that’s possible to accept any more,” he said. “The fact of the matter is that we’re seeing, intentionally or not, companies doing things that circumvent privacy choice in a way that suggests they need to have more of a spotlight put on them, possibly by regulators.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/22/microsoft_zombie_cookie_disclosure/

Insulin pump attack prompts call for federal probe

The hack of a commercially available insulin pump that diabetics can control wirelessly has attracted the attention of US lawmakers who oversee the safety of the nation’s airwaves.

In a letter drafted earlier this week, US Representatives Anna Eshoo and Edward Markey asked members of the Government Accountability Office to ensure that wireless-enabled medical devices “will not cause harmful interference to other equipment” and are “safe, reliable, and secure.”

The letter comes two weeks after a researcher demonstrated he could remotely tamper with the insulin dosages administered by the machine he relies on to treat his diabetes. The model uses no means of authentication, making it easy for unauthorized parties to connect to it and increase, decrease, or stop the flow of the hormone.

The demonstration at this year’s Black Hat security conference in Las Vegas was the latest to show the vulnerability of a remotely controlled medical device. Pacemakers and other implanted heart devices were shown to be susceptible to serious hack attacks in research released in 2008.

Jerome “Jay” Radcliffe, the researcher at this year’s Black Hat who demonstrated the attack, has refused to identify the manufacturer of the vulnerable insulin pump. A representative of Medtronic, one of several companies that make such devices, has been quoted as saying: “To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/19/insulin_pump_hack/

ID and Passport Service uncloaks 2012 online plans

The Identity and Passport Service (IPS) is to introduce a new online passport application service in early 2012 in an effort to improve its interactions with customers.

In its business plan for 2011-12 (28-page PDF/2.2MB), the IPS says that it will replace its current PASS passport application system with one that will allow customers to apply and pay for their passport online anywhere in the world. For the first time people will also be able to check the status of their application.

“The online application channel will be of particular benefit to customers living overseas, who from 2012 will apply directly to IPS, rather than via the Foreign and Commonwealth Office, for their passport,” the document says.

The IPS will decide the future of the civil registration digitisation and indexing project this year. So far it has digitised about 50 per cent of its birth, death, adoption and marriage records, and it hopes to digitise the remaining records and place its indexes online by the end of the year.

The service will also focus on replacing or extending a number of legacy systems, and upgrade its main passport database “to ensure it remains as secure as possible”. The business plan says these changes will provide the foundation for a wider modernisation of the organisation. As a result of the National Identity Service being scrapped last year, the IPS will look at new technology to replace ageing systems, as well as hosting for its civil registration systems.

The document also reveals plans to share more services in 2011-12, most likely with the Home Office, with which the IPS already shares HR, marketing and some categories of procurement where possible. This will include an increase in the number of shared corporate functions to include finance and the remaining procurement categories.

This article was originally published at Guardian Government Computing.

Guardian Government Computing is a business division of Guardian Professional, and covers the latest news and analysis of public sector technology. For updates on public sector IT, join the Government Computing Network here.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/19/id_and_passport_service_revamps_online_applications/

Rebel hackers seize Libyan domain name registry

As fighting rages around Colonel Gaddafi’s compound in Tripoli, hackers have taken the fight online to the country’s domain name registry nic.ly.

The site’s homepage now hosts an image of the rebel flag and the message “bye bye Gaddafi”, as well as the date 17 February, the day Libyan protestors started demonstrations and were shot at by security forces, computer security firm Sophos reported.

The hackers’ flipped bird (click to enlarge)

Heavy fighting is being reported in the streets of Tripoli today after rebels seized large parts of the city on Sunday. Gaddafi’s whereabouts remain unknown, but it has been widely reported that the rebels claim to have captured his son Saif al-Islam.

Today’s fighting has followed a sustained push by rebels to topple the Gaddafi regime. Protests in early February in Benghazi turned violent when security forces opened fire on the protestors, leading to the first military action at the end of the month when Anti-Libyan government militias took control of Misurata.

In March, the Libyan National Council declared itself the sole representative for the country and began gaining recognition from Western nations, as well as Middle Eastern states including Qatar. By mid-March, NATO began its military intervention with airstrikes in the country.

Over the summer, the fighting continued as rebels slowly made their way towards Tripoli while the International Criminal Court in The Hague issued arrest warrants for Gaddafi, his son Saif al-Islam and his head of intelligence.

Finally, on Sunday, rebels entered the city, facing little real resistance according to reports on the ground. This was despite calls from Gaddafi on national television for supporters to take the streets and fight for him.

Hacking, social networks and the internet have become a growing social and political tool in the Arab world, galvanising protests and helping protestors to make wide-reaching statements. At the beginning of the war, Gaddafi attempted to strangle rebel communication by cutting Libyans off from the internet, but they are back online today after 150 days.

Messages such as “Libya is free” and “The tyranny is over” have been appearing on Twitter and Facebook in the last hour. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/22/rebel_hacker_leaves_message_for_gaddafi/