NSA’s broken Dual_EC random number generator has a “fatal bug” in OpenSSL

If a fatal flaw afflicts a critical cryptographic function used by no one, what are open-source developers to do? Until recently, such a predicament might have been regarded as a mere philosophical thought experiment, but no more.

An advisory published Thursday warns that a "FIPS module" of the widely used OpenSSL library contained a "fatal bug" in its implementation of Dual EC_DRBG. Credible doubts about the trustworthiness of the deterministic random bit generator surfaced almost immediately after National Security Agency officials shepherded it through an international standards body in 2006. In September, those fears were rekindled when The New York Times reported the algorithm may contain an NSA-engineered backdoor that makes it easier for government spies to decode encrypted communications.

The fatal Dual EC_DRBG bug resides in the FIPS Object Module v2.0, an optional OpenSSL library used to build crypto apps that are certified by the US government's Federal Information Processing Standards. When using the module's implementation of Dual EC_DRBG, the application crashes and can't be recovered. That's an amazing discovery for an application that had to undergo countless hours of testing to be certified by the government of the world's most powerful country. The silver lining seems to be that there's evidence no one has ever actually used Dual EC_DRBG in release versions of the OpenSSL module (though that in turn raises the question of why RSA's BSAFE crypto tool used the RNG by default).

Read 4 remaining paragraphs | Comments

BitTorrent serverless chat replaces usernames with crypto keys

BitTorrent, Inc. is developing a serverless instant messaging system that relies on public key encryption to protect the privacy of communications, identifying users not with traditional usernames but with cryptographic key pairs.

The company, which develops the BitTorrent peer-to-peer protocol as well as the BitTorrent and μTorrent file sharing software, announced the forthcoming chat software in September and revealed some details on how it will work in a blog post today. It reads:

With BitTorrent Chat, there aren’t any “usernames” per se. You don’t login in the classic sense. Instead, your identity is a cryptographic key pair. To everyone on the BitTorrent Chat network at large, you ARE your public key. This means that, if you want, you can use Chat without telling anyone who you are. Two users only need to exchange each other’s public keys to be able to chat.

Using public key encryption provides us with a number of benefits. The most obvious is the ability to encrypt messages to your sender using your private key and their public key. But in public key encryption, if someone gains access to your private key, all of your past (and future) messages could be decrypted and read. In Chat, we are implementing forward secrecy. Every time you begin a conversation with one of your contacts, a temporary encryption key will be generated. Using each of your keypairs, this key will be generated for this one conversation and that conversation only, and then deleted forever.

Underlying this system is a Distributed Hash Table (DHT) which finds IP addresses, removing the need for a central server to route messages, the company explained.

Read 5 remaining paragraphs | Comments

HostMonster Doesn’t Do Basic Site Security

When it comes to the security of your website, your web host plays an important part but too often they are failing do what they need to do to keep your website secure. One of the areas we have see web hosts fail at is keeping the control panel software running under website’s up to date. With the Plesk control panel that has lead to large amounts of website being hacked due to vulnerabilities that existed in older versions of the software. In attempt to make it easier to spot when web hosts are failing to keep control panel software up to date we have just released a web browser extension Control Panel Version Check, available for Firefox and Chrome, that provides version information for cPanel and Plesk based control panels and warns when an outdated version is in use.

To show how the extension comes can highlight unsafe hosting let’s take a look at one host. HostMonster claims that “By design our servers are secure.” and that “The security level of your site depends on the code that is uploaded to HostMonster’s Servers.”. You would think when they make such a definite statement about their security and faulting customers for any security breach they would at least being doing basic security, but that isn’t the case. The second item on their basic security check list is to “Update all scripts/applications to the newest versions available.” and there reason for this is that “Old security holes are updated and remedied in new versions of software, so updating to the newest versions available ensures that you are running the most secure option available.”. That sounds like reasonable advice; unfortunately they don’t follow it, despite claiming they are secure by design:

HostMonser is running cPanel 11.32Support for version 11.32 of cPanel ended in August. Since then cPanel has put out several security announcements for vulnerabilities in cPanel. With support ended for cPanel 11.32 none of those vulnerabilities would be fixed in that version.

It doesn’t end there, with our phpMyAdmin Version Check extension you can see that they are also running an outdated version of phpMyAdmin:

HostMonser is running phpMyAdmin 3.4.11.1That version is over a year out of date and there have been numerous security fixes released in subsequent versions.

Bitcoin-only poker site resets user credentials after 42,000 passwords leak

An online poker service that deals solely in Bitcoin has issued a mandatory password reset one day after someone published login credentials for more than 42,000 enthusiasts of the card game and digital currency.

An advisory published Thursday by Seals with Clubs warns, "Our database containing user credentials was likely compromised." Left out is any mention of a list of 42,020 hashes posted to a user forum about 24 hours earlier. While the person posting didn't identify the source of the cryptographically salted SHA1 hashes, early rounds of cracking uncovered passwords such as "sealswithclubs", "88seals88", "bitcoin1000000", and "pokerseals". Password security experts almost immediately suspected that they belonged to Seals with Clubs users. Thursday's advisory from the site is probably the closest we'll get to a definite confirmation.

In Wednesday's post, which was made to a paid password recovery forum operated by commercial password cracking software developer InsidePro, the user StacyM attached a database of hashes and offered $20 in Bitcoins for every 1,000 unique hashes that were cracked. Nine minutes later, the first reply came in, claiming to have recovered the first 1,000. One day in, about two-thirds of the list has been cracked. It wouldn't be surprising to see that amount reach 80 percent or higher in the coming days.

Read 5 remaining paragraphs | Comments