security

483 Articles

Packet Trace Anonymization With PktAnon

July 11, 2008 by 5 Comments


If you’re a network researcher or systems administrator, you know that network traces are often necessary, but not easy to share with colleagues and other researchers. To help with both ease of use and handling of sensitive information, the Institute of Telematics has developed PktAnon, a framework that anonymizes network traffic.

It works by using a profile-based scheme that supports various anonymization primitives, making it easy to switch between different network protocols and anonymization methods. New primitives can easily be added, and several pre-defined profiles are bundled into the distro. The profiles are all XML-based.

Essentially, there are two major uses for network traces: anonymizing user traffic in order to research it, and anonymizing in-house usage, thus preventing the leakage of sensitive information. It’s a rather rigid scheme, but using profiles for this was a stroke of genius that made it a lot easier, more flexible, and as a result, more useful and powerful.

[via TaoSecurity]
[photo: mlpoulter]

Pirate Bay Hits The Road, Angles For Encryption

July 10, 2008 by 4 Comments


Piratbyrån and their hearties from The Pirate Bay are on a pan-European summer journey that will end at the Manifesta art biennial in Italy, but in the meantime they’ve been hard at work lobbying for total network encryption, a system that would protect users of a network (say, a P2P network) from deep packet inspection and other forms of activity analysis.

The system by which this will be achieved is called IPETEE, and it works by replacing the basic operating system network stack and doing all encryption and decryption itself. More details can be found in the IPETEE technical proposal.

Ars Technica pointed out numerous holes in the scheme, noting that most torrent apps already have encryption options. IPETEE applies to more than just torrents, though, so the larger problem is that encrypted packet still need source and destination IP addresses, meaning that one of the most crucial things you’d want to keep private (your destination site) is still accessible.

Major DNS Issue Causes Multivendor Patch Day

July 8, 2008 by 5 Comments


Earlier this year, our friend [Dan Kaminsky] discovered a major DNS issue that could allow hackers to compromise name servers and clients easily. The vulnerability involves cache poisoning, and [Kaminsky] plans to publish the full details of the vulnerability on August 6th. However, he has already begun his work to control it, alerting major authorities early on of the vulnerability.

As a result, engineers from many major technology vendors quickly began working on coordinated patches for DNS servers. The patches were all released today; vendors and a CERT advisory urge organizations to apply them today, before the vulnerability becomes common knowledge. More details on the DNS issue can be found in the executive overview (PDF file). [Rich Mogull] interviewed [Dan] for the Network Security Podcast. It doesn’t detail the attack but points out that services that use port randomization like OpenDNS are unaffected and that Bind8 is being deprecated.

UPDATE: Here’s the audio from this morning’s press conference.

[image: Flickr / d70focus ]

ARDAgent.app Still Vulnerable

July 5, 2008 by 1 Comment


When Apple pushed their most recent security update, the first thing we checked was whether the ARDAgent issue was fixed. It’s not. This vulnerability lets anyone execute code as a privileged user and versions of this attack have already been found in the wild. While several Ruby, SMB, and WebKit issues were addressed it, ARDAgent is still unpatched. [Dino Dai Zovi] has published the method by which ARDAgent actually becomes vulnerable: when it starts, it installs its own Apple Event handlers and calls AESetInteractionAllowed() with kAEInteractWithSelf. This should restrict it only to its own events, but for some reason that’s not the resulting behavior. He also pointed out that SecurityAgent has displayed similar weirdness; it is vulnerable to Apple Events even though it doesn’t calls an Apple Events function. We can see how this unexpected behavior could make patch development take much longer and may end up uncovering an even bigger problem. Check out [Dino]’s post for more information.

Anti-paparazzi Sunglasses

June 27, 2008 by 27 Comments

UPDATE: Video can also be found here.

Ah, the life of the work-a-day hacker: sure, it’s glamorous, but all the paparazzi dogging your every step can get unbearably stressful. Thankfully, you have a recourse with these anti-paparazzi sunglasses. They work by mounting two small infrared lights on the front. The wearer is completely inconspicuous to the human eye, but cameras only see a big white blur where your face should be.

Building them is a snap: just take a pair of sunglasses, attach two small but powerful IR LEDS to two pairs of wires, one wire per LED. Then attach the LEDs to the glasses; the video suggests making a hole in the rim of the glasses to embed the LEDs. Glue or otherwise affix the wires to the temples of the glasses. At the end of the temples, attach lithium batteries. They should make contact with the black wire, but the red wires should be left suspended near the batteries without making contact. When you put them on the red wire makes contact, turning the lights on. It’s functional, but we’re thinking that installing an on/off switch would be more elegant and it would allow you to wear them without depleting the batteries.

[via BoingBoing]

IronKey USB Key Has Military Grade Encryption

June 26, 2008 by 32 Comments


Plenty of USB storage keys are on the market, but Ironkey is the first to use military level encryption. Sold in 1GB, 2GB, and 4GB sizes, the key features a processor called the Cryptochip, which uses Public Key Cryptography ciphers linked to an online account to create encryption keys on the hardware. A Federal Information Processing standard 140-2 compliant true random number generator on the Cryptochip ensure that encryption keys are extremely secure and totally random.

Ironkeys come in different sizes, but there are also three different versions, each with unique features. The basic version has a very James Bond-esque feature to destroy the data on it in case of an emergency. The personal version is loaded with Firefox 3 with various addons that make browsing encrypted and anonymous. The enterprise version is made to order with no specific price on the IronKey site, just a form to order one built to your specifications. All of them support Windows, OS X, and a large amount of Linux distros, and they all come in tamper proof and water resistant cases with a brushed metal finish. We tend to think this level of security is overkill for the average person, but people can’t seem to get with our freewheeling approach to security; remember, we leave our WLAN open.

[via LinuxDevices]