S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

1 month ago 25

Latest epidode – perceive now.

DOUG.   Busts, shutdowns, Samba, and GitHub.

All that, and more, connected the Naked Security podcast.


Welcome to the podcast, everybody.

I americium Doug Aamoth; helium is Paul Ducklin.

Paul, however bash you bash today, Sir?

DUCK.   I’m precise well, Douglas.

DOUG.   Let america commencement the amusement with our Tech History conception – this is an absorbing one.

This week, connected 01 February 1982, the Intel 80286 16-bit microprocessor was introduced, and went connected to go a mainstay successful IBM PC/AT computers for years.

Interestingly, Intel didn’t expect the 286 to beryllium utilized for idiosyncratic computers, and designed a spot with multitasking and multi-user systems successful mind.

DUCK.   Its superior use, arsenic you say, was the PC/AT, the “Advanced Technology” machine from IBM, which was fundamentally designed to tally DOS.

Although DOS is constricted to 1MB of RAM (or 640KB RAM and the remainder ROM), you could person other memory, and you could usage it for things like…

…remember HIMEM.SYS, and RAM caches, each of that stuff?

Except that due to the fact that Intel had information successful mind, bless their hearts, erstwhile they designed the 286…

…once you had switched from the mode wherever it ran similar an 8086 into the super-powerful alleged “protected mode”, *you couldn’t power back*.

Once you flipped into the mode that fto you entree your HIMEM oregon your RAMDISK, you were stuck.

You couldn’t spell backmost and transportation connected moving DOS!

And IBM really jury-rigged their PC – you sent this peculiar bid to (believe it oregon not) the keyboard controller, and the keyboard controller fundamentally rebooted the CPU.

Then, erstwhile the CPU started up again, the BIOS said, “Oh, that’s not a existent reboot, that’s a sneaky ‘switch backmost illegally to existent mode’ reboot,” [LAUGHTER] and it went backmost to wherever you were successful DOS.

So the occupation is, it was super-inefficient.

The different happening with the 286, adjacent though it could entree 16MB RAM successful total, is that, conscionable similar the 8086, it could lone enactment connected a maximum of 64KB astatine a time.

So the 64-kilobyte bounds was inactive fundamentally wired into the DNA of that 286 microprocessor.

It was majestically and needlessly, arsenic it turned out, complicated.

It’s benignant of similar a merchandise that was super-cool, but didn’t truly acceptable a request successful the marketplace astatine the time, sadly.

DOUG.   Well, let’s commencement successful connected our archetypal stories.

We person a two-pack – it’s transgression time.

Let’s speech astir shutdowns and lock-ups, starting with the FBI shutting down the Hive ransomware servers astatine agelong last.

That’s bully news!

Hive ransomware servers unopen down astatine last, says FBI

DUCK.   It does look so, doesn’t it, Doug?

Although we request to say, arsenic we ever do, essentially, that “cybercrime abhors a vacuum”.

Sadly, different operators steam successful erstwhile 1 batch get busted…

…or if each that happens is that their servers get taken down, and the existent radical operating them don’t get identified and arrested, typically what happens is they support their heads beneath the parapet for a small while, and past they conscionable popular up determination else.

Sometimes they reinvent the aged brand, conscionable to thumb their chemoreceptor astatine the world.

Sometimes they’d travel backmost with a caller name.

So the happening with Hive – it turns retired that the FBI had infiltrated the Hive ransomware gang, presumably by taking implicit immoderate sysadmin’s account, and seemingly that happened successful the mediate of 2022.

But, arsenic we person said connected the podcast before, with the acheronian web, the information that you person someone’s relationship and you tin log successful arsenic them…

…you inactive can’t conscionable look up the IP fig of the server you’re connecting to, due to the fact that the acheronian web is hiding that.

So it seems that, for the archetypal portion of this operation, the FBI weren’t really capable to place wherever the servers were, though seemingly they were capable to get escaped decryption keys for rather a fig of radical – I deliberation respective 100 victims.

So that was rather bully news!

And then, whether it was immoderate operational quality blunder, whether they conscionable got lucky, or… we don’t know, but it seems that yet they did enactment retired wherever the servers were, and bingo!


DOUG.   OK, precise good.

And past our 2nd of these transgression stories.

We’ve got a Dutch suspect successful custody, charged for not conscionable idiosyncratic information theft, but [DOOM-LADEN VOICE] “megatheft”, arsenic you enactment it. Paul:

Dutch fishy locked up for alleged idiosyncratic information megathefts

DUCK.   Yes!

It seems that his “job” was… helium finds data, oregon buys information from different people, oregon breaks into sites and steals immense tranches of information himself.

Then helium slices-and-dices it successful assorted ways, and puts it up for merchantability connected the acheronian web.

He was caught due to the fact that the institution that looks aft TV licensing successful Austria (a batch of European countries necessitate you to person a licence to ain and run a TV set, which fundamentally funds nationalist television)… those databases beauteous overmuch person each household, minus a few.

The Austrian authorities became alert that determination was a database up for merchantability connected the acheronian web that looked precise overmuch similar the benignant of information you’d get – the fields, and the mode everything was formatted… “That looks similar ours, that looks similar Austrian TV licences. My gosh!”

So they did a truly chill thing, Doug.

They did an undercover buy-back, and successful the process of doing so, they really got a bully grip connected wherever the idiosyncratic was: “It looks similar this idiosyncratic is astir apt successful Amsterdam, successful the Netherlands.”

And truthful they got successful interaction with their chums successful the Dutch police, and the Dutch were capable to get warrants, and find retired more, and bash immoderate raids, and bust idiosyncratic for this crime.

Perhaps unusually, they got the close from the court, essentially, to clasp the feline incommunicado – it was each a secret.

He was conscionable locked away, didn’t get bail – successful fact, they’ve inactive got a mates much months, I think, that they tin clasp him.

So he’s not getting out.

I’m assuming they’re disquieted that [A] he’s got loads of cryptocurrency lying around, truthful he’d astir apt bash a runner, and [B] he’d astir apt extremity disconnected each his compadres successful the cyberunderworld.

It besides seemed that helium was making plentifulness of wealth retired of it, due to the fact that he’s besides being charged with wealth laundering – the Dutch constabulary assertion to person grounds that helium personally cashed retired determination successful the portion of half-a-million euros of cryptocoins past year.

So determination you are!

Quite a batch of derring-do successful an investigation, erstwhile again.

DOUG.   Yes, indeed.

OK, this is simply a classical “We volition support an oculus connected that!” benignant of story.

In the meantime, we person a Samba logon bug that reminds america wherefore cryptographic agility is truthful important:

Serious Security: The Samba logon bug caused by outdated crypto

DUCK.   It is simply a reminder that erstwhile the cryptographic gurus of the satellite say, “XYZ algorithm is nary longer acceptable for purpose, delight halt utilizing it”, snd the twelvemonth is – shall we accidental – the mid 2000s…

…it’s good worthy listening!

Make definite that determination isn’t immoderate bequest codification that drags on, due to the fact that you kind-of think, “No 1 volition usage it.”

This is simply a logon process successful Microsoft Windows networking which relies connected the MD5 hashing algorithm.

And the occupation with the MD5 hashing algorithm is it is overmuch excessively casual to make 2 files that person precisely the aforesaid hash.

That shouldn’t happen!

For maine to get 2 abstracted inputs that person precisely the aforesaid hash should instrumentality me, connected my laptop, astir 10,000 years…

DOUG.   Approximately! [LAUGHS]

DUCK.   More oregon less.

However, conscionable for that nonfiction alone, utilizing tools developed by a Dutch cryptographer for his Master’s thesis backmost successful 2007, I created *ten* colliding MD5 hash-pair files…

…in a maximum of 14 seconds (for 1 of them) and a minimum of nether fractional a second.

So, billions of times faster than it’s expected to beryllium possible.

You tin truthful beryllium perfectly definite that the MD5 hash algorithm simply doesn’t unrecorded up to its promise.

That is the halfway of this bug.

Basically, successful the mediate of the authentication process, there’s a portion that says, “You cognize what, we’re going to make this super-secure authentication token from information supplied by the user, and utilizing a concealed cardinal supplied by the user. So, what we’ll bash is we’ll archetypal bash an MD5 hash of the information to marque it bully and short, and past we’ll make the authentication codification *based connected that 128-bit hash.”

In theory, if you’re an attacker, you tin make alternate input information *that volition travel up with the aforesaid authentication hash*.

And that means you tin person the different end, “Yes, I *must* cognize the concealed key, different however could I perchance make the close authentication code?”

The reply is: you cheat successful the mediate of the process, by feeding successful information that conscionable happens to travel up with the aforesaid hash, which is what the authentication codification is based upon.

The MD5 algorithm died years ago, but yet it lives connected – and it shouldn’t!

So the hole is easy.

Samba conscionable said, “What we’re going to bash is, if you privation to usage this aged algorithm, from present on, you volition person to leap done hoops to crook it on. And if that breaks things, and if abruptly you can’t log into your ain web due to the fact that you were utilizing anemic information without realising it… that’s the terms we’re each consenting to pay.”

And I hold with that.

DOUG.   OK, it’s mentation 4.17.5 that present forces those 2 options, truthful caput retired determination and prime that up if you haven’t already.

And last, but surely not least, we’ve got code-signing certificates stolen from GitHub.

But there’s a metallic lining here, fortunately:

GitHub code-signing certificates stolen (but volition beryllium revoked this week)

DUCK.   It’s been rather the fewer months for unreality breaches and imaginable proviso concatenation attacks.

DOUG.   Seriously!

DUCK.   “Oh dear, stolen signing keys”… GitHub realised this had happened connected 07 December 2022.

Now, hats disconnected to them, they realised the precise time aft the crooks had got in.

The occupation is that they hadn’t got into rotation astir – it seems that their quality to get successful was based connected the information that they could download backstage GitHub repositories.

This is not a breach of the GitHub systems oregon the GitHub infrastructure oregon however GitHub stores files – it’s conscionable that GitHub’s codification connected GitHub… immoderate of the worldly that was expected to beryllium backstage got downloaded.

And arsenic we’ve spoken astir before, the occupation erstwhile root codification repositories that are expected to beryllium backstage get downloaded…

…the occupation is that, amazingly often, those repositories mightiness person worldly successful that you don’t privation to marque public.

For example, passwords to different services.

And, importantly, the code-signing keys – your signet ring, that you usage to enactment your small seal successful the wax of the programme that you really build.

Even if you’re an unfastened root project, you’re not going to enactment your code-signing keys successful the nationalist mentation of the root code!

So that was GitHub’s fear: “Oh dear. We recovered the crooks astir immediately, but they came in, they grabbed the code, they went… thus, harm already done.”

It took them rather a agelong time, astir 2 months, to fig retired what they could accidental astir this.

Or astatine slightest it took 2 months until they said thing astir it.

And it sounds arsenic though the lone things that mightiness person an effect connected customers that did get stolen were so code-signing keys.

Only 2 projects were affected.

One is the root codification exertion known arsenic “Atom”, GitHub Atom.

That was fundamentally superseded successful astir developers’ lives by Visual Studio Code [LAUGHS], truthful the full task got discontinued successful the mediate of 2022, and its past information update was December 2022.

So you astir apt shouldn’t beryllium utilizing Atom anyway.

And the bully quality is that, due to the fact that they weren’t going to beryllium gathering it immoderate more, the certificates involved…

…most of them person already expired.

And successful the end, GitHub found, I think, that determination are lone 3 stolen certificates that were really inactive valid, successful different words, that crooks could really usage for signing anything.

And those 3 certificates were each encrypted.

One of them expired connected 04 January 2023, nd it doesn’t look that the crooks did ace that password, due to the fact that I’m not alert of immoderate malware that was signed with that certificate successful the spread betwixt the crooks getting successful and the certificate expiring 1 period later.

There is simply a 2nd certificate that expires the time we’re signaling the podcast, Wednesday, 01 February 2022; I’m not alert of that 1 having been abused, either.

The lone outlier successful each of this is simply a code-signing certificate that, unfortunately, doesn’t expire until 2027, and that’s for signing Apple programs.

So GitHub has said to Apple, “Watch retired for thing that comes on that’s signed with that.”

And from 02 February 2022, each of the code-signing certificates that were stolen (even the ones that person already expired) volition beryllium revoked.

So it looks arsenic though this is simply a lawsuit of “all’s good that ends well.”

Of course, there’s a insignificant side-effect here, and that is that if you’re utilizing the GitHub Desktop product, oregon if you’re inactive utilizing the Atom editor, past fundamentally GitHub is revoking signing keys *for their ain apps*.

In the lawsuit of the GitHub desktop, you perfectly request to upgrade, which you should beryllium doing anyway.

Ironically, due to the fact that Atom is discontinued… if you desperately request to proceed utilizing it, you really person to downgrade somewhat to the astir caller mentation of the app that was signed with a certificate that is not going to get revoked.

I whitethorn person made that dependable much analyzable than it truly is – but it’s a atrocious look for GitHub, due to the fact that they did get breached.

It’s different atrocious look for GitHub that included successful the breach were code-signing certificates.

But it’s a bully look for GitHub that, by the mode they managed those certificates. astir of them were nary longer of immoderate use.

Two of the 3 that could beryllium unsafe volition person expired by the clip you perceive to this podcast, and the past one, successful your words, Doug, “they’re truly keeping an oculus on.”

Also, they’ve revoked each the certificates, contempt the information that determination is simply a knock-on effect connected their ain code.

So, they’re fundamentally disowning their ain certificates, and immoderate of their ain signed programs, for the greater bully of all.

And I deliberation that’s good!

DOUG.   Alright, bully occupation by GitHub.

And, arsenic the prima begins to acceptable connected our amusement for today, it’s clip to perceive from 1 of our readers.

Well, if you retrieve from past week, we’ve been trying to assistance retired scholar Steven rotation his ain USB-key-based password manager.

Based connected his quandary, scholar Paul asks:

Why not conscionable store your passwords connected a USB instrumentality with hardware encryption and a keypad… successful a portable password manager specified arsenic KeePass? No request to invent your own, conscionable ammunition retired a fewer bucks and support a backup somewhere, similar successful a safe.

DUCK.   Not a atrocious thought astatine all. Doug!

I’ve been meaning to buy-and-try 1 of those peculiar USB drives… you get hard-disk sized ones (although they person SSDs successful wide these days), wherever there’s plentifulness of country for a keypad connected the apical of the drive.

But you adjacent get USB sticks, and they typically person 2 rows of 5 keys oregon 2 rows of six keys adjacent to each other.

It’s not similar those commodity USB drives that, say, “Includes escaped encryption software,” which is connected the instrumentality and you tin past instal it connected your computer.

The thought is that it’s similar BitLocker oregon FileVault oregon LUKS, similar we spoke astir past week.

There’s a full-disk encryption furniture *inside the thrust enclosure itself*, and arsenic soon arsenic you unplug it, adjacent if you don’t unmount it properly, if you conscionable yank it retired of the computer…

…when the powerfulness goes down, the cardinal gets flushed from representation and the happening gets locked again.

I conjecture the burning question is, “Well, wherefore doesn’t everyone conscionable usage those arsenic USB keys, alternatively of regular USB devices?”

And determination are 2 reasons: the archetypal is that it’s a hassle, and the different occupation is that they’re much, overmuch much costly than regular USB keys.

So I think, “Yes, that’s a large idea.”

The occupation is, due to the fact that they’re not mainstream products, I don’t person immoderate I tin urge – I’ve ne'er tried one.

And you can’t conscionable spell into the mean PC store and bargain one.

So if immoderate listeners person a brand, oregon a type, oregon a peculiar people of specified merchandise that they usage and like…

…we’d emotion to perceive astir it, truthful bash fto america know!

DOUG.   OK, great.. I emotion a small crowd-sourcing, radical helping people.

Thank you precise much, Paul, for sending that in.

If you person an absorbing story, remark oregon question you’d similar to submit, we’d emotion to work it connected the podcast.

You tin email [email protected], remark connected immoderate 1 of our articles, oregon deed america up connected social: @NakedSecurity.

That’s our amusement for contiguous – acknowledgment precise overmuch for listening.

For Paul Ducklin, I’m Doug Aamoth, reminding you until adjacent clip to…

BOTH.   Stay secure!


Read Entire Article