Re: Haystack redux
On 09/15/2010 11:48 AM, Adam Fields wrote: On Wed, Sep 15, 2010 at 03:16:34AM -0700, Jacob Appelbaum wrote: [...] What Steve has written is mostly true - though I was not working alone, we did it in an afternoon. It took quite a bit of effort to get Haystack to take this seriously. Eventually, there was an internal mutiny because of a serious technical disconnect between the author Daniel Colascione and the supposed author, Austin Heap. Daniel has been a stand up guy about the issues discovered and he really the problem space that the tool created. Sadly, most of the issues discovered do not have easy fixes - this includes even discussing some of the very simple but serious design flaws discovered. This has to be the worst disclosure issue that I've ever had to ponder - generally, I'm worried about being sued by some mega corp for speaking some factual information to their users. In this case, I guess the failure mode for being open about details is ... much worse for those affected. :-( An interesting unintended consequence of the original media storm is that no one in the media enjoys being played; it seems that now most of the original players are lining up to ask hard questions. It may be too little and too late, frankly. I suppose it's better than nothing but it sure is a great lesson in popular media journalism failures. I'm wondering if someone could shed a little light on how this service acquired any real users in the first place, and whether anyone thinks that anyone in danger of death-should-the-service-be-compromised is actually (still) using it. The media hype? The fact that many Iranians were reaching out to people in the West during the summer of 2009? I find it hard to believe that even the most uninformed dissidents would be using an untested, unaudited, _beta_, __foreign__ new service for anything. Is there any reason to believe otherwise? My first guess would have been that it was a government-sponsored honeypot, and I bet they're far more suspicious than I am. I guess the dissidents that you work with are all savvy, never tricked, know how to make solid security evaluations, and so on? Generally speaking... that is not my experience at all. All the best, Jacob - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Haystack redux
On Sep 15, 2010, at 11:48 AM, Adam Fields wrote: I find it hard to believe that even the most uninformed dissidents would be using an untested, unaudited, _beta_, __foreign__ new service for anything. Is there any reason to believe otherwise? My first guess would have been that it was a government-sponsored honeypot, and I bet they're far more suspicious than I am. Perhaps people are more hopeful than suspicious. Haystack [1] had the apparent approval of the US State Department (no friends of the Iranian government), a pretty web page, major donors, coverage in all the mainstream press, an award in the UK, and lots of other stuff that demonstrated credibility. Gotta trust someone. Who you gonna trust? The guys with all that cred, or, say... me? --- [1] given Daniel Colascione's statements, we may have to quote this thing as it was test code, not what he intended to release. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: A mighty fortress is our PKI, Part III
On 2010-09-16 6:12 AM, Andy Steingruebl wrote: The malware could just as easily fake the whole UI. Is it really PKI's fault that it doesn't defend against malware? Did even the grandest supporters ever claim it could/did? That is rather like having a fortress with one wall rather than four walls, and when attackers go around the back, you quite correctly point out that the wall is only designed to stop attackers from coming in front. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Haystack redux
* Adam Fields schrieb am 2010-09-15 um 20:48 Uhr: I find it hard to believe that even the most uninformed dissidents would be using an untested, unaudited, _beta_, __foreign__ new service for anything. Is there any reason to believe otherwise? My first guess According to my experience the question that matters most is: Does it work for me?. If yes, all is OK. When I did courses for dissidents, nobody ever asked if some kind of software is beta or tested nor were they interested if some foreign agency produced it. They trusted me that I would not recommend any bad software. -- Jens Kubieziel http://www.kubieziel.de FdI#3: Polymorphie Der Fehler tritt in vielerlei Gestalt auf. (Kristian Köhntopp) signature.asc Description: Digital signature
RE: A mighty fortress is our PKI, Part III
I, too, would love to get the details, but Peter is right here. The flaw he reported was in the PKI itself, not in the UI. If there were a bulletproof OS with perfect non-confusing UI, once the malware has a valid signature that traces to a valid certificate, it's the PKI that failed. As for EV being as meaningless as ordinary certificates, that's the point Peter is making. Of course, neither of them certifies the qualities of the publisher that the end user cares about. That would be too expensive and open to liability (therefore, more expensive still). But, in a verbal shell game, the CAs make it sound like someone with an expensive certificate is trustworthy (in the end-user's value system). -Original Message- From: owner-cryptogra...@metzdowd.com [mailto:owner-cryptogra...@metzdowd.com] On Behalf Of Andy Steingruebl Sent: Wednesday, September 15, 2010 4:12 PM To: Peter Gutmann Cc: cryptography@metzdowd.com Subject: Re: A mighty fortress is our PKI, Part III On Wed, Sep 15, 2010 at 8:39 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: Some more amusing anecdotes from the world of PKI: Peter, Not to be too contrary (though at least a little) - not all of these are really PKI failures are they? - There's malware out there that pokes fake Verisign certificates into the Windows trusted cert store, allowing the malware authors to be their own Verisign. The malware could just as easily fake the whole UI. Is it really PKI's fault that it doesn't defend against malware? Did even the grandest supporters ever claim it could/did? - CAs have issued certs to cybercrime web sites like https://www.pay-per-install.com (an affiliate program for malware installers), because hey, the Russian mafia's money is as good as anyone else's. Similarly here - non-EV CAs bind DNS names to a field in a certificate. No more. They don't vouch for the business being run, and in any case any such audit would be point in time anyway. I suppose way back when people promised that certs would do this, but does anyone believe that anymore and have it as an expectation? Perhaps you're setting the bar a bit high? BTW - do you have pointers to most of the things you've reported? I'd love to get the full sordid details :) - Andy - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
ADMIN: Heavy-handed moderation
Moderator's note: There have been a lot (!) of messages sent in the last 15 hours or so following a number of recent high heat threads. Over a dozen (!) of them are long, earnest, well written, and generally a repeat of a number of recent arguments we've had on the list or veer off topic. (Yes, I really do try to keep things to a particular set of topics even if it doesn't always seem that way from the outside.) I'm therefore exercising my moderatorial prerogative and being quite heavy handed about what I'm forwarding today. Apologies to those of you who've spent time writing some interesting things that won't be going out, but I have to consider the readers first and the writers second... Perry -- Perry E. Metzgerpe...@piermont.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
More on padding oracles
Brian Holyfield has created another implementation of the padding oracle exploitation tool first described by Juliano Rizzo and Thai Duong, as well as providing a step-by-step, easy-to-understand explanation of how the attack works, you can find it at: http://www.gdssecurity.com/l/b/2010/09/14/automated-padding-oracle-attacks-with-padbuster/ Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com