the stream

Links to articles, short comments on various topics - basically the sort of posts I would have put out on Google+ in previous years.

Linus Torvalds on effects of the SHA1 collision attack on git

Alexander Bochmann Sunday 26 of February, 2017
He wrote a summary on Google+, I'll just quote the intro, skip over to G+ for the whole thing:

Linus Torvalds wrote:
I thought I'd write an update on git and SHA1, since the SHA1 collision attack was so prominently in the news.

Quick overview first, with more in-depth explanation below:

(1) First off - the sky isn't falling. There's a big difference between using a cryptographic hash for things like security signing, and using one for generating a "content identifier" for a content-addressable system like git.

(2) Secondly, the nature of this particular SHA1 attack means that it's actually pretty easy to mitigate against, and there's already been two sets of patches posted for that mitigation.

(3) And finally, there's actually a reasonably straightforward transition to some other hash that won't break the world - or even old git repositories.

Anyway, that's the high-level overview, you can stop there unless you are interested in some more details (keyword: "some". If you want more, you should participate in the git mailing list discussions - I'm posting this for the casual git users that might just want to see some random comments).

In one of the comments, Linus also explains why objects with a colliding SHA1 hash won't be an immediate problem for git, while they can be used to destroy, for example, an SVN repository:

Linus Torvalds wrote:
SVN (unlike git) just does the SHA1 on the raw object data as the de-dupe mechanism, which is why just feeding the colliding pdf files into SVN triggered the problem.

Git ends up doing the SHA1 not on the raw user data, but on a "git object data", which includes a header with a type and a length. That means that if you just use the poisoned pdf's, git won't actually see the same SHA1 at all for them, and so we don't actually have a "real" git test case for the SHA1 collision yet.

SANS reading room: Tor Browser Artifacts in Windows 10

Alexander Bochmann Saturday 25 of February, 2017
This new document (PDF) in the forensics category of the SANS reading room introduces quite a few basic Windows-specific forensic tools being used on an example of tracking down the changes caused by a Tor Browser installation.

The first one being mentioned, Regshot (to compare the Registry before and after installation), seems immediately useful.

Airbus Cybersecurity: Playing defence against the Equation Group

Alexander Bochmann Saturday 25 of February, 2017
I missed this back in October: Airbus Cybersecurity has a long post examining specifically the documentation files from the Equation Group data leaked by Shadow Brokers...

Seems like quite a good summary on that part of the information.

These tools and exploits do not change the path of a normal killchain. What we see here is reconnaissance (command sets), lateral movement (RCEs on admin interfaces), privilege escalation [..], persistence [..]. This leak contains no initial intrusion material. This means that regular detection and defence strategies still apply. Even if we assume the worst-case scenario of a remote code execution on the public interface of a border firewall, it still takes us back to a defence-in-depth doctrine. [..]
What the exploits, tools and procedures contained in the package show is that Equation Group is actively pursuing admin networks and infrastructures. In this respect, the fact that they abort if logs are sent to separate equipment unless they “own” this equipment is a tell-tale sign of their operational tactics. [..]
What stand out are the professionalism, the organisation given to this task, and their focus on retaining stealth. As Rob Lee of SANS says, “It’s an army set-up to hack your organization”. That makes them a formidable opponent.

PuTTY 0.68 released

Alexander Bochmann Thursday 23 of February, 2017
PuTTY releases are rare enough to be somewhat of a surprise when they happen (the last was nearly a year ago). Most noteworthy, this is the first PuTTY version to support elliptic curve cryptography (previously only available in development snapshots).

PuTTY latest release page (currently 0.68)

PuTTY changelog wrote:
These features are new in 0.68 (released 2017-02-21):

  • Security fix: an integer overflow bug in the agent forwarding code. See vuln-agent-fwd-overflow.
  • Security fix: the Windows PuTTY binaries should no longer be vulnerable to hijacking by specially named DLLs in the same directory (on versions of Windows where they previously were). See vuln-indirect-dll-hijack.
  • Windows PuTTY no longer sets a restrictive process ACL by default, because this turned out to inconvenience too many legitimate applications such as NVDA and TortoiseGit. You can still manually request a restricted ACL using the command-line option -restrict-acl.
  • The Windows PuTTY tools now come in a 64-bit version.
  • The Windows PuTTY tools now have Windows's ASLR and DEP security features turned on.
  • Support for elliptic-curve cryptography (the NIST curves and 25519), for host keys, user authentication keys, and key exchange.
  • Support for importing and exporting OpenSSH's new private key format.
  • Host key preference policy change: PuTTY prefers host key formats for which it already knows the key.
  • Run-time option (from the system menu / Ctrl-right-click menu) to retrieve other host keys from the same server (which cross-certifies them using the session key established using an already-known key) and add them to the known host-keys database.
  • The Unix GUI PuTTY tools can now be built against GTK 3.
  • There is now a Unix version of Pageant.

Google announces "first practical SHA1 collision attack"

Alexander Bochmann Thursday 23 of February, 2017
Google security blog: Announcing the first SHA1 collision.

Google wrote:
Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. .. Following Google’s vulnerability disclosure policy, we will wait 90 days before releasing code that allows anyone to create a pair of PDFs that hash to the same SHA-1 sum given two distinct images with some pre-conditions.

So it seems the attack is not generalizable for all scenarios at this point in time (and we'll not yet see a collision for, say, a SHA-1 certificate hash), but that's how things started to go bad for MD5 too...

pfSense 2.3.3 released - with Let's Encrypt support

Alexander Bochmann Wednesday 22 of February, 2017
According to to the pfSense blog, pfSense 2.3.3 has been released a couple of days ago.

pfSense now has a acme package (also available for the previous release, 2.3.2p1), which can be found right at the top of the list under System -> Package Manager -> Available Packages.

When the package is installed, there's a new service available, Services -> Acme Certificates. Even though the pfSense wiki currently doesn't seem to have any documentation on this module, activation is relatively straightforward for everyone who has seen the Let's Encrypt workflow:

Create an account key with the Let's Encrypt production CA, create a certificate (I had to add a folder name for the webroot local folder verification method, the path is shown in the first example of the pfSense web UI), issue certificate. The certificate is then available in the SSL Certificate selection for the Web Configurator. The UI has options for auto-renewal and additional jobs to run on certificate updates - I'll see if those work in about 60 days ;)

(Admittedly, things are not quite self explaining for first time Let's Encrypt users... *cough*)

I only have a pfSense test system, so I don't have much of an idea about the other changes in this release.

Internet Society publishes "The IANA Timeline" document

Alexander Bochmann Tuesday 21 of February, 2017
The IANA Timeline is available here (cache) in HTML format (and as optional PDF download).

It has some of the early history, but it's focus is on the IANA stewardship transition, over to a new non-profit, operating under contracts with ICANN:

“Public Technical Identifiers” (PTI) is incorporated in California as a non-profit public benefit corporation. (The company was originally referred to as PTI, Post-Transition IANA, in the transition documents, thus giving birth to the awkward final name.) This company will be responsible for performing all of the IANA functions regarding DNS names, IP Addresses, and Protocol Parameters under three separate contracts with ICANN

(Via Lutz Donnerhacke on Google+)

Daikatana "1.3"

Alexander Bochmann Sunday 19 of February, 2017
Another one I've seen on Fun with Virtualization - bringing Daikatana back to life.

The new version can be installed right over the old game files - and Daikatana is on sale for €1.49 on Steam right now...

On the game server code,
neozeed wrote:
The biggest initial problem is that plenty of it was valid GCC 2.x syntax which later versions would barf on. And of course endian issues as Solaris was defined and set as big endian. As a matter of fact there is all kinds of variable sizing issues that had to me messed with. But thanks to iD’s general portable code, and separated IO, it only took about 10 days of on and off hacking to get it running using GCC 2.8.1 on Solaris, and only 2 days to get it running on Linux with GCC 2.8.1 … There is a lot of gotchas and hidden traps in the code, and of course bad assumptions about platforms in the code and all kinds of fun.

Linux processes with cgroup memory limits can still use swap?

Alexander Bochmann Sunday 19 of February, 2017
I wasn't aware of that, but Julia Evans has collected some info on the topic.

Julia Evans wrote:
swap + cgroup memory limits = a little surprising
My model of memory limits on cgroups was always “if you use more than X memory, you will get killed right away”. It turns out that that assumptions was wrong! If you use more than X memory, you can still use swap!

And apparently some kernels also support setting separate swap limits. So you could set your memory limit to X and your swap limit to 0, which would give you more predictable behavior.

I have to admit I'm only vaguely informed of advanced cgroups features, as my personal Linux systems usually don't have that feature compiled in, and they haven't been getting in my way on Debian distribution kernels either (where I mostly ignore them).

Techdirt sets up "Survival Fund" to help defending against the guy who claims to have invented email

Alexander Bochmann Sunday 19 of February, 2017
Well, Shiva Ayyadurai wrote a program that he called "Email", but the word (and similar messaging services) had been in use for a long time before...

Techdirt Survival Fund

Techdirt wrote:
As we mentioned last month, we are currently being sued for $15 million by Shiva Ayyadurai, represented by Charles Harder, the lawyer who helped bring down Gawker. We have written, at great length, about Ayyadurai's claims and our opinion — backed up by detailed and thorough evidence — that email existed long before Ayyadurai created any software. Once again, we believe the legal claims in the lawsuit are meritless and we intend to fight them and win. Earlier today, we filed a motion to dismiss (along with our memorandum in support) and a special motion to strike under California's anti-SLAPP law (along with a memorandum in support).

PCem - an emulator for classic PC XT/AT systems

Alexander Bochmann Sunday 19 of February, 2017
I didn't know about the PCem emulator (cache) until Fun with virtualization pointed to it's new v12 release today. It's an emulator for several PC XT/AT systems, and some of the common hardware of the time (graphics and sound cards). Needs independently sourced BIOS ROM files from the respective emulated systems.

I should try to use this to boot that old SuSE Linux with graphics...

"Gefährder ist Neusprech für Verdächtiger."

Alexander Bochmann Sunday 19 of February, 2017
Zum Passentzug für "Gefährder":


Aljoscha Rittner wrote:
Man darf es nicht vergessen: Gefährder ist Neusprech für Verdächtiger. In einem Rechtsstaat darf es nicht Zwei-Klassen-Verdächtige geben. Für die einen gilt die Unschuldsvermutung, die andere sind angebliche Terroristen und haben schon bei Verdacht ihre Rechte verloren. Aber nach welchen Kriterien?

T-DSL: "profile not sufficient"

Alexander Bochmann Saturday 18 of February, 2017
Heute von Gert Doering auf dem IRC, mal hier gesammelt, falls irgendwer danach googeln will:

Gert Doering wrote:
oh, "profile not sufficient" kenn ich
das hat mich glaub ich 6 Wochen beschäftigt :-)
bei mir war das ein alter Vertrag der auf 1Mbit DSL limitiert war, und am 16Mbit-freshly-upgraded nicht wollte,
weil "im Profil hinterlegt dass da nicht mehr geht!" - vermutlich, denn das war nicht final zu bestätigen, weil es
niemand gibt (weder über Support noch über Vertrieb noch über $Kontakte) der in die entsprechenden Datenbanken
schauen und das bestätigen konnte
Lösung: T-Online-Tarif kündigen und neuen Tarif abschliessen...

removing the entropy from ASLR using exact timers

Alexander Bochmann Friday 17 of February, 2017
VUSec wrote:
We have built a side-channel attack, specifically an EVICT+TIME cache attack, that can detect which locations in the page table pages are accessed during a page table walk performed by the MMU. For example, on the x86_64 architecture, our attack can find the offsets that are accessed by the MMU for each of the four page table pages. The offset within each page breaks nine bits of entropy so even a perfect ASLR implementation with 36 bits of entropy is not safe.

Here is their announcement.

But all is not lost, click on the "Read our suggested plan of actions to CPU, browser and OS vendors" - Link.

Martin Reeh in der taz: "Martin Schulz - Ein überzeugter Deutscher"

Alexander Bochmann Sunday 12 of February, 2017
taz-Ressortleiter Martin Reeh interpretiert in seinem Essay heute in der taz den SPD-Kanzlerkandidaten Martin Schulz nicht als "überzeugten Europäer", sondern als deutschen Machtpolitiker, der die europäische Bühne zum Vorteil der deutschen Industrie nutzt, ohne Rücksicht auf die Probleme der anderen EU-Länder zu nehmen.

taz wrote:
Würde also Europa den Euro beibehalten und die Steuern vereinheitlichen, hätte Deutschland einen zusätzlichen Wettbewerbsvorteil. Schulz, der wie Matthäus-Maier niemals darüber redet, was die deutschen Exporte im Ausland anrichten, betreibt mit seiner Steuerkampagne blame your neighbour-Populismus.

identifying propaganda networks by monitoring failed social media campagins

Alexander Bochmann Sunday 12 of February, 2017
This article by "@AtlanticCouncil's Digital Forensic Research Lab", Spread it on Reddit (cache), illustrates how the author(s) found out about the Reddit (and associated) accounts driving political social media campaigns. They monitored the spread of a campaign that didn't really take off, resulting in much less polluted data about it's originators.

Via Joerg Fliege on G+.

Capsule8 announces cloudy Linux threat protection

Alexander Bochmann Friday 10 of February, 2017
Right now there's no technical info at all, which makes me somewhat noninterested for the time being, despite the current buzz and the well-known names involved.

Capsule8 wrote:
Capsule8's real-time threat protection will detect and prevent known and zero-day attacks throughout an organization’s production infrastructure. Capsule8's protection will span the entire Linux infrastructure — across clouds and data centers, as well as throughout virtual machines, bare metal and containers.
With intelligent investigation that leverages both artificial intelligence and human-in-the-loop analytics, we will provide complete visibility for complex, multi-system applications, with high-fidelity alerting to reduce fatigue.

Buzzwords galore. Their Introducing Capsule8 blog post is only slighly more informative.

two conflicting news items about Samsung Knox on the same page in my RSS reader

Alexander Bochmann Friday 10 of February, 2017

One: ZDNet: Google Project Zero: How we cracked Samsung's DoD- and NSA-certified Knox

Two: The german Federal Office for Information Security has published a guide on how to secure Android systems using Samsung Knox (in german) - Heise: BSI veröffentlicht Leitfaden für sicheres Android mit Samsung Knox