"This is the kind of vulnerability that makes applied cryptographers cry tears of joy." Matthew Green on the Juniper backdoor
"Most things that start as "OMG cyber attack" end up being a squirrel or reliability issue - but still need to watch and validate" Robert M. Lee
"Did you know: years ago credit cards used to expire instead of being canceled every few months due to data breaches?" Josh Abernathy
"We choose to deprecate SHA-1 in this year and do the other things, not because it is easy, but because it is hard!" Ryan Sleevi
Juniper backdoor follow-up
From last week's story on Juniper disclosing that unauthorized code had been inserted into their code base, we now have details about what these were. The authentication backdoor is the hard-coded password "<<< %s(un='%s') = %u" which will give access if entered (post from Rapid7 here). The other backdoor allowed passive monitoring of encrypted traffic. However, as explained by Matthew Green here (with references within to the various people that made different discoveries), there were actually multiple backdoors on the passive monitoring. The first involves the "legitimate" backdoor Dual EC being used, but this is "killed" by some post-processing, except there is a bug (ie. backdoor) that allows the Dual EC backdoor to continue functioning. Then there is the backdoor that Juniper actually noticed and announced which involves a modified Q value for Dual EC. So there seems to be a mess of backdoors and/or bugs, potentially put there by different groups.
An interesting outcome of this backdoor announcement is that Juniper's stock dropped 5% on the first day of trading after the announcement while it's competitor Cisco opened higher. This adds Juniper to the short list of company's whose stock prices made any significant movement following a breach. The other members of this small group are TalkTalk, Heartland Payment Systems, and Global Payment Systems, as I discussed last month in Why did TalkTalk's stock drop when it was hacked?.
This story also high-lites that that not all backdoors are equal. The authentication backdoor was inferior to the passive monitoring backdoors for a number of reasons, as there are a number of traits you might desire in a backdoor including:
- Not allowing it to be used by others who have reverse engineered the product it is in.
- Be deniable, such that the developer could claim it was a bug.
- Ensure that even when a victim knows about the backdoor, they still cannot detect when it is being used against them.
The authentication backdoor fails all of these objectives, while the passive monitoring backdoors meet these objectives. The authentication backdoor could have been improved by at least doing a hash comparison as opposed to a plain-text strcmp. That said, the backdoor worked, which is the primary objective.
Why it’s harder to forge a SHA-1 certificate than it is to find a SHA-1 collision
This post from CloudFlare explains different security properties a cryptographic hash needs to satisfy and which are harder. The purpose of this post is to advocate a new requirement for Certificate Authorities to make it harder for someone to create a collision.
"Instagram's Million Dollar Bug": Case study for defense
Earlier this week I wrote about what steps Instagram could have taken to avoid the problems the bug bounty hunter discovered. That post is here.
- Dell SecureWorks files for IPO: I missed this story from last week that SecureWorks, a subsidiary of Dell, filed it's S1 filing in order to IPO soon. Their S1 is here.
- Cybersecurity Market Reaches $75 Billion In 2015; Expected To Reach $170 Billion By 2020: This post from Forbes shows the colossal size that cybersecurity business is becoming.
Conference materials and publications
- Hacktivity slides and videos: Hacktivity took place in early October in Budapest, Hungary.
- ekoparty videos: ekoparty is a security conference in Buenos Aires, Argentina that took place in late October.
- 32C3 livestream: The CCC conference is happening now in Germany. Videos are being live-streamed, but normally post a day later if you miss them live.
- IDA Pro 6.9: The popular commercial reverse engineering tool now supports ARM64 for it's decompiler.
- EvilAbigail: Tool to perform evil maid attacks against systems that use LUKS for full disk encryption.
- State considered harmful: This paper from Joanna Rutkowska is a proposal for a stateless laptop. It is a follow-up to her paper 2 months ago on security-related problems of x86 architecture she sees, which can be summed as she wants all firmware to be open-sourced.
- Agent lessons: I've started a series of articles about agent architectures which are a common concept in software design, and especially in infosec. In the Introduction post I discuss what this architecture does and give three examples of open-source infosec agent architectures that I'll reference in future posts. In the next post on Hostile Territory, I discuss the concerns and potential solutions for installing agents on end-points that have been compromised.