Weekly security week wrapup 22

Intercepting skype

Intercepting skype in transit is quite complicated. The ‘oracle’ needed to decode the signalling traffic is quite well known and understood, resulting into legible signalling information. The primitives used in the user-to-user voice traffic are also well known, but this knowledge does not gain you any understanding of the contained traffic. Knowing you’re looking at AES and RSA doesn’t make it any more fun to start cracking.

This week we also heard some news that a Russian reverse engineer, Efim Bushmanov, has been able to reverse engineer skype to the point where it should become possible to write your own (open source perhaps) skype client. Skype (being aquired by Microsoft, conspiracy theorists unite, but that’s a different topic) does not like this one bit and brought in the big lawyers to tell Efim that he was violating the EULA.

But there are other ways to gain access to the traffic: intercept at the end-point, where the traffic has been decrypted for you. This article in the wall street journal describes quite detailed how the Egyptian government has been using this method to intercept traffic of young dissidents.

Lockheed Martin breach

All over the news: Lockheed Martin has been breached because it used the RSA tokens that had been compromised a couple of weeks before that. LM has the resources to actually detect a compromise like that, but there are way more small companies that use RSA tokens. How are they going to handle it? This is not the last breach we’ve seen that’s caused by the broken RSA tokens.

Lowcost USB Bluetooth sniffer

This is so nice, and it’s NFH (Nice for Hometinkering)-appeal is big. A small usb bluetooth sniffer, ehm, bluetooth monitor. Ordinary bluetooth devices are very difficult to get in a monitoring mode and other commercial bluetooth monitoring tools cost you an arm and a leg and your soul. This one is selling for under 100 GBP, and you can make it more cheaply if you can solder, which I cannot.

Pentester’s cheat sheet

If you’ve been doing pentesting, one of the goals is to get a shell on the machine. This article lists a number of methods to (ab)use common tools to get the shell working. It’s a nice cheat sheet.

Swedish Parliament to vote on wiretap law

The Swedish Parliament is voting on June 17th on the new wiretap law that will give the national and militairy intelligence services far ranging powers to investigate all communications entering or leaving Sweden. For Sweden that’s a rather radical thing, I guess. The same powers are available to the USA and UK intelligence agencies.

Is it a big deal?

Timbro according to the article says it is. But they fail to mention it on their site as “news and views” (at least in the English site, my Swedish is too bad to be able to be sure that they didn’t mention it at all). Fact is that this is the way to world is heading in general. I don’t like that too much. An investigation without probable cause is not something that should be done lightly. However, the argument “this goverment is quite ok, but the next may not be” is bogus. If the next government is bad, it will get the powers anyway, but then you won’t know it probably. Or you will if it’s too late. I think the genie got from the bottle a long time ago, too long ago to actually make a difference. Because it’ll end up like: they (use a broad concept of they) know all my secrets because they’re doing it, so why shouldn’t we be doing it?

It’s going to be interesting which way the vote will go. Apparently, the change is mostly that the powers were described as ‘all military interests’ are now ‘all interests’. I wasn’t able to find any documentation, yet, on how the parliament thinks on this issue.

GSM A5/1 cracking

Well, it’s finally happened. The encryption standard for GSM communications is really broken. I myself cannot wait until there is a paper released which describes the inner workings of the attack. But, it is true, it will put a very powerful capability in a lot of hands. It’s very questionable if we really want that.

3GPP (UMTS) is using A5/3, which is not currently mentioned in all the articles. Calling via UMTS is safe(r) then?

From the blackhat introduction:

11. Presentation Title: Build your own GSM interceptor for $900

Presentation Details:

This presentation is an introduction to the GSM Scanner Project. I will will present the hardware and software required to build your own GSM interceptor. I will explain how the protocol works and how to intercept GSM packets. I will show some example packets that should make us worried worried. I will then explain weaknesses in A5/1 and discuss some ideas of how to (practicaly) crack A5/1. The last part of the presentation focuses on various ideas of what else you can do with a GSM interceptor.

This presentation will open the eyes of the audience who still believe that GSM is secure. It will spark some ideas of future attack and research on the GSM network. It will explain how to use hardware for 900 USD to build your own GSM receiver. The goal of the talk is to make the audience never again make a gsm phone call without beeing worried that 3 other people are listening in and to give new ideas on how to attack a gsm network.

Wiretap laws in the USA

The Bush administration has created some stopgap legislation that enables the NSA to basically wiretap just about anyone anytime. Well, as a European, we’re used to that. But now the US citizens are also under surveillance, which is a bad thing.

Enter the new RESTORE act, and SecurityFocus wrote an article on the matter.

Powered by ScribeFire.

Technorati Tags:

State Secrets?

This article gives me the willies on the subject of the whole FISA revisioning.

McConnell described the hectic week of negotiations that led up to the passage of this month’s FISA legislation, and he denied charges that he had negotiated in bad faith. Several versions of the legislation were circulated on Capitol Hill in the last week before the August recess, and McConnell said he didn’t have time to review the Senate’s latest draft until Friday evening. At that point, he found provisions he considered unacceptable and insisted that the Senate pass a different version that had first circulated two days earlier. The Senate passed McConnell’s preferred version and adjourned, forcing the House to either pass the Senate’s language or no language at all.