Privacy Network Tor Suffers Breach | Privacy Digest

It has been reported, and the TOR folks have confirmed, that two of their core directory servers were recently compromised along with another server showing usage metrics. While it does not at first appear that the attack was aimed at compromising the TOR network, it would certainly have made some interesting attacks possible. Specifically, it looks like it would have allowed attackers to force users on to chains of all enemy run nodes. This is very concerning.

It also brings us the issue of general security of the TOR nodes. Since they are mostly run my volunteers, the security of the nodes is going to be very inconsistent. It is likely that many of them are vulnerable to attack which would give an adversary the ability to control a much larger fraction of the TOR network.

Official Google Blog: A new approach to China

Google is officially stating that a number of email accounts hosted by Google were attacked from within China. The accounts seem to be mostly connected to Chinese human rights activists. They also state that this is part of a larger pattern extending over a number of other companies.

The most amazing thing about this is the very aggressive pro-privacy stance Google is taking in response to this. They are saying that they will stop censoring search results at Google.cn. That they will talk with the Chinese about how to do this, but are willing to completely pull out of operations in China if they can’t provide un-censored content from within.

The post is worth reading in full. Here are the concluding paragraphs:

These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.

Wow. We shall see.

NIST-certified USB Flash drives with hardware encryption cracked - The H Security: News and Features

Security firm SySS announced (in German) that it has discovered a massive vulnerability in the hardware encryption for USB thumb drives by Kingston, SanDisk and Verbatim. From the article at The H Security it looks like the problem is that all drives share a single symmetric encryption key at the hardware level. The password interface seems to simply do some gymnastics to get access to that key. It does not really matter what it does because SySS was able to intercept the actual hardware key being sent in the clear to the device.

They then simply wrote a little program to just send that key without bothering with the password or anything else. Because all drives by the same maker use the same key, this program can instantly open any encrypted USB drive by that maker.

From the sound of it, this is a very easy attack for someone to duplicate. If you have one of these drives, I would suggest that you treat them as if they were normal un-encrypted thumb drives.

Kudos to Kingston for quickly providing details of which of their drives are affected, and recalling them. SanDisk and Verbatim have issues software fixes. If I understand the attack correctly, I am not sure how a software patch will solve it, so watch this space.

Careless in the Cloud: Google Accidentally Shares Some Docs — Seeking Alpha

The article above documents a recent security breach in the on-line Google Docs system. Google Docs allows people to create and edit documents, presentations, and spreadsheets in a manor similar to the Microsoft Office software suite. Unlike Office, the Google Docs system is free and provided through a web interface. The documents are actually stored and edited within Google’s servers. That is the core of the issue.

Google provides the ability to share your documents with collaborators. In this breach, Google accidently made a number of documents available to people who were not authorized. While the fraction of documents affected was very small, it is a real wake up call. To get my documents off my computer, you need to specifically breach my computer. A breach of the Google systems could yield the sensitive documents of an enormous number of people. They are a big target. Even accidental releases like this could put huge numbers of people at risk.

This vulnerability is not specific to Google, it applies generally to any provider of cloud computing capabilities. I personally avoid cloud computing when I can because I have high security needs, and because I find that I often need to work on my documents when I am off-line. Google is starting to do a good job of addressing the second issue, but the first is going to be harder.

There have been a lot of articles lately talking about the fact that the person who hacked in to Sarah Palin’s Yahoo! account used “an anonymizer”. The articles also say that the privacy provided was compromised.

The unfortunate misuse of Anonymizer’s registered trademark has created some confusion. The person who hacked the account used a privacy service, but not one connected in any way to Anonymizer Inc.

One of my folks at Anonymizer pointed me towards this site WiebeTech HotPlug as a follow up to my blog post yesterday about recovering data from RAM after it has been removed from power. The HotPlug tool is sold to law enforcement to enable seizure of a computer without ever turning it off. The system has several methods that allow a running computer to be transitioned to a portable UPS system without causing the computer to shut down or react in any way. It can then be transported to a lab with the OS still running.As an additional clever trick, they have a USB dongle called the “Mouse Jiggler” which simulates a mouse making constant small motions, thus preventing a screen saver from ever activating. This allows the attacker to take all the time he needs without worrying about a password protected screen saver, or any other inactivity based security trigger, activating.All this enables the attacker to get the computer back to controlled laboratory conditions before trying to access the machine or pulling the power to capture the RAM image. Yet another argument for not walking away from a running computer with sensitive information. 

Here is another article I picked up on the Qui Custodes blog of David Kaufman: Washington City Paper: Cover Story: Desk Job.This article describes a woman, without any special training, who was able to gain access to “secure” government buildings and steal money right from the desks and purses of the employees. Obviously this could have been documents and information if she had been involved with foreign intelligence. Her methods were simple. She was spotted frequently, but very few people were willing to confront her about her actions, choosing to avoid conflict. The moral here is: security is about everyone following up on everything that seems out of place or unusual. Better metal detectors, or bigger guns at the front door won’t do it. Security comes from the alert minds of everyone on the inside of the building being willing to ask direct questions.

Center for Information Technology Policy » Lest We Remember: Cold Boot Attacks on Encryption KeysThis  paper provides real experimental data on an interesting attack on computer security. Rather than focusing on cracking keys or breaking cryptosystems, it looks at recovering data and keys directly from computer RAM. The authors show that a computer’s RAM can be recovered with few errors several seconds after power has been removed, and that can be extended to several minutes if the memory is cooled well below zero.Squirting the chips with a can of compressed “air” can cool it enough to give you minutes of working time. Plenty of time to drop it in liquid nitrogen, which would give you over an hour with almost zero loss of information.The process for recovering the data from the memory chips is simple and requires no special equipment at all.The big threat here would be in situations where your computer is stolen in a sleep state. The password protection will make it very hard for an attacker to get access to the machine without a reboot, but the attacker has all the time in the world to cool the chips before pulling the power. From a behavior point of view, it says that you should take care to actually turn your computer OFF if it is going to be out of your physical possession, or if there is risk of it being seized without notice. Leaving your computer on and sleeping, but protected with a screen lock, is very risky against a aggressive and technical opponent.Thanks to David Kaufman for passing this along to me. 

Rogue Nodes Turn Tor Anonymizer Into Eavesdropper’s Paradise

In a follow up to this post I wrote a few weeks ago, we now understand how the 1000 government email accounts were compromised. It turns out that he did it using TOR.

I have said for a long time that I am amazed that any one operates TOR servers other than government people and criminal/terrorist people. As the operator of a TOR server, you have access to the clear text of the data flowing through your server when you are the exit node (about 1/3 of the traffic typically). While the TOR documentation is clear about this vulnerability, it really understates it, and does not address what you should do about communicating with public services that do not provide an option to do end to end encryption of the information.

As a user of TOR, you are trusting the operators of the servers not to monitor your information. Dan Egerstad’s attack was simply to violate that trust. He actively monitored all of the traffic through his 5 TOR servers. He ran multiple servers to increase the amount of data he could collect. He identified the government accounts by searching the captured data for simple strings that would indicate the message was an email being sent or received in the clear, then further searching for key words that would indicate is was government or military related.

Many other TOR servers could currently be searching for financial, medical, trade secret, or other information.

With any privacy service, you need to trust the operators of that service. The theory was that you would not need to trust the operators of the TOR network. The reality is that, in real world use, you do have to trust them, but you typically know very little about them. There is almost no hurdle to establishing a new TOR server. Just about anyone with access to a server can set it up as a TOR server. You must assume that many of those people will not have your best interests at heart.

My personal approach is to work with people with a long track-record of trustworthy behavior. Anonymizer has been providing services for almost 12 years. I personally have been operating privacy services since 1992. In that time I have protected millions of people and billions of web pages and emails. Our track record for integrity is long and unblemished. I think that is the kind of basis one should use for deciding who to trust.

Hacks hit embassy, government e-mail accounts worldwide

Usernames and passwords for more than 100 e-mail
accounts at embassies and governments worldwide have been posted online.
Using the information, anyone can access the accounts that have been
compromised.

I am not sure how much needs to be said about this. In general email security is very lax. People often forget just how much information lives in their email accounts. Especially when using Exchange or IMAP type email, all of your old email archives will be compromised if your account is breached. When you consider all of the file attachments most of us get every day, there is probably little sensitive information any of us handle that is not contained in those email archives.