Security Now 323

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 323

Security Now 323: TCP Pt 2 - Attacks

Security Updates

JAVA updated to shutdown BEAST Closes the SOP (same origin policy) flaw that B.E.A.S.T. (Browser Exploit Against SSL/TLS) Google: "verify java version" --> Version 6 Update 29 1.6.0_26

Steve downgrades to Firefox v3.6.23 → no more memory nonsense.

The LPC1769 LPCXpresso board steve has been mentioning on SN for the last several weeks is is available from here --> or from here -->

Security News

EFF Gets Straight Answers from Amazon about their new "Silk" Tablet Browser: Hat Tip: Fabrice Roux in Marseille, France (@notfabrice) NO HTTPS (SSL) will EVER use Amazon's (EC2 server) Cloud Services ALL "Silk" optimization can be disabled on the first Browser Options page. When using SILK, a single persistent ENCRYPTED "SPDY" connection is maintained: SPDY is part of the Chromium "Make the Web Faster" project Full "SN" Coverage of SPDY Soon! Logging: For the persistent SPDY connection between the device and Amazon’s servers, Amazon assures us that the only pieces of information from the device that are regularly logged are: 1. URL of the resource being requested 2. Timestamp 3. Token identifying a session

This data is logged for 30 days. The token has no identifying information about a device or user and is only used to identify a particular session. Indeed, [Amazon's director of SILK development, Jon] Jenkins said, “individual identifiers like IP and MAC addresses are not associated with browsing history, and are only collected for technical troubleshooting.” We repeatedly asked if there was any way to associate the logged information with a particular user or Amazon account, and we were told that there was not, and that Amazon is not in a position to track users. No information about the outgoing requests from the AWS servers is logged. With respect to caching, Amazon follows caching headers, which offers some protection against caching sensitive information sent over HTTP.

BUT... Amazon does NOT operate as an anonymizing proxy. Even IP addresses are not shielded because "XFF" (X-Forwarded-For:) header is added to all queries sent from Amazon. There WILL BE a privacy versus performance tradeoff.

Google moves to encrypted searching for "logged on" users. Provides schools with an exception mechanism: Setup school’s DNS servers with a CNAME for “” → “”

Latest iPhones could spy on their users: Hat Tip: Jimmy LaMaster in Fort Wayne, Indiana (@jimmylamaster) Security researchers at Georgia Tech iPhone 3GS didn't quite provide enough information iPhone 4 -- with added gyro -- makes it happen. Phone sitting on physical desktop next to keyboard... picks up typing vibrations. Vibration from pairs of keys typed are analyzed for adjacency, then sets are cross-referenced with dictionary. “CANOE” - CA AN NO OE - Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far. Compared with specially prepared dictionary translated with this code Word Detection Rates of 80%! Microphones are better, but access is more often restricted. … But not accelerometers!

NoScript now available for Firefox on Android

Off-The-Grid Update: UHEPRNG is integrated. Fixed grid can now be made from a fixed key. Working on adding font size, font face, padding, options to the "print" page.

Topic: TCP Pt.2 - Attacking TCP

Previous TCP Review: IP / UDP+TCP / TCP Sequence Numbers

SYN Floods & Denial-Of-Service problems Local Resource Depletion Attacks "Stateful" Connection Establishment SYN … SYN/ACK … ACK "Stateless" Connection Establishment Daniel Bernstein's "SYN Cookies" / Linux GRC's "GENESIS" Receiver's SYN/ACK ISN based upon source IP, source Port, source ISN The “Raw Sockets” debate with Windows XP. The “TCP/IP Stack” is down in the OS. Apps have no access. Raw Sockets - UNIX always had them... so what’s the problem? Router “Packet Switching Rate” Overload Direct SYN flood TCP “Reflection Attack” (Bounce) Flooding

Possible Topic #2 -- Making TCP go faster...

Coping with large Bandwidth-Delay Products / "Bytes in Flight" Large Bandwidth*Delay Products - aka - "LFN": Long Fat Networks Why the "product" of B and D? How much "data in flight" ?? Not much data being sent, then little data-in-flight even if it takes a while. Lots of data being sent, but little end-to-end delay, then little data-in-flight. BUT... Lots of data *AND* a long end-to-end delay, means LOTS of data in flight. The TCP Window - 16 bits Header Option: a 1-byte value that specifies a "shift" value





Production Information

  • Edited by:
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.