Security Now 315
Topic: Off The Grid
Recorded: August 25, 2011
Published: August 25, 2011
Security Now 315: Off The Grid
News & Errata
- Daniel Garcia discovered that consumer routers made by Edimax, Linksys, Sitecom, and Thompson (SpeedTouch routers) respond to UPNP requests on their WAN interfaces. Use toor to scan to see if your router is susceptible to this.. Note: To use the toor Umap tool you need to have installed Python > 2.6 and Python SoapPy. Tip: disable UPNP in your router or at least WAN-side UPNP, also disable WAN-side administration.
- Bruce Schneier reports a new attack on AES and recommends that new security installations use AES-128 rather than AES-256 as AES-128 provides adequate security. He also suggests upping the number of rounds used (as detailed in his blog post.)
- Bruce Schneier also blogged about stealing ATM PINs with a thermal camera. UCSD researchers pointed thermal cameras towards plastic and metal PIN pads. The cameras didn't work with metal pads, but on plastic pads the accuracy of detecting all of the PIN digits is 80% after 10 seconds and 60% after 40 seconds with the digits in the correct order.
- Confirmation of cyber-warfare aimed at the United States. A leaked video had a few seconds of screenshots reveal explicit instructions about attacking US IP addresses. This footage was inadvertently left in a video clip.
- A serious PHP crypto bug was found in version 5.3.7 and fixed immediately after with version 5.3.8. This bug is in the crypto() function, causing the function to return only the salt for MD5 (thus giving you back what you gave it). This bug affects only MD5 and not Blowfish or others.
- A very original password recovery question from @abozio on Twitter on the National Archive: "What is your preferred Internet password?"
- Brian Wheadon tweeted Steve a note that Anonymous has been using SNMP (Simple Network Management Protocol, UDP-based) to execute their DDOS attacks. They're exploiting a facet of SNMP which will cause the device to send all of their configuration information in response to the query as well as spoofing the source address, thus aiming the SNMP dump at random addresses.
- Simon Zuraffle mentioned that Java was updated Java version 6 update 27 with bug fixes.
- The nerdy UDP joke, "I'd tell you a UDP joke but you might not get it." was retweeted en masse.
- Anyone who missed out on the $99 TouchPad shouldn't be too disappointed as it is not a great user experience.
- Someone tweeted that a new series beginning from the author of the Lost Fleet series (6 books) called "Beyond the Frontier," the first book is called "Dread Naught" and is available in hardcover, Audible, and Kindle.
- Many people tweeted that Steve forgot to mention where to get the $30 embedded ARM Cortex-M3 processor board he's using for the upcoming portable sound blaster from the prior episode. The processor can be found at LPC Tools called the LPC1768 PLCXpresso board. As of recording they have just 6 left. The board is a great development platform as Eclpise plugins are available from Code Red.
- @Boony_NL tweeted that there are not 52 weeks in a year, there are 52.178571 in a year.
Bent Heier (spelling?) in Oslo, Norway: "Hey, I'm a 17 year old boy from Norway who loves your show, it was actually what got me into liking computers and I found it very easy to understand, even for someone with no prior experience with computers. I started listening a couple of months ago, the first one I listened to was the one about BitCoins then I listened to a few more before deciding to go back to the beginning and now I'm at episode 115, likely 150 when you read this. I love your show and I have listened to it all summer long on the plane, on the train, virtually everywhere. Well, I've downloaded SpaceMonger, but on my two year old laptop it was unable to read approximately 20% of the drive. I didn't care too much about it at first because I used only about 40% of the drive, I liked keeping it clean, but I had some problems with Explorer.exe that stopped working and it's a little difficult to use a PC without that. This problem escalted after a while and I decided to go into Safe Mode and perform a scan. However, I'd not gone into Safe Mode before, ever, I'd just pressed the power button to turn it on and off. I figured it was probably in the BIOS menu. It wasn't. But I'd found some hard drive scanning tools, remembering in the back of my head that SpaceMonger had not found my entire hard drive. I decided to run some tests. They told that 80% of my disk was OK; having 20% of my drive being dead was not a good thing. I knew what I needed: SpinRite! I had been lent a copy from a relative of a friend of mine (I'm poor) and it worked perfectly! MY disk is now w100% working and has had no problems in the last couple of weeks. Now, I really want my own copy of SpinRite but my parents are hard to convince. Since I'm underage I need their permission and more importantly, their credit card. I have decided I will get SpinRite for Christmas this year, it will be my best present ever."
Listen first then visit the page. Steve wanted to see if it was possible to make a password solution without needing a computer. This is important because plugins may not always be compatible with browsers; paper doesn't change and in decades to come it will stick work.
- We'd previously discussed a simple "Caesar Cipher" (simple substitution) where the alphabet (A-Z) and the "Secret Decode Ring" (where characters are moved 1 for 1 around a ring). Problem is that the frequency of the occurrence of letters varies dramatically, thus you could use standard frequency for letters in English and apply this to cipher text to crack it.
- Charles Wheatstone in the 1800s popularized the "Wheatstone Bridge"; he and Lord Playfair used to discuss ciphers and had shared a paper-based cipher. This cipher was used throughout WWI and WWII (the Playfair Cipher), specifically British Intelligence. This works using a Roman alphabet (A-Z only, no numbers, etc...): you have a passphrase that you fill in from left to right, then the same for the following row all the way down. Omitting multiple occurrences. After they key is exhausted you fill in the rest using the remainder of the alphabet (letters you haven't used). It's a 5x5 grid and is the key. The cipher is weakened by using a passphrase instead it's better the randomize the order of the alphabet.
- Digraphs Substitution Cipher"
- How it works:
- you take the message you want to encrypt and break it up into pairs of characters.
- If they form two corners of a rectangle you use the opposite corners (making an X shape).
- If they're on the same line you encipher by using the character to the right of each of them.
- If they're in a vertical column you use the character below. Wrap around lines in each case.
- If both of the characters in the pair are the same (ie "AA") you separate the character pair with an X when you're in the original grouping.
- This all helps to obfuscate frequency counts.
- This is now considered insecure as it is easily broken in seconds by modern computers.
- This is no good for Steve's solution because it's only alphabetic and doesn't include the period or hyphen which are typically used in domain names.
- Examine CBC (cipher block chaining) on the Wikipedia (see the encrypted image of the Linux penguin) to make downstream encryption dependent on everything that came first.
- A breakthrough: paper needs state (to allow the past to contribute to the future). Use the character order of the domain name to move you to subsequent places in a grid. Thus, you need a 26x26 grid such that each row and row has a unique order of the letters of the alphabet. (Like Sudoku.) This is called a Latin square, which is a whole new world.
- Go to GRC.com//LatinSquares.htm and you can play with a Latin square.
- The number of possible Latin square exponentially, today no one knows how many are possible for anything greater than 11x11. For 26x26 the number is 9.337x10^426, or 1418bits of entropy.
- Here's how it works: GRC.com/OffTheGrid.htm for a complete tutorial and working creator.
- Link URL and optional brief description
- Audible URL
|TBD by TBD (ABRIDGED/UNABRIDGED)|
Narrated by TBD
- Link URL
- Edited by:
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|