Paul Hardwick: Cryptography

Administrivia: Possible unscheduled upgrade of Privacy Digest

Sun, 18 Mar 2007 01:39:04 GMT

Administrivia: Possible unscheduled upgrade of Privacy Digest.

I might be implementing an unscheduled upgrade of the site due to some problems with the software I am currently using to run the site. I had been working on upgrading the software to implement some new features but may have to implement sooner than originally planned. If you would like to take a peek at the planned software take a visit to http://www.PrivacyDigest.com/index.php Yes the full URL will have to be entered until I have completed the switch over.

There may be some hiccups during the process as the XML/RSS location will change along with access to the sub-topics. I plan to create mod-rewrite rules to take of this but they may not all be ready on day one.

Please let me know what you think.

How to surf anonymously without a trace - ComputerWorld

Tue, 13 Mar 2007 20:51:27 GMT

The punchline to an old cartoon is "On the Internet, nobody knows you're a dog," but these days, that's no longer true.

It's easier than ever for the government, Web sites and private businesses to track exactly what you do online, know where you've visited, and build up comprehensive profiles about your likes, dislikes and private habits.

And with the federal government increasingly demanding online records from sites such as Google and others, your online privacy is even more endangered.

But you don't need to be a victim. There are things you can do to keep your surfing habits anonymous and protect your online privacy. So read on to find out how to keep your privacy to yourself when you use the Internet, without spending a penny.

Seagate Ships Super-Secure Hard Disk Drive.

Mon, 12 Mar 2007 20:18:52 GMT

Seagate Ships Super-Secure Hard Disk Drive. ASI Computer Technologies will use the automatically encrypted Momentus in a laptop. [PC World: Latest Technology News]

SSL optimization over the WAN needs scrutiny - Network World

Sun, 11 Mar 2007 17:45:40 GMT

Rather than passing through SSL sessions between clients and servers located in remote data centers, some WAN optimization gear can terminate the SSL sessions, shrink the traffic and re-encrypt it for the next leg of the trip. These chains of encrypted sessions introduce potential vulnerabilities that different vendors address in different ways.

SSL traffic represents a growing percentage of total traffic on WAN links, according to Forrester Research. So SSL support in WAN optimization appliances will become more important to businesses that want to keep traffic secure while minimizing the size of their WAN links.

In a survey last month of 1,300 IT executives by WAN-optimization vendor Blue Coat Systems, one-third of respondents said that 25% of their WAN traffic is SSL. And of those surveyed, 45% plan to roll out more SSL applications this year.

About a third of all WAN traffic at Richardson Partners Financial Ltd. in Toronto is SSL, says Andrew McKinney, director of technical services for the firm. But if only the urgent business traffic is considered, the percentage is much higher. "For critical business traffic, it's all encrypted," he says. So he uses Blue Coat Systems gear to secure traffic and optimize it for good performance.

SSL Optimization Over WAN Needs Scrutiny.

Sun, 11 Mar 2007 17:41:59 GMT

SSL Optimization Over WAN Needs Scrutiny. coondoggie writes with word of the expansion of WAN optimization appliances to handle SSL traffic and the security concerns this brings up. From the article: "With more and more WAN optimization vendors extending their capabilities to include encrypted traffic, corporate IT executives have a decision to make: Should they trust the security these devices provide? Rather than passing through SSL sessions between clients and servers located in remote data centers, some WAN optimization gear can terminate the SSL sessions, shrink the traffic, and re-encrypt it for the next leg of the trip. These chains of encrypted sessions introduce potential vulnerabilities that different vendors address in different ways. SSL traffic represents a growing percentage of total traffic on WAN links, according to Forrester Research. So SSL support in WAN optimization appliances will become more important to businesses that want to keep traffic secure while minimizing the size of their WAN links."
[Slashdot]

Researchers Say They Peeled the Onion Router.

Sun, 04 Mar 2007 02:31:22 GMT

Researchers Say They Peeled the Onion Router. Researchers in the U.S. say they've successfully shown how attackers could compromise a network designed to make it harder to trace Web sites they are viewing. [PC World: Latest Technology News]

MPAA Fires Back at AACS Decryption Utility.

Thu, 01 Mar 2007 23:43:21 GMT

MPAA Fires Back at AACS Decryption Utility. RulerOf writes "The AACS Decryption utility released this past December known as BackupHDDVD originally authored by Muslix64 of the Doom9 forums has received its first official DMCA Takedown Notice. It has been widely speculated that the utility itself was not an infringing piece of software due to the fact that it is merely "a textbook implementation of AACS," written with the help of documents publicly available at the AACS LA's website, and that the AACS Volume Unique Keys that the end user isn't supposed to have access to are in fact the infringing content, but it appears that such is not the case." --- From the thread "...you must input keys and then it will decrypt the encrypted content. If this is the case, than according to the language of the DMCA it does sound like it is infringing. Section 1201(a) says that it is an infringement to "circumvent a technological measure." The phrase, "circumvent a technological measure" is defined as "descramb(ling) a scrambled work or decrypt(ing) an encrypted work, ... without the authority of the copyright owner." If BackupHDDVD does in fact decrypt encrypted content than per the DMCA it needs a license to do that." [Slashdot: Your Rights Online]

Administrivia: Now we have a overheated CPU ( 60 degrees centigrade )

Tue, 27 Feb 2007 23:39:01 GMT

OK, if the DDOS attack wasn't enough. Now our server went down with a temperature overload. We were up to 60 degrees centigrade when we shut down. The CPU and a broken fan have been replaced.

Administrivia: Our data-center was hit by a DDOS attack today.

Tue, 27 Feb 2007 21:19:59 GMT

Sorry for being either very slow or off the net for a while recently. The data-center we are part of was hit by a DDOS (Distributed Denial Of Service) attack recently. At the moment it looks to be under control, but we are keeping an eye on things.

Tor Open To Attack.

Mon, 26 Feb 2007 22:00:19 GMT

Tor Open To Attack. An anonymous reader writes "A group of researchers have written a paper that lays out an attack against Tor (PDF) in enough detail to cause Roger Dingledine a fair amount of heartburn. The essential avenue of attack is that Tor doesn't verify claims of uptime or bandwidth, allowing an attacker to advertise more than it need deliver, and thus draw traffic. If the attacker controls the entry and exit node and has decent clocks, then the attacker can link these together and trace someone through the network." [Slashdot: Your Rights Online]

Congressman Wants Answers About TSA Site.

Sun, 25 Feb 2007 02:46:38 GMT

Congressman Wants Answers About TSA Site.

Citing reports by Security Fix and Wired, the chairman of the House Committee on Oversight and Government Reform is demanding that the Transportation Security Administration produce a raft of documents to explain why it created a Web site for airline travelers that lacked basic security protections.

In a letter sent Friday to the assistant secretary of the TSA, Rep. Henry Waxman (D-Calif.) ordered the agency to produce all documents "relating to the period during which the site operated without encrypted data transfer protections, including the number of travelers who may have submitted their personal information to the site during the period when the site was not SSL-protected." The TSA has until March 9 to submit the documents.

Referring to reporting by Wired's 27B Stroke 6 blogger Ryan Singel about numerous spelling errors on the site, Waxman noted: "In fact, the overall appearance of the site was so poor that web experts first assumed it was a so-called 'phishing' site, a site internet hackers had created to look like a TSA website page."

The "Travel Verification Identity Program" Web site was designed to provide redress for airline travelers who have been delayed or prevented from boarding a plane on account of their name matching an identical one on the agency's "no-fly" list. The Department of Homeland Security has since launched a new version of the site that addresses most of the concerns expressed in Waxman's letter.

[Security Fix]

AACS: Slow Start on Traitor Tracing.

Mon, 19 Feb 2007 20:45:38 GMT

AACS: Slow Start on Traitor Tracing.

[Previous posts in this series: 1, 2, 3, 4, 5, 6, 7, 8.]

Alex wrote on Thursday about the next step in the breakdown of AACS, the encryption scheme used on next-gen DVD discs (HD-DVD and Blu-ray): last week a person named Arnezami discovered and published a processing key that apparently can be used to decrypt all existing discs.

We[base ']ve been discussing AACS encryption, on and off, for several weeks now. To review the state of play: the encryption scheme serves two purposes: key distribution and traitor tracing. Key distribution ensures that every player device, except devices that have been blacklisted, can decrypt a disc. Traitor tracing helps the authorities track down which player has been compromised, if key information is leaked. The AACS authorities encode the header information for each disc in such a way that keys are distributed properly and traitor tracing can occur.

Or that[base ']s the theory, at least. In practice, the authorities are making very little use of the traitor tracing facilities. We[base ']re not sure why this is. They surely have an interest in tracing traitors, and failing to encode discs to facilitate traitor tracing is just a lost opportunity.

The main traitor tracing feature is the so-called sequence key mechanism. This mechanism is not used at all on any of the discs we have seen, nor have we seen any reports of its use.

A secondary traitor tracing feature involves the use of processing keys. Each player device has a unique set of a few hundred device keys, from which it can calculate a few billion different processing keys. Each processing key is computable by only a fraction of the players in the world. Each disc[base ']s headers include a list of the processing keys that can decrypt the disc; any one of the listed processing keys is sufficient to decrypt the disc.

For some reason, all existing discs seem to list the same set of 512 processing keys. Each player will be able to compute exactly one of these processing keys. So when Arnezami leaked a processing key, the authorities could deduce that he must have extracted it from a player that knew that particular processing key. In other words, it narrowed down the identity of his player to about 0.2% of all possible players.

Because all existing discs use the same set of processing keys, the processing key leaked by Arnezami can decrypt any existing disc. Had the authorities used different sets of processing keys on different discs [~] which was perfectly feasible [~] then a single processing key would not have unlocked so many discs. Arnezami would have had to extract and publish many processing keys, which would have made his job more difficult, and would have further narrowed down which player he had.

The ability to use different processing key sets on different discs is part of the AACS traitor tracing facility. In failing to do this, the authorities once again failed to use the traitor tracing mechanisms at their disposal.

Why aren[base ']t the authorities working as hard as they can to traitor-trace compromised players? Sure, the sequence key and processing key mechanisms are a bit complex, but if the authorities weren[base ']t going to use these mechanisms, then why would they have gone to the difficulty and expense of designing them and requiring all players to implement them? It[base ']s a mystery to us.

Share This

[Freedom to Tinker]

Some PayPal users plagued by security warnings, login woes.

Mon, 19 Feb 2007 00:33:17 GMT

Some PayPal users plagued by security warnings, login woes. Some users of PayPal are having trouble logging into the site and are getting security warnings -- problems apparently tied to an SSL security certificate used by Omniture, which is gathering data for the online payment site. [Computerworld Security News]

Upgrade to Vista, Get More DRM.

Fri, 16 Feb 2007 18:02:51 GMT

Upgrade to Vista, Get More DRM. Watching "premium content" in Windows Vista requires users to play nice with Microsoft's built-in digital rights controls. In Monkey Bites. [Wired News: Top Stories]

Hacker cracks HD copy protection.

Wed, 14 Feb 2007 23:51:01 GMT

Hacker cracks HD copy protection.

Years to develop; days to break

A lone hacker has unlocked the master key preventing the copying of high-definition DVDs in a development that is sure to get the entertainment industry's knickers wrapped tighter than a magnet's coil. What's more, the individual was able to defeat the technology with no cracking tools or reverse engineering, despite the millions of dollars and many years engineers put into developing the AACS (Advanced Access Content System) for locking down high-definition video.

[The Register - Music and Media]

EFF - miniLinks for 2007-02-13.

Wed, 14 Feb 2007 23:44:41 GMT

miniLinks for 2007-02-13.

Data Retention Bill Resurfaces in Congress
Europe's data-hoarding regulations slide west.

EMI Considers Dropping DRM
If true, Steve Jobs may get his dream.

Warner: Dropping DRM Is "Without Logic or Merit"
The majors remain stubbornly attached to the DRM status quo.

DVD Jon's Thoughts On Jobs' DRM Memo
DVD Jon takes a closer look at Steve Job's anti-DRM positions.

Internet Speakeasies Bypass Chinese Cyber-Cafe Ban
Chinese youth interpret prohibition as damage and route around it.

Skype Snoops Your BIOS as Part of DRM License Enforcement
"It is quite normal to look at indicators that uniquely identify the platform." Not when you're using a supposedly secure VoIP program, it's not.

File Sharing Has Negligible Effect on Album Sales
The lifestyles of German uploaders ingeniously used to examine the buying patterns of U.S. file-sharers in this Journal of Political Economy paper.

Tor: When Network Administrators Come Knocking
A professor stands his ground for Internet anonymity.

The Worst Consumer Privacy Infringers
A Bottom Ten of companies with the worst privacy policies.

Captain Copyright Says Goodbye
Vanquished with radioactive controversium.

Dancing Your Rights Away
A New York choreographer sends DMCA takedowns over the Electric Slide.

Towards Better International IP Laws
Coalition launches, invites participation in Internet Governance Forum (IGF) Dynamic Coalition on Access to Knowledge and Freedom of Expression.

[EFF: Deep Links]

(IN)SECURE Magazine Issue 10.

Wed, 14 Feb 2007 23:35:00 GMT

(IN)SECURE Magazine Issue 10. Articles in this issue include: Microsoft Windows Vista: significant security improvement?, Review: GFI Endpoint Security 3, Interview with Edward Gibson, Chief Security Advisor at Microsoft UK, Top 10 spyware of 2006, The spam problem and open source filtering solutions, Office 2007: new format and new protection/security policy, Wardriving in Paris, Interview with Joanna Rutkowska, security researcher, Climbing the security career mountain: how to get more than just a job, RSA Conference 2007 report, ROT13 is used in Windows? You're joking! and Data security beyond PCI compliance - protecting sensitive data in a distributed environment. [(IN)SECURE Magazine Notifications RSS]

TSA - Not Living Up to Its Middle Name.

Wed, 14 Feb 2007 23:31:50 GMT

TSA - Not Living Up to Its Middle Name.

The Transportation Security Administration is extending an olive branch to airline travelers who have been delayed or prevented from boarding a plane on account of their name matching an identical one on the agency's "no-fly" list. The TSA recently created a Web site designed to help disgruntled detainees clear their name. However, the would-be passenger must supply some personal data, including date and place of birth, as well as identifying numbers for a driver's license, birth certificate or passport.

This could be a useful service. But TSA is not living up to its middle name - Security. TSA and the contractor that built the site have overlooked a key piece of cyber protection. The site requests a lot of personal information. When a person clicks on "submit form," it transmits an individual's data to TSA without the benefit of the secure data transfer offered by secure sockets layer. In a site secured by SSL, a Web address begins with an "https://" rather than "http://".

Consider what this means for a passenger who is stewing in the airport terminal after missing his flight because a TSA screener confused him with that other Robert Johnson on the TSA's special list. The good Mr. Johnson is told he can try to prevent this misunderstanding from happening again if he submits data requested by the travel identity verification site. He pops open his laptop, hops on the airport terminal's wireless network, completes the form and clicks "submit." Meanwhile, a digital terrorist on the other side of the terminal has just captured the data Johnson submitted because it was sent without SSL.

A tip o' the hat to Chris Soghoian, the boarding pass hacker who spotted this latest transportation security foible.

Noted cryptologist and security expert Bruce Schneier is fond of saying that so much of the Homeland Security Department's protections are "security theater." He says they are constructs designed not necessarily to make us more secure but rather to make us feel more secure. I think that aptly captures much of what is sold to the public in the name of physical and Internet security. But a security device should at least adhere to the physician's motto -- to do no harm.

Update, 9:10 a.m.:Some folks have written in to say they've seen the site offer an SSL certificate but that it warns of a certificate error. If you navigate to the submission form from the main page by clicking on the Traveler Identity Verification form link, it takes you to this page, which offers two links to the same form -- one beginning in "https://" (the link at the top), and another one halfway down the page that does not offer the SSL certificate.

Those commenting so far were visiting the site in Firefox, but when I visit the SSL page in Internet Explorer 7, it gives me a warning page that says "There is a problem with this Web site's security certificate. We recommend that you close this webpage and do not continue to this website."

[Security Fix]

New Hack Simplifies HD Video Copying.

Wed, 14 Feb 2007 23:26:52 GMT

New Hack Simplifies HD Video Copying. Hacker claims to have discovered cryptographic key that can circumvent copy restrictions on HD DVD and Blu-ray movies. [PC World: Latest Technology News]

Debate growing over data security - baltimoresun.com

Wed, 14 Feb 2007 00:40:57 GMT

When Johns Hopkins officials announced this week that a courier had lost nine backup computer tapes containing personal data on 135,000 employees and patients, security specialists were critical, even though the information probably was destroyed without being compromised.

The reaction came not just because the tapes were lost, but because they weren't encrypted -- coded so that they could be read only with a computerized key.

"Have we not learned from history yet, that if you're going to give [data] to a third party that you either encrypt or password protect it?" said Linda Foley, executive director of the Identity Theft Resource Center in San Diego.

Amid a spate of lost or stolen data, some organizations and industries have begun taking steps to better protect employee and customer information, yet far too many have not, privacy advocates say. Many still leave sensitive information uncoded or hand it off to sometimes-careless employees or third parties.

This year alone, Social Security numbers were posted on a public Web site at the University of Nebraska; personal information on 537 people was stolen from the New York Department of Labor; a hacker accessed Social Security numbers for more than 1,200 people at the University of Missouri; and a laptop was stolen that contained medical records for 1,100 patients at the Salina Regional Health Center in Kansas.

Some consultants say that costs keep organizations from updating their security practices -- encryption software and developing privacy procedures can be expensive. But the No. 1 reason is complacency, according to Lillie Coney, associate director of the Electronic Privacy Information Center, or EPIC, in Washington.

"They don't see themselves as being in a position where they're going to lose something," Coney said.

Paypal Sells Anti-Fraud Token.

Mon, 12 Feb 2007 18:42:06 GMT

Paypal Sells Anti-Fraud Token.

PayPal, the online payment company owned by Internet auction giant eBay, is now selling a $5 "security key" to help customers prevent their accounts from being hijacked if someone guesses or steals their passwords.

The key is a small, oval fob that generates a random, new six-digit passcode every 30 seconds, using technology purchased from Verisign Inc. In addition to entering their user name and passwords, PayPal customers who sign up for the program will be required to enter the passcode before being permitted to log on to their account. PayPal says it will waive the one-time $5 fee for its business account customers.

Armed with one of these keys, if you were to log on to your account from an unfamiliar computer and some invisible password stealing program were resident on the machine, the bad guys would still be required to know the numbers displayed on your token, which of course changes every 30 seconds. Likewise, if someone were to guess or otherwise finagle your PayPal password.

For years, PayPal and eBay have consistently been among the top three targets of phishing attacks, online scams that use e-mail to lure people into entering their login credentials at look-alike Web sites. This technology certainly has the potential to make it tougher for phishers. According to Avivah Litan, a fraud analyst with Gartner Inc., other companies that have widely deployed similar security keys have dramatically cut down on fraud. Litan said online stock trading provider eTrade has never had an account takeover connected to a customer using one of its security keys.

Nevertheless, as last year's attack against Citibank's business customers showed, physical access tokens only work against phishing so long as the phishers don't also ask would-be victims to enter the six-digit number displayed on their personal tokens.

Litan said the token offering fulfills a key requirement of eBay's 2005 acquisition of Verisign's payment gateway system. Under the deal, PayPal agreed to deploy the tokens to between 200,000 and 300,000 of its users by the end of 2007. Still, she said, that's a small target for a company that claims to have more than 100 million users.

PayPal says even users who lose their physical token or don't have it in their possession when they want to login can still access their accounts, and that such users will be asked to confirm their account ownership (I'm guessing with answers to additional questions -- PayPal's FAQ doesn't say). And yes, this should work just as well for Windows PC users as for Mac people, and others. The company says its security key works with any computer operating system and web browser that can access the PayPal or eBay website.

This technology has the most potential to cut eBay's fraud losses among its sellers: Most of the auction giant's fraud losses relate to the hijacking of accounts that belong to sellers in good standing, Litan said. Fraudsters then typically use the credibility the seller has built up with the eBay community to set up fraudulent auctions.

I ordered one mainly to check it out and to become more familiar with it. But I wonder how many customers will pony up the five bucks for this device. What about you, Security Fix readers? Does this appeal to you, and is it worth it?

[Security Fix]

An American Idol for Crypto Geeks.

Mon, 12 Feb 2007 18:02:53 GMT

An American Idol for Crypto Geeks. The federal government is holding a competition for a new cryptographic hash function that will become the national standard. Really, this is exciting stuff. Commentary by Bruce Schneier. [Wired News: Security Blanket]

The Chronicle: 2/9/2007: Caught in the Network

Sat, 10 Feb 2007 21:35:45 GMT

I wasn't particularly impressed. I had helped edit and revise that policy when I worked for the information-technology office before I earned my Ph.D., and I knew that neither Tor nor any similar program had existed when the policy was first written. I also knew that the provisions in question were vague.

My visitors next produced page after page of logs detailing my apparent use of Tor. While I couldn't dispute most of the details in the logs, they seemed inaccurate. For example, the technician said I had been using Tor earlier that morning. In fact, I had been at Wal-Mart that morning looking for a good deal on an HDTV; I had reached my office only about five minutes earlier.

More important, the logs did not prove any wrongdoing on my part. All they demonstrated was that I, like thousands of others around the world, had installed and infrequently used Tor. In my case, of course, there was no wrongdoing.

Nonetheless, my visitors made two requests: that I stop using Tor, and that I avoid covering it in class.

Having been on the administrative end of academic technology, I appreciate the difficulties facing the information-technology staff. No one pats you on the back if nothing goes wrong, but if something does -- if a virus or worm sweeps through the campus's network infrastructure, or someone hijacks some computers to churn out spam -- you are off everyone's Christmas-card list. The last thing my former colleagues needed was some smarmy faculty member spouting off about academic freedom and threatening to demonstrate Tor to 100-plus students each semester.

Their job is to protect the network that allows me to do my job: to teach classes that are mostly or entirely online, and to conduct research. If they weren't here as the first or even only line of defense against the unscrupulous elements of our technological society, my university would cease to function. It's as simple as that.

Furthermore, I do not rely heavily on Tor, or even think much about it outside the context of my courses. I find all that routing makes it slow to use, even with the superfast connection I have at work.

But it is being used all around the world, by people in countries that restrict their access to information, by corporate whistle-blowers, and by digital-rights activists. It's even being used by average people like me, as a way to keep innocuous and personal online activities private.

So in the head-on collision between my appreciation of the role IT staff members play on my campus and my understanding of the role I have to play for my students, my need for academic freedom won. I found myself lecturing my three visitors into near catatonia about the uses of Tor.

Finally, they shook my hand, thanked me for talking with them, reminded me that I was probably violating the responsible-use policy, and left. They had bigger game to catch: the other Tor user on the campus.

A moment later, I heard another knock on my door. One of the detectives had come back to ask if I would reconsider my position. I told him that while I would think about giving up Tor, I honestly felt that this was a clear case of academic freedom, and I could not bow to external pressure. I reminded him that Tor is a perfectly legal, open-source program that serves a wide variety of legitimate needs around the world.

He nodded and left. Feeling an odd mixture of righteous indignation, patriotism, and dread, I closed the door.

University Professor Chastised For Using Tor.

Sat, 10 Feb 2007 21:28:22 GMT

University Professor Chastised For Using Tor. Irongeek_ADC writes with a first-person account from the The Chronicle of Higher Education by a university professor who was asked to stop using Tor. University IT and campus security staffers came knocking on Paul Cesarini's door asking why he was using the anonymizing network. They requested that he stop and also that he not teach his students about it. The visitors said it was likely against university policy (a policy they probably were not aware that Cesarini had helped to draft). The professor seems genuinely to appreciate the problems that a campus IT department faces; but in the end he took a stand for academic freedom. [Slashdot: Your Rights Online]

Vista DRM Cracked by Security Researcher.

Mon, 29 Jan 2007 19:17:58 GMT

Vista DRM Cracked by Security Researcher. An anonymous reader writes "Security researcher Alex Ionescu claims to have successfully bypassed the much discussed DRM protection in Windows Vista, called 'Protected Media Path' (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft. The bypass of the DRM protection was in turn performed by breaking the Driver Signing / PatchGuard protection in the new operating system. Alex is now quite nervous about what an army of lawyers backed by draconian copyright laws could do to him if he released the details, but he claims to be currently looking into the details of safely releasing his details about this at the moment though." [Slashdot]

Study Finds IE7 + EV SSL Won't Stop Phishing.

Mon, 29 Jan 2007 19:11:05 GMT

Study Finds IE7 + EV SSL Won't Stop Phishing. An anonymous reader writes "Stanford University and Microsoft Research have published a study that claims that the new Extended Validation SSL Certificates in IE7 are ineffective (PDF). The study, based on user testing, found that EV certificates don't improve users' ability to detect attacks, that the interface can be spoofed, and that training users actually decreases their ability to detect attacks. The study will be presented at Usable Security 2007 next month, which is a little late now that the new certificates are already being issued." [Slashdot]

IBM to open source information security software - Network World

Sat, 27 Jan 2007 21:18:19 GMT

The XML-based software technology, called Identity Mixer, employs a novel method of using X.509-based digital certificates to mask selected sensitive information transmitted in a document but still lets that shielded content be seen by authorized viewers. The goal is to make Identity Mixer available as open source software through the Eclipse Open Source Foundation to encourage widespread deployment, said Anthony Nadalin, IBM distinguished engineer and chief security architect at Tivoli.

"The Identity Mixer code is in the intellectual-property review phase and within a few weeks it should be available through Eclipse," said Nadalin.

The Identity Mixer software was developed to further "user-centric identity management" -- a way that computer users can manage and control personal information--under the aegis of Project Higgins, which was initiated a year ago by IBM, Harvard and Novell.

For the end user, Identity Mixer would work as a Web browser plug-in, "to control the amount of data flowing to your related party," said Nadalin. The technical process works through public-key cryptographic mechanisms. The Identity Mixer browser plug-in generates tokens called iCards that represent the data that can be read by a user with the appropriate cryptographic software on the receiving end.

When the Identity Mixer software is made available through the Eclipse Open Source Foundation, it is expected to include a full X.509-based tool kit, including certificate issuance server, validation server and more, that would allow for experimentation with the data-masking technology.

First HD-DVD film appears on BitTorrent.

Sun, 21 Jan 2007 03:27:50 GMT

First HD-DVD film appears on BitTorrent.

Serenity broken

A high-definition format movie has made its way onto BitTorrent. A pirated copy of the hit science fiction movie Serenity has been ripped from a HD DVD disc and made available to users of the popular P2P file sharing protocol.

[The Register - Music and Media]

AACS: Title Keys Start Leaking.

Wed, 17 Jan 2007 03:15:48 GMT

AACS: Title Keys Start Leaking.

(This is the fifth post in our series on AACS, the encryption scheme used for HD-DVD and Blu-Ray discs. Previous posts: 1, 2, 3, 4.)

Last week we predicted that people would start extracting the title key (the cryptographic key needed to decrypt the contents of a particular next-gen DVD disc) from HD-DVD discs. Indeed, it turns out that WinDVD, a popular software player that runs on PCs, leaves the title key laying around in memory when it finishes playing a disc. This may seem like an elementary mistake, but it is more common and harder to avoid than you might think. Fairly easy methods for capturing these keys are already well known.

There are even websites, such as aacskeys.com and hdkeys.com, that claim to contain title keys for about fifty HD-DVD discs. (That[base ']s about one-third of the discs available on Amazon.) At least some of these title keys are correct. Within days, expect to see a software program that downloads keys from such a site and uses the keys to play or copy discs.

So far the attackers have published most of what they know. We know which title keys they (claim to) have found, and we know they extracted those keys from WinDVD and possibly PowerDVD. As Alex explained on Thursday and Friday, a clever attacker will withhold some information strategically so as not to provoke a response from the AACS central authority.

The authority might respond by blacklisting the device keys assigned to WinDVD. To avoid angering honest WinDVD users, they might first push out a software update to WinDVD containing new keys along with new programming to better protect the keys.

But as Alex suggested last week the authority might not want to blacklist WinDVD, even if it can. As long as the attackers limit what they publish, the authority might be better off accepting the damage they see now rather than provoking more damage by cutting off the usefulness of WinDVD to the attackers. The result is a kind of uneasy equilibrium between the attackers and the central authority.

Even if the attackers want to cause maximum financial harm to Hollywood (which probably isn[base ']t their goal), their most effective strategy is to limit how many title keys they publish. One way to do this is to give Hollywood a [base "]release window[per thou] [~] a kind of grace period after each disc is released, in which the title key doesn[base ']t get published. A site could let people upload the headers of a disc; the site would then wait N days before decrypting and releasing the title key.

Interestingly, this release window strategy resembles the studios[base '] current approach to extracting revenue from films, in which a film is available first in the highest-revenue format [~] in theaters [~] then later in a succession of lower-revenue formats [~] DVD and television. The idea is to extract more revenue from the most enthusiastic fans in early stages and pick up whatever revenue is available from everyone else later.

What[base ']s the optimal length of the release window (for the attackers); and what is the financial effect on the studios? We can answer these questions with a simple economic model; but that[base ']s a topic for another day.

Share This

[Freedom to Tinker]

New E-Commerce Identity Tag Makes Online Debut.

Mon, 15 Jan 2007 04:34:26 GMT

New E-Commerce Identity Tag Makes Online Debut.

A long-promised technology for helping consumers verify the legitimacy of commercial Web sites made its debut on the Internet Friday: Visit online security company Entrust's login page with Microsoft's Internet Explorer 7 Web browser and you'll notice that the address bar has turned from white to green.

Entrust's site appears to be the first to feature what are being called "extended validation certificates," a development that is equal parts technology, process and collaboration. It comes in response to an epidemic of phishing attacks, or online scams in which bad guys erect Web sites that impersonate trusted e-commerce and banking sites in order to trick users into revealing personal and financial data.

"EV certs," as they're known in the industry, are meant to serve as a more user-friendly version of secure-sockets layer (SSL) certificates, the digital placards long handed out by Entrust and other "certificate authorities" that are meant to signify to consumers that they are on a site that uses encryption technology. The goal is to assure visitors that unauthorized third parties can't intercept user names, passwords, and other sensitive data that consumers enter when shopping or banking online.

SSL certs also have been touted as a means of helping consumers verify that they are truly at Ebay.com or some other commercial site, not at some clever fake. The problem is that most consumers don't know how to read the more relevant, technical information contained in an SSL cert. What's more -- the scam artists themselves have even begun purchasing and using SSL certs in an effort to make their sites appear more legitimate.

Hence, the idea for EV Certs. Unlike most processes for obtaining a regular SSL -- which are largely automated and often can be issued the same day they are purchased -- issuers of EV certs are supposed to do a lot more background checking into the entity that's requesting an EV cert, a process that can take several weeks.

The idea with EV certs is that when you log in to your bank's Web site, you should notice the browser's address bar turning green. If you single click on the lock icon, it will pop up a box that has a bit more information about which certificate authority vouched for the identity of the site. Visitors who aren't convinced can click on a link that brings up the more technical information on the certificate, or a link to IE7's "Help" page that has a long lists of answers that might pop up in the visitor's mind.

The benefit from these certs won't be fully realized until a lot more sites implement them, and more importantly until the general public has had a chance to become familiar enough with the certs that they begin to look for them. But here's where it gets a bit tricky. These new and improved EV certs are quite a bit more expensive than SSL certs: Entrust plans to sell its EV certs at $499 apiece per year (and that's its "intro price"), whereas its regular SSL certs sell for about $150 (and you can find SSL certs for much cheaper elsewhere). Verisign, the world's largest and probably most recognizable SSL provider, has set its price for EV certs starting at a hefty $1,300 per year.

All of which raises some questions. Where does the small mom-and-pop-shop fit into this brave new world? If the average Web surfer (i.e., IE user) becomes accustomed to seeing green browser bars at Ebay.com, what will they think of Bargainwidgets.com if their login page isn't tinted by the familiar green address bar?

Also, what about the bank Web sites, which Security Fix and others have taken to task for confusing average consumers? For years, the banks trained customers to look for the little "padlock icon" in the corner of their Web browser window. Over the past couple of years, however, many of the nation's largest financial institutions have done away with the padlock on their home pages in the name of convenience and costs savings. On a number of banking sites, you don't see that padlock until you click on the "login" link or click on a separate portion of the bank's site. It will be interesting to see whether the banks adapt their policies yet again to accommodate the increased recognition that may be afforded to them through EV certs.

Meantime, the folks at Mozilla say they are hard at work on a new version of Firefox that can accommodate EV certs, but it may be some time yet before that becomes a reality (that's based on interviews with them...there may indeed be other browser makers who are ready to roll this out, I just don't know).

Of course, it is possible that phishers may figure out a way to fake the green address bar at some point. At any rate, please drop me a line or leave something in the comments section below if -- in the days after reading this post -- your bank or other sites you do business with roll out this technology.

[Security Fix]

AACS: Game Theory of Blacklisting.

Sat, 13 Jan 2007 03:13:31 GMT

AACS: Game Theory of Blacklisting.

This is the fourth post in our series on AACS, the encryption scheme used for HD-DVD and Blu-Ray discs. (Part 1, part 2, part 3)

We've already discussed how it's possible to reverse engineer an AACS-compatible player to extract its secret set of device keys. With these device keys you can extract the title key from any disc the player can play, and the title key allows anyone else with the same disc to decrypt the movie. Yesterday we explained how the AACS central authority has the ability to blacklist compromised device keys so that they can't be used to decrypt any discs produced in the future. This defense is limited in two obvious ways: the central authority needs to know which keys have been compromised in order to put them on the blacklist, and this only protects future discs, not ones that have already been produced.

It turns out there's a third way in which blacklisting is limited. Counterintuitively, it is sometimes in the central authority's best interest not to blacklist a compromised device key even when they have the ability to do so.

We can model one such scenario as a simple game between the central authority and an attacker. Suppose there is only one attacker who has compromised a single player and extracted its device keys. Initially, he keeps the device keys secret (for fear they will be blacklisted), but he and his friends acquire some number of discs every week and post the title keys on the web. Let's also suppose that the central authority has enough resources to infiltrate this cabal and learn which player has been cracked, so that they can blacklist the device keys if they wish.

The authority faces a very interesting dilemma: if it does blacklist the keys, the attacker will have no reason to keep them secret any longer. He will publish them, irrevocably breaking the encryption on all previously released discs. If the authority doesn't blacklist the keys, the attacker will continue to trickle out title keys for certain movies, but the rest will remain secure.

In other words, the authority needs to weigh the value of continuing to protect all the old discs for which title keys have not been published against the value of protecting the new releases that will be cracked if it doesn't blacklist the keys. The result is that the central authority will need to exercise more restraint than we would naively expect when it comes to blacklisting. Once attackers realize this, they will adjust how quickly they release title keys until they are just below the threshold where the authority would resort to blacklisting.

Things get even more interesting if we consider a more realistic scenario where different players are gradually cracked over time. We'll write more about that next week.

Share This

[Freedom to Tinker]

Wikileaks - Anonymous Whistle-Blowing.

Fri, 12 Jan 2007 02:26:26 GMT

Wikileaks [~] Anonymous Whistle-Blowing. too_old_to_be_irate writes to tell us about a site that word got out on before they were ready. Wikileaks aims to be an anonymous and uncensorable repository of leaked documents, posted for commentary by interested parties. It's expected to go live in a month or two. From the site: "Wikileaks is developing an uncensorable version of Wikipedia for untraceable mass document leaking and analysis. Our primary interests are oppressive regimes in Asia, the former Soviet bloc, Sub-Saharan Africa and the Middle East, but we also expect to be of assistance to those in the west who wish to reveal unethical behavior in their own governments and corporations. We aim for maximum political impact; this means our interface is identical to Wikipedia and usable by non-technical people. We have received over 1.1 million documents so far from dissident communities and anonymous sources." [Slashdot]

Felten: Next Gen DVD DRM Will Be Broken Wide Open.

Fri, 12 Jan 2007 02:08:17 GMT

Felten: Next Gen DVD DRM Will Be Broken Wide Open.

HD-DVD and Blu Ray discs haven't been on the market for long, but a tool called BackupHDDVD is already available to help users evade the discs' DRM. Is this tool the end of the AACS encryption scheme, or will the movie studios be able to repair the hole? Computer security experts Ed Felten and Alex Halderman have the answer in a series of posts that puts in layman's terms how AACS works and how it might be attacked.

The bottom line: "[BackupHDDVD] isn't a big deal by itself, but it is the first step in the meltdown of AACS."

[EFF: Deep Links]

AACS: Blacklisting, Oracles, and Traitor Tracing.

Thu, 11 Jan 2007 20:37:11 GMT

AACS: Blacklisting, Oracles, and Traitor Tracing.

This is the third post in our discussion of AACS, the encryption scheme used for HD-DVD and Blu-Ray discs. Yesterday Ed explained how it is possible to reverse-engineer a player to learn its secret device keys. With the device keys, you can extract the title key for any disc that the device can play. Anybody with the same disc can use this title key to decrypt the movie.

We[base ']Äôve already talked about two scenarios where this information could be used for widespread circumvention. One possibility is for the attacker to keep the device keys to himself and publish title keys for discs he has access to. This means anyone can decrypt those discs, but other discs remain secure.

Another option is for the attacker to publish the device keys outright. That would let anyone decrypt any available disc, but it would also tell the AACS central authority which device keys were compromised. Once the central authority knows which device keys to target, it can blacklist those device keys.

Blacklisting in AACS works like this: disc producers can change the way new discs are encrypted so that the blacklisted device keys cannot decrypt the new discs[base '] headers and therefore cannot extract title keys or decrypt the movies. Of course, blacklisted device keys can still decrypt all the older titles they could before, since the data on old discs doesn[base ']Äôt magically change, but they can[base ']Äôt decipher any new discs.

Blacklisting would be a PR and business disaster if it meant a lot of consumers had to throw away their fancy players as a result of a crack. That[base ']Äôs why AACS allows each individual player to be assigned its own unique set of device keys that can be uniquely blacklisted without adversely affecting other players.

(Some serious crypto wizardry is required to enable a huge number of distinct device keys with surgically precise blacklisting, while keeping device memories and disc headers manageably small.)

Can blacklisting be avoided? Here[base ']Äôs one way an attacker might try: He could keep his device keys secret and create a web site where people can upload header information from discs they want to decrypt. Then he would use his device keys to extract the title keys for those headers and post the title keys back to the site[~]a sophisticated attacker might automate this process. Cryptographers call this kind of site a decryption oracle.

As it turns out, the designers of AACS anticipated decryption oracles, so the system includes a way to track down and blacklist the device keys used to operate them. This process is called [base ']Äútraitor tracing,[base ']Äù and it works roughly like this: The central authority creates a phony disc header that can be decrypted by about half of the possible devices. (They just need the header, so there[base ']Äôs no need to press an actual disc.) They upload this to the oracle and see whether it can find the title key. The result lets the authority narrow down which devices the oracle[base ']s keys might have come from. The authority repeats the process, creating a new header that will reduce the set of suspects by half again. With a few of these probes, the authority can home in on the oracle[base ']s device keys.

(The full story is more complicated. The oracle might know keys from more than one device; it might try to trick the authority by pretending it can[base ']t decrypt certain headers when it really can; it might try to detect the authority[base ']s probing and change its behavior; and so on. Regardless, the authority can use a sequence of probes to devise a blacklist that will make new discs immune to decryption by the oracle, without affecting noncompromised players.)

The upshot is that if the attacker makes an oracle available to the public, the central authority can render the oracle useless for future discs. However, a clever attacker has another surprisingly effective strategy: limiting who can submit queries to his oracle. We[base ']Äôll have more on that in tomorrow[base ']Äôs post.

Share This

[Freedom to Tinker]

AACS: Extracting and Using Keys.

Wed, 10 Jan 2007 19:17:50 GMT

AACS: Extracting and Using Keys.

Let[base ']s continue our discussion of AACS (the encryption scheme used on HD-DVD and Blu-Ray discs) and how it is starting to break down. In Monday[base ']s post I gave some background on AACS and the newly released BackupHDDVD tool.

Recall that AACS decryption goes in two steps. First, the player device uses its device keys to decrypt the disc[base ']s header, thereby getting a title key that is unique to the disc. Then the player uses the title key to decrypt the movie. The BackupHDDVD program does only the second step, so it is worthless unless you can somehow get the title key of the disc you want to access.

But decryption tools will evolve. Somebody will make an online database of title keys, and will modify BackupHDDVD so it automatically consults that database and gets the title keys it needs. This new decryption program will be able to decrypt any disc whose title key appears in the database. This decryption software and database don[base ']t exist yet, but they seem inevitable.

It[base ']s interesting to compare this system with an alternative that distributes decrypted movies. One difference is that a 16-byte title key is much smaller and easier to distribute than a huge movie file [~] even a dialup line will be able to download title keys in the blink of an eye. Of course, the title key is useful only if you have access to a disc (or a copy of the full encrypted contents of a disc), so some kinds of infringement will be easier with movie files than with title keys. Title keys will, however, be enough to enable in-home fair use.

But where will title keys come from? Probably they[base ']ll be captured by reverse-engineering a player. Every player device, when decrypting a disc, must recover the title key and store it somewhere in the player[base ']s memory, so that the title key can be used to decrypt the movie[base ']s contents. A skilled engineer who works hard enough will be able to find and extract that stored title key. This will probably be easier to do for software players that run on PCs, and somewhat more difficult for dedicated player boxes; but in either case it will be possible. An engineer who extracts a key can upload it to the online database or share it with his friends.

There are economies of scale in key extraction. Having extracted the title keys for a few discs, the engineer will learn how and where the keys can be found and will have a much easier time extracting keys from other discs. Eventually, the extraction might be automated, so he need only insert a disc into his player and then activate a key-extractor device (or program) that he built.

Alternatively, he might try to extract the device keys from his player device. If he can do this, then he can write a software program that can do everything his player can do, including decrypting disc headers and extracting title keys from them. In other words, his program will be able to do both steps of AACS decryption.

Once he has device keys, he could in principle publish them (or equivalently publish a program containing them), thereby allowing everybody to extract title keys and decrypt discs. But if he does this, the AACS central authority will learn which device keys he is using and will blacklist those keys, which will prevent those keys from decrypting discs manufactured in the future. (The next post will discuss the blacklisting mechanism in more detail.)

So the engineer, if he is clever, won[base ']t necessarily publish everything he knows. The more he publishes, the more he helps others freely use their discs [~] but the more he also helps the central authority fight back. This leads to an interesting strategic game between the engineer and the central authority, which we[base ']ll explore in the next post.

Share This

[Freedom to Tinker]

CES 2007: The (Hopefully) Eternal Analog Hole.

Wed, 10 Jan 2007 00:48:48 GMT

CES 2007: The (Hopefully) Eternal Analog Hole.

If you want to liberate your media from its DRM chains without circumventing them, you are increasingly dependent on the analog hole (all your digital outputs are belong to Hollywood, right?).

We've already talked up the Neuros MPEG4 Recorder on this blog, and at CES we found a similar device called the iRecord. You can record any analog video or audio output direct to your iPod or PSP using this gadget. While Hollywood says it's illegal for you to rip your DVD to your iPod, you can copy the DVD this way. (And how else are you going to get your shows from your TiVo Series 3 to your iPod? Hollywood and the cable companies killed TiVoToGo on the Series 3, you'll recall.)

Here's another cool CES product that depends on the analog hole: the Slingbox Pro (now with component analog inputs, so you can digitize and sling your HD video content to yourself over the internet).

And one more: the SanDisk V-Mate Video Memory Card Recorder SDVM1, a video memory card recorder similar to the Neuros MPEG4 Recorder we reviewed.

All these devices are about placeshifting (aka spaceshifting), and all of them depend on the analog hole. Hollywood doesn't want you to have this capability (at least until you pay extra for it). So we expect Hollywood will be back at work in DC this year trying to get laws passed to plug the analog hole. Stay tuned.

[EFF: Deep Links]

Hack Will Help Kill HD DVD Copy Protection.

Wed, 10 Jan 2007 00:43:35 GMT

Hack Will Help Kill HD DVD Copy Protection. New video decryption software is "the first step in the meltdown of AACS," Princeton researchers say. [PC World: Latest Technology News]

Elliptic Curve Cryptography.

Sat, 06 Jan 2007 20:53:34 GMT

Elliptic Curve Cryptography. This paper, written by Annop MS, gives an introduction to elliptic curve cryptography (ECC) and how it is used in the implementation of digital signature (ECDSA) and key agreement (ECDH) Algorithms. He also discusses the implementation of ECC on two finite fields, prime field and binary field. This paper also gives an overview of ECC implementation on different coordinate systems called the projective coordinate systems and the basics of prime and binary field arithmetic. By Anoop MS. [Infosec Writers Latest Security Papers]

HD DVD's AACS Protection Bypassed.

Tue, 02 Jan 2007 02:06:39 GMT

HD DVD's AACS Protection Bypassed. Mr. BS writes "Playfuls.com is running a story how HD DVD's AACS protection has been compromised. Although the video of the hack leaves much to be desired, the source code has already been made available. Feel free to start backing up your HD DVD's whenever you feel the need."[Slashdot: Your Rights Online]

Year-end 2006, Darknet Assumptions = True.

Tue, 02 Jan 2007 01:53:32 GMT

Year-end 2006, Darknet Assumptions = True.

Way back in November 2002, a set of Microsoft's senior-most security engineers wrote a paper that has come to be known as "the Microsoft Darknet Paper" (the company never endorsed it -- this was independent scholarship by the engineers). The paper explained why DRM for popular entertainment content would never work, so long as three assumptions remained true:

1. Any widely distributed object will be available to a fraction of users in a form that permits copying.
2. Users will copy objects if it is possible and interesting to do so.
3. Users are connected by high-bandwidth channels.

As we ring in 2007, here are a few year-end stories that illustrate, yet again, that the Darknet Assumptions remain vividly, indisputably, true.

Assumption #1: AACS DRM Cracked by BackupHDDVD Tool? All it takes is one leak, and DRM always leaks.

Assumption #2: 2.6 billion blank CDs were sold in 2006, as compared to 588 million CDs of recorded music, says the Philadelphia Inquirer. By the end of 2006, Apple will have sold a total of approximately 80 million iPods. Audio and video features are now a standard feature on hard-drive enclosures and in network attached storage (NAS) solutions; in fact, inexpensive routers and NAS enclosures now include Bit Torrent clients, so that the downloading can continue, even when your computer is turned off.

Assumption #3: A year-end review of trends in file-sharing, courtesy of Seattle Weekly, explains that users aren't just relying on P2P networks anymore, thanks to sharity blogs, YouTube (now downloadable, thanks to software tools), MySpace (again, downloadable), CD-Rs, and wireless sharing (ala Zune). And, according to Nielsen/NetRatings, 78% of Amercian Internet users now have high-speed connections at home, up from 65% in 2005.

[EFF: Deep Links]

Computers, Freedom and Privacy - Montreal, May 1-4 2007

Thu, 28 Dec 2006 23:41:06 GMT

Come to CFP2007 in Montreal, May 1-4 2007. There's a lot at stake.

Computers, Freedom and Privacy 2007 - Call For Proposals

Thu, 28 Dec 2006 23:37:58 GMT

Call For Proposals - The deadline for proposals is January 20, 2006

The Program Committee of the Seventeenth Conference on Computers, Freedom, and Privacy (CFP2007) seeks your proposals for innovative conference sessions and speakers.

Behind the Magic of Anti-Censorship Software.

Thu, 21 Dec 2006 15:07:27 GMT

Behind the Magic of Anti-Censorship Software. Regular Slashdot contributor Bennett Haselton writes in to say "The December 1st release of Psiphon has sparked renewed interest in the various software programs that can help circumvent Internet censorship in China, Iran, and other censored countries. (Some of this interest undoubtedly being motivated by the fact that many of these programs also work for getting around blocking software at work or school.) Have you ever wanted to understand the science behind these programs, the way that mathematicians and codebreakers understand the magic behind PGP? If you loved the mental workout of reading "Applied Cryptography", have you ever wanted a tutorial to do the same for Psiphon and Tor and other anti-censorship programs?" The rest of his editorial follows. [Slashdot: Your Rights Online]

DRM 'Too Complicated' Says Gates.

Mon, 18 Dec 2006 21:02:32 GMT

DRM 'Too Complicated' Says Gates. arbirk writes "BBC News is reporting on comments made by Bill Gates concerning DRM. It seems he has got the point (DRM is bad for consumers), but that opinion differs widely from the approach taken by Microsoft on Zune and their other music related products. The comments were originally posted on Micro Persuasion. The article also has a take on Apple's DRM." --- From the BBC article: "Microsoft is one of the biggest exponents of DRM, which is used to protect music and video files on lots of different online services, including Napster and the Zune store. Blogger Michael Arrington, of Techcrunch.com, said Bill Gates' short-term advice for people wanting to transfer songs from one system to another was to 'buy a CD and rip it'. Most CDs do not have any copy protection and can be copied to a PC and to an MP3 player easily and, in the United States at least, legally." [Slashdot: Your Rights Online]

BBC NEWS | Programmes | Click | ePassports 'at risk' from cloning

Mon, 18 Dec 2006 20:03:48 GMT

So when Lukas Grunwald and Christian Bottger realised they could clone the new ePassport they were pretty sure it would be identical to the original, and undetectable. So how did they do it?

The chip inside the ePassport is a Radio Frequency Identification (RFID) chip of the type poised to replace the barcode in supermarkets.

A new British biometric European Union passport, which is embedded with a microchip
The 'enhanced' security features of ePassports are being questioned

The good thing about RFID chips is that they emit radio signals that can be read at a short distance by an electronic reader.

But this is also the bad thing about them because, as Lukas demonstrated to me, he can easily download the data from his passport using an RFID reader he got for 200 Euros on eBay.

Lukas is less forthcoming about where he got what is called the Golden Reader Tool, it is the software used by border police and it allows him to read the chip on his ePassport, including the photo.

Now for the clever bit. Thanks to a software he himself has developed, called RFdump, he downloads the passport's data onto his computer and then onto a blank chip.

Using a standard off-the-shelf component you can just buy at a component store you can have a cloned ePassport in less than five minutes.

Would You Trust RFID-Enabled ATM Cards?

Wed, 06 Dec 2006 12:22:16 GMT

Would You Trust RFID-Enabled ATM Cards? race_k2 asks: "As a regular Slashdot reader I've followed the development and implementation of RFID devices in many ubiquitous areas such as clothing, passports and even people. Given that our environment is becoming increasingly tagged, often without our knowledge or consent, and can be monitored or hacked by anyone with the proper hardware, skills and motivation, I viewed the recent arrival of two new ATM cards containing RFID chips with skepticism. While this feature may bring the increased convenience of speedy checkouts, it is not something I am completely comfortable using and decided that the safety of my personal data was more important than the ability to buy things quickly. The vulnerable nature of RFID security coupled with recent, though unrelated, reports of a Possible Security Flaw In ATMs make me seriously question whether the marriage of wireless data transfer with personal finance is a wise application of technology." --- So race's question basically boils down to: How safe and secure are the RFID chips that are being embedded in debit and credit cards? To add another issue on to the fire: Would you trust RFID technology on your cards? [Slashdot: Your Rights Online]

In Memoriam: Peter Junger, Digital Freedom Fighter.

Fri, 01 Dec 2006 19:57:13 GMT

In Memoriam: Peter Junger, Digital Freedom Fighter.

Last week, digital freedom fighter Peter Junger passed away. Peter was a truly pioneering legal thinker on digital issues, and his impact was felt far outside the walls of academia. In particular, we all owe him a debt of gratitude for challenging the government's draconian restrictions on encryption and helping to establish that code is speech protected by the First Amendment.

Today, strong encryption is taken for granted, whether it's keeping snoops out of your Internet communications, protecting your credit card number when you shop online, or otherwise securing your privacy. But when Peter filed his lawsuit a decade ago, export controls treated encryption as a dangerous weapon; in turn, Peter and other researchers who wanted to publish encryption code were akin to arms dealers. In 2000, the Sixth Circuit Court of Appeals held that these restrictions demanded scrutiny under the First Amendment. At the time, EFF was challenging the export controls in Bernstein v. US, and we also supported Peter in his efforts.

In Junger v. Daley and beyond, Peter was fearless. His contributions to the fight for digital freedom will be sorely missed and forever celebrated.

News.com writer Declan McCullagh posted some of his own memories here.

[EFF: Deep Links]

Web browsing behind closed doors.

Wed, 29 Nov 2006 19:13:23 GMT

Web browsing behind closed doors.

Psiphon bypasses government censors

Canadian developers will next month release a tool to bypass government-enforced restrictions on web browsing in countries like China, Syria and Iran.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

How to protect your mobile data.

Mon, 27 Nov 2006 16:39:07 GMT

How to protect your mobile data. It was two close calls that changed how Rob Israel thought about encrypting the data on his users' laptops. [CSO Online Data Security Briefing]

New DMCA Exemptions Granted.

Mon, 27 Nov 2006 16:31:46 GMT

New DMCA Exemptions Granted.

The Copyright Office/Library of Congress today issued its determination in the latest triennial DMCA exemption rule-making. Six exemptions were granted, the largest number so far.

Persons making noninfringing uses of the following six classes of works will not be subject to the prohibition against circumventing access controls (17 U.S.C. § 1201(a)(1)) during the next three years.
1. Audiovisual works included in the educational library of a college or university[base ']s film or media studies department, when circumvention is accomplished for the purpose of making compilations of portions of those works for educational use in the classroom by media studies or film professors.

2. Computer programs and video games distributed in formats that have become obsolete and that require the original media or hardware as a condition of access, when circumvention is accomplished for the purpose of preservation or archival reproduction of published digital works by a library or archive. A format shall be considered obsolete if the machine or system necessary to render perceptible a work stored in that format is no longer manufactured or is no longer reasonably available in the commercial marketplace.

3. Computer programs protected by dongles that prevent access due to malfunction or damage and which are obsolete. A dongle shall be considered obsolete if it is no longer manufactured or if a replacement or repair is no longer reasonably available in the commercial marketplace.

4. Literary works distributed in ebook format when all existing ebook editions of the work (including digital text editions made available by authorized entities) contain access controls that prevent the enabling either of the book[base ']s read-aloud function or of screen readers that render the text into a specialized format.

5. Computer programs in the form of firmware that enable wireless telephone handsets to connect to a wireless telephone communication network, when circumvention is accomplished for the sole purpose of lawfully connecting to a wireless telephone communication network.

6. Sound recordings, and audiovisual works associated with those sound recordings, distributed in compact disc format and protected by technological protection measures that control access to lawfully purchased works and create or exploit security flaws or vulnerabilities that compromise the security of personal computers, when circumvention is accomplished solely for the purpose of good faith testing, investigating, or correcting such security flaws or vulnerabilities.

Unfortunately, just as we predicted, all the proposed exemptions that would benefit consumers were denied (space-shifting, region coding, backing up DVDs). So, while we're pleased that film professors, archivists, cellphone recyclers, and security researchers were able to successfully navigate the exemption process, it appears that digital consumers still have no choice but to get Congress to amend the DMCA. We look forward to Rep. Rick Boucher reintroducing his DMCA reform bill, H.R. 1201, in the new Congress next year.

[EFF: Deep Links]

Slashdot | Trusted or Treacherous Computing?

Sat, 25 Nov 2006 01:01:19 GMT

theodp writes "Just because Richard Stallman is paranoid doesn't mean Microsoft's not out to get you. For a hint about the possible end-game of Microsoft's Trusted Computing Initiative, check out the patent application published Thanksgiving Day for Trusted License Removal, in which Microsoft describes how to revoke rights to render based on 'who the user is, where the user is located, what type of computing device or other playback device the user is using, what rendering application is calling the copy protection system, the date, the time, etc.' So much for Microsoft's you-should-have-control assurances."

Copyright Office grants 6 exemptions for circumventing DRM.

Fri, 24 Nov 2006 22:58:26 GMT

The Copyright Office today granted 6 exemptions to 17 USC Â§ 1201(a)(1), effective for the next three years, that allow end-users to circumvent technological protection measures in order to make noninfringing uses of certain works.

Two of the exemptions are particularly noteworthy. They are:

1. Audiovisual works included in the educational library of a college or universityâo[dot accent]s film or media studies department, when circumvention is accomplished for the purpose of making compilations of portions of those works for educational use in the classroom by media studies or film professors.

6. Sound recordings, and audiovisual works associated with those sound recordings, distributed in compact disc format and protected by technological protection measures that control access to lawfully purchased works and create or exploit security flaws or vulnerabilities that compromise the security of personal computers, when circumvention is accomplished solely for the purpose of good faith testing, investigating, or correcting such security flaws or vulnerabilities.

This represents a substantial shift in the Copyright Office[base ']s interpretation of Section 1201. (More after the break.)

[Public Knowledge - Policy Blog]

Shock, horror, outrage - biometric passport data snooped, again.

Wed, 22 Nov 2006 03:48:15 GMT

Shock, horror, outrage - biometric passport data snooped, again.

Insecurity as a design feature...

The biometric passport has been 'cracked' again - but it's the same crack as the old crack (which is not exactly a crack). This time it's the new UK passport, and Liberal Home Affairs spokesman Nick Clegg is calling for the urgent recall of all the 3 million that have already been issued.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

What DVD Jon's iPod crack means for you.

Fri, 10 Nov 2006 22:43:49 GMT

What DVD Jon's iPod crack means for you.

Everybody's happy nowadays

Analysis As we reported three weeks ago, reverse-engineering specialist "DVD" Jon Johansen has decoded the encryption that locks down iTunes-purchased music - and he's formed a company to license this to all-comers. Now Johansen has reverse-engineered rival DRM formats, permitting encrypted songs purchased from Apple rivals to play on iPods.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Privacy and Security Law Blog: Confidential Information Should Be Encrypted or Not Stored on Laptops

Fri, 10 Nov 2006 22:31:52 GMT

81% of U.S. businesses surveyed this year reported that, in the previous 12 months, at least one of their laptops or other portable electronic devices had been lost or stolen. U.S. Survey: Confidential Data at Risk, 5 Privacy & Security Law Report 1162 (2006). When a laptop is lost or stolen, unencrypted data on the computer can easily be accessed. Even if a user name and password are needed to sign on to the laptop, the hard drive can be removed in a few seconds and all data on the hard drive can be copied to another computer or to a storage device in minutes.

Despite the high risk sensitive data may be obtained from lost or stolen laptops, many businesses continue to allow employees to store such information on laptops and to take the laptops home, on business trips, and on vacations. Business managers should consider whether their current laptop security practices are sufficient. If a business' trade secrets, attorney-client privileged information, customer lists, or financial information are obtained from a lost or stolen laptop, affected shareholders, employees, or business partners may argue that the business failed to take adequate steps to safeguard the data.

Avivah Litan, vice president and analyst at the Gartner Group, said in a recent interview: "Frankly, there is no excuse anymore not to encrypt data on laptops and mobile devices. . . . The cost for laptop encryption is $40 or less per laptop. . . . [T]here is no excuse today. It is really bordering on negligence." An Interview with Experts on the Cost of Ensuring Data Security, 6 Privacy Advisor 20, 23 (2006). Every company with sensitive data on mobile devices should consider whether the data should be encrypted.

'Supercerts' Aim to Highlight Legit Web Sites.

Fri, 10 Nov 2006 01:37:54 GMT

'Supercerts' Aim to Highlight Legit Web Sites.

Over the past couple of years, dozens of companies have rolled out technologies designed to help computer users and companies better spot "phishing" scams -- Web sites that try to trick people into giving away financial and personal data. But what about helping users tell for certain that when their browser tells them that they are at, say, BankofAmerica.com, that they're really at the bank's official Web site and not at some scam site?

That's precisely the aim of CA/Browserforum, a security effort by the major Web browser makers and certificate authorities, or companies who sell and issue Web site security certificates.

Today, pretty much any Web site owner can plunk down between $150 to $400 and purchase a secure sockets layer (SSL) certificate, a technology designed not only to protect the integrity of data submitted by customers but also to give visitors a modicum of assurance that the site takes their security seriously. By clicking on the little padlock icon in the browser that accompanies all SSL certified sites, visitors also can gain more assurances that the SSL holder is a legitimate company and that it at least has been vetted by a certification authority to some degree.

The problem is that hardly anyone knows to check the data included in SSL certs, and even then making sense of it all is probably beyond the grasp of the average computer user. In addition, phishers increasingly are buying and incorporating SSL certs to make their scam sites appear more legitimate. Worse still, the checks that the certificate authorities currently do to verify that those seeking SSL certs have a legitimate claim to the Web site name listed on the requested cert are largely automated and not terribly hard to fool. In February, Security Fix wrote about a phishing scam that had applied for and received an SSL cert for an actual credit union in Utah.

CA/Browserforum aims to create a market for a kind of "supercert" known as "extended validation" SSL certificates. EVSSL certs would cost quite a bit more but in theory also include more rigorous vetting of the identity and legitimacy of any requesting entity. More importantly, by working with browser makers Microsoft, Mozilla, Opera Software and KDE, the two groups can agree on standardized methods for modifying the display of the visitor's browser Window in more obvious ways to let users know when they are at the legitimate site of a super-cert holder. For example, the browser could be made to turn green around the address bar when the user visits what the browser recognizes as the real Bank of America site.

Bruce Schneier, a cryptography expert and chief technology officer for Counterpane Internet Security, applauded the goals of the CA/Browserforum, calling the current SSL cert validation process "laughable."

"It's a serious problem that people on the 'Net don't know the difference between a real Web site and a clever fake," Schneier said. "I think laying this infrastructure could be useful along with other things in the browser to make it more obvious," when users are at a legitimate site, he said. "This is a big problem, and this is a piece of the solution, not the solution by itself."

[Security Fix]

30 Years of Public Key Cryptography.

Wed, 01 Nov 2006 07:04:08 GMT

30 Years of Public Key Cryptography. An anonymous reader writes "Public key crypto turned 30 last night, and the biggest names in crypto turned out to celebrate at an event hosted at the Computer History Museum. Voltage Security teamed with RSA to bring together some of the most famous cryptographers of yesterday (Whitfield Diffie and Martin Hellman) and today (Dan Boneh), along with luminaries Ray Ozzie, Brian Snow, and Jim Bidzos. From the ZDNet article: 'NYT reporter John Markoff, who has covered Silicon Valley for 30 years, was master of ceremonies, and started off by saying that no technology has had a more profound impact than cryptography, and that public-key cryptography has been underappreciated for its role in the Internet. Without public key cryptography, ecommerce would be an idea as opposed to an enabler of billions of daily transactions.' You can view the podcast and pictures of the event at the Voltage Security site.."[Slashdot]

Seagate Readies Secure Drive.

Mon, 30 Oct 2006 18:21:06 GMT

Seagate Readies Secure Drive. Automatically encrypted Momentus is aimed at laptops containing sensitive data. [PC World: Latest Technology News]