l33t haX0r

Joined September 2020

Signal provides a free, cross-platform private messenger app. Folks in all kinds of unsafe situations rely on Signal, as a highly visible and popular app which the security and privacy professional communities endorse. Journalists rely on Signal to ensure confidential communication with their sources.

What privacy guarantees does one really have though if you can’t prove the identity of who you’re communicating with?

RISC-V is a promising open-source architecture primarily targeted for embedded systems. Programs compiled using the RISC-V toolchain can run bare-metal on the system,and, as such, can be vulnerable to several memory corruption vulnerabilities. In this work, we present HeapSafe, a lightweight hardware assisted heap-buffer protection scheme to mitigate heap overflow and use-after-free vulnerabilities in a RISC-VSoC. The proposed scheme tags pointers associated with heap buffers with metadata indices and enforces tag propagation for commonly used pointer operations. The HeapSafe hardware is decoupled from the core and is designed as a configurable coprocessor and is responsible for validating the heap buffer accesses. Benchmark results show a 1.5X performance overhead and 1.59% area overhead, while being 22% faster than a software protection. We further implemented a HeapSafe-nb, an asynchronous validation design, which improves performance by27% over the synchronous HeapSafe.

Read More

The US White House recently released its Executive Order (EO) on Improving the Nation’s Cybersecurity (along with a press call) to counter “persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.”

In this post, we’ll show what the Linux Foundation’s communities have already built that support this EO and note some other ways to assist in the future. But first, let’s put things in context.

Read More

Modern ransomware has two dimensions: pay to get your data back, and pay not to have your data dumped on the Internet. The DC police are the victims of this ransomware, and the criminals have just posted personnel records — “including the results of psychological assessments and polygraph tests; driver’s license images; fingerprints; social security numbers; dates of birth; and residential, financial, and marriage histories” — for two dozen police officers.

The negotiations don’t seem to be doing well. The criminals want $4M. The DC police offered them $100,000.

The Colonial Pipeline is another current high-profile ransomware victim. (Brian Krebs has some good information on DarkSide, the criminal group behind that attack.) So is Vastaamo, a Finnish mental heal clinic. Criminals contacted the individual patients and demanded payment, and then dumped their personal psychological information online.

An industry group called the Institute for Security and Technology (no, I haven’t heard of it before, either) just released a comprehensive report on combating ransomware. It has a “comprehensive plan of action,” which isn’t much different from anything most of us can propose. Solving this is not easy. Ransomware is big business, made possible by insecure networks that allow criminals to gain access to networks in the first place, and cryptocurrencies that allow for payments that governments cannot interdict. Ransomware has become the most profitable cybercrime business model, and until we solve those two problems, that’s not going to change.

Read More

One of the factors contributing to Counter-Strike Global Offensive’s (herein “CS:GO”) massive popularity is the ability for anyone to host their own community server. These community servers are free to download and install and allow for a high grade of customization. Server administrators can create and utilize custom assets such as maps, allowing for innovative game modes.

However, this design choice opens up a large attack surface. Players can connect to potentially malicious servers, exchanging complex game messages and binary assets such as textures.

We’ve managed to find and exploit two bugs that, when combined, lead to reliable remote code execution on a player’s machine when connecting to our malicious server. The first bug is an information leak that enabled us to break ASLR in the client’s game process. The second bug is an out-of-bounds access of a global array in the .data section of one of the game’s loaded modules, leading to control over the instruction pointer.

Read More

While most of the NTPsec team was off at Penguicon, the NTP Classic people shipped a release patched for eleven security vulnerabilities in their code. Which might have been pretty embarrassing, if those vulnerabilities were in our code, too. People would be right to wonder, given NTPsec’s security focus, why we didn’t catch all these sooner.

In fact, we actually did pre-empt most of them. The attack surface that eight of these eleven security bugs penetrate isn’t present at all in NTPsec. The vulnerabilities were in bloat and obsolete features we’ve long since removed, like the Mode 7 control channel.

I’m making a big deal about this because it illustrates a general point. One of the most effective ways to harden your code against attack – perhaps the most effective – is to reduce its attack surface.

Thus, NTPsec’s strategy all along has centered on aggressive cruft removal. This strategy has been working extremely well. Back in January our 0.1 release dodged two CVEs because of code we had already removed. This time it was eight foreclosed – and I’m pretty sure it won’t be the last time, either. If only because I ripped out Autokey on Sunday, a notorious nest of bugs.

Simplify, cut, discard. It’s often better hardening than anything else you can do. The percentage of NTP Classic code removed from NTPsec is up to 58% now, and could easily hit 2/3rds before we’re done,

Read More

Since initially surfacing in August 2020, the creators of DARKSIDE ransomware and their affiliates have launched a global crime spree affecting organizations in more than 15 countries and multiple industry verticals. Like many of their peers, these actors conduct multifaceted extortion where data is both exfiltrated and encrypted in place, allowing them to demand payment for unlocking and the non-release of stolen data to exert more pressure on victims.

The origins of these incidents are not monolithic. DARKSIDE ransomware operates as a ransomware-as-a-service (RaaS) wherein profit is shared between its owners and partners, or affiliates, who provide access to organizations and deploy the ransomware. Mandiant currently tracks multiple threat clusters that have deployed this ransomware, which is consistent with multiple affiliates using DARKSIDE. These clusters demonstrated varying levels of technical sophistication throughout intrusions. While the threat actors commonly relied on commercially available and legitimate tools to facilitate various stages of their operations, at least one of the threat clusters also employed a now patched zero-day vulnerability.

Reporting on DARKSIDE has been available in advance of this blog post to users of Mandiant Advantage Free, a no-cost version of our threat intelligence platform.

Read More

Phew, don’t hold your breath. It’s like if they’re gambling on the requester passing away before they begin to agitate their derrière.

On the plus side, there was an actual response, not like some idiotic and/or disappointing [non-]replies I got from US and foreign authorities… At least John Young had a specific starting point reference for the records sought, but requesting “all documents pertaining to a letter written by X…” seems vague and risky. In my limited experience (as compared to the Cryptome über-professional), when you’re poking in the dark, the authority will either interpret your request so narrowly that it will claim that the information demanded doesn’t exist (despite your precautions), or reply with “buffer overflow”, or ask for “clarification”, depending on their mood that day.

Read More
May 11, 2021

The Android team has been working on introducing the Rust programming language into the Android Open Source Project (AOSP) since 2019 as a memory-safe alternative for platform native code development. As with any large project, introducing a new language requires careful consideration. For Android, one important area was assessing how to best fit Rust into Android’s build system. Currently this means the Soong build system (where the Rust support resides), but these design decisions and considerations are equally applicable for Bazel when AOSP migrates to that build system. This post discusses some of the key design considerations and resulting decisions we made in integrating Rust support into Android’s build system.

Read More
May 11, 2021

OpenSSH is on a roll. In February, OpenSSH 8.2 introduced first-class support for FIDO2 (née U2F) security keys, making hardware backed keys accessible for less than $20.

This is not some complicated PAM setup, or some janky cryptographic trick, but a proper public key type, where the private key is protected by the hardware token.

And it just works out of the box for USB security keys! No more tedious and unreliable gpg-agent setups, PKCS#11, or third-party agents.

We have been alerted about applications that use the root store provided by Mozilla for purposes other than what Mozilla’s root store is curated for. We provide a root store to be used for server authentication (TLS) and for digitally signed and encrypted email (S/MIME). Applications that use Mozilla’s root store for a purpose other than that have a critical security vulnerability. With the goal of improving the security ecosystem on the internet, below we clarify the correct and incorrect use of Mozilla’s root store, and provide tools for correct use.

Read More

What is going on? A new EU directive is currently making its way through the various EU bodies. This Proposal for directive on measures for high common level of cybersecurity across the Union is the successor of the initial attempt known as the NIS Directive.

This directive creates rules for “essential and important entities” so they adhere to minimum Cybersecurity standards. Although it is for now somewhat up in the air who exactly would count as such an entity, it is sure to include national telecommunication companies, Google and many other major communication hubs. Many of these are already regulated in various ways.

Surprisingly however, the European Commission version of the directive explicitly includes all the root servers, the infrastructure that keeps the internet alive.

Read More

The US government declared a state of emergency on Sunday after the largest fuel pipeline in the US was hit by a ransomware cyber-attack.

The Colonial Pipeline carries 2.5 million barrels a day - 45% of the East Coast’s supply of diesel, gasoline and jet fuel.

It was completely knocked offline by a cyber-criminal gang on Friday and is still working to restore service.

The emergency status enables fuel to be transported by road.

Experts say fuel prices are likely to rise 2-3% on Monday, but the impact will be far worse if it goes on for much longer.

Multiple sources have confirmed that the ransomware attack was caused by a cyber-criminal gang called Dark Side, who infiltrated Colonial’s network on Thursday and took almost 100GB of data hostage.

After seizing the data, the hackers locked the data on some computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the internet.

Read More

I discovered six 0days that allow a remote attacker to get full RCE on a box with no user interaction. MouseTrap is a suite of vulnerabilities and accompanying exploits that targets the RemoteMouse application and service. As of the release date 05/06/2021, the vulnerabilities have not been patched.

In September 2015, Apple managers had a dilemma on their hands: should, or should they not, notify 128 million iPhone users of what remains the worst mass iOS compromise on record? Ultimately, all evidence shows, they chose to keep quiet.

May 8, 2021

Mobile Station Modem (MSM) is an ongoing series of a 2G/3G/4G/5G-capable system on chips (SoC) designed by Qualcomm starting in the early 1990s. MSM has always been and will be a popular target for security research because hackers want to find a way to attack a mobile device remotely just by sending it a SMS or crafted radio packet. But 3GPP protocols are not the only entry point into the modem. Android also has an ability to communicate with the modem processor through the Qualcomm MSM Interface (QMI).

MSM is managed by the Qualcomm real-time OS (QuRT) that cannot be debugged or dumped even on rooted Android devices. QuRT’s integrity is ensured by the TrustZone. There is only one possible way to dynamically probe the modem, namely to use a vulnerability. There have been several successful attempts to patch the QuRT by exploiting vulnerabilities in the Qualcomm Trusted Execution Environment (QTEE) or Linux-kernel. The latest compromised SoC is MSM8998 (Pixel 2).

In our research, we fuzzed MSM data services so we could find a way to patch QuRT on modern SoCs directly from Android.

Read More

On 12 February 2021, Cyberis identified a weakness in the domain transfer processes of Gandi which allowed any Nominet registry domain (including .co.uk and org.uk domains) registered with Gandi to be transferred out of the owner’s control and into the control of an arbitrary AWS Route 53 account, without any authorisation being provided by the owner of the domain.  Exploitation of this weakness did not result in the registrant details being modified in the Nominet registry, but once an adversary has taken control of a domain they are likely to be able to satisfy the checks in place that would subsequently allow ownership details to be updated.

Cyberis reported this weakness to AWS on 12 February 2021, who engaged Gandi on the same day. Transfer of the affected Nominet domains was disabled by Gandi on 12 February 2021 whilst the weakness was investigated.

On 15 February 2021, the root cause of the weakness was identified by the Gandi security team and a patch applied.  Following testing, transfers of affected domains was re-enabled on 16 February 2021.

Read More

EverParse is a framework for generating provably secure parsers and formatters used to improve the security of critical code bases at Microsoft. EverParse is developed as part of Project Everest, a collaboration between Microsoft Research labs in Redmond, Washington; India; and Cambridge, United Kingdom; the Microsoft Research-Inria Joint Centre; Inria; Carnegie Mellon University; and several other open-source contributors. The Everest team has produced several formally proven software components, including the EverCrypt cryptographic provider and verified implementations of the TLS 1.3 record layer, the QUIC record layer, the Signal messaging protocol, and the DICE measured boot protocol. This is the fourth blog post in a series about Project Everest.

Read More
May 6, 2021

What if I needed to shuffle a list but couldn’t hold the whole thing in memory? Or what if I didn’t want to shuffle a list, but just traverse it in a shuffled manner? (That is, visit each element once and only once, in a randomized way.) What if I wanted to traverse it, but didn’t want to precompute or store the traversal for some reason?

This would allow me to publish items from a list in an order that was unpredictable from the outside, but in fact deterministic and based on a secret key, and without precomputing anything (or worrying about collisions). Or I could use it to assign small non-sequential IDs that would eventually saturate the space of n-character strings in a pseudorandom order, obscuring the true size of the set for anyone who could just view some subset of the assigned IDs. They wouldn’t even be able to tell if there were gaps in the list of IDs they could observe.

Essentially, what I’d want is a pseudorandom permutation of the indexes of the list. If the list had 1000 elements what I’d need would be a shuffled list of [0, 1, 2, …, 998, 999]—or rather, a way to produce that list on demand, the same way every time. I first ran into this question about 15 years ago and have idly pondered it at various times since then, but didn’t really have the tools to answer it. And then a few months ago I asked in ##crypto on Freenode IRC and Alipha came up with a nice solution: Encrypt the indexes.

Read More

In 2018, industry and academic researchers revealed a potentially devastating hardware flaw that made computers and other devices worldwide vulnerable to attack.

Researchers named the vulnerability Spectre because the flaw was built into modern computer processors that get their speed from a technique called “speculative execution,” in which the processor predicts instructions it might end up executing and preps by following the predicted path to pull the instructions from memory. A Spectre attack tricks the processor into executing instructions along the wrong path. Even though the processor recovers and correctly completes its task, hackers can access confidential data while the processor is heading the wrong way.

Since Spectre was discovered, the world’s most talented computer scientists from industry and academia have worked on software patches and hardware defenses, confident they’ve been able to protect the most vulnerable points in the speculative execution process without slowing down computing speeds too much.

They will have to go back to the drawing board.

Read More