Archive for the ‘Eavesdropping’ Category

Moment of truth: Feds must say if they used backdoored Juniper firewalls

January 26th, 2016

(credit: Jeremy Brooks )

Congressional oversight leaders are requiring most federal agencies to audit their networks to see if they use Juniper-manufactured firewalls that for four years contained an unauthorized backdoor for eavesdropping on encrypted communications.

Members of the House of Representatives Committee on Oversight and Government Reform gave the agencies until February 4 to produce documents showing whether they use Juniper's NetScreen line of firewall appliances. The committee is also requiring agency heads who used the vulnerable devices to show how they learned of the eavesdropping threat and whether they fixed it prior to the release of last month's patch. That update removed the unauthorized code from ScreenOS, the operating system that manages NetScreen firewalls.

The Committee on Oversight and Government Reform is the chief oversight body for the US House of Representatives, with broad authority to investigate most matters pertaining to federal agencies. Committee members informed agency heads of the eavesdropping-related investigation involving Juniper hardware in letters dated late last week.

Read 4 remaining paragraphs | Comments

Posted in backdoor, congress, Eavesdropping, Juniper, Law & Disorder, NetScreen, Risk Assessment, ScreenOS, Technology Lab | Comments (0)

Et tu, Fortinet? Hard-coded password raises new backdoor eavesdropping fears

January 12th, 2016

(credit: Fortinet)

Less than a month after Juniper Network officials disclosed an unauthorized backdoor in the company's NetScreen line of firewalls, researchers have uncovered highly suspicious code in older software from Juniper competitor Fortinet.

The suspicious code contains a challenge-and-response authentication routine for logging into servers with the secure shell (SSH) protocol. Researchers were able to unearth a hard-coded password of "FGTAbc11*xy+Qqz27" (not including the quotation marks) after reviewing this exploit code posted online on Saturday. On Tuesday, a researcher posted this screenshot purporting to show someone using the exploit to gain remote access to a server running Fortinet's FortiOS software.

This partially redacted screenshot purports to show the exploit in action. (credit: @dailydavedavids)

Ralf-Philipp Weinmann, a security researcher who helped uncover the innerworkings of the Juniper backdoor, took to Twitter on Tuesday and repeatedly referred to the custom SSH authentication as a "backdoor." In one specific post, he confirmed he was able to make it work as reported on older versions of Fortinet's FortiOS.

Read 4 remaining paragraphs | Comments

Posted in backdoors, Eavesdropping, FIREWALLS, Fortinet, Juniper, Law & Disorder, Risk Assessment, Surveillance, Technology Lab | Comments (0)

Advent tip #20: Free Wi-Fi is handy – but think before you connect!

December 20th, 2015
Free Wi-Fi can save you loads of money, especially when you're overseas and roaming - but it can also go horribly wrong...

Posted in advent, cryptography, data loss, Eavesdropping, free Wi-Fi, privacy, sniffing, tips, wi-fi | Comments (0)

Feds bugged steps of Silicon Valley courthouse

November 17th, 2015

(credit: James Vaughan)

Defense attorneys have asked a federal judge to throw out more than 200 hours of conversations FBI agents recorded using hidden microphones planted near the steps of a county courthouse in Silicon Valley.

The lawyers are representing defendants accused of engaging in an illicit real estate bid-rigging and fraud conspiracy. The steps to the San Mateo County courthouse are frequently the scene of public auctions for foreclosed homes. Federal prosecutors have admitted that on at least 31 occasions in 2009 and 2010, FBI agents used concealed microphones to record auction participants as they spoke, often in hushed voices with partners, attorneys, and others. Because the federal agents didn't obtain a court order, the defense attorneys argue the bugging violated Constitutional protections against unreasonable searches and seizures.

In a court brief filed Friday in the case, attorneys wrote:

Read 4 remaining paragraphs | Comments

Posted in civil liberties, Eavesdropping, Law & Disorder, Surveillance | Comments (0)

Don’t count on STARTTLS to automatically encrypt your sensitive e-mails

October 30th, 2015

(credit: Yzmo)

Researchers have some good and bad news about the availability of secure e-mail. Use of STARTTLS and three other security extensions has surged in recent months, but their failure rate remains high, in large part because of active attacks that downgrade encrypted connections to unencrypted ones.

That conclusion, reached in a recently published research paper, means that a significant chunk of e-mail continues to be transmitted in plaintext and with no mechanism for verifying that a message hasn't been tampered with while it travels from sender to receiver. The downgrades are largely made possible by the simple mail transfer protocol used by many e-mail services. Because it wasn't originally designed to provide message confidentiality or integrity, it relies on later-developed extensions including STARTTLS, domainkeys Identified Mail, sender policy framework, and domain-based message authentication that often don't work as intended.

The researchers wrote:

Read 6 remaining paragraphs | Comments

Posted in e-mail, Eavesdropping, encryption, Risk Assessment, starttls, Technology Lab | Comments (0)

Don’t count on STARTTLS to automatically encrypt your sensitive e-mails

October 30th, 2015

(credit: Yzmo)

Researchers have some good and bad news about the availability of secure e-mail. Use of STARTTLS and three other security extensions has surged in recent months, but their failure rate remains high, in large part because of active attacks that downgrade encrypted connections to unencrypted ones.

That conclusion, reached in a recently published research paper, means that a significant chunk of e-mail continues to be transmitted in plaintext and with no mechanism for verifying that a message hasn't been tampered with while it travels from sender to receiver. The downgrades are largely made possible by the simple mail transfer protocol used by many e-mail services. Because it wasn't originally designed to provide message confidentiality or integrity, it relies on later-developed extensions including STARTTLS, domainkeys Identified Mail, sender policy framework, and domain-based message authentication that often don't work as intended.

The researchers wrote:

Read 6 remaining paragraphs | Comments

Posted in e-mail, Eavesdropping, encryption, Risk Assessment, starttls, Technology Lab | Comments (0)

Breaking 512-bit RSA with Amazon EC2 is a cinch. So why all the weak keys?

October 20th, 2015

(credit: martinak15)

The cost and time required to break 512-bit RSA encryption keys has plummeted to an all-time low of just $75 and four hours using a recently published recipe that even computing novices can follow. But despite the ease and low cost, reliance on the weak keys to secure e-mails, secure-shell transactions, and other sensitive communications remains alarmingly high.

The technique, which uses Amazon's EC2 cloud computing service, is described in a paper published last week titled Factoring as a Service. It's the latest in a 16-year progression of attacks that have grown ever faster and cheaper. When 512-bit RSA keys were first factored in 1999, it took a supercomputer and hundreds of other computers seven months to carry out. Thanks to the edicts of Moore's Law – which holds that computing power doubles every 18 months or so – the factorization attack required just seven hours and $100 in March, when "FREAK," a then newly disclosed attack on HTTPS-protected websites with 512-bit keys, came to light.

In the seven months since FREAK's debut, websites have largely jettisoned the 1990s era cipher suite that made them susceptible to the factorization attack. And that was a good thing, since the factorization attack made it easy to obtain the secret key needed to cryptographically impersonate the webserver or to decipher encrypted traffic passing between the server and end users. But e-mail servers, by contrast, remain woefully less protected. According to the authors of last week's paper, the RSA_EXPORT cipher suite is used by an estimated 30.8 percent of e-mail services using the SMTP protocol, 13 percent of POP3S servers. and 12.6 percent of IMAP-based e-mail services.

Read 6 remaining paragraphs | Comments

Posted in cryptography, Eavesdropping, encryption, factorization, Law & Disorder, Risk Assessment, RSA, Surveillance, Technology Lab | Comments (0)

How Soviets used IBM Selectric keyloggers to spy on US diplomats

October 13th, 2015

(credit: Etan J. Tal)

A National Security Agency memo that recently resurfaced a few years after it was first published contains a detailed analysis of what very possibly was the world's first keylogger—a 1970s bug that Soviet spies implanted in US diplomats' IBM Selectric typewriters to monitor classified letters and memos.

The electromechanical implants were nothing short of an engineering marvel. The highly miniaturized series of circuits were stuffed into a metal bar that ran the length of the typewriter, making them invisible to the naked eye. The implant, which could only be seen using X-ray equipment, recorded the precise location of the little ball Selectric typewriters used to imprint a character on paper. With the exception of spaces, tabs, hyphens, and backspaces, the tiny devices had the ability to record every key press and transmit it back to Soviet spies in real time.

A “lucrative source of information”

The Soviet implants were discovered through the painstaking analysis of more than 10 tons' worth of equipment seized from US embassies and consulates and shipped back to the US. The implants were ultimately found inside 16 typewriters used from 1976 to 1984 at the US embassy in Moscow and the US consulate in Leningrad. The bugs went undetected for the entire eight-year span and only came to light following a tip from a US ally whose own embassy was the target of a similar eavesdropping operation.

Read 7 remaining paragraphs | Comments

Posted in Bugs, Eavesdropping, gunman, keyloggers, Law & Disorder, Risk Assessment, Surveillance, Technology Lab | Comments (0)

Can you trust Tor’s exit nodes?

June 25th, 2015
Tor is the encrypted, anonymous way to browse the web that keeps you safe from prying eyes, right? Well, maybe not. Researcher Chloe created a honeypot website and dared Tor's exit node operators to steal the password. Sixteen of them did.

Posted in anonymity, Badonions, Chloe, chloe.re, Dan Egerstad, dark web, Eavesdropping, Exit node, Featured, Honeypot, HTTPS, privacy, Tor | Comments (0)

An Eavesdropping Lamp That Livetweets Private Conversations

April 23rd, 2014
Conversnitch, a device they built for less than $100 that resembles a lightbulb or lamp and surreptitiously listens in on nearby conversations and posts snippets of transcribed audio to Twitter.






Posted in Eavesdropping, Surveillance, Threat Level | Comments (0)