tag:blogger.com,1999:blog-66444906404114573352024-03-05T11:35:23.005-07:00Electric AlchemySecuring the SingularityDChttp://www.blogger.com/profile/04707388475829589192noreply@blogger.comBlogger16125tag:blogger.com,1999:blog-6644490640411457335.post-75988591411632977422012-11-28T09:11:00.000-07:002012-12-03T21:39:12.807-07:00Think it's wiped? Think again.EA's Gerrit Padgham was recently interviewed as part of a news story that discusses the state of security on multiple mobile device platforms. Smartphones today aren't phones: they are computers that just happen to make phone calls, and store all kinds of personal information about its owner. What you do with the device after you upgrade to a new phone could impact on your privacy.<br />
<br />
The video can be viewed <a href="http://www.koaa.com/videos/smart-phone-security-how-well-does-your-phone-protect-personal-data-/" target="_blank">here</a>Anonymoushttp://www.blogger.com/profile/05053361889797146370noreply@blogger.comtag:blogger.com,1999:blog-6644490640411457335.post-20259014270173547802012-01-05T14:02:00.000-07:002012-07-02T21:14:30.832-06:00Stratfor Breach: A (Better) Password Analysis<div class="tr_bq">
TL; DR: <b>It seems that well over three-quarters of all the breached accounts were created but never used.</b><br />
<br />
By now it's been widely reported that around Christmas time 2011, <a href="http://www.stratfor.com/" target="_blank">Stratfor</a> suffered a significant breach. The company provides "<i>an audience of decision-makers and sophisticated news consumers in the U.S. and around the world with unique insights into political, economic, and military developments.</i>" Disclosed data includes over 800K records, containing usernames, e-mail addresses, password hashes, physical addresses, and in numerous cases credit card account numbers, shockingly including CVV data.</div>
<br />
A hash is the result of processing data (like a password) with a specific type of algorithm, called a one way function. These functions are designed such that output cannot be used to derive the input. Some hashing functions are more effective at this than others, but that isn't the point of this article. <a href="http://www.eweek.com/c/a/Security/Analysis-of-Stratfor-Site-Breach-Reveals-Weak-Passwords-Poor-Enforcement-719464/" target="_blank">Several</a> <a href="http://www.thetechherald.com/articles/Report-Analysis-of-the-Stratfor-Password-List" target="_blank">articles</a> analyzing the password hashes have been published already, complaining about the collectively poor password practices of end users. Generally speaking, they are correct. The <a href="http://www.thetechherald.com/articles/Report-Analysis-of-the-Stratfor-Password-List" target="_blank">Tech Herald</a> article in particular discusses using <a href="http://www.hashcat.org/" target="_blank">hashCat</a> and CPU based cracking to recover roughly 80,000 plaintext passwords after about 4 hours of tinkering on account of these weak passwords.<br />
<br />
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh88A94GyHV85tsun2kiQpC1xO4zCh5ffZbM0T1Jrk82VMXrMoJgJgocm1hg0eT9-MbQwDX3_4e0V6WLD6JEAv60wvroNxh0rluSP9uJsTe0vhxLZYviTkmEFWmgns-Hirm6DjpcPKKdYRl/s1600/StatforWordle.jpg" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="148" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh88A94GyHV85tsun2kiQpC1xO4zCh5ffZbM0T1Jrk82VMXrMoJgJgocm1hg0eT9-MbQwDX3_4e0V6WLD6JEAv60wvroNxh0rluSP9uJsTe0vhxLZYviTkmEFWmgns-Hirm6DjpcPKKdYRl/s320/StatforWordle.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><b>Top 10 Passwords</b></td></tr>
</tbody></table>
Using GPU technology, we can just as easily crack those 80,000 passwords in just a few seconds. We have been working on the disclosed hashes for a few days now and have managed to crack 713,984 (or 86%) of the ~822,000 unique hashes that have been released (roughly 40k of them are duplicates).<br />
<br />
The resulting data is interesting, as it's not very often that we get the chance to look at over 700K passwords from a single source.<br />
<br />
Probably the surprising and under-reported insight we found is that a majority (about 630K) of the passwords we recovered appear to be randomly generated by the Stratfor site at registration time. These passwords all have a very specific set of characteristics. They are eight characters long. They consist of uppercase and lowercase letters, and digits ('mixedalphanum'). With a mid-range dual GPU machine, we were able to test and recover all passwords for that entire character set and length in just over 24 hours.<br />
<br />
So what does this tell us? It's likely that during enrollment, the system generates a password automatically, and e-mails it to the user. Normally users are required to change the randomly generated password on subsequent logins. <b>So it seems that well over three-quarters of all the breached accounts were created but never used.</b> It's possible that Stratfor auto-generated a password and didn't require a change on next login, but based on our discussions with users exposed by the breach it appears that this was not the case<br />
<br />
Password analysis tools identify other patterns as well, such as the most common 'base word', or common digit patterns. Many passwords start or end with digits to pad them out to meet password length requirements. In the context of all of the random generated passwords, the numbers are very insignificant. Patterns found have less than .25% commonality among the whole set.<br />
<br />
So this begs the question: When there are GPU's at our disposal which make intelligent password guessing and checking easy to do, at a very rapid pace, what is a good password?<br />
<br />
<b>A very long one</b>. How long? As long as the storage mechanism supports. If you have to look it up everytime, what does it matter, how long it is? It should be randomly generated, and contain as many unique characters as feasible (again, per the constraints of the password policy). Most importantly, it should be unique for that one application. Should it become compromised, it won't put your other accounts at risk. Open source password utilities (like <a href="http://keepass.info/" target="_blank">KeePass</a> or <a href="http://passwordsafe.sourceforge.net/" target="_blank">PasswordSafe</a>) can be used to generate and securely store passwords. Using strong passwords and securely storing them doesn't protect against keylogging, and if an attacker has deployed a keylogger to your system, they probably have access to your filesystem as well. <br />
<br />
For the curious, we ran the resulting Stratfor dictionary through a password analysis tool called <a href="http://www.digininja.org/projects/pipal.php" target="_blank">Pipal</a>.<br />
<br />
<blockquote>
<div style="font-family: "Courier New",Courier,monospace;">
Total entries = 750940</div>
<span style="font-family: 'Courier New', Courier, monospace;">Total unique entries = 713984</span></blockquote>
<blockquote class="tr_bq">
<b><span style="font-family: 'Courier New', Courier, monospace;">Top 10 passwords</span></b><br />
<span style="font-family: 'Courier New', Courier, monospace;">stratfor = 12023 (1.6%)</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">123456 = 625 (0.08%)</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">0000 = 519 (0.07%)</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">password = 517 (0.07%)</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">stratfor1 = 426 (0.06%)</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">changeme = 265 (0.04%)</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">strat4 = 265 (0.04%)</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">1qaz2wsx = 232 (0.03%)</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">1234 = 228 (0.03%)</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">wright = 179 (0.02%</span>) </blockquote>
<blockquote>
<br />
<span style="font-family: 'Courier New', Courier, monospace;"><b>Top 10 base words</b><br />stratfor = 13562 (1.81%)<br />password = 775 (0.1%)<br />strat = 498 (0.07%)<br />changeme = 273 (0.04%)<br />qaz2wsx = 254 (0.03%)<br />wright = 188 (0.03%)<br />qwerty = 182 (0.02%)<br />usmcportal = 148 (0.02%)<br />intel = 133 (0.02%)<br />ranger = 127 (0.02%)</span> </blockquote>
<blockquote>
<span style="font-family: 'Courier New', Courier, monospace;"></span><br />
<span style="font-family: 'Courier New', Courier, monospace;"><b>Password length (length ordered)</b><br />1 = 47 (0.01%)<br />2 = 41 (0.01%)<br />3 = 266 (0.04%)<br />4 = 3735 (0.5%)<br />5 = 4198 (0.56%)<br />6 = 32676 (4.35%)<br />7 = 28599 (3.81%)<br />8 = 648267 (86.33%)<br />9 = 16592 (2.21%)<br />10 = 9819 (1.31%)<br />11 = 3568 (0.48%)<br />12 = 2016 (0.27%)<br />13 = 609 (0.08%)<br />14 = 359 (0.05%)<br />15 = 163 (0.02%)</span> </blockquote>
<blockquote>
<span style="font-family: 'Courier New', Courier, monospace;"></span><br />
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>Password length (count ordered)</b><br />8 = 648267 (86.33%)<br />6 = 32676 (4.35%)<br />7 = 28599 (3.81%)<br />9 = 16592 (2.21%)<br />10 = 9819 (1.31%)<br />5 = 4198 (0.56%)<br />4 = 3735 (0.5%)<br />11 = 3568 (0.48%)<br />12 = 2016 (0.27%)<br />13 = 609 (0.08%)<br />14 = 359 (0.05%)<br />3 = 266 (0.04%)<br />15 = 163 (0.02%)<br />1 = 47 (0.01%)<br />2 = 41 (0.01%)</span><br />
<div style="font-family: "Courier New",Courier,monospace;">
<br /></div>
<span style="font-family: 'Courier New', Courier, monospace;"> |</span><br />
<span style="font-family: 'Courier New', Courier, monospace;"> |</span><br />
<span style="font-family: 'Courier New', Courier, monospace;"> |</span><br />
<span style="font-family: 'Courier New', Courier, monospace;"> |</span><br />
<span style="font-family: 'Courier New', Courier, monospace;"> |</span><br />
<span style="font-family: 'Courier New', Courier, monospace;"> |</span><br />
<span style="font-family: 'Courier New', Courier, monospace;"> |</span><br />
<span style="font-family: 'Courier New', Courier, monospace;"> |</span><br />
<span style="font-family: 'Courier New', Courier, monospace;"> |</span><br />
<span style="font-family: 'Courier New', Courier, monospace;"> |</span><br />
<span style="font-family: 'Courier New', Courier, monospace;"> |</span><br />
<span style="font-family: 'Courier New', Courier, monospace;"> |</span><br />
<span style="font-family: 'Courier New', Courier, monospace;"> |</span><br />
<span style="font-family: 'Courier New', Courier, monospace;"> |</span><br />
<span style="font-family: 'Courier New', Courier, monospace;"> |</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">||||||||||||||||</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">0000000000111111</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">0123456789012345</span><br />
<br />
<span style="font-family: 'Courier New', Courier, monospace;">One to six characters = 40957 (5.45%)</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">One to eight characters = 717821 (95.59%)</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">More than eight characters = 33119 (4.41%)</span><br />
<br />
<span style="font-family: 'Courier New', Courier, monospace;">Only lowercase alpha = 62342 (8.3%)</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">Only uppercase alpha = 1482 (0.2%)</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">Only alpha = 63824 (8.5%)</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">Only numeric = 9959 (1.33%)</span><br />
<br />
<span style="font-family: 'Courier New', Courier, monospace;">First capital last symbol = 3333 (0.44%)</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">First capital last number = 50259 (6.69%)</span></div>
</blockquote>
<blockquote>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>Months</b><br />january = 18 (0.0%)<br />february = 4 (0.0%)<br />march = 40 (0.01%)<br />april = 42 (0.01%)<br />may = 309 (0.04%)<br />june = 71 (0.01%)<br />july = 57 (0.01%)<br />august = 39 (0.01%)<br />september = 14 (0.0%)<br />october = 30 (0.0%)<br />november = 13 (0.0%)<br />december = 14 (0.0%)<b><br /><br />Days</b>monday = 20 (0.0%)<br />tuesday = 7 (0.0%)<br />wednesday = 2 (0.0%)<br />thursday = 4 (0.0%)<br />friday = 34 (0.0%)<br />saturday = 2 (0.0%)<br />sunday = 8 (0.0%)</span></div>
</blockquote>
<br />
<blockquote>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>Months (Abreviated)</b><br />jan = 450 (0.06%)<br />feb = 169 (0.02%)<br />mar = 1794 (0.24%)<br />apr = 255 (0.03%)<br />may = 309 (0.04%)<br />jun = 360 (0.05%)<br />jul = 274 (0.04%)<br />aug = 249 (0.03%)<br />sept = 42 (0.01%)<br />oct = 208 (0.03%)<br />nov = 209 (0.03%)<br />dec = 240 (0.03%)<b><br /><br />Days (Abreviated)</b>mon = 958 (0.13%)<br />tues = 8 (0.0%)<br />wed = 199 (0.03%)<br />thurs = 9 (0.0%)<br />fri = 274 (0.04%)<br />sat = 319 (0.04%)<br />sun = 457 (0.06%)</span><span style="font-family: 'Courier New', Courier, monospace;"><br /></span><br />
<span style="font-family: 'Courier New', Courier, monospace;"><b>Includes years</b><br />1975 = 76 (0.01%)<br />1976 = 63 (0.01%)<br />1977 = 61 (0.01%)<br />1978 = 66 (0.01%)<br />1979 = 63 (0.01%)<br />1980 = 68 (0.01%)<br />1981 = 78 (0.01%)<br />1982 = 88 (0.01%)<br />1983 = 67 (0.01%)<br />1984 = 96 (0.01%)<br />1985 = 79 (0.01%)<br />1986 = 68 (0.01%)<br />1987 = 56 (0.01%)<br />1988 = 68 (0.01%)<br />1989 = 47 (0.01%)<br />1990 = 52 (0.01%)<br />1991 = 50 (0.01%)<br />1992 = 40 (0.01%)<br />1993 = 36 (0.0%)<br />1994 = 24 (0.0%)<br />1995 = 46 (0.01%)<br />1996 = 40 (0.01%)<br />1997 = 42 (0.01%)<br />1998 = 40 (0.01%)<br />1999 = 53 (0.01%)<br />2000 = 240 (0.03%)<br />2001 = 137 (0.02%)<br />2002 = 107 (0.01%)<br />2003 = 97 (0.01%)<br />2004 = 115 (0.02%)<br />2005 = 138 (0.02%)<br />2006 = 141 (0.02%)<br />2007 = 150 (0.02%)<br />2008 = 157 (0.02%)<br />2009 = 252 (0.03%)<br />2010 = 365 (0.05%)<br />2011 = 290 (0.04%)<br />2012 = 46 (0.01%)<br />2013 = 13 (0.0%)<br />2014 = 15 (0.0%)<br />2015 = 9 (0.0%)<br />2016 = 14 (0.0%)<br />2017 = 10 (0.0%)<br />2018 = 5 (0.0%)<br />2019 = 14 (0.0%)</span><span style="font-family: 'Courier New', Courier, monospace;"><br />2020 = 56 (0.01%)</span></div>
</blockquote>
<br />
<blockquote>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>Years (Top 10)</b><br />2010 = 365 (0.05%)<br />2011 = 290 (0.04%)<br />2009 = 252 (0.03%)<br />2000 = 240 (0.03%)<br />2008 = 157 (0.02%)<br />2007 = 150 (0.02%)<br />2006 = 141 (0.02%)<br />2005 = 138 (0.02%)<br />2001 = 137 (0.02%)<br />2004 = 115 (0.02%)</span><span style="font-family: 'Courier New', Courier, monospace;"><br /></span><br />
<span style="font-family: 'Courier New', Courier, monospace;">Single digit on the end = 87780 (11.69%)<br />Two digits on the end = 28409 (3.78%)<br />Three digits on the end = 9033 (1.2%)<br /><br /><b>Last number</b><br />0 = 6778 (0.9%)<br />1 = 16724 (2.23%)<br />2 = 17527 (2.33%)<br />3 = 18068 (2.41%)<br />4 = 15993 (2.13%)<br />5 = 15746 (2.1%)<br />6 = 15759 (2.1%)<br />7 = 15946 (2.12%)<br />8 = 15143 (2.02%)<br />9 = 16036 (2.14%)<br /><br /> ||<br /> |||| | |<br /> |||||||||<br /> |||||||||<br /> |||||||||<br /> |||||||||<br /> |||||||||<br /> |||||||||<br /> |||||||||<br />||||||||||<br />||||||||||<br />||||||||||<br />||||||||||<br />||||||||||<br />||||||||||<br />||||||||||<br />0123456789<br /><br /><b>Last digit</b><br />3 = 18068 (2.41%)<br />2 = 17527 (2.33%)<br />1 = 16724 (2.23%)<br />9 = 16036 (2.14%)<br />4 = 15993 (2.13%)<br />7 = 15946 (2.12%)<br />6 = 15759 (2.1%)<br />5 = 15746 (2.1%)<br />8 = 15143 (2.02%)<br />0 = 6778 (0.9%)<br /><br /><b>Last 2 digits (Top 10)</b><br />23 = 2888 (0.38%)<br />11 = 2143 (0.29%)<br />00 = 2023 (0.27%)<br />01 = 1999 (0.27%)<br />12 = 1582 (0.21%)<br />10 = 1347 (0.18%)<br />34 = 1335 (0.18%)<br />56 = 1276 (0.17%)<br />99 = 1200 (0.16%)<br />77 = 1076 (0.14%)</span></div>
</blockquote>
<br />
<blockquote>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>Last 3 digits (Top 10)</b><br />123 = 2113 (0.28%)<br />000 = 995 (0.13%)<br />234 = 838 (0.11%)<br />456 = 746 (0.1%)<br />111 = 448 (0.06%)<br />007 = 432 (0.06%)<br />010 = 357 (0.05%)<br />001 = 322 (0.04%)<br />777 = 292 (0.04%)<br />011 = 284 (0.04%)<br /><br /><b>Last 4 digits (Top 10)</b><br />1234 = 791 (0.11%)<br />3456 = 687 (0.09%)<br />0000 = 606 (0.08%)<br />2010 = 283 (0.04%)<br />2011 = 240 (0.03%)<br />2009 = 220 (0.03%)<br />2000 = 210 (0.03%)<br />2345 = 191 (0.03%)<br />1111 = 146 (0.02%)<br />2007 = 130 (0.02%)<br /><br /><b>Last 5 digits (Top 10)</b><br />23456 = 682 (0.09%)<br />12345 = 181 (0.02%)<br />45678 = 84 (0.01%)<br />11111 = 69 (0.01%)<br />54321 = 52 (0.01%)<br />77777 = 47 (0.01%)<br />34567 = 38 (0.01%)<br />00000 = 34 (0.0%)<br />56789 = 34 (0.0%)<br />31313 = 29 (0.0%)</span><span style="font-family: 'Courier New', Courier, monospace;"><br /></span><br />
<span style="font-family: 'Courier New', Courier, monospace;"><b>Character sets</b><br />mixedalphanum: 415810 (55.37%)<br />mixedalpha: 179778 (23.94%)<br />loweralpha: 62342 (8.3%)<br />loweralphanum: 61633 (8.21%)<br />upperalphanum: 10973 (1.46%)<br />numeric: 9959 (1.33%)<br />mixedalphaspecialnum: 6507 (0.87%)<br />upperalpha: 1482 (0.2%)<br />loweralphaspecialnum: 1343 (0.18%)<br />loweralphaspecial: 709 (0.09%)<br />mixedalphaspecial: 188 (0.03%)<br />upperalphaspecialnum: 65 (0.01%)<br />specialnum: 64 (0.01%)<br />upperalphaspecial: 12 (0.0%)<br />special: 12 (0.0%)<br /><br /><b>Character set ordering</b><br />allstring: 243602 (32.44%)<br />stringdigitstring: 207513 (27.63%)<br />othermask: 150645 (20.06%)<br />stringdigit: 88585 (11.8%)<br />digitstring: 39717 (5.29%)<br />alldigit: 9959 (1.33%)<br />digitstringdigit: 8209 (1.09%)<br />stringspecialdigit: 2042 (0.27%)<br />stringspecial: 296 (0.04%)<br />stringspecialstring: 277 (0.04%)<br />specialstring: 52 (0.01%)<br />specialstringspecial: 31 (0.0%)<br />allspecial: 12 (0.0%)<br /><br /><b>Hashcat masks (Top 10)</b><br />?l?l?l?l?l?l?l?l: 24525 (3.27%)<br />?l?l?l?l?l?l: 14922 (1.99%)<br />?l?l?l?l?l?l?l: 9925 (1.32%)<br />?l?l?l?l?l?l?d?d: 5381 (0.72%)<br />?l?l?l?l?l?l?l?l?l: 4312 (0.57%)<br />?d?d?d?d?d?d: 4180 (0.56%)<br />?u?u?d?d?d?d?d: 4018 (0.54%)<br />?l?l?l?l?l?l?l?d: 3207 (0.43%)<br />?l?l?l?l?d?d?d?d: 3074 (0.41%)<br />?l?l?l?l?l: 2917 (0.39%)</span></div>
</blockquote>Anonymoushttp://www.blogger.com/profile/05053361889797146370noreply@blogger.com1tag:blogger.com,1999:blog-6644490640411457335.post-6271860654585224382011-11-20T15:44:00.000-07:002012-12-03T21:38:49.299-07:00The Rupert SyndromeEA was recently featured in a local news article that discusses the dangers of not setting passwords on your mobile phone's voice mail. Most cell phone carriers will redirect to voice mail if the calling number matches the called number, assuming the user is calling to check their voice mail. Without having a password set, the user is then able to directly access their voice mailbox. An attacker can do just the same by calling your number spoofing your caller-ID.<br />
<br />
<iframe allowfullscreen="" frameborder="0" height="233" src="http://www.youtube.com/embed/DJYXEJUTB8I" width="400"></iframe>Anonymoushttp://www.blogger.com/profile/05053361889797146370noreply@blogger.comtag:blogger.com,1999:blog-6644490640411457335.post-50671808964481709902011-09-27T11:44:00.000-06:002011-11-30T12:02:38.123-07:00Presentation: Online PrivacyEA Senior Security Consultant Gerrit Padgham gave a presentation with Ashkan Soltanti at the <a href="http://www.appsecusa.org/" target="_blank">AppSecUSA</a> 2011 Conference in Minnesota. <br />
<br />
The presentation presents the current state of online tracking and highlights current practices that popular websites and mobile applications engage in. <a href="http://www.electricalchemy.net/projects/mobileScope" target="_blank">MobileScope</a>, a technical solution we have been developing to give the end user ultimate visibility into the traffic their device is sending is also demonstrated.<br />
<br />
<br />
<br />
<br />
<center>
<iframe allowfullscreen="" frameborder="0" height="225" mozallowfullscreen="" src="http://player.vimeo.com/video/31670409?title=0&byline=0&portrait=0" webkitallowfullscreen="" width="400"></iframe></center>
<a href="http://vimeo.com/31670409">When Zombies Attack: A Tracking Love Story with Ashkan Soltani & Gerrit Padgham</a> from <a href="http://vimeo.com/owasp">OWASP</a> on <a href="http://vimeo.com/">Vimeo</a>.Anonymoushttp://www.blogger.com/profile/05053361889797146370noreply@blogger.comtag:blogger.com,1999:blog-6644490640411457335.post-57756688527076265942011-08-20T21:40:00.000-06:002011-11-21T22:29:49.240-07:00Presentation: Mobile Security and Privacy<br />
EA Principal Consultant David Campbell delivered the keynote presentation at the <a href="http://www.rmima.org/2011/aug2011.htm" target="_blank">August 2011 meeting</a> of the Rocky Mountain Information Management Association. <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5X2-aiSaRzn216WHtTzeaNAQ9q5VaDHV2apyt0jWqEqzDXn0tk5R3kqeIlLT2kMTnYnKcjKK3u2uEnXCHMtzR5zO6D37xbTPuhyphenhyphenE6IjM_8vXYc6UCnpaG1pV5mfMCwk95rdH6tQuxwL0/s1600/Screen+Shot+2011-11-21+at+9.46.00+PM.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="110" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5X2-aiSaRzn216WHtTzeaNAQ9q5VaDHV2apyt0jWqEqzDXn0tk5R3kqeIlLT2kMTnYnKcjKK3u2uEnXCHMtzR5zO6D37xbTPuhyphenhyphenE6IjM_8vXYc6UCnpaG1pV5mfMCwk95rdH6tQuxwL0/s200/Screen+Shot+2011-11-21+at+9.46.00+PM.png" width="200" /></a></div>
The <a href="https://docs.google.com/open?id=0B8Vy1NBEHxqzNDZhNTlhMDItNDA1Yy00NTY3LTg4YjEtYzY5YzhmYjk1NDcx">slide deck (pdf)</a> is posted and the abstract of the presentation is as follows:<br />
<br />
Twenty years ago wireless mobile communications was science fiction. Today it's transforming the world. In this session we look at the exponential increase of technological capability and some of the security and privacy implications of the forthcoming mobile "singularity".<br />
<br />DChttp://www.blogger.com/profile/04707388475829589192noreply@blogger.com0tag:blogger.com,1999:blog-6644490640411457335.post-83355690550274657162011-08-08T22:04:00.000-06:002011-11-21T22:12:27.796-07:00Survey Finds Smartphone Apps Store Too Much Personal DataThe work that EA did for the <a href="http://news.electricalchemy.net/2010/12/ea-research-drives-wsjs-what-they-know.html">Wall Street Journal</a> made it clear that most apps are far too permissive with the sensitive data that they share 'on the wire'. Subsequently a report by ViaForensics concludes that many apps are also carelesss with the sensitive data they store locally on the mobile device.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGRft58oVpVtp3pw9TWSl2PVNg52eMnoJ37RilH0JOi_WfPrk6V2IJpaLxCQKNoI9xS9Ek_X9Q5Uq00uj3ZeX1MReWMsyrweJHyVa9PHNU1E7r52fr6ZudywUMmYHKfaTYx2Z5J6EWZPg/s1600/Screen+Shot+2011-11-21+at+10.05.25+PM.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGRft58oVpVtp3pw9TWSl2PVNg52eMnoJ37RilH0JOi_WfPrk6V2IJpaLxCQKNoI9xS9Ek_X9Q5Uq00uj3ZeX1MReWMsyrweJHyVa9PHNU1E7r52fr6ZudywUMmYHKfaTYx2Z5J6EWZPg/s200/Screen+Shot+2011-11-21+at+10.05.25+PM.png" width="164" /></a></div>
EA Principal Consultant David Campbell was <a href="http://www.wired.com/threatlevel/2011/08/smartphone-local-data-storage/">interviewed</a> by Wired for this article about the study.<br />
<br />
Abstract follows:<br />
<br />
<br />
An uncomfortably large percentage of mobile applications are storing
sensitive user account information unencrypted on owners’ smartphones,
according to a new survey of 100 consumer smartphone apps.<br />
<br />
Some 76 percent of the apps tested stored cleartext usernames on the
devices, and 10 percent of the tested applications, including popular
apps LinkedIn and Netflix, were found storing passwords on the phone in
cleartext.<br />
<br />
Conducted by <a href="http://viaforensics.com/education/white-papers/appwatchdog-findings-mobile-app-security-iphone-android/">digital security firm ViaForensics</a>,
the testing occurred over a period of over eight months and spanned
multiple categories, ranging from social networking applications to
mobile banking software. The firm tested apps only for iOS and Android,
the market’s leading mobile platforms.<br />
<br />
“If I get my hands on someone’s lost phone, it could take me ten
minutes to find an account username and password,” said Ted Eull,
techology services vice president at ViaForensics, in an interview.<br />
ViaForensics sells mobile security tools and services to corporations, attorneys and government agencies.<br />
User names ranked highest on the list of discoverable data. App data —
the term ViaForensics uses for private information exchanged using the
applications — came in second place, with such data recovered from 69
percent of tested apps.<br />
<br />
Mint.com’s iPhone and Android apps — which are used for maintaining
financial account information — were found to store user transaction
history and balance information on the phone. The Android version of the
Mint app stores the user’s PIN on the phone unencrypted, ViaForensics
found.<br />
<br />
“We’re already working on ways to make this experience better,” said
Jason Yiin, lead mobile engineer at Mint.com, in an interview. “At the
moment, if users are highly concerned, they can log in and out of the
application each time they access it on their phones.” Yiin also points
out that if an intruder accesses your PIN, they won’t be able to
manipulate any account information or move assets between accounts. The
intruder will, however, be able to see account balance and transaction
history information. <br />
<br />
<span id="more-28911"></span>In June, based on ViaForensics’ early findings, Netflix <a href="http://blogs.wsj.com/digits/2011/06/08/some-top-apps-put-data-at-risk/">promised a security update</a>
at a yet to be specified date. But LinkedIn says it is satisfied with
the security of its app. “We’re using the standard Android programming
practices for storing and managing data,” LinkedIn spokeswoman Krista
Canfield told Wired.com.<br />
<br />
Apple’s iOS-based apps scored consistently higher marks than Android
apps in ViaForensics’ tests. That doesn’t surprise security analysts,
who say Apple’s Keychain security architecture for storing user
credentials is stronger than Android’s Account Manager. “Right now,
Apple does a better job on iOS in providing an API where app developers
can use a pretty decent mechanism to protect stored information,” says
David Campbell, mobile security consultant at Electric Alchemy.
“Currently, that doesn’t exist on Android.”<br />
<br />
Google makes no bones about its platform’s security. “We dispute the
claim that this data is insecurely stored on Android devices,” a Google
spokesman told Wired.com. “The data is not accessible by default unless
the phone has been rooted to gain full privileges, which Android
actively protects against and would result in similar exposure for any
platform.”<br />
<br />
Earlier this year, German security researchers Jens Heider and Matthias Boll published a paper detailing how to partially <a href="http://sit.sit.fraunhofer.de/studies/en/sc-iphone-passwords.pdf">circumvent keychain protections</a> (.pdf) in a six-minute procedure on an IOS device.<br />
In any case, developers too often choose not to use the operating
system’s security resources to begin with. “What we have is a strong
developer community who are good at coding on the whole, but not
necessarily experts in security,” independent security analyst Ashkan
Soltani told Wired.com. “A developer writes an app, and he’s just
trying to get it off the ground as fast as he can.”<br />
<br />
With two lucrative emerging mobile platforms, early traction is
crucial for app developers competing for space. Apple’s App Store menu
is closing in on a <a href="http://www.wired.com/gadgetlab/2011/05/app-store-500k/">half-million applications</a>
available for download; add the Android Market to that, and you’ve got
another 250,000 titles. App developer teams aren’t always focused on
security first, especially when some of them consist of a handful of
engineers.<br />
<br />
“The main thing lacking in mobile development is approaching the
platform with the understanding that these are essentially small
computers,” Eull said. “Computers that are easily lost, and can travel
through countless hands afterwards.”<br />DChttp://www.blogger.com/profile/04707388475829589192noreply@blogger.com0tag:blogger.com,1999:blog-6644490640411457335.post-62437820149550035712011-03-03T21:53:00.000-07:002011-11-21T22:00:04.392-07:00Google yanks apps that could take over your phone<div class="separator" style="clear: both; text-align: center;">
</div>
Following a malware outbreak on the Android Marketplace, EA Principal Consultant David Campbell is <a href="http://www.marketplace.org/topics/tech/google-yanks-apps-could-take-over-your-phone">interviewed</a> on American Public Media radio.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSl_E7LRQ9G35LOyTOMFl2lb_hg3IB7iUydWlP_Cvp1cnMCxPjTtJ87sEdGQUYyhpDRiQuspVTeTdFdYgGECV5s-PgAA7mZU57_YgicoCilmgjagvYy5YAsBhdzqDQmDpMYk8eov8kX2g/s1600/Screen+Shot+2011-11-21+at+9.58.49+PM.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="107" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSl_E7LRQ9G35LOyTOMFl2lb_hg3IB7iUydWlP_Cvp1cnMCxPjTtJ87sEdGQUYyhpDRiQuspVTeTdFdYgGECV5s-PgAA7mZU57_YgicoCilmgjagvYy5YAsBhdzqDQmDpMYk8eov8kX2g/s200/Screen+Shot+2011-11-21+at+9.58.49+PM.png" width="200" /></a></div>
<br />
Abstract of the interview follows:<br />
<br />
<br />
A <a href="http://www.cnn.com/2011/TECH/mobile/03/02/google.android.hack/" target="_blank">malicious app</a>
can take several forms. Some of them will be apps for seemingly
innocuous things, stuff like wallpaper, but then they'll find attempt to
manipulate the user into giving a variety of permissions that give the
app (and the app developer) more and more control of the device.<br />
<br />
Then there are the apps that get installed and manage to "root" the
device, essentially giving total control over it to someone on the
outside. In that scenario, everything you do, from texting to online
banking to phone calls to emails, can be monitored and recorded by
someone else. That person can also send out messages, install new apps,
do whatever they want.<br />
<br />
We talk to Kevin Mahaffey of the security firm <a href="https://www.mylookout.com/" target="_blank">Lookout</a> about how these bad guys are able to get into your phone.<br />
<br />
We also talk with David Campbell of the security company <a href="http://www.electricalchemy.net/" target="_blank">Electric Alchemy</a>.
He points out the differences between Apple and Google in the way that
apps are vetted for iPhone and Android. David says Apple inspects apps
ahead of time and for the moment they seem to be the best platform for
users concerned about security. But over the long term, he favors
Android because the apps are easier to inspect and peer review will
become stronger.<br />DChttp://www.blogger.com/profile/04707388475829589192noreply@blogger.com0tag:blogger.com,1999:blog-6644490640411457335.post-34455886763706800942010-12-17T21:54:00.007-07:002011-11-21T21:28:40.866-07:00EA Research Drives WSJ's "What They Know" Smartphone Investigation<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJa2bClwZYh7SxR_ua0W7H0zUy4nJnV_Tz-2a6xL7SEhWJxKn-ytlUIKkg6iDfIyo_YQFTTsqqdK9LA4DZ9xqOPwmxIS8zA27FUdtt5HOXUiqvydwstweKc6lDmg9l2kaiRSd_i3dnOcA/s1600/wsj_big_column.PNG" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJa2bClwZYh7SxR_ua0W7H0zUy4nJnV_Tz-2a6xL7SEhWJxKn-ytlUIKkg6iDfIyo_YQFTTsqqdK9LA4DZ9xqOPwmxIS8zA27FUdtt5HOXUiqvydwstweKc6lDmg9l2kaiRSd_i3dnOcA/s320/wsj_big_column.PNG" width="210" /></a></div>
<div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
We're pleased to announce that the Wall Street Journal has published the latest in their "What They Know" series. This installment prominently displays the research of EA consultants.</div>
<div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
<br /></div>
<div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
Please have a look at the WSJ's description of <a href="http://online.wsj.com/article/SB10001424052748704034804576025951767626460.html">our methodology</a> before digging into the feature on <a href="http://online.wsj.com/article/SB10001424052748704694004576020083703574602.html?mod=WSJ_hp_LEFTTopStories">wsj.com</a>. They have created some fantastic visualizations of the data leakage which are available on <a href="http://blogs.wsj.com/wtk-mobile/">blogs.wsj.com</a>.</div>
<div>
<br /></div>
<div>
EA would like to thank to Mike, Jeremy and Raj at <a href="http://intrepidusgroup.com/">Intrepidus Group</a>. Their open source <a href="http://intrepidusgroup.com/insight/mallory/">Mallory</a> proxy was critical to the success of this project.<br />
<br />
We'd also like to thank Dan Cornell at <a href="http://www.denimgroup.com/">Denim Group</a> for his open source <a href="http://www.smartphonesdumbapps.com/">SmartFonesDumbApps</a> toolset.<br />
<br />
Update: <a href="http://apple.slashdot.org/story/10/12/18/2029230/Privacy-Concerns-With-Android-and-iPhone-Apps">Slashdotted</a><br />
<br />
Update: <a href="http://apple%2C%20app%20makers%20sued%20over%20user%20tracking/">Apple, App Makers Sued Over User Tracking</a></div>DChttp://www.blogger.com/profile/04707388475829589192noreply@blogger.com2tag:blogger.com,1999:blog-6644490640411457335.post-76246705305274663832010-08-25T13:13:00.000-06:002011-11-21T21:26:06.880-07:00Malware in Spanair Fatal Air Crash Case: FUD or a real factor?This week we have seen an extraordinary number of articles claiming that malware is at least partly to blame for the fatal crash of <a href="http://en.wikipedia.org/wiki/Spanair_Flight_5022">Spanair Flight 5022</a> which killed 154 of the 172 souls aboard.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXn1FVEntT4cxyHCkmrWyMrLz3eLP20fLVwNtLe6Cz8hw7_YdcTmdr99svwqQ_nbOJUWgFHKgurS4uSsx8L84i0IqprafquzdZbaEcn2nQFBzCzeg0iC0i6nCbY4PDPbWNwsCdGji6qPY/s1600/span1.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXn1FVEntT4cxyHCkmrWyMrLz3eLP20fLVwNtLe6Cz8hw7_YdcTmdr99svwqQ_nbOJUWgFHKgurS4uSsx8L84i0IqprafquzdZbaEcn2nQFBzCzeg0iC0i6nCbY4PDPbWNwsCdGji6qPY/s400/span1.gif" width="400" /></a></div>
<br />
<br />
Reading the headlines from this story leads one to believe that a trojan was used in a deliberate attempt to bring down an airliner. Digging further into the facts of the story, nothing could be further from the truth.<br />
<br />
The aircraft in question is a 150,000lb twin turbofan <a href="http://en.wikipedia.org/wiki/McDonnell_Douglas_MD-80#Specifications">MD-82</a> airliner. Aircraft like these do not ordinarily make "no flap" takeoffs. The pilots failed to follow the checklists properly, and applied takeoff power with flaps retracted, and stalled when exiting ground effect.<br />
<br />
<div style="text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjctrlSOAwFzX6h-QobVZbgkaXsDJRmPt-pk-0yI6vYk7PhK_wN7YM9TGWVM-NEfAfxWhVD4oxDqxhjZUCVakhccGVb5bfjTvQRZhVKW9WTkiEuFi17BSEEUlug4WOER4dSDk5uAf7AdNg/s1600/flap_control.JPG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjctrlSOAwFzX6h-QobVZbgkaXsDJRmPt-pk-0yI6vYk7PhK_wN7YM9TGWVM-NEfAfxWhVD4oxDqxhjZUCVakhccGVb5bfjTvQRZhVKW9WTkiEuFi17BSEEUlug4WOER4dSDk5uAf7AdNg/s320/flap_control.JPG" width="264" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Source: CIAIAC</td></tr>
</tbody></table>
The image on the left shows the layout of the forward pedestal on the MD-82. There are multiple tactile and visual indications of flap/slat deflection in the cockpit of the MD-82.<br />
<br />
The aircraft's crew made two passes through the pre-takeoff checklist. The first pass, the flaps were correctly set to 11'. However, before reaching the runway the crew noticed an abnormal RAT (ram air temp) indication and returned to the ramp for maintenance. The ground crew "resolved" the issue with the RAT sensor by disabling it, and the MD-82 again began taxiing for takeoff. However, the cockpit voice recorder captured several signs of trouble, indicative of a forthcoming cascading chain of failure.<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div style="text-align: left;">
</div>
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1G9lCz2FlVNmGhp2gbKXkbFFnLSKniX0jUXB2Y2IX19D7XnT9TA0LkWCo3bgaDJDKZBje4rKJszUghHW1U6Zh0g_E_IYAmzwJTndu-JZGybZR1YQ8gcf35S2Tl3Pf2dSo3DI2GXWPy-c/s1600/spanair_issues.JPG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="370" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1G9lCz2FlVNmGhp2gbKXkbFFnLSKniX0jUXB2Y2IX19D7XnT9TA0LkWCo3bgaDJDKZBje4rKJszUghHW1U6Zh0g_E_IYAmzwJTndu-JZGybZR1YQ8gcf35S2Tl3Pf2dSo3DI2GXWPy-c/s400/spanair_issues.JPG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Source: CIAIAC</td></tr>
</tbody></table>
The official report [1] from CIAIAC (the Spanish equivalent of the NTSB) shows that the flight was delayed, the cabin was hot, and the copilot had his mind on his dinner plans. The pilot interrupted the pre-takeoff checklist to ask the co-pilot to call for takeoff clearance. The copilot called for clearance on the wrong frequency. This is understandable, people make mistakes. However, what's unforgivable is that when the co-pilot ran through the "takeoff imminent" checklist, the pilot was "anticipating" rather than verifying and read back a flap deflection of "11", from memory, rather than actually confirming the position of the flaps.<br />
<br />
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiC0AooZ-ausYBJQgRvcyuhu3Or5KYI-Hhxe4CAulRDpwRNECEtuMBnnbGWtEs105cQfNAAGogqAEys13uf0wuCPKQddUmrUowXFb0FVc1sRsge3ZmgICZtGOp_l8KusyFfK65LA-QaRw0/s1600/8-11-stowed.JPG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="97" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiC0AooZ-ausYBJQgRvcyuhu3Or5KYI-Hhxe4CAulRDpwRNECEtuMBnnbGWtEs105cQfNAAGogqAEys13uf0wuCPKQddUmrUowXFb0FVc1sRsge3ZmgICZtGOp_l8KusyFfK65LA-QaRw0/s400/8-11-stowed.JPG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Source: CIAIAC</td></tr>
</tbody></table>
<br />
<br />
Upon applying takeoff power, the TOWS (take off warning system) should have provided an audible warning that takeoff flaps/slats were not set properly. This did not happen. So the TOWS system was infected with malware/trojans, right? NO. The TOWS system itself was disabled, but this is an onboard aircraft system with no IP connection, no USB ports, and no operating system familiar to everyday malware authors. There is quite a bit of <a href="http://www.secureworks.com/research/blog/index.php/2010/8/23/malware-and-the-failure-of-aircraft-systems/">misinformation</a> being spread on this point, with security boffins and AV vendors latching on to the malware point. No, it was not the onboard TOWS system which had been infected. So why did the TOWS fail to callout a warning?<br />
<br />
<div style="text-align: left;">
</div>
The report goes into significant technical detail on this point, and it's a bit more complicated than an open circuit breaker or a stray bit of malware. <br />
<br />
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsZ1EOW2PYOv1KIVpOWnmbmbcEWVaMcBPQmFa1V3Zyo6g7tK_Bl1be2uyaeKOFamlrRXuRwx6wVqRqmQQ6yNmvPeNkp-5FDavV6ONkeOTt8QcVf0BVDIKhrjiOzD6odt3b97d7KNKjkus/s1600/groundsensingsystem.JPG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="87" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsZ1EOW2PYOv1KIVpOWnmbmbcEWVaMcBPQmFa1V3Zyo6g7tK_Bl1be2uyaeKOFamlrRXuRwx6wVqRqmQQ6yNmvPeNkp-5FDavV6ONkeOTt8QcVf0BVDIKhrjiOzD6odt3b97d7KNKjkus/s400/groundsensingsystem.JPG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Source: CIAIAC</td></tr>
</tbody></table>
<br />
<br />
<div style="text-align: left;">
</div>
<br />
<br />
<br />
The issue with the energized ram air temp heater was indicative of a relay failure which would put the aircraft's systems in "flight mode" which would not only explain the high RAT (the probe has a heating element which is enabled in flight but disabled on the ground) but also the disabled TOWS (which only operates in 'ground mode').<br />
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgg-L-iPYG4_EiujFsTskSAiSP7PX33fLu-7f4LbZ0pzW0yomYeR5WLv5iYelS5x2CFRgMujEG3nz4ij1fC4znngPBCz1jtCgMWFMsbXIiX-tdTT-oUa5MMg-50z77VtavToOuTDirIYoM/s1600/tows_rat.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="173" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgg-L-iPYG4_EiujFsTskSAiSP7PX33fLu-7f4LbZ0pzW0yomYeR5WLv5iYelS5x2CFRgMujEG3nz4ij1fC4znngPBCz1jtCgMWFMsbXIiX-tdTT-oUa5MMg-50z77VtavToOuTDirIYoM/s400/tows_rat.JPG" width="400" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
So, in a nutshell, if the ground sensing system fails to flight mode, we would have a situation where the TOWS would be disabled, and the ram air temp heater (among other things) would be enabled. So how would we know if the ground sensing system had failed?<br />
<br />
Well, digging deeper, we find that on this particular aircraft, there were numerous instances of high RAT readings on the ground:<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQVh_zszj7D9GCDrGgT0CPViM7gY-scunh9KuvZE98kbZ0dUX8-c4G2DWE1qackTCBngAA65vJqH41dnPpBdtXTBX9TLhj1bwyQOT8VBVlNtj7JRDra9_WzwYz2ZCkncLk8CujW3tk4xc/s1600/rat_failures.JPG" imageanchor="1" style="clear: left; display: inline !important; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="160" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQVh_zszj7D9GCDrGgT0CPViM7gY-scunh9KuvZE98kbZ0dUX8-c4G2DWE1qackTCBngAA65vJqH41dnPpBdtXTBX9TLhj1bwyQOT8VBVlNtj7JRDra9_WzwYz2ZCkncLk8CujW3tk4xc/s400/rat_failures.JPG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Source: CIAIAC</td></tr>
</tbody></table>
<br />
So in three days prior to the accident we had six abnormal RAT readings, while the aircraft was on the ground, as recorded by the digital flight data recorder (DFDR). Surely the crew would start to pick up on the fact that something was not right.<br />
<br />
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1CBJdWLa_j3bZshG70VXN_vUGUvBU3HQXa3hlcrfxbz6fKzMZbbz3-yoIHzcLB3VPnc8mDVc_rCXpxA5zxQx2NicQjZ9VZIJsmh3Ne0LUHM1nQI8W2VMIReD_pbpLWZzbCg666GPnikw/s1600/different_crews.JPG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="47" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1CBJdWLa_j3bZshG70VXN_vUGUvBU3HQXa3hlcrfxbz6fKzMZbbz3-yoIHzcLB3VPnc8mDVc_rCXpxA5zxQx2NicQjZ9VZIJsmh3Ne0LUHM1nQI8W2VMIReD_pbpLWZzbCg666GPnikw/s400/different_crews.JPG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Source: CIAIAC</td></tr>
</tbody></table>
<br />
<br />
<br />
<br />
No, because the three RAT abnormalities that were actually entered into the aircraft's technical log book (ATLB) were reported by <b>three different crews</b>. Doh! <br />
<br />
So this is (finally) where the malware issue starts to enter the picture. The off-board system in question was responsible for correlating, scoring and alerting on situations just like this. A computer system is ideal for this type of scenario, where the air crews and maintenance personnel rotate frequently. So why didn't the system fire an alert?<br />
<br />
On this issue the official report from the CIAIAC is silent, though perhaps the forthcoming inquiry [2] will shed some light. Perhaps the threshold for RAT anomalies wasn't reached. Maybe this was because the system was only made aware of the 3 anomalies that were actually entered into the ATLB, rather than the 6 that were detected by the DFDR on board the aircraft. Or perhaps the malware present on the scoring and alerting system prevented the system from working as expected.<br />
<br />
In any case, this tragic event is typical of so many in aviation. It's primary cause, in the opinion of this security consultant and pilot, is what we aviators call "Get There Itis". The flight was delayed, the cabin was hot, the copilot had dinner plans, and the passengers and flight attendants were grumpy. The pilot breezed through the "takeoff imminent" checklist, repeating from memory "11" degrees of flat deflection rather than verifying the position of the flaps/slats on the numerous indicators present in the cockpit.<br />
<br />
The throttles were pushed forward, the stick was pulled back, and the jet momentarily became airborne before stumbling out of ground effect into a fireball that killed 154 people.<br />
<br />
Did malware have anything to do with this tragedy? Perhaps. But it's certainly a tertiary factor. A number of recommendations came out of the post accident investigation, and these were specifically to:<br />
<br />
<ul>
<li>Recommend that TOWS systems are checked for proper operation before <b>each flight</b>, rather than once per day</li>
<li>Recommend that checklists be streamlined to ensure that critical items (such as setting flap/slat deflection for takeoff) are performed without interruption, and verified</li>
</ul>
<br />
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-_WLuo8G4E-Lb2hPeq1n00DsbZs8UxgGQfRpqQB7gtju9X9Xc9F5Gfyu0I9qO0NZFmUiFVyCmOWZRwb72s5V-9fv9CP3us6XCWB0ZUlc6FZBgbM5jISQQ7PLXLEipOaVtJZLcc0qfZOM/s1600/checklist_mods.JPG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="85" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-_WLuo8G4E-Lb2hPeq1n00DsbZs8UxgGQfRpqQB7gtju9X9Xc9F5Gfyu0I9qO0NZFmUiFVyCmOWZRwb72s5V-9fv9CP3us6XCWB0ZUlc6FZBgbM5jISQQ7PLXLEipOaVtJZLcc0qfZOM/s400/checklist_mods.JPG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Source: CIAIAC</td></tr>
</tbody></table>
<br />
<br />
<br />
<br />
<br />
<br />
As to malware on maintenance systems? Of course that's undesirable. However, modifications to checklists and operational procedures are our best and most important defense against similar accidents going forward. Keeping airlines' computer systems free of malware is a completely reasonable requirement. Would a malware-free maintenance system have prevented this accident? Perhaps. But properly trained and professional aviators <b>certainly</b> would have mitigated this tragedy.<br />
<br />
<br />
<br />
<br />
<br />
[1] http://www.skybrary.aero/bookshelf/books/777.pdf<br />
[2] http://www.theregister.co.uk/2010/08/20/spanair_malware/DChttp://www.blogger.com/profile/04707388475829589192noreply@blogger.com5tag:blogger.com,1999:blog-6644490640411457335.post-46362088429662671022010-06-01T20:58:00.000-06:002011-11-21T21:24:39.965-07:00FROC2010<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis4rhTCPzVjybqoy_t3TlyMqydZr6J-YlKwJL8iJKoHWRdsFUc9DIRkC_TJ4TXLxV1eucHQGeHe-F1OUQzi7uKBbhz5Fc9p8so7Lr4LdpzBR_J4QyGRt5eyC8PeSJptkUBeagWkwQQFSw/s1600/froc2010_sm.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis4rhTCPzVjybqoy_t3TlyMqydZr6J-YlKwJL8iJKoHWRdsFUc9DIRkC_TJ4TXLxV1eucHQGeHe-F1OUQzi7uKBbhz5Fc9p8so7Lr4LdpzBR_J4QyGRt5eyC8PeSJptkUBeagWkwQQFSw/s200/froc2010_sm.png" width="196" /></a>Tomorrow, 2 June 2010 marks Denver OWASP's third annual Front Range OWASP Conference. OWASP is proud to present a sold out show, consisting of three breakout tracks bookended by keynote and panel discussions. The CTF is looking to be the best yet, incorporating not just web app puzzles but also network and forensic challenges. The winner of the CTF will take home a brand new Apple iPad.<br />
<br />
<br />
EA's David Campbell is pleased to serve on the program committee for this event, which is co-organized by <a href="http://www.owasp.org/">OWASP</a> and the <a href="http://cloudsecurityalliance.org/">Cloud Security Alliance</a>.<br />
<br />
<a href="http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010" target="_blank">Conference Website and Presentation Videos</a>DChttp://www.blogger.com/profile/04707388475829589192noreply@blogger.comtag:blogger.com,1999:blog-6644490640411457335.post-21706857452247845472010-05-04T10:03:00.005-06:002011-11-21T21:21:47.458-07:00Presentation: "The Future of Penetration Testing" at RMISC<span id="goog_1926865371"></span><span id="goog_1926865372"></span><a href="http://www.blogger.com/"></a>EA Principal Consultant David Campbell will be delivering a presentation at the 4th annual <a href="http://www.isaca-denver.org/rmisc/">Rocky Mountain Information Security Conference</a> tomorrow, 5 May 2010 in Denver, CO.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheT-w9ipN8F8dTmuMZEphtdXsgN9-YBkuHNLQLiTlGFNZhrtZ4ZKgzQq0l7AmFWh1ogRv3H2tWVSgyfMVEDZqnDwxNE994sYzYls5kw2R5xgyosXKYRKkWlJBxAmcVhSj_2fvDpHyPG_0/s1600/FOPT.GIF" imageanchor="1" style="clear: right; display: inline !important; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="156" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheT-w9ipN8F8dTmuMZEphtdXsgN9-YBkuHNLQLiTlGFNZhrtZ4ZKgzQq0l7AmFWh1ogRv3H2tWVSgyfMVEDZqnDwxNE994sYzYls5kw2R5xgyosXKYRKkWlJBxAmcVhSj_2fvDpHyPG_0/s200/FOPT.GIF" width="200" /></a></div>
The <a href="https://docs.google.com/fileview?id=0B0Fc9WqFRWIKNDNiMjBjMTMtNmQxMi00MjM3LThmYTgtNjIxMTIwY2M3ZDZi&hl=en">slide deck (pdf)</a> is posted and the abstract of the presentation is as follows:<br />
<br />
<br />
For many years now penetration testing has been an essential component of an effective information security risk management program. PCI DSS even requires that penetration testing be performed at regular intervals. The “blackbox” or “zero knowledge” approach used by most internal penetration testing teams and external consultancies seeks to identify exploitable vulnerabilities which could lead to a compromise. This testing methodology was borne out of a desire to emulate the attacker’s view of the enterprise, in order to identify high impact vulnerabilities and remediate them with priority. <br />
<br />
While blackbox testing captures many attributes of the “attacker’s eye view” of the threat landscape, it fails to adequately account for the fact that an Advanced Persistent Threat may have considerably more time to spend penetrating a target than a security consultancy which charges by the day or by the hour. In order to level the playing field, a paradigm shift is necessary in the industry. Penetration testing performed using a “greybox” approach, in which the security assessor is provided with source code or other relevant software artifacts during an engagement is a highly effective alternative to “zero knowledge” testing. This presentation will showcase real world cases where critical vulnerabilities were identified during greybox engagements, which had previously been overlooked by multiple blackbox assessments.<br />
<br />
Attendees of this session should expect to gain an understanding of why not all penetration testing activities are created equally, and how to choose the right type of penetration testing to satisfy their risk mitigation requirements while managing budget, time and compliance constraints.DChttp://www.blogger.com/profile/04707388475829589192noreply@blogger.comtag:blogger.com,1999:blog-6644490640411457335.post-44068245354999413532009-11-04T20:37:00.007-07:002009-11-04T21:43:20.125-07:00Cracking Passwords in the Cloud Q&AThanks to everybody who read the <a href="http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html">story</a> and provided questions and comments. El Reg <a href="http://www.theregister.co.uk/2009/11/02/amazon_cloud_password_cracking/">picked up the story</a>, and the <a href="http://it.slashdot.org/story/09/11/03/0053230/Cracking-PGP-In-the-Cloud">Slashdot thread</a> saw loads of activity also. There were quite a few good questions raised by commenters here and elsewhere on the web. We will try to answer as many of them as possible in this post.<br />
<br />
Anonymous said...<br />
<br />
<dd class="comment-body"><i>So did you crack the password in the end? How long did it take? You've left us hanging here!!</i><br />
</dd> <dd class="comment-footer"><a href="http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html?showComment=1257257078358#c2514528964424457436" title="comment permalink"> November 3, 2009 7:04 AM</a><br />
</dd><dd class="comment-footer"><br />
</dd><br />
So far we have run [a-z0-9] (length=8) on all of the target files with no luck. We are in the process of running [a-zA-Z0-9 !@#$%^&*()] (length=8) on the targets, however the EC2 charges are significant and the client is interested in building out their own infrastructure to take over this work so that the OpEx can become CapEx and the equipment be used for multiple purposes.<br />
<br />
Anonymous said...<br />
<dd class="comment-body"><i>first of all, thanks a lot for the interesting write-up!<br />
Just being curious: decrypting a PGP encrypted file through bruteforce cracking the passphrase - does that mean you were in possession of the (passphrase protected) private key?<br />
Or was the file encrypted using a symmetric key?<br />
Decrypting a file using ONLY the passphrase contradicts my understanding on how PGP works...</i><br />
</dd> <dd class="comment-footer"><a href="http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html?showComment=1257258086232#c7492150846913049881" title="comment permalink"> November 3, 2009 7:21 AM </a><br />
</dd><br />
<br />
The PGP ZIP archives we are trying to recover are encrypted to a passphrase, NOT to a key. It is our understanding that if the files had been encrypted to a public key, we would not even be able to attempt recovery with EDPR unless we also had access to the (encrypted) private key.<br />
<br />
<br />
<dt class="comment-author " id="c1028977220526433551"><a href="http://www.blogger.com/profile/16008062842047893999" rel="nofollow">Matt Weir</a> said... </dt><br />
<br />
<dd class="comment-body"><i>Great article. I'm curious if anyone could tell me what hashing/encryption algorithm PGP Zip uses. Aka, how many rounds of MD5/SHA1 ect does it use to convert the user's password into the encryption key. That way I could estimate the cost to crack other hash types, (such as NTLM or WPA). Also, are the graphs on the results page created by attacking PGP Zip files as well? <br />
<br />
Finally, you almost never want to do a pure brute force attack. Using Markov models can drastically reduce the number of guesses you need to make even when performing a non-dictionary based attack. Some analysis that I did on the hotmail set, pure brute force vs. Markov models can be found here: http://reusablesec.blogspot.com/2009/10/analysis-of-10k-hotmail-passwords-even.html</i><br />
</dd> <dd class="comment-footer"><a href="http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html?showComment=1257365234728#c1028977220526433551" title="comment permalink"> November 4, 2009 1:07 PM </a><br />
</dd><br />
<br />
See <a href="http://tools.ietf.org/html/rfc4880">http://tools.ietf.org/html/rfc4880</a> for details on the OpenPGP message format, which is what I believe PGP uses to create PGP ZIP files. You are also correct that pure brute force is inefficient, and were not the only one to point that out:<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQwJH5AAhuFYCU0_LSCKJ5bgiaIWj7nM6vyhKBQGoLBL788Dp8CEVM7UqxSFRaG3TnXoa9v5WgsQ-0xBpRtFyT1eLLlHGE4EiMUHyHY1Qr5SIJKOe-LfOb7xjsO9zDUDHswzd3S_knkcA/s1600-h/bruce_email.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQwJH5AAhuFYCU0_LSCKJ5bgiaIWj7nM6vyhKBQGoLBL788Dp8CEVM7UqxSFRaG3TnXoa9v5WgsQ-0xBpRtFyT1eLLlHGE4EiMUHyHY1Qr5SIJKOe-LfOb7xjsO9zDUDHswzd3S_knkcA/s400/bruce_email.png" /></a><br />
</div>As Bruce mentions, there are far more efficient ways to crack passwords, and the <a href="http://www.schneier.com/essay-148.html">article he links to</a> discusses those options in detail.<br />
<br />
In general, EDPR is designed to be FAST, not smart. The creators of EDPR intend for it to be used as a 'last resort' sort of tool, to brute force passwords that can't be recovered using more intelligent methods.<br />
<br />
<br />
<a href="http://www.blogger.com/profile/01917719465671866924" rel="nofollow">Ariel</a> said...<br />
<br />
<dd class="comment-body"><i>You are totally ignoring CUDA (high end NVidia graphics cards) when giving your password recommendations.<br />
<br />
CUDA can crack passwords about 10 to 100 times faster than CPUs can, and costs less.</i><br />
</dd> <dd class="comment-footer"><a href="http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html?showComment=1257245193253#c6017139140659376557" title="comment permalink"> November 3, 2009 3:46 AM </a><br />
</dd><br />
<br />
Between comments here and on <a href="http://it.slashdot.org/story/09/11/03/0053230/Cracking-PGP-In-the-Cloud">Slashdot</a>, probably the most frequently raised point was that GPU accelerated cracking is MUCH faster than what we were getting with our EC2 instances. <b>WE KNOW</b>. EDPR does NOT support GPU acceleration for cracking PGP ZIPs, and thus even if EC2 could offer us an instance with 10 GeForce GTX's it would do us no good for this particular application. See the <a href="http://www.elcomsoft.com/edpr_gpu_acceleration.html#q3-1">EDPR GPU Acceleration FAQ</a> for a list of currently supported file and password types.<br />
<br />
<br />
<dt class="comment-author " id="c5307115742356877011"><a href="http://www.yahoo.com/" rel="nofollow">Joe Hacker</a> said... </dt><br />
<br />
<dd class="comment-body"><i>One problem with that analysis, which is interesting for sure. Botnets are free. People hacking passwords are very likely to have access to botnets. So I wouldn't base my password length just on assumed cost. Why do that, when I can add few more chars above 12 chars, and make it inviable to be hacked with all the computer power on the planet for the foreseeable future.</i><br />
</dd> <dd class="comment-footer"><a href="http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html?showComment=1257245329485#c5307115742356877011" title="comment permalink"> November 3, 2009 3:48 AM </a><br />
</dd><br />
<br />
Agree. This is a point that Haroon at Sensepost raised, and the sentiment was echoed by <a href="http://www.theregister.co.uk/2009/11/02/amazon_cloud_password_cracking/">The Register</a> and also <a href="http://ha.ckers.org/blog/20091103/cloud-cracking/">Rsnake at ha.ckers.org</a>. The Sensepost talk "<a href="http://www.sensepost.com/blog/3797.html">Clobbering the Cloud</a>" at Blackhat Vegas 09 specifically demonstrated how easy it is to create hundreds of EC2 accounts (using a single credit card), totally subverting the EC2 per account instance limit. Even if Amazon cracks down on allowing a single credit card to be used to open multiple AWS accounts, I imagine that blackhats will still find it quick and easy to script up mass EC2 enrollment with stolen credit card numbers. Such a methodology might give traditional botnets a run for their money.<br />
<br />
<br />
<dt class="comment-author " id="c3989769887870759147">Blrfl said... </dt><br />
<br />
<dd class="comment-body"><i>Interesting analysis, but I think you're leaving out one detail:</i><br />
<snip></snip><br />
<br />
</dd><dd class="comment-body"><i>With just about everything using digested passwords and anything really important using good algorithms, social engineering and ThugWare become awfully attractive options.<br />
</i><br />
</dd> <dd class="comment-footer"><a href="http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html?showComment=1257266010752#c3989769887870759147" title="comment permalink"> November 3, 2009 9:33 AM </a><br />
</dd><br />
<br />
Yes. We also had several commenters suggesting that precomputation attacks (such as <a href="http://en.wikipedia.org/wiki/Rainbow_table">rainbow tables</a>) would be a better plan. Again, <b>WE KNOW</b>. However, when trying to recover salted hashes, rainbow tables are of limited utility, because an attacker needs to precompute tables for each possible salt value.<br />
<br />
We did mention by way of disclaimer that a client side exploit could render your 34 character uber-complex passphrase completely useless. Several of our readers mentioned the 'wrench attack' against such passwords, which is also a serious threat, and is best described by the following comic from <a href="http://xkcd.com/">xkcd</a> :)<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTeFGfvZgf4yMHLCsoK4blgJghsgFM_-Vadx11GQ-RRjf86J8zsp0vn_WrqLX0eicl3iXrhgnwrjB52lm2b26xbu4ht5BMtznwWVHWFL6EOOh_z-ly3x0oQ24WfQ6eiubBfRPaH0n5C-k/s1600-h/xkcd_wrench.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTeFGfvZgf4yMHLCsoK4blgJghsgFM_-Vadx11GQ-RRjf86J8zsp0vn_WrqLX0eicl3iXrhgnwrjB52lm2b26xbu4ht5BMtznwWVHWFL6EOOh_z-ly3x0oQ24WfQ6eiubBfRPaH0n5C-k/s400/xkcd_wrench.png" /></a><br />
</div>DChttp://www.blogger.com/profile/04707388475829589192noreply@blogger.com1tag:blogger.com,1999:blog-6644490640411457335.post-86168809588861172182009-10-30T11:23:00.016-06:002010-11-18T08:41:17.309-07:00Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR<div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><i></i><br />
<div style="font-style: normal; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><i><i>UPDATE 15 Nov 2010: Amazon announces "</i><a href="http://aws.amazon.com/about-aws/whats-new/2010/11/15/announcing-cluster-gpu-instances-for-amazon-ec2/"><i>Cluster GPU Instances</i></a><i>", again radically changing the economics of using EC2 for password cracking. </i></i></div><div><i><br />
</i></div><div><i>We've had some questions about whether or not we are going to re-run our analysis using the EC2 GPU Instances. We may do so, but in the meantime have a look at <a href="http://stacksmashing.net/2010/11/15/cracking-in-the-cloud-amazons-new-ec2-gpu-instances/">stacksmashing.net</a>. The have already got some numbers posted for cracking SHA1 on EC2/GPU.</i></div><div><i><br />
</i></div><br />
<i>UPDATE 21 Dec 2009: Amazon announces "</i><a href="http://www.theregister.co.uk/2009/12/14/amazon_ec2_spot_instances/"><i>spot instances</i></a><i>", radically changing the economics of using EC2 for password cracking. </i><br />
<br />
Cloud Computing has enabled some interesting projects: undertakings that wouldn't have been attempted without the cheap, flexible, easy to provision and simple to release computing power that "cloud" delivers.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">The New York Times used Amazon EC2 and S3 to <a href="http://open.blogs.nytimes.com/2007/11/01/self-service-prorated-super-computing-fun/">create PDF's of 15M scanned news articles</a>. NASDAQ uses Amazon S3 to <a href="http://gorillajawn.com/wordpress/2008/06/09/case-study-adobe-air-amazon-s3-nasdaq/">deliver historical stock information</a>. We recently tapped into the power of the cloud to perform brute force password cracking attacks which simply aren't feasible using traditional IT infrastructure.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">We at EA are "pro-cloud" and have been assessing the security of various incarnations of cloud for some time now. However, until recently we had not had an opportunity to leverage the massive scalability that cloud promises. That changed a few months ago when we were approached by a client who needed several PGP ZIP archives decrypted through brute force.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">When faced with the task of brute forcing PGP passphrases, we immediately thought of Elcomsoft. We had witnessed the <a href="http://www.theregister.co.uk/2009/04/29/elcomsoft_pgp_row/">drama at Infosec</a> 2009 in London when PGP had banners removed from Elcomsoft's booth, and that made a lasting impression. We downloaded the trial version of <a href="http://www.elcomsoft.com/edpr.html">Elcomsoft's Distributed Password Recovery</a> software, but found that unfortunately it was not able to properly parse the old PGP ZIP files.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Luckily, Andrey Belenko, the Elcomsoft wizard who gave the world <a href="http://www.theregister.co.uk/2008/10/10/graphics_card_wireless_hacking/">GPU accelerated password cracking</a> was able to get us a patch for the EDPR dll which handles PGP ZIP's. We were in business! Unfortunately, on a fast dual core Windows7 box we were looking at something like 2100 days to brute force a reasonably long complex passphrase for these PGP ZIPs.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">This was clearly unacceptable, so we looked to the cloud for salvation.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">This post goes into significant detail about how to get the Elcomsoft EDPR solution working on Amazon EC2, so if you are interested in the process and want to build your own personal NSA style distributed cracker keep reading.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">During the course of this project, we had some interesting insights regarding the relative strengths of password length versus complexity. Feel free to skip over the implementation details and get <a href="http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html">straight to the analysis</a>.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">If you're still with us, thanks for tuning in. Let's continue.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Per <a href="http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt">NIST's cloud presentation</a>, the definition of cloud is as follows:</div><blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">"Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. "</div></blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Using a cloud provider was ideal for a project such as this, as the client really had no residual use for a massive physical cluster of Windows machines once the passwords were recovered. Thus we moved forward with Amazon EC2, but in order to capitalize on the "rapid provisioning" promised by cloud we wanted to be sure that we could rapidly deploy a large number of EDPR cracking agents without manually configuring each one.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Elcom's EDPR runs only on Windows, so our first chore was picking an EC2 AMI which was fit for the purpose of creating a template instance to clone (or bundle, in EC2 speak). EDPR is a 32 bit Windows app, so there was no need to use a 64bit Windows AMI. We selected</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">ami-df20c3b6-g and then started an instance from a Linux shell using the <a href="https://help.ubuntu.com/community/EC2StartersGuide">EC2 API Tools</a> as follows:</div><blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><i>ec2-run-instances -k ssh-keypair ami-df20c3b6-g default</i></div></blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Once the instance was up and running, we enumerated the instance ID and public IP address of the running instance with the command</div><blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><i>ec2-describe-instances</i></div></blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Once the instance status has changed from "pending" to "running" we can extract the administrator password for the instance, using the command</div><blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><i>ec2-get-password -k ssh-keypair.pem $instanceID</i></div></blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">AWS Windows AMI's output the (generated) encrypted administrator password for the instance to the system console. This API Tool works by grabbing this encrypted console output, and decrypting it with the private key specified on the command line. This private key must match the public key which was used when the instance was spawned.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">With the administrator password in hand, we now must configure the EC2 firewall to permit inbound RDP traffic to the instance.</div><blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><i>ec2-authorize default -p 3389 -s $trusted_ip_address/32</i></div></blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Now we can RDP into the instance and configure EDPR.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">As mentioned previously, the <i>ec2-describe-instances </i>command will provide the public IP address of the running instance.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2EaEBgZcNixuSPQkpSOONHTSs7ffbfxG3wdFkGUrMdPCrffb1sOR4d3RlOL7e0QtO6HPdNxufO34zAQXt_Zo5FSXbpSY8R9OnsGXFWwXTw4y5WQbrqkyIzfbRaxFOH8EshWWPWLmdN0s/s1600-h/rdp.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2EaEBgZcNixuSPQkpSOONHTSs7ffbfxG3wdFkGUrMdPCrffb1sOR4d3RlOL7e0QtO6HPdNxufO34zAQXt_Zo5FSXbpSY8R9OnsGXFWwXTw4y5WQbrqkyIzfbRaxFOH8EshWWPWLmdN0s/s200/rdp.png" /></a></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Use the administrator password obtained from the <i>ec2-get-password </i>command to login to the instance.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Start IE and download <a href="http://www.elcomsoft.com/download/agent_setup.exe">http://www.elcomsoft.com/download/agent_setup.exe</a> to somewhere convenient. Note that we made the architectural decision to use EC2 for EDPR agents, but not the manager. This was for two reasons. One is that the encrypted files we were setting out to crack were client confidential, and thus there was no desire to upload them to systems outside our ultimate control. Secondly, EC2 instances have a limited concept of state, and we didn't want to mess around with EBS volumes to persist the target files across instance generations.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">We also configured the firewall in front of the EDPR manager system to permit TCP/12121 from anywhere, as it was difficult to pin down a sane range of public source addresses for EC2 instances.</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_RfvLObz-zEzL1vhGX1Sg4Onse3g0mgVxrxFJf4uy4TB5nQMyeOd4qAyzaZJAGUCleRQQLme-d7S-9dPLJwChfXG0-LOBZbIqdi1gwedCuLwMaJtvkNstC0llYdO2sY7mf2u5gEoiEmQ/s1600-h/edpr_setup.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_RfvLObz-zEzL1vhGX1Sg4Onse3g0mgVxrxFJf4uy4TB5nQMyeOd4qAyzaZJAGUCleRQQLme-d7S-9dPLJwChfXG0-LOBZbIqdi1gwedCuLwMaJtvkNstC0llYdO2sY7mf2u5gEoiEmQ/s200/edpr_setup.png" /></a></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Now launch the EDPR agent installer, and accept the license and all the default options.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Once the installation is complete, the EDPR agent will start. Go to the General tab, and configure the public IP address or hostname of the EDPR manager you have configured.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtoHpuxeP9m65yx3hLoee23bvOIyGRKs7LuWVvgJmyVUEwbgfpO4GnzxIyArr9zRVqelFCKlaPhdBcQV8YzOP-mKDrR46ndpEFQTpK-28gcbrgc_PS6T5SEBCCeEQqYM9jXQD0fyBio08/s1600-h/edpr_general_tab.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtoHpuxeP9m65yx3hLoee23bvOIyGRKs7LuWVvgJmyVUEwbgfpO4GnzxIyArr9zRVqelFCKlaPhdBcQV8YzOP-mKDrR46ndpEFQTpK-28gcbrgc_PS6T5SEBCCeEQqYM9jXQD0fyBio08/s400/edpr_general_tab.png" /></a></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-align: center;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">On the Interface tab set the Start-up Mode to "At Windows Start-up".</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiE_OMrOZk8fRcQIrNWZD7RoEWx3CJbI3TRxG6kLFJF6L2jP3InyDGG-iwW9Er6I0q60iiiD35Phxi7ifzldJNat3gP-u2c_dzVJJ6EQQrXLwZ3Dx6ojrV7Y8mVd0WB6aZuddq2sTqyPI/s1600-h/edpr_interface_cfg.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiE_OMrOZk8fRcQIrNWZD7RoEWx3CJbI3TRxG6kLFJF6L2jP3InyDGG-iwW9Er6I0q60iiiD35Phxi7ifzldJNat3gP-u2c_dzVJJ6EQQrXLwZ3Dx6ojrV7Y8mVd0WB6aZuddq2sTqyPI/s400/edpr_interface_cfg.png" /></a></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div></div><div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">EDPR creates a pair of registry values which are used to uniquely identify the agent when checking in to the manager. We need to scrub these values before cloning this instance, otherwise every single instance we spawn will appear to be the same agent to the manager, and the job handling will be totally corrupted.</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">To clear these out, Start, Run, <i>regedt32</i> and then navigate to the following key:</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span style="font-family: monospace; white-space: pre-wrap;"><span style="font-size: x-small;">HKEY_LOCAL_MACHINE\Software\ElcomSoft\Distributed Agent\UID</span></span></div><pre style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;" wrap=""></pre><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis9MleWl-K7DdarZa6cfBwdtIy9WAUbhnBx0SeO9PTGKk8-DTsO9f257Kzdzg9xiRHPwfcU5-6D9_LZYFAEsoBIHUkGNF7M5BYD76UwzZXonawLVL0Px062h_sa7yzcd8YDGbdc9HAuy4/s1600-h/regedt_zeroed.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis9MleWl-K7DdarZa6cfBwdtIy9WAUbhnBx0SeO9PTGKk8-DTsO9f257Kzdzg9xiRHPwfcU5-6D9_LZYFAEsoBIHUkGNF7M5BYD76UwzZXonawLVL0Px062h_sa7yzcd8YDGbdc9HAuy4/s400/regedt_zeroed.png" /></a></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Set the value of the UID key to null, but DO NOT DELETE THE KEY.</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">With the EDPR agent installed and configured, we can now bundle the EC2 instance. This action is akin to creating a 'template' in VMware land. To do this, we first need to install and configure the <a href="http://developer.amazonwebservices.com/connect/entry.jspa?externalID=368">EC2 AMI Tools</a>.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">The syntax for the ec2-bundle-instance command is as follows:</div><blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><i>ec2-bundle-instance $instance_id -b $bucket_name -p $bundle_name -o $access_key_id -w $secret_access_key</i></div></blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Bucket name and bundle name can be whatever you like, just remember them because we will need to those values again when we register the bundled AMI in the next step.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">The bundling process basically runs <a href="http://support.microsoft.com/kb/302577">sysprep</a> on the Windows instance, and then compresses and copies the instance to S3.</div><blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><i>ec2-describe-bundle-tasks</i></div></blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Can be used to check on the progress of the task. It will take several minutes. Once the bundle task is complete, the following command will register the bundled AMI, which allows it to be used to run instances.</div><blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><i>ec2-register $bucket_name/$bundle_name.manifest.xml</i></div></blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">The registration command will return an AMI ID, which we will use to spawn instances of the EDPR agent.</div><blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><i>IMAGE ami-54f3103d</i></div></blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Now start the EDPR manager, and configure a task. For the purposes of this example, we configure a task to brute an password composed of uppercase letters, lowercase letters, and the numbers 0-9, with a length of between 1 to 8 characters (heretofore represented as ([A-Za-z0-9] ^ 8) against one of our client's PGPZIP files.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgigoKqtmeTWQO1XTu_k2axH6te-lVfqcXlZtDXi5zeofaBnbFmDfcycKKYQWz2_TmLtCm_ATWxYCDmJGnAhfwRpHzBKjWgD3UoiJ_QBBx-s7XsmXZB9kOUW0ks6yJbWwugyUdLO91vXRs/s1600-h/edpr_charset_select.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgigoKqtmeTWQO1XTu_k2axH6te-lVfqcXlZtDXi5zeofaBnbFmDfcycKKYQWz2_TmLtCm_ATWxYCDmJGnAhfwRpHzBKjWgD3UoiJ_QBBx-s7XsmXZB9kOUW0ks6yJbWwugyUdLO91vXRs/s400/edpr_charset_select.png" /></a></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">To start working on this job, we start a single instance of our EDPR agent with the following command:</div><blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><i>ec2-run-instances -k $ssh-keypair ami-54f3103d -g default</i></div></blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Shortly after the instance status changes from 'pending' to 'running', we see the agent check in with the EDPR manager.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEif5quIVUOEZqyTH4od-tDdiOCs9BDyNSnCYV8fRqfXGT_m0j41BIgW6kASpKtAFWNs0oTivzxSeYtR4mjL5Ez1d91SUQrslxqkbqcEBQADhloWKfk0U1QJIQRWnqtA_y85vP1XUjP2eIk/s1600-h/edpr_single_sm_agent.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEif5quIVUOEZqyTH4od-tDdiOCs9BDyNSnCYV8fRqfXGT_m0j41BIgW6kASpKtAFWNs0oTivzxSeYtR4mjL5Ez1d91SUQrslxqkbqcEBQADhloWKfk0U1QJIQRWnqtA_y85vP1XUjP2eIk/s640/edpr_single_sm_agent.png" /></a></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">This instance was started with the default parameters, and so is an EC2 "small" instance. Sure it costs only $0.10 USD per hour, but as we see here it is only trying about ~500K keys per second. How long will it take to brute force the key space?</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3DSsXT9C-U0siiXGrnxRa5PmnXjagy8Zm5TKk9oGL3uDuiV_G19SSPAgQIcoKL50F0qOH2YESMn7u57EkSxD1XYrXP_79R5ZCAmrotRhx6al_mwzZIeo7OZzV898p3xQ5aKGsenZUZRU/s1600-h/edpr_single_time_remaining.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3DSsXT9C-U0siiXGrnxRa5PmnXjagy8Zm5TKk9oGL3uDuiV_G19SSPAgQIcoKL50F0qOH2YESMn7u57EkSxD1XYrXP_79R5ZCAmrotRhx6al_mwzZIeo7OZzV898p3xQ5aKGsenZUZRU/s640/edpr_single_time_remaining.png" /></a></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">What? ~3600 days? Ten years? Unacceptable!</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">We now use the following command to deploy ten additional instances:</div><blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><i>ec2-run-instances -n 10 -k ssh-keypair ami-54f3103d -g default -t c1.medium</i></div></blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">The -n 10 parameter tells EC2 to launch 10 instances. We also specify the c1.medium instance type, which is a "High CPU" instance, and raises the price from $0.10 per hour to $0.30 per hour. According to <a href="http://aws.amazon.com/ec2/instance-types/">Amazon's documentation</a>, these instances provide "5 EC2 Compute Units (2 virtual cores with 2.5 EC2 Compute Units each)", compared to the "1 EC2 Compute Unit (1 virtual core with 1 EC2 Compute Unit)" provided by the small instance we initially spawned.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div class="separator" style="clear: both; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6L9FUle5kqd3YoWGR6_EqdVdAI-qpizn5hBm8RZDJ2ghYkfimp0zPqjYAfZI3WQd39HTkElQQSp_EiCK815fmWd6HQ1iamQX-BIK6wBUMDx7wV42046tfdaHTKApFA5fTy1WUjzcsXe0/s1600-h/edpr_many_agents.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6L9FUle5kqd3YoWGR6_EqdVdAI-qpizn5hBm8RZDJ2ghYkfimp0zPqjYAfZI3WQd39HTkElQQSp_EiCK815fmWd6HQ1iamQX-BIK6wBUMDx7wV42046tfdaHTKApFA5fTy1WUjzcsXe0/s640/edpr_many_agents.png" /></a></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">We now see that we have now invited many more cracking agents to the party. We also note that these instances report two CPU's, and are benchmarking in at 2+M keys/second. Sounds like the high cpu instances are in fact delivering on their promised additional horsepower.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">What has this done to the time required to brute force the keyspace?</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1YP_ec9tv-H2Ws0IG-e3EQ5jLDVBJjzD8aaP-YG7ukV5axaj2pbuu5jLZGkaYTHbXt1W37cse5WXn6RwLxsaIZ0Z4Q4-IeiZS-waYgfkomcwAovgl8IZpkkYJHvW9SbZ8fNZWKBjy-Kk/s1600-h/edpr_many_time_remaining.png" imageanchor="1" style="clear: left; display: inline !important; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1YP_ec9tv-H2Ws0IG-e3EQ5jLDVBJjzD8aaP-YG7ukV5axaj2pbuu5jLZGkaYTHbXt1W37cse5WXn6RwLxsaIZ0Z4Q4-IeiZS-waYgfkomcwAovgl8IZpkkYJHvW9SbZ8fNZWKBjy-Kk/s640/edpr_many_time_remaining.png" /></a></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Down to ~122 days. Still unacceptable, but we're moving in the right direction. We kick off another 89 instances (to bring our total to 100, which is presently the upper limit of our Elcomsoft EDPR license), but run into a snag:</div><blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><i>ec2-run-instances -n 89 -k ssh-keypair ami-54f3103d -g default -t c1.medium</i></div></blockquote><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><b>Client.InstanceLimitExceeded: Your quota allows for 9 more instance(s). You requested at least 89</b></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">It appears that Amazon isn't keen to have folks DOS'ing EC2 by spawning arbitrarily large numbers of instances. A quick visit <a href="http://aws.amazon.com/contact-us/ec2-request/">here</a> and a reasonable justification should have us cracking away at top speed in short order.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="font-family: Verdana, Helvetica, sans-serif; margin-left: 40px;"><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span style="font-family: Verdana, Helvetica, sans-serif; font-size: x-small;"><i><span style="background-color: black;"><span style="color: white;">Dear Sir,<br />
Thank you for submitting your request to increase your Amazon EC2 limit. It is our intention to meet your needs. We will review your case and contact you within 3 - 5 business days.</span></span></i></span></div></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">[<b>UPDATE 3 NOV 09: </b>Amazon responded with a request for 'more information'. However, our friends at Sensepost demonstrated a <a href="http://www.sensepost.com/blog/3797.html">creative way to bypass this limit</a> using Python scripts at Blackhat 2009.]<br />
<br />
From what we have seen to date, Elcomsoft EDPR appears to scale linearly as additional cracking agents are deployed. We are confident that as long as the EDPR manager system is properly equipped that you could easily deploy the maximum number of agents permitted by your EDPR license and cracking performance will scale linearly.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">After running this cloud based distributed cracking system for a number of weeks against various types of encrypted target files, we have put together a rudimentary analysis of the EC2 cost required to brute force the various keyspaces. This analysis may be insightful as you develop your enterprise password policies, or choose your personal passwords.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><a href="http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html">Next Page: Results & Analysis</a></div>DChttp://www.blogger.com/profile/04707388475829589192noreply@blogger.com12tag:blogger.com,1999:blog-6644490640411457335.post-33052026504986083082009-10-29T21:36:00.033-06:002010-11-18T08:41:47.128-07:00Cracking Passwords in the Cloud: Insights on Password Policies<a href="http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html">Previous Post: Breaking PGP on EC2 with EDPR</a><br />
<br />
<i></i><br />
<div style="font-style: normal; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><i><i>UPDATE 15 Nov 2010: Amazon announces "</i><a href="http://aws.amazon.com/about-aws/whats-new/2010/11/15/announcing-cluster-gpu-instances-for-amazon-ec2/"><i>Cluster GPU Instances</i></a><i>", again radically changing the economics of using EC2 for password cracking. </i></i></div><div><i><br />
</i></div><div><i>We've had some questions about whether or not we are going to re-run our analysis using the EC2 GPU Instances. We may do so, but in the meantime have a look at <a href="http://stacksmashing.net/2010/11/15/cracking-in-the-cloud-amazons-new-ec2-gpu-instances/">stacksmashing.net</a>. The have already got some numbers posted for cracking SHA1 on EC2/GPU.</i></div><br />
<br />
<i>UPDATE 21 Dec 2009: Amazon announces "</i><a href="http://www.theregister.co.uk/2009/12/14/amazon_ec2_spot_instances/"><i>spot instances</i></a><i>", radically changing the economics of using EC2 for password cracking. </i><br />
<br />
For years we have been preaching the virtues of long, complex passwords. Putting dictionary attacks aside for a moment, one of the most interesting revelations of this project was the high cost of brute forcing simple passwords.<br />
<br />
By simple here we mean a password only containing lowercase letters a through z. And by optimistic cost to brute force we mean the EC2 usage charges we would incur to cover 50% of the keyspace. If we're unlucky, we double the optimistic cost to calculate our "max cost" to exhaust the keyspace.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhba9SsNQMmPV1s97NSDxyFzmyMdvS1JoIGpSGEfnQIhsAAeO7k0AFw74iag-Cm7kK0hFim7wXhk46pPOHKIhOgavNCb0eYITVynFaiyEZk5zpwAWbi4jdIsaPR1_xt-sWQYri_SBlaxsM/s1600-h/chart_cost_crack_simple_pw_logscale.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhba9SsNQMmPV1s97NSDxyFzmyMdvS1JoIGpSGEfnQIhsAAeO7k0AFw74iag-Cm7kK0hFim7wXhk46pPOHKIhOgavNCb0eYITVynFaiyEZk5zpwAWbi4jdIsaPR1_xt-sWQYri_SBlaxsM/s400/chart_cost_crack_simple_pw_logscale.png" /></a></div><br />
<div class="separator" style="clear: both; text-align: auto;">Clearly each additional character of password length adds a significant amount of cost to the brute forcing effort. One might speculate that an average corporate adversary could quite easily come up with ~$50K USD to brute an 11 character simple password, but struggle to find the $1.5M USD to brute a 12 character simple password.</div><br />
Next let's look at the case of a slightly more complex password, containing <span style="text-decoration: line-through;">upper and</span> lowercase a-z, plus the numerals 0-9:<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjM3xusxqRzFgqyjwcXxdZBaaeL5xfyCYSrVPRVX3Fut3kqSrFjZXDUxgdp5NM_5MLdt_5oCetH7BRWSWdT557_eYvwz13jqNRAfSv6hh0FNMufbLbdOCbf8TZcmBiLJfAvD00Ayrha6ys/s1600-h/chart_cost_crack_a-z0-9_log.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjM3xusxqRzFgqyjwcXxdZBaaeL5xfyCYSrVPRVX3Fut3kqSrFjZXDUxgdp5NM_5MLdt_5oCetH7BRWSWdT557_eYvwz13jqNRAfSv6hh0FNMufbLbdOCbf8TZcmBiLJfAvD00Ayrha6ys/s400/chart_cost_crack_a-z0-9_log.png" /></a></div><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><br />
</div>In this case the hypothetical threshold between doable and not worth it falls at the 11 character password boundary.<br />
<br />
Finally let's examine the cost to crack a truly complex password, consisting of upper and lowercase a-z, plus the numerals 0-9, the space character, as well as 32 special characters (think !@#$%^&*() etc):<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAPFJ790cykckioO3KuxLrradPkRamMkBNweWXCakfLVW6pUyoLm7yzPNVL8v9DGUCSk2bR-wQE8DBuD5w6vHQOFl3J4XKYzvBOaaCLFSZuLlm-q9Ty-9UnKn5l1jFe2hnb3Yo_vk8QK4/s1600-h/chart_complex_logscale.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAPFJ790cykckioO3KuxLrradPkRamMkBNweWXCakfLVW6pUyoLm7yzPNVL8v9DGUCSk2bR-wQE8DBuD5w6vHQOFl3J4XKYzvBOaaCLFSZuLlm-q9Ty-9UnKn5l1jFe2hnb3Yo_vk8QK4/s400/chart_complex_logscale.png" /></a></div><br />
In this case the "not worth it" threshold is at 9 character passwords.<br />
<br />
So, looking at this data simultaneously, it's easy to make some recommendations about password length. Assuming we are dealing with an adversary who is unwilling to spend more than $1M USD to brute your password, where are the length versus complexity sweet spots?<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDoWwajOtKtvJgzK40nmLpRyqEtaUONxtq3AYpTfBYlI_xKxZL7SLVSCABEf-QrMkQ5GchWNtO7LTVVI0vFvpdj7u_mGj7tvS_PzY1IXUdRUcLWX1UiLzMb7z0RgTGgIXGdlgNbWyZ4oo/s1600-h/chart_recommended_pws.png" imageanchor="1" style="clear: left; display: inline !important; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDoWwajOtKtvJgzK40nmLpRyqEtaUONxtq3AYpTfBYlI_xKxZL7SLVSCABEf-QrMkQ5GchWNtO7LTVVI0vFvpdj7u_mGj7tvS_PzY1IXUdRUcLWX1UiLzMb7z0RgTGgIXGdlgNbWyZ4oo/s400/chart_recommended_pws.png" /></a><br />
<br />
Referring to the chart above, we decide that simple passwords (a-z) are OK, provided they are at least 12 characters long. Add numbers to your simple password, and again you're OK at 12 characters. Introduce uppercase and special characters into the mix and 10 character passwords are acceptable.<br />
<br />
Now let's consider a slightly different scenario. Let's look at an 8 character password of variable complexity. The complexity will start at 26 [a-z] and rise to 95 [a-zA-z0-9@#$ etc.].<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpVdTt6d9e5i9Se331I_eJviUQZ0w8Obe2lkd2Z6hO2ZJXzxNirCmHttvYloWEILsElIdH1t4qC21_fhoHqBI7nv0BfSoLzH9n1SawxBTDPQ00gCEXaNz04jSdYnk_OTYfhkq1ndaTv0k/s1600-h/chart_cost_crack_8charpw.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpVdTt6d9e5i9Se331I_eJviUQZ0w8Obe2lkd2Z6hO2ZJXzxNirCmHttvYloWEILsElIdH1t4qC21_fhoHqBI7nv0BfSoLzH9n1SawxBTDPQ00gCEXaNz04jSdYnk_OTYfhkq1ndaTv0k/s400/chart_cost_crack_8charpw.png" /></a></div>Here we see that the cost to crack the 8 character password increases steadily with complexity, and that even fiercely complex 8 character passwords are still fair game for our adversary with <$1M to spend on a brute force attack.<br />
<br />
Now let's look at fixing the complexity at a low value of just [a-z] and looking at the effect of increasing the length of the password on the cost to brute force.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgL2vdUNiTcHxorvUoJUf3WBJtQypRrSOsD0m4dTLXal-PWqxRx7sKtJSK2qF3hv-Iw_RKemPXqDJp6aUhIFioxz5IRRxJhT5d3Gdcrq5G8qIAA30lSCf_em-Cy5gZyvn6fC9zqYLWUx0/s1600-h/chart_cost_crack_simple_varlen_opticost.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgL2vdUNiTcHxorvUoJUf3WBJtQypRrSOsD0m4dTLXal-PWqxRx7sKtJSK2qF3hv-Iw_RKemPXqDJp6aUhIFioxz5IRRxJhT5d3Gdcrq5G8qIAA30lSCf_em-Cy5gZyvn6fC9zqYLWUx0/s400/chart_cost_crack_simple_varlen_opticost.png" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><br />
</div>Here we see that the cost to crack the simple password consisting of a variable number of just lowercase alpha characters jumps dramatically between 13 and 14 characters.<br />
<br />
Remember, dictionary attacks are different than brute force attacks. So if your 12 character simple password is composed of dictionary words, all bets are off. Finally, remember that while a determined attacker may not have $10M USD to spend on EC2 cycles to crack your 10 character super complex password, a simple <a href="http://www.coresecurity.com/content/client-side-exploits">client side exploit</a> may make that a moot point.DChttp://www.blogger.com/profile/04707388475829589192noreply@blogger.com60tag:blogger.com,1999:blog-6644490640411457335.post-85139576501666874902009-10-07T13:17:00.007-06:002011-11-21T21:09:25.373-07:00Q&A from Cloud Security Summit PresentationRob Randell from VMware and David Campbell from EA did a <a href="http://news.electricalchemy.net/2009/09/ea-presenting-with-vmware-at-brighttalk.html">presentation</a> at <a href="http://www.brighttalk.com/summit/cloudsecurity2">Brighttalk's Cloud Security Summit</a> on Wed 30 Sept.<br />
<br />
The session was fun, well attended, and received good ratings. However, our time management left something to be desired and we ran out of time before we could take audience questions. As promised, we'll answer them here.<br />
<blockquote>
<span style="font-size: x-small;"><span style="font-family: Arial;"><span style="font-size: 10pt;">Q: <i>How in a VM deployment model, do you manage binding the "right" VM image to a "known" hypervisor? In other words, how do you lock a VM image to a specific H/W server via the hypervisor so a VM image cannot be abducted and re-used outside an enterprise or hosting provider?</i></span></span></span></blockquote>
A: <span style="font-family: Arial; font-size: 13px;">Interesting question. We see two options here.</span><br />
<ol>
<li><span style="font-family: Arial; font-size: 13px;">You could 'sign' the VM, and configure the hypervisor to only boot a VM after first validating the signature. This helps you keep unauthorized VM's from running in your infrastructure, but would do little to stop an attacker with access to your VM from booting it on a hypervisor they control.</span></li>
<li><span style="font-family: Arial; font-size: 13px;">You could encrypt your VM to a public key presented by a hypervisor, cluster, etc. At boot time the hypervisor would use the private key to decrypt the VM just before boot. Either of these scenarios introduce key management issues. Also, at this time we are not aware of any commercial or open source solutions which incorporates any of these strategies out of the box.</span></li>
</ol>
<span style="font-family: Arial; font-size: small;"><span style="font-size: 13px;"><br />
</span></span><br />
<span style="font-family: Arial; font-size: 13px;">After demonstrating the SSL MITM attack on the vCenter admin, we received this question:</span><br />
<blockquote>
<span style="font-size: x-small;"><span style="font-family: Arial;"><span style="font-size: 10pt;"> Q: <i>It appears that multi-factor authentication would help with these issues. Can we implement multi-factor authentication to resolve using default certificates? Can we use "user-level" authentication to prevent these issues... going beyond PKI certs for the host but actually authenticating to the VMware Vcenter?</i></span></span></span></blockquote>
A: <span style="font-family: Arial; font-size: 13px;">In short, no. See <a href="http://www.schneier.com/essay-083.html">http://www.schneier.com/essay-083.html</a> for info about how multi factor authentication systems are still vulnerable to man in the middle attacks. For example: a Windows enterprise using <a href="http://technet.microsoft.com/en-us/library/dd277384.aspx#EFAA">smartcard based two factor authentication for domain logon</a>, and using Windows auth for vCenter login would *still* be vulnerable to man in the middle attacks for as long as the vSphere client continues to negotiate TLS (SSL) with an untrusted third party. Multi factor authentication is great, but in this case replacing the self signed certificates presented by vCenter by default is the proper mitigation to SSL MITM threats.</span><br />
<br />
<br />
After demonstrating the browser exploit leading to an attacker compromising an EC2 admin's EC2 ApiTools keypair, we received the following question:<br />
<blockquote>
<span style="font-size: x-small;"><span style="font-family: Arial;"><span style="font-size: 10pt;">Q: <i>If the manager accesses EC2 management using multi-factor authentication, is it not the case that this attack is mitigated?</i></span></span></span></blockquote>
A: <span style="font-family: Arial; font-size: 13px;">In our demonstration the attacker used a browser exploit to run arbitrary code on the victim's workstation. This code allowed the attacker to download credentials from the victim (an X.509 certificate and private key in .PEM format) which were used to nefariously administer the victim's EC2 infrastructure in the cloud using the <a href="http://developer.amazonwebservices.com/connect/entry.jspa?externalID=351">EC2 API Tools</a>.</span><br />
<span style="font-family: Arial; font-size: small;"><span style="font-size: 13px;"><br />
</span></span><br />
<span style="font-family: Arial; font-size: 13px;">Amazon recently began offering a <a href="http://aws.amazon.com/mfa/">multi factor authentication system</a> <span style="white-space: pre;"> based on a Gemalto Ezio token <span style="white-space: normal;">which is used to provide two factor auth for login to the EC2 management console (web interface). We doubt that this new 2FA service extends to the EC2 API Tools, which is what we exploited in the demo. However, this piqued our interest, and we will find out! <b>UPDATE: Our hunch was correct. AWS MFA provides two factor auth ONLY for the web management console, <a href="http://aws.amazon.com/mfa/faqs/#Does_AWS_MFA_affect_how_I_access_AWS_Service_APIs">not the API Tools</a>. </b></span></span></span><br />
<span style="font-family: Arial; font-size: small;"><span style="font-size: 13px;"><br />
</span></span><br />
<span style="font-family: Arial; font-size: 13px;">Another method for protecting the private key used with the EC2 API Tools is to encrypt the private key, using a command such as "openssl rsa -des -in pk.pem -out pk_encr.pem". It appears that the EC2 API Tools do *not* presently support encrypted private keys though, as instead of prompting for the passphrase when the key was needed, the API Tools bombed out.</span><br />
<span style="font-size: x-small;"><span style="font-family: Arial;"><span style="font-size: 10pt;"><br />
</span></span></span>DChttp://www.blogger.com/profile/04707388475829589192noreply@blogger.comtag:blogger.com,1999:blog-6644490640411457335.post-70133356783507691252009-09-21T14:10:00.007-06:002011-11-21T21:10:11.292-07:00EA presenting with VMware at Cloud Security SummitWe are pleased to announce that EA Principal Consultant David Campbell will be presenting with security expert Rob Randell from VMware at Brighttalk's <a href="http://www.brighttalk.com/summit/cloudsecurity2">Cloud Security Summit</a> on 30 Sept 09.<br />
<br />
The talk is titled "<a href="http://www.brighttalk.com/webcasts/6283/attend">Securing Virtual Infrastructure</a>", and though we may use VMware for certain examples, the principles we discuss will apply to most hypervisors. We will be discussing, and demonstrating (to the extent that Brighttalk's webex platform will allow) a couple of practical attacks against virtualization management infrastructure that may be eye opening.<br />
<br />
The webex goes live at 4pm PDT, 7pm EDT on 30 Sept 09. The link to the registration page is <a href="http://www.brighttalk.com/webcasts/6283/attend">here</a>. If you aren't able to attend the live session the event will be archived and available for streaming afterwards also.<br />
<br />
<span style="font-size: small;">Note that we have received feedback from folks who attended our last Brighttalk preso that the registration process was a bit over the top and required a lot of personal info for a "security session". We encourage anyone who wants to attend the session but is put off by the level of personal information requested by the registration form to just put placeholder data in any fields they deem too invasive.</span><br />
<span style="color: blue; font-family: Arial; font-size: small;"><span style="font-size: 13px;"><span style="color: black; font-family: 'Times New Roman';"><span style="font-size: medium;"><br />
</span></span></span></span>DChttp://www.blogger.com/profile/04707388475829589192noreply@blogger.com