Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

June 02 2015

murbul

I was in the middle of writing a breakdown of what went wrong, but you've beat me to it.

Basically, they have a LinuxSecureRandom class that's supposed to override the standard SecureRandom. This class reads from /dev/urandom and should provide cryptographically secure random values.

They also seed the generator using SecureRandom#setSeed with data pulled from random.org. With their custom SecureRandom, this is safe because it mixes the entropy using XOR, so even if the random.org data is dodgy it won't reduce security. It's just an added bonus.

BUT! On some devices under some circumstances, the LinuxSecureRandom class doesn't get registered. This is likely because /dev/urandom doesn't exist or can't be accessed for some reason. Instead of screaming bloody murder like any sensible implementation would, they just ignore that and fall back to using the standard SecureRandom.

If the above happens, there's a problem because the default implementation of SecureRandom#setSeed doesn't mix. If you set the seed, it replaces the entropy entirely. So now the entropy is coming solely from random.org.

And the final mistake: They were using HTTP instead of HTTPS to make the webservice call to random.org. On Jan 4, random.org started enforcing HTTPS and returning a 301 Permanently Moved error for HTTP - see https://www.random.org/news/. So since that date, the entropy has actually been the error message (turned into bytes) instead of the expected 256-bit number. Using that seed, SecureRandom will generate the private key for address 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F 100% of the time. Ouch. This is around the time that address first appears, so the timeline matches.

I haven't had a thorough look at what they've replaced it with in the latest version, but initial impressions are that it's not ideal. Not disastrous, but not good.

July 28 2012

Reposted fromStoffan Stoffan viajv6 jv6

October 11 2011

More Info on German State Backdoor: Case R2D2

Last weekend, the German based Chaos Computer Club (CCC) published details on a backdoor trojan they claimed was being used by German authorities, in violation of German law.

And now, several German states have admitted to using Backdoor:W32/R2D2.A, though they say the backdoor falls within what's allowed.

In one case, the trojan was installed on a suspect's laptop while he was passing customs & immigration at the Munich International airport.

Here's some additional details about the backdoor itself.

The CCC's report included analysis of the backdoor's DLL and a kernel driver. The CCC apparently did not have access to the installer. (Which would have been locally installed on the suspect's computer.)

We do have the installer.

Here's a screenshot from our malware containment system:

scuinst.exe

The installer file is called "scuinst.exe". It was first seen on December 9th, 2010.

What's the importance of the filename scuinst.exe? It's an abbreviation for Skype Capture Unit Installer. Skype Capture Unit is the name of the commercial trojan developed by a company called Digitask from the city of Haiger in Bavaria, Germany. For more information on the background of Digitask and Skype Capture Unit, see these documents leaked by Wikileaks.

Our system automation didn't like scuinst.exe and automatically set it to be blocked on customer computers. The "heuristic" category indicates that our automation flagged the file based on rules that our analysts have created.

Have any F-Secure customers been exposed to R2D2?

No. Our statistics show no customer encounters with this backdoor (in-the-wild, before CCC's announcement).

How did F-Secure get a copy of the installer then?

We (and numerous other antivirus vendors) received the file from virustotal.com.

In fact, the installer had been submitted to Virustotal multiple times:

scuinst.exe

So lots of antivirus vendors have the installer?

Yes. VirusTotal is a service that analyzes suspicious files with multiple antivirus engines and provides a list of detection names. VirusTotal is a cooperative effort and it shares samples with everyone that participates.

If there's no detection, does that mean there's no protection?

No. Many antivirus products (such as F-Secure Internet Security) have additional layers of protection beyond traditional signature detections. Just because a threat doesn't have a signature "detection" doesn't mean that it won't be "blocked" by another layer of defense.

In this case, R2D2's installer would have been blocked by our "cloud" layer even before traditional signature database detections had been published.

So if VirusTotal shares with everybody, wouldn't somebody trying to keep a backdoor secret be stupid to upload it there?

Yes. That's why professional malware authors use black market multi-scanners.

Then why would R2D2's authors give it away?

Perhaps that was the only way they knew of to "test" their backdoor's installer.

Or perhaps they didn't care that they'd be decreasing the lifespan and effectiveness of their backdoor.

Or perhaps it just demonstrates the German government's (and the company hired to write backdoor) lack of understanding as to what the antivirus industry does, and how we frequently work together to protect our customers.

We're all in this together.

Tags: #0zapftis

July 25 2011

July 21 2011

1937 5ced 500
For when there is so much fail... you need that extra bit of outside help...
Reposted fromb30bachter b30bachter

March 09 2011

January 30 2011

1692 56a5
Reposted fromPhobophil Phobophil viadatenwolf datenwolf

December 18 2010

facepalm
Reposted fromgeo404 geo404

December 17 2010

3374 2439 500
Not as good of a shape for a price tag as you might think ...
Reposted fromsigkate sigkate viamondkroete mondkroete

December 15 2010

Play fullscreen
Bill Kaulitz will Internet abschalten
Reposted fromMeinSueppchen MeinSueppchen

December 14 2010

6565 e6e5
Reposted fromsellerie sellerie vianeuernick neuernick
Play fullscreen
YouTube - Sternstunden BR - Seehofer soll eine Zahl vorlesen
Reposted fromclifford clifford viablaueslicht blaueslicht
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl