Podcast: Crypto-Gram 15 Augustus 2008: Computers are also the only mass-market consumer item where the vendors accept no liability for faults.
from the Aug 15, 2008 Crypto-Gram Newsletter
by Bruce Schneier
* Memo to the Next President
With security the devil is always in the details
I have three pieces of policy advice for the next president:
1) use your immense buying power to improve the security of commercial products and services.
2) legislate results and not methodologies.
bad law is worse than no law. A law requiring companies to secure personal data is good; a law specifying what technologies they should use to do so is not. Mandating software liabilities for software failures is good, detailing how is not.
3) broadly invest in research.
* Hacking Mifare Transport Cards
NXP Semiconductors, the Philips spin-off that makes the system, lost a court battle to prevent the researchers from publishing.
The security of Mifare Classic is terrible. This is not an exaggeration; it's kindergarten cryptography. Anyone with any security experience would be embarrassed to put his name to the design. NXP attempted to deal with this embarrassment by keeping the design secret.
The Dutch court decide in favor of the group that broke Mifare Classic : "Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings."
Publication of this attack might be expensive for NXP and its customers, but it's good for security overall. Companies will only design security as good as their customers know to ask for. NXP's security was so bad because customers didn't know how to evaluate security: either they don't know what questions to ask, or didn't know enough to distrust the marketing answers they were given. This court ruling encourages companies to build security properly rather than relying on shoddy design and secrecy, and discourages them from promising security based on their ability to threaten researchers.
* Information Security and Liabilities
A recent study of Internet browsers worldwide discovered that over half -- 52% -- of Internet Explorer users weren't using the current version of the software. For other browsers the numbers were better, but not much: 17% of Firefox users, 35% of Safari users, and 44% of Opera users were using an old version.
It's the system that's broken. There's no other industry where shoddy products are sold to a public that expects regular problems, and where consumers are the ones who have to learn how to fix them.
It is possible to write quality software. It is possible to sell software products that work properly, and don't need to be constantly patched. The problem is that it's expensive and time consuming. Software vendors won't do it, of course, because the marketplace won't reward it.
The key to fixing this is software liabilities. Computers are also the only mass-market consumer item where the vendors accept no liability for faults.
* Software Liabilities and Free Software
The key to understanding this is that this sort of contractual liability is part of a contract, and with free software -- or free anything -- there's no contract.
* TrueCrypt's Deniable File System
Together with Tadayoshi Kohno, Steve Gribble, and three of their students at the University of Washington, I have a new paper that breaks the deniable encryption feature of TrueCrypt version 5.1a. Basically, modern operating systems leak information like mad, making deniability a very difficult requirement to satisfy.
* The DNS Vulnerability
Kaminsky discovered a particularly nasty variant of this cache-poisoning attack.
I'm kind of amazed the details remained secret for this long; undoubtedly it had leaked into the underground community before the public leak two days ago. So now everyone who back-burnered the problem is rushing to patch, while the hacker community is racing to produce working exploits.
The real lesson is that the patch treadmill doesn't work, and it hasn't for years.
Years ago, cryptographer Daniel J. Bernstein looked at DNS security and decided that Source Port Randomization was a smart design choice. That's exactly the work-around being rolled out now following Kaminsky's discovery. Bernstein didn't discover Kaminsky's attack; instead, he saw a general class of attacks and realized that this enhancement could protect against them. Consequently, the DNS program he wrote in 2000, djbdns, doesn't need to be patched; it's already immune to Kaminsky's attack.
It's not just secure against known attacks; it's also secure against unknown attacks.
length: 27:17m
PS: this is my cheat sheet of Bruce Schneier's Podcast:
http://www.schneier.com/crypto-gram-0808.html
by Bruce Schneier
* Memo to the Next President
With security the devil is always in the details
I have three pieces of policy advice for the next president:
1) use your immense buying power to improve the security of commercial products and services.
2) legislate results and not methodologies.
bad law is worse than no law. A law requiring companies to secure personal data is good; a law specifying what technologies they should use to do so is not. Mandating software liabilities for software failures is good, detailing how is not.
3) broadly invest in research.
* Hacking Mifare Transport Cards
NXP Semiconductors, the Philips spin-off that makes the system, lost a court battle to prevent the researchers from publishing.
The security of Mifare Classic is terrible. This is not an exaggeration; it's kindergarten cryptography. Anyone with any security experience would be embarrassed to put his name to the design. NXP attempted to deal with this embarrassment by keeping the design secret.
The Dutch court decide in favor of the group that broke Mifare Classic : "Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings."
Publication of this attack might be expensive for NXP and its customers, but it's good for security overall. Companies will only design security as good as their customers know to ask for. NXP's security was so bad because customers didn't know how to evaluate security: either they don't know what questions to ask, or didn't know enough to distrust the marketing answers they were given. This court ruling encourages companies to build security properly rather than relying on shoddy design and secrecy, and discourages them from promising security based on their ability to threaten researchers.
* Information Security and Liabilities
A recent study of Internet browsers worldwide discovered that over half -- 52% -- of Internet Explorer users weren't using the current version of the software. For other browsers the numbers were better, but not much: 17% of Firefox users, 35% of Safari users, and 44% of Opera users were using an old version.
It's the system that's broken. There's no other industry where shoddy products are sold to a public that expects regular problems, and where consumers are the ones who have to learn how to fix them.
It is possible to write quality software. It is possible to sell software products that work properly, and don't need to be constantly patched. The problem is that it's expensive and time consuming. Software vendors won't do it, of course, because the marketplace won't reward it.
The key to fixing this is software liabilities. Computers are also the only mass-market consumer item where the vendors accept no liability for faults.
* Software Liabilities and Free Software
The key to understanding this is that this sort of contractual liability is part of a contract, and with free software -- or free anything -- there's no contract.
* TrueCrypt's Deniable File System
Together with Tadayoshi Kohno, Steve Gribble, and three of their students at the University of Washington, I have a new paper that breaks the deniable encryption feature of TrueCrypt version 5.1a. Basically, modern operating systems leak information like mad, making deniability a very difficult requirement to satisfy.
* The DNS Vulnerability
Kaminsky discovered a particularly nasty variant of this cache-poisoning attack.
I'm kind of amazed the details remained secret for this long; undoubtedly it had leaked into the underground community before the public leak two days ago. So now everyone who back-burnered the problem is rushing to patch, while the hacker community is racing to produce working exploits.
The real lesson is that the patch treadmill doesn't work, and it hasn't for years.
Years ago, cryptographer Daniel J. Bernstein looked at DNS security and decided that Source Port Randomization was a smart design choice. That's exactly the work-around being rolled out now following Kaminsky's discovery. Bernstein didn't discover Kaminsky's attack; instead, he saw a general class of attacks and realized that this enhancement could protect against them. Consequently, the DNS program he wrote in 2000, djbdns, doesn't need to be patched; it's already immune to Kaminsky's attack.
It's not just secure against known attacks; it's also secure against unknown attacks.
length: 27:17m
PS: this is my cheat sheet of Bruce Schneier's Podcast:
http://www.schneier.com/crypto-gram-0808.html
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home