Cisco 會將硬體寄送到貨運商,以提高 NSA 攔截安裝後門的難度

在「To Avoid NSA Interception, Cisco Will Ship To Decoy Addresses」這篇看到的報導,出自「Cisco posts kit to empty houses to dodge NSA chop shops」這篇。

去年 Snowden 揭露的資料顯示 NSA 會攔截 Cisco 的硬體,並且在上面安裝後門再打包寄出:「Greenwald alleges NSA tampers with routers to plant backdoors」:

"The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers."

The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users.

不過 Cisco 的反應好慢,去年五月就有的消息,現在才提出改善方案。

改善的方法是寄送到集散地,再請人去拿。讓 NSA 之類的單位想要攔截的成本提高。

NSA 付錢給 RSA 放後門的事件...

Edward Snowden 再次丟出 NSA 內部文件,表示 NSA 付錢給 RSA 在演算法裡面放後門:「Exclusive: Secret contract tied NSA and security industry pioneer」。

RSA 的回應則是完全不想提到這筆錢是做什麼用的:「RSA Response to Media Claims Regarding NSA Relationship」。

現在一般在猜測,這個後門應該就是 RSA BSAFE 的預設偽隨機數產生器 Dual_EC_DRBG

對於 Dual_EC_DRBG 的攻擊,2006 年的「Cryptanalysis of the Dual Elliptic Curve Pseudorandom Generator」就這樣寫:

Our experimental results and also empirical argument show that the DEC PRG is insecure. The attack does not imply solving the ECDLP for the corresponding elliptic curve. The attack is very efficient.

在 2007 年,Bruce Schneier 寫了一篇「Did NSA Put a Secret Backdoor in New Encryption Standard?」,提到這個弱點並沒有大到使得這個演算法不堪用,但看了總是不爽:

Problems with Dual_EC_DRBG were first described in early 2006. The math is complicated, but the general point is that the random numbers it produces have a small bias. The problem isn't large enough to make the algorithm unusable -- and Appendix E of the NIST standard describes an optional work-around to avoid the issue -- but it's cause for concern. Cryptographers are a conservative bunch: We don't like to use algorithms that have even a whiff of a problem.

並且建議不要用 Dual_EC_DRBG:

My recommendation, if you're in need of a random-number generator, is not to use Dual_EC_DRBG under any circumstances. If you have to use something in SP 800-90, use CTR_DRBG or Hash_DRBG.

現在回頭看這件事情... hmmm...

WordPress plugins 安全性問題

TechCrunch 上看到 WordPress.org 強制所有 WordPress.org 的使用者更新密碼 (不是 WordPress.com):「WordPress.org Forces Password Resets Due To Compromised Plugins」。

起因是 AddThisWPtouch 以及 W3 Total Cache 這三個 plugin 有異常 commit 塞入 backdoor code。(瞬間就中兩槍)

這幾天有更新 plugin 的人最好趕快看一下... 慘啊 :/