美國年輕人的理想職業

紐約時報報導 National Society of High School Scholars 問了一萬八千名美國年輕人 (15~29 歲) 理想的職業,也不少出乎意料的結果跑出來:「The New Dream Jobs」。

常見的網路公司在上面,但讓紐約時報感到意外的,FBICIANSA 也在上面:

When the National Society of High School Scholars asked 18,000 Americans, ages 15 to 29, to rank their ideal future employers, the results were curious. To nobody’s surprise, Google, Apple and Facebook appeared high on the list, but so did the Central Intelligence Agency, the Federal Bureau of Investigation and the National Security Agency.

不過應該是不意外?在教育體系被灌輸愛國主義不就很容易就有這樣的結果?

在攻擊時總是挑最弱的一環:NSA 對 DH 的攻擊

在「How is NSA breaking so much crypto?」這邊提到了 2012 年有文章說明 NSA 有能力解開部份的加密通訊,而後來 Snowden 所提供的資料也證實了這點:

In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a “computing breakthrough” that gave them “the ability to crack current public encryption.” The Snowden documents also hint at some extraordinary capabilities: they show that NSA has built extensive infrastructure to intercept and decrypt VPN traffic and suggest that the agency can decrypt at least some HTTPS and SSH connections on demand.

但在這之前一直都不清楚是怎麼解出來的,直到最近才猜測應該是 Diffie-Hellman 的強度以及實作問題:「Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice」。

而成果其實非常驚人,由於強度不夠以及實作問題,有相當可觀的數量是可被攻擊的:

We go on to consider Diffie-Hellman with 768- and 1024-bit groups. We estimate that even in the 1024-bit case, the computations are plausible given nation-state resources. A small number of fixed or standardized groups are used by millions of servers; performing precomputation for a single 1024-bit group would allow passive eavesdropping on 18% of popular HTTPS sites, and a second group would allow decryption of traffic to 66% of IPsec VPNs and 26% of SSH servers. A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break. We conclude that moving to stronger key exchange methods should be a priority for the Internet community.

作者群給的建議有三個方向,一個是把長度加長到 2048 bits,另外一個是改用 ECDH,而最差的情況 (如果還是需要使用 1024 bits DH) 則是避免使用固定的 prime number。

Cisco 會將硬體寄送到貨運商,以提高 NSA 攔截安裝後門的難度

在「To Avoid NSA Interception, Cisco Will Ship To Decoy Addresses」這篇看到的報導,出自「Cisco posts kit to empty houses to dodge NSA chop shops」這篇。

去年 Snowden 揭露的資料顯示 NSA 會攔截 Cisco 的硬體,並且在上面安裝後門再打包寄出:「Greenwald alleges NSA tampers with routers to plant backdoors」:

"The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers."

The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users.

不過 Cisco 的反應好慢,去年五月就有的消息,現在才提出改善方案。

改善的方法是寄送到集散地,再請人去拿。讓 NSA 之類的單位想要攔截的成本提高。

Gemalto 被 NSA 與 GCHQ 滲透的問題...

前幾天 Snowden 發佈出來的消息,全世界最大的 SIM 卡製造商 GemaltoNSAGCHQ 滲透進去,取得所有的 SIM key:「NSA/GCHQ Hacks SIM Card Database and Steals Billions of Keys」、「Gemalto Hack May Have Far-Reaching Effects」。

The attack, reported by The Intercept, is breathtaking in its scope and audacity. Attackers allegedly associated with the NSA and GCHQ, the British spy agency, were able to compromise a number of machines on the network of Gemalto, a global manufacturer of mobile SIM cards.

不過,只要牽扯上 NSA 與 GCHQ 這對搭檔,事情直接往最糟糕的方面去想就好了。可以假設他們家所有的產品線都失守,包括 AWS 所使用的硬體 2FA:「Multi-Factor Authentication」。

這讓我頭好痛...

安全的 SSH (Secure Secure Shell)

Twitter 上看到「Secure Secure Shell」這篇文章,介紹要如何加強 OpenSSH

文章裡分成四個部份討論,從 Key exchange 開始,Authentication、Symmetric ciphers 以及 Message authentication codes。

先把已知有問題的技術都先拿掉 (像是 MD5RC4DES),然後有被 NSA 影響到的技術,而且有不錯的替代方案的也拿掉。

另外還介紹了 Tor hidden service 下的保護。

感覺有點偏激的文件,可以拿來參考...

djb 的密碼學陰謀論

Daniel J. Bernstein (djb) 在巴西 H2HC 11 的的演講投影片:「Making sure crypto stays insecure」(PDF)。

對政府單位來說,並不樂見有安全的密碼系統。因為安全的密碼系統對於政府監控人民是個麻煩。

如果十年前拿出來講,可能大多數人會覺得投影片裡面的內容太過於「被害妄想」,但經過 Edward Snowden 的努力後,被證實政府完全站在人民的反面。

在演算法裡面藏後門 (經典的 Dual_EC_DRBG);干擾標準的制定,讓實做變得複雜,於是就會變得難以正確實做;在標準裡面故意低估安全威脅 (尤其是 timing attack 類);放出過時消息宣稱加密的成本很高 (指時間成本)。

這種種事情的透漏,甚至讓小說作者 cancel 掉小說的續集 (第三集),因為他發現他要寫的故事內容 NSA 都已經做過了:「Sci-fi Author Charles Stross Cancels Trilogy: the NSA Is Already Doing It」。

很精彩的投影片,對資安有興趣的人都應該看一看。

NSA 從兩年前就知道 OpenSSL 的 Heartbleed bug...

依據 Bloomberg 的報導,NSA 兩年前就知道 OpenSSLHeartbleed bug 了:「NSA Said to Exploit Heartbleed Bug for Intelligence for Years」。

翻了 GitHub 上的 mirror 記錄,可以發現是在 2012/01/01 commit 進去的:「commit 4817504d069b4c5082161b02a22116ad75f822b1」,幾乎是一開始就知道了?

苦啊...

NSA 付錢給 RSA 放後門的事件...

Edward Snowden 再次丟出 NSA 內部文件,表示 NSA 付錢給 RSA 在演算法裡面放後門:「Exclusive: Secret contract tied NSA and security industry pioneer」。

RSA 的回應則是完全不想提到這筆錢是做什麼用的:「RSA Response to Media Claims Regarding NSA Relationship」。

現在一般在猜測,這個後門應該就是 RSA BSAFE 的預設偽隨機數產生器 Dual_EC_DRBG

對於 Dual_EC_DRBG 的攻擊,2006 年的「Cryptanalysis of the Dual Elliptic Curve Pseudorandom Generator」就這樣寫:

Our experimental results and also empirical argument show that the DEC PRG is insecure. The attack does not imply solving the ECDLP for the corresponding elliptic curve. The attack is very efficient.

在 2007 年,Bruce Schneier 寫了一篇「Did NSA Put a Secret Backdoor in New Encryption Standard?」,提到這個弱點並沒有大到使得這個演算法不堪用,但看了總是不爽:

Problems with Dual_EC_DRBG were first described in early 2006. The math is complicated, but the general point is that the random numbers it produces have a small bias. The problem isn't large enough to make the algorithm unusable -- and Appendix E of the NIST standard describes an optional work-around to avoid the issue -- but it's cause for concern. Cryptographers are a conservative bunch: We don't like to use algorithms that have even a whiff of a problem.

並且建議不要用 Dual_EC_DRBG:

My recommendation, if you're in need of a random-number generator, is not to use Dual_EC_DRBG under any circumstances. If you have to use something in SP 800-90, use CTR_DRBG or Hash_DRBG.

現在回頭看這件事情... hmmm...

NSA 每天從全世界的基地台蒐集行動電話資料,所以全民公敵裡演的都是真的嘛...

雖然也不怎麼意外了,不過看到還是想要碎碎唸一下...

NSA 每天從「全世界的」基地台蒐集五十億筆資料:「NSA Tracking Cellphone Locations Worldwide」。

全世界啊... 感覺 Hadoop 之類的 big data 技術論壇找 NSA 很有看頭啊 @_@

Update:有人給了模擬案例了「Meet Jack. Or, What The Government Could Do With All That Location Data」:

英國衛報對 Snowden 爆料 NSA 的特刊...

衛報 (The Guardian) 對 Snowden 爆料的事情開了一個特刊:「NSA files decoded: Edward Snowden's surveillance revelations explained」。

首先,Snowden 爆料 NSA 這件事情的熱潮一直在延續 (一直都很精彩),而且衛報本來就是在這整件事情裡面佔有很重要的角色,由衛報做這個特刊並不意外。

但衛報這個頁面利用 HTML5 video 與大量 CSS3 效果,向全世界展示了「網站上的特刊可以這樣做!」,強烈建議有在關注這個主題的企劃,以及視覺設計的人花時間去看看整體的呈現。

以往類似的東西要嘛就是主題不夠精彩,要嘛就是呈現不夠精彩。這次因為 Snowden 的爆料已經持續幾個月了,衛報自然願意花大量的資源專訪 (於是可以看到不少 video 短片) 以及整理。在手上素材夠多,以及一流的呈現方式,造就了這個精彩的特刊。