LSAs 與 application password 不同...

前天在「使用 application password 的 Google 服務將在 2024/09/30 停止支援」這邊寫完後,yan12125 在文章留言的地方提到:

看起來這次只有停止支援 Less Secure Apps, application password 還是可以用的。公告中提到:

> If the app you are using does not support OAuth, you will need to switch to an app that offers OAuth or create an app password to access these apps.

回頭去翻了一下 LSA 是什麼 (出自「Limiting access to less secure apps to protect G Suite accounts」這篇):

A less secure app (LSA) is an app that connects to Google accounts using only username and password verification for access and not OAuth. Generally, you should only allow your users to use external apps that connect to Google accounts via OAuth, as LSAs make user accounts more vulnerable to hijacking.

看起來這邊指的是用原始的 Google 帳號與密碼登入,我一直以為這個方式早就被拔掉了,所以這次的公告以為是拔掉 application password,但看起來不是這樣。

Ruffle 對 crossdomain.xml 的處理方式

ruffle 是一個 open source 的 Flash 模擬器,用 JavaScript (以及 WebAssembly) 讓使用者可以在瀏覽器裡面直接執行。

不過想到 Flash 的 crossdomain.xml 在技術上應該是沒辦法繞過瀏覽器對 CORS 的限制,所以找了一下目前的情況... 在「Ideas for getting arounds CORS restrictions #8972」這邊有提到兩個方法,另外 comment 提到了「Add setting to spoof URLs in network requests #1486」這個。

看起來這個問題還在「有點子,但沒解決」的情況。

不過找了一下當年有玩的小遊戲 Zookeeper,在「Zookeeper - Flash Games Archive | FlashArch」這邊可以玩,看起來功能都還算正常,讓人懷念啊...

在機房裡面看到奇怪的 Raspberry Pi?

看到「The curious case of the Raspberry Pi in the network closet (2019) (blog.haschek.at)」這篇消息,這篇是 2019 當時的新聞,我當時就有看到,不過好像沒寫下來... 原文在「The curious case of the Raspberry Pi in the network closet」,基本上是個在機房裡面發現奇怪的設備,然後追查兇手的故事。

先整理一下事情,作者的父親 (看起來與作者都是這個行業的人) 在機房裡面發現一個奇怪的 Raspberry Pi 設備:

跟能夠進入機房的人確認後發現這不是他們帶進來的設備。另外他就請他爸把 SD card 裡面的東西倒出來再傳給他分析 (因為作者當時在遠端):

I asked him to unplug it, store it in a safe location, take photos of all parts and to make an image from the SD card (since I mostly work remote).

後面就是抓出這個設備是誰擁有的過程了,最後找到人交給 legal 處理。(這樣講好像太簡單了,但有興趣的人可以回去看作者的說明)

另外當年作者就有提到這個單位的 IT team 不大 (只有四個人),加上 BYOD 的政策,導入 802.1X 反而會帶來太多人力成本:

Good points. The problem is, there are over 1000 people coming and going every day, the site has a BYOD strategy and the IT team is 4 people. We tried implementing 802.1X for LAN devices but it was soo much overhead that we dropped that.

The thing of this case is that the person was only able to place the Pi there because he had a key to the network closet. That's game over no matter how many security protocols you implement

We did change the server passwords though

結果六年以後在 Hacker News 上被提起來,作者又來補充了一些事情,在 id=38923967 這邊提到這個點是一間學校,而他們是 contractor 的角色,所以有很多事情沒辦法直接推動:

OP here. What I didn't mention in the article is that this actually happened in a public School (small-ish for US standards as there are just ~1000 students and 100 teachers)

Hard to get the budget for serious switching hardware, even harder to get people who know how to manage them as I'm just an external contractor but can't exceed the alotted budget for my work there

另外在 id=38923991 這邊則是提到是歐洲,另外似乎是私下解決了,沒有上到法院:

OP here. Court records are thankfully not public in europe and it's even illegal to name names in public (unless it's about a public figure)

As far as I know there also were no court proceedings as this was handled internally

算是稍微補充了當年的一些難處...

Firefox 與 Chrome 處理 Intermediate CA 的不同方式

Fediverse 上看到「The recording of my "Browsers biggest TLS Mistake" lightning talk at #37C3」這個,這是出自 37C3 的 lightning talk,影片不長,只有五分鐘,可以在「Browsers biggest TLS mistake」這邊看到。

正常的 HTTPS server 會送出 Intermediate CA certificate 與自己的 TLS certificate:

當伺服器端沒有設定好,通常是只送出自己的 TLS certificate:

這種情況在 Firefox 裡有處理,軟體本身會預載所有的 Intermediate CA 避免這種問題 (當然會需要跟著軟體更新),這點在三年前有提到過:「Firefox 試著透過預載 Intermediate CA 降低連線錯誤發生的機率?」,也就是這張投影片提到的情況:

Chrome 則是去看目前的 cache 資料,找看看是不是在其他地方有看到適合的 Intermediate CA 可以接起來:

這好像可以解釋為什麼之前遇到類似的問題的時候,在 Chrome 上面會需要進 chrome:// 裡面清東西才能重製...

CloudFront 支援 4096-bit RSA 的 SSL/TLS certificate 了

CloudFront 總算支援 4096-bit 的 RSA SSL/TLS certificate 了:「Amazon CloudFront now supports 4096-bit RSA TLS certificates」。

翻了一下 AWS ACM,看起來是 2020 年以前就支援 4096-bit RSA SSL/TLS certificate 了,CloudFront 晚蠻多的...

另外查了一下目前的強度,NSA 給出 2048-bit RSA 對到 112-bit strength,而 3072-bit RSA 對到 128-bit strength;至於 4096-bit RSA,目前是估算大約在 140-bit strength,有點微妙的數字。

看起來主要應該是給 compliance 需求使用的,有些舊的 library 未必支援 ECC 類的演算法,還是得透過拉高 RSA key size 來增加安全性。

SMTP Smuggling 的安全漏洞 (LF 的問題),以及 Postfix 被無視的問題

Hacker News 上看到「SMTP Smuggling – Spoofing Email Worldwide (sec-consult.com)」這個攻擊,原文在「SMTP Smuggling - Spoofing E-Mails Worldwide」。

開頭的圖片把大方向解釋出來了,這是利用不同的 SMTP server 實作上對怎麼結束 DATA 的處理方式不同,這個問題會出現在兩組 SMTP server 丟信件時:

更細節的說,是遇到對於非 \r\n.\r\n (非 CRLF) 的處理方式不同時,就會產生出可以攻擊的空間:

這樣的攻擊因為可以偽造所有的 header,加上內部 SMTP server 在 IP 層看不到實際的 IP,就可以讓攻擊者完全繞過 SPF 檢查的部分。

從 SMTP 規格說起,在 SMTP 規格上都是用 \r\n (CRLF) 當作換行,這點從 1982 年 (41 年前) 已經 obsoleted 的 RFC 821 可以看到裡面全部都是使用 \r\n 當作換行。

後來更新的 RFC 2821 (2001,也已經 obsoleted) 與 RFC 5321 (2008,目前的標準) 則是除了描述 \r\n.\r\n 外,有提到禁止把 \n.\n 當作 DATA 的結尾辨識:

In particular, the sequence "<LF>.<LF>" (bare line feeds, without carriage returns) MUST NOT be treated as equivalent to <CRLF>.<CRLF> as the end of mail data indication.

但除了被禁止的 \n.\n 外,這次的攻擊用了其他的排列組合嘗試。

在 GMX、Ionos 以及 Microsoft Exchange Online 的 SMTP server 上發現都吃 \n.\r\n

However, as already mentioned, SMTP smuggling doesn't work for every receiving inbound SMTP server and, in this case, requires inbound SMTP servers to accept <LF>.<CR><LF> as end-of-data sequence.

Same as GMX and Ionos, Exchange Online allowed smuggling via a <LF>.<CR><LF> end-of-data sequence as well, which makes it possible to smuggle from every domain pointing their SPF record to Exchange Online.

而 Cisco Secure Email (Cloud) Gateway 支援 \r.\r

By default, Cisco Secure Email (Cloud) Gateway accepts . as end-of-data sequence, which does not get filtered by the following SMTP servers when sending outbound:

另外看了一下 Postfix 這邊的情況,可以看到「SMTP Smuggling」這份資料,裡面可以看到 Postfix 因為預設支援 \n.\r\n 也受到影響:

One different email service B that does support broken line endings in SMTP such as in <LF>.<CR><LF>.

Postfix is an example of email service B.

然後可以看到作者 Wietse Venema 直接在業面上公開點名 SEC Consult (這次安全漏洞的發現者) 沒有先聯絡的問題:

Unfortunately, criticial information provided by the researcher was not passed on to Postfix maintainers before publication of the attack, otherwise we would certainly have convinced SEC Consult to change their time schedule until after people had a chance to update their Postfix systems.

在 Postfix 的 e-mail 公告「[pfx-ann] SMTP Smuggling, workarounds and fix」裡面講的更硬 (non-responsible disclosure process):

As part of a non-responsible disclosure process, SEC Consult has published an email spoofing attack that involves a composition of email services with specific differences in the way they handle line endings other than <CR><LF>.

從最早的 snapshot (20231218105045 這份) 可以確認他們有發現 Postfix 的問題,但 timeline 上沒有接觸 Postfix 的團隊。

後續的更新把溝通問題推給了 CERTVINCE platform

As documented in the timeline of the blog post, the vulnerabilities were initially identified in June 2023 and after further internal research we contacted the specific, affected vendors (Microsoft, Cisco, GMX/Ionos). GMX and Microsoft fixed the issues promptly. But after receiving some feedback from Cisco, that our identified vulnerability is just a feature of the software and not a bug/vulnerability, we contacted CERT/CC on 17th August to get some help for further discussion with Cisco and involve other potentially affected vendors (such as sendmail) through the VINCE communication platform.

現在 community 這邊則是在醞釀提議取消他們在 37c3 上面的 talk:「https://gay-pirate-assassins.de/@moanos/statuses/01HJ8D8XQ7ZJ89HN4TZFZZ9AS8」。

FreeBSD 14.0 釋出

FreeBSD 14.0-RELEASE 的公告也出來了:「FreeBSD 14.0-RELEASE Announcement」,比較完整的 release notes 在「FreeBSD 14.0-RELEASE Release Notes」。

先從官方列的 highlight 來看,首先比較重要的是 GENERIC kernel 支援 1024 cores:

FreeBSD supports up to 1024 cores on the amd64 and arm64 platforms.

看了一下 commit log 是從 256 變成 1024

先就 x86-64 這邊來看,目前「家用」最多的應該是 AMD7995WX (96 cores),舊版的 256 限制應該也還能撐住,但看 commit log 有提到,主要是預期這幾年應該會有更暴力的機器出現。

另外一塊是伺服器端,Intel 這邊有 8 sockets 的版本 (參考「Intel Xeon Sapphire Rapids to Scale to 4 and 8 Sockets」),如果都是接 8490H 的話就是 480 cores 了。

ARM 的話好像也可以堆,但不熟...

另外一個提到的重點是 TCP 預設的 congestion control 改成 CUBIC

The default congestion control mechanism for TCP is now CUBIC.

翻 commit log 可以看到是從 NewReno 換成 CUBIC 的,這樣就跟 Linux kernel 預設值一樣了。

再來比較重要的是在 release notes 裡面提到的,FreeBSD 15.0 將會拔光 32-bit 環境的支援,只留 armv7,這代表 Raspberry Pi 第一代的 armv6 也被淘汰掉了:

FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7. The armv6, i386, and powerpc platforms are deprecated and will be removed. 64-bit systems will still be able to run older 32-bit binaries.

然後有些我自己翻覺得還蠻有趣的。

首先是看到 non-root 的 chroot

The chroot facility supports unprivileged operation, and the chroot(8) program has a -n option to enable its use. a40cf4175c90 (Sponsored by EPSRC)

然後把 OpenSSH 內對 FIDO/U2F 的支援開起來了:

The use of FIDO/U2F hardware authenticators has been enabled in ssh, using the new public key types ecdsa-sk and ed25519-sk, along with corresponding certificate types. FIDO/U2F support is described in https://www.openssh.com/txt/release-8.2. e9a994639b2a (Sponsored by The FreeBSD Foundation)

ASLR 預設開啟:

Address Space Layout Randomization (ASLR) is enabled for 64-bit executables by default. It can be disabled as needed if applications fail unexpectedly, for example with segmentation faults. To disable for a single invocation, use the proccontrol(1) command: proccontrol -m aslr -s disable command. To disable ASLR for all invocations of a binary, use the elfctl(1) command: elfctl -e +noaslr file. Problems should be reported via the problem reporting system, https://bugs.freebsd.org, or posting to the freebsd-stable@FreeBSD.org mailing list. b014e0f15bc7 (Sponsored by Stormshield)

然後先前被罵臭頭的 WireGuard 支援也放回來了:(「FreeBSD & pfSense 上的 WireGuard 問題」)

The kernel wg(4) WireGuard driver has been reintegrated; it provides Virtual Private Network (VPN) interfaces using the WireGuard protocol. 744bfb213144 (Sponsored by Rubicon Communications, LLC ("Netgate") and The FreeBSD Foundation)

然後看到 Netflix 贊助的 kTLS 支援 TLS 1.3:

KTLS (the kernel TLS implementation) has added receive offload support for TLS 1.3. Receive offload is now supported for TLS 1.1 through 1.3; send offload is supported for TLS 1.0 through 1.3. 05a1d0f5d7ac (Sponsored by Netflix)

然後 FreeBSD 長久以來 root 預設用的 /bin/csh 改成 /bin/sh 了:

The default shell for the root user is now sh(1), which has many new features for interactive use. d410b585b6f0

預設的 MTA 變成 dma (Dragonfly Mail Agent),看名字加上翻了一下 manpage,確認是從 Dragonfly BSD 移植過來的:

The default mail transport agent (MTA) is now the Dragonfly Mail Agent (dma(8)) rather than sendmail(8). Configuration of the MTA is done via mailer.conf(5). sendmail(8) and its configuration remain available. a67b925ff3e5

然後 portsnap 被拔掉了,現在就建議直接用 git 拉了,算是功成身退了:

The portsnap(8) utility has been removed. Users are encouraged to fetch the ports tree by using pkg install git and then git clone https://git.FreeBSD.org/ports.git /usr/ports. df53ae0fdd98

而 mergemaster 也被換成 etcupdate 了:

mergemaster(8) has been deprecated. Its replacement is etcupdate(8). 398b12691b4f (Sponsored by The FreeBSD Foundation)

然後支援 tarfs,而且可以用 zstd

The tarfs(5) file system has been added, which is backed by POSIX tar archives optionally compressed with zstd(1). 69d94f4c7608 (Sponsored by Juniper Networks, Inc.) (Sponsored by Klara, Inc.)

好久沒看 FreeBSD 的 release notes...

從 e-mail 取得電話號碼

Hacker News 上看到 2019 年的文章:「From email to phone number, a new OSINT approach (2019) (martinvigo.com)」,原文在「From email to phone number, a new OSINT approach」。

用的原理是每一家在 recovery 時都會透漏電話號碼的不同部位,從截圖可以看到像是 PayPal 給的是區碼地一碼加上後三碼:

然後他整理出來:

Leaks first three and last two digits:
eBay

Leaks first and last four digits:
Paypal

Leaks first and last two digits:
Yahoo

Leaks last four digits:
Lastpass

Leaks last two digits:
Google
Facebook
Twitter
Hotmail
Steam

接著文章裡面介紹了其他的方法再縮小可能性,然後再反過來利用電話號碼查 e-mail,像是 Amazon

後面則是示範了這整套過程可以自動化。

可以確認電話號碼後可以做的事情就很多了,文章裡面提到的也只是一小塊...

歌曲與專輯名稱的各種變化

Hacker News 上看到「Horrible edge cases to consider when dealing with music (2022) (dustri.org)」這篇,講音樂產業各種奇怪種奇怪的 case,2022 年的原文在這邊:「Horrible edge cases to consider when dealing with music」,裡面有蠻大的篇幅都在講名稱的問題...。

這讓我想到這則推:

基本上會遇到各種 escaping 與 UTF-8 的處理,另外文章裡面提到會遇到超長名稱,也就是 VARCHAR(255) 的剋星... 不確定之前在 K 社大量取得授權的時候有沒有遇到這張 1999 年的專輯 (下面這是一張專輯的名字):

When the Pawn Hits the Conflicts He Thinks Like a King What He Knows Throws the Blows When He Goes to the Fight and He'll Win the Whole Thing 'Fore He Enters the Ring There's No Body to Batter When Your Mind Is Your Might So When You Go Solo, You Hold Your Own Hand and Remember That Depth Is the Greatest of Heights and If You Know Where You Stand, Then You Know Where to Land and If You Fall It Won't Matter, Cuz You'll Know That You're Right.

其他文章裡面提到的應該都算是見怪不怪的情境,像是單曲七個小時... 這種在 server side 還拼的過去,但在行動平台上面比較苦命,直接把整曲都放進 memory 裡面的話有可能會炸。

320kbps 七個小時差不多是 1GB,如果沒注意這點,直接處理 DRM 的話瞬間就會吃到 2GB RAM;如果拉到 CD quality 的資料量就更明顯了。

然後你會發現,把音樂創作人的任何資料都當作 untrusted input 的態度來設計系統 (但你不能 reject),問題通常就不會太大 XD