27C3 Day 2
So, today I reexperienced that picking out talks that are more or less above my skill level in combination with a lack of sleep is not an ideal situation here. Nevertheless i am sure i can draw a picture of what has happened, even if not too extensively.
Number crunching with FPGAs
I made it just in time to this talk (problem: with only one consumed cup of coffee). I was rather curious on how things go ("for the masses" in the title gave that impression), but if you have no real knowledge in electro-technics it is a bit like magic. So, what Felix Domke did was to show how a DES cipher could be brute forced in a certain time (~1 week) with a certain budget (~1k €). Usual ways of doing so (e.g. with CPUs, GPUs) are too expensive as loads of them are used to achieve the goal in the specified time. So, what he did was to buy some used boards with FPGAs on ebay and program them. Therefore he made use of the project Copacobana - short for cost-optimized parallel code breaker. Furthermore he is interested in sharing the calculation power. An opportunity is the Dreambox receiver which is fitted with FPGAs and can be used while on standby.
In the next talk Jesse Burns and Peter Eckersley drew a picture of the state of SSLiverse and presented the EFF's SSL Oberservatory. As introduction they stressed some facts and issues with CA authorities, like recent vulnerabilities, and the sheer number of >1,5k trusted CA authorities from about 650 organizitations (in Mozilla and IE). The SSL Oberservatory is therefore established to scan the IPv4 namespace and collect information about certificates. A first complete scan has already done, another one will be performed with an enhanced structure for the storage. The findings are, e.g.
- in 2010 three certificates have been signed with MD5-hash still
- Deutsche Telekom has about 250 sub-CAs
- certificates for localhost and local IP ranges are issued
The results are available on the Oberservatory Website as database file. If you get it, be aware to have a suitable file system, as the files are huuuuge.
They also took a look into the future. As said, another scan will be executed, furthermore they want to detect Man-in-the-Middle-attacks and to decentralize the Oberservatory. The plan is that clients can collect data and send them via Tor to the Oberservatory.
In spite of the technical talks before, theses Worms were not malware but rather Bookworms. For a change this talk dealt with literature, science fiction to be precise. A lot of books are part of the hacker culture, may represent values in utopias or dystopias and reflect the world. Some works brought us Trojans, others dealt with DRM or cyberwarfare quite early. The speakers, Lars and Andreas, also referenced Rop's keynote from yesterday to point that such books are also useful to achieve our goals.
A short list with a wild selection of their recommendations:
- Iliad and Odyssey by Homer
- Fahrenheit 451 by Ray Bradbury (remember Amazon's remote deletion of 1984 from Kindle?)
- The Shockwave Rider (and all other books) by John Brunner
- Vurt by Jeff Noon
- V for Vendetta by
Frank MillerAlan Moore (not the movie!!)
- The Diamond Age by Neal Stephenson (includes nanotechnology, drm and sharing)
Admittedley, there is a lot to read for me. Great recommendations!
A modern and secure computer design
Andreas Bogk, doyen of CCC, stated the situation of IT security, pointed out main problems in programming and took all conclusions to develop a computer and kernel design that is secure and modern. In his introduction he outlined the half of the spendings for IT security are put into firewalls and virus scanners, which are of little benefit. Attackers make primarily use of programming bugs, mainly of memory corruption, heap and cross-thread semantics faults, but also stupid users. In most cases there are solutions already, but are not build into the base, but developers may use them, if applicable, or not. In his solution the enhanced the CPU architecture with principles instead of rings and other few security modules (the basic concept is the same, though) and also proposed to resolve the kernel into principles and compartements. If you're interested into this, you want to check the recording, when it is available.
A pledge against DNSSEC
Daniel J. Bernstein, like a counter part to Dan Kaminski who does not seem to be at 27c3 this year, provided lots of points and examples why DNSSEC is not the solution for the problems and vulnerabilities that DNS has. He clearly said, that DNSSEC does not only not fix the bug Kaminski worked out, but also may support Denial-of-Service attacks. Compared to classic DNS, the amplification towards DoS vulnerability is 30 by design, in a field test it turned out to be 50x. Hence, an attack triggered with 200Mbps effects a flood of of 10Gbps that will drag down very large sites.
Another issues are that privacy is not assured as domain names can appear in plain text, and DNA authorities needs to be established. We saw at SSL CAs already how trustworthy they are. Caching may be an entry point for forging, offline signing will complicate things and precomputed signatures cannot be done for dynamic answers or unpredicted request.
Ths Daniel's conclusion is that DNSSEC is not an option. Instead he gave a counter proposal, which will not end in changing the basic technologies, but enhance them. He pledges to utilize a public key infrastructure to establish encrypted point-to-point connection between the server and the client. Instead of using TCP, an UDP protocol that imitates TCP behaviour (CurveCP) should be used. For this the client needs an HTTP proxy that makes up and sends these packages on the UDP port; the server needs a forwarder that listens on this port and forwards the packages to the HTTP port.
Fight for your rights
A very impressive report was held by Nicholas Merrill, who exposed his post 9/11 life story. After passing the Patriot Act, the FBI adressed a so called NSL "National Security Letter" to him, as he is owner of a internet services company, requesting him to provide certain information on a specified customer. The letter was not signed by a judge but furnished with a gag order. In spite of he brought it to his lawyer and after reconcilement with the ACLU (American Civil Liberties Union) started an enduring battle at American Courts, reaching part goals. As such approaches are highliy unconstitutional the laws have been adjusted a bit, and some further shit has been revealed. Since he could be imprisoned as a "foreign combatant" or so these times, it was a very brave decision to tackle this formidability in spite of heaving wife and children. Himself he says: »better to die on your feet than live on your knees«
The ACLU is providing more detail on the so-called case of Doe vs. Holder .
A tribute to Stanislaw Lem
The final of this day was a dramatised reading with audio-visual support by Agata Królikowski, Constanze Kurz, Ina Kwasniewski, Jens-Martin Loebel, Kai Kittler and Marcus Richter. They did a great job in summarizing the life of Stanislaw Lem, a Polish writer, in their performance. An easy and interesting finish of a full day of information floating around your head.