betabug... Sascha Welter

home english | home deutsch | Site Map | Sascha | Kontakt | Pro | Weblog | Wiki

Entries : Category [ security ]
Stuff mildly related to security and privacy.
[digital]  [language]  [life]  [security]  [media]  [zope]  [tourism]  [limnos]  [mac]  [athens]  [travel]  [montage]  [food]  [fire]  [zwiki]  [schnipsel]  [music]  [culture]  [shellfun]  [photography]  [hiking]  [pyramid]  [politics]  [bicycle]  [naxos]  [swim] 

02 February 2006

Phone Tapping Scandal in Greece

Hello Mr. President

From before the 2004 Olympics, until March 2005, about 100 mobile phone numbers of politicians (amongst them also the prime minister) and official offices have been tapped by unknowns. One number under "surveillance" seems to have belonged also to the american embassy. In March 2005 the installation was discovered by an audit (or a check up) from Ericsson technicians, and the officials were informed. Not until today though, was the public and ADAE ("Hellenic Authority for the Information and Communication Security and Privacy") informed. The mobile phones were tapped by stealth software in the providers systems...


From what I can understand from an article on the news site in.gr (article in Greek) about the technical details, stealth software was hidden in the parts of the system for conference calls of the provider Vodafone. The phone calls in question were "conference called" to 14 mobile phones with prepaid cards, stationed in the area of Ilissia (which coincidally is around the american embassy). There they seem to have been recorded.

The usual shoving of responsibility (article in Greek) is happening now: The former government vs. the current government. Vodafone informed the officals right away (at least they claim), after "shutting down" the illegal software in question. Some politicians say that investigations were hindered because that software was removed.

To my eyes, the information that obviously has been induced shows that some data for an investigation has been kept (we know: a list of people being spied upon, duration of that observation, places where the "receiver" phones were hidden, the "receivers" being prepaid phones). I don't believe those communications engineers were not making copies or at least dumps of the illegal software used.

No information was given about the suspects who performed the surveillance.

Update: Some English language reports: Hellenic Radio has a news bulletin, a shorter piece by the "Athens News Agency", Reuters (all in English). Duh, had misspelled Vodaphone -> Vodafone is correct.

See also: Vodafone Public Relations in the Phone Tapping Storm

See also: telnetd root Backdoor in Vodafone's Ericsson Systems?

Posted by betabug at 23:20 | Comments (2) | Trackbacks (0)
07 February 2006

Vodafone Suicide Rumours: Weird Last Mails

Some rumours to go with the phone tapping scandal in Greece

Let's play rumourmill for a moment: Just talked to a friend who is working in the telecoms industry here in Greece. He's not working for Vodafone (nor was he ever), but he had heard from the suicide of the Vodafone employee (the one who seems connected to the phone tapping scandal)... back last September or October.

At his company they had a lot of work and when they started to yammer about "management is killing us with all the work", someone told the story of the Vodafone employee in the manner of "look what work can do to you". So far ok, but the interesting thing is that he heard back then that the Vodafone employee in question had sent mails out to his coworkers the evening "before" in the form of "you will have to do this", "please do that", etc., and another mail to his supervisor "we won't be speaking tomorrow morning".

Now doesn't that send a nice rumoury shiver down your spine? Of course this is all hearsay, so don't take my word for anything.


Posted by betabug at 16:17 | Comments (0) | Trackbacks (0)
14 February 2006

Vodafone Public Relations in the Phone Tapping Storm

Security is hard... and sometimes expensive when it fails

The phone tapping scandal has been a public relations disaster on the scale of a nuclear bomb for Vodafone Greece. Vodafone has disappeared from the market. No TV spots any more (they used to be on all channels), no posters, no mention of their sponsorship for the Greek soccer team, pop star Sakis Rouvas, and others. They had started out well enough on the initial press conference, cooperating with the authorities. promising that they had done the right thing, that they had handed everything over. That changed soon enough...


The first accusations did not take long to come: Critics said that Vodafone should have left the spyware installation in place for proper forensics and even "wet" investigation of the "receiving" mobile phones. When the questions about the suicide of their employee started to turn hotter, that must have been the point when they totally closed up.

No more TV spots

Since then it's silence on the advertising media. Vodafone is perceived only through the news. And the journalists are not kind to them, especially Vodafone boss George Koronias is being quoted only in a defensive stance. I haven't seen him appear in person on TV, as if standing up and facing things wasn't bearable. Obviously Vodafone has decided to wait it out in silence. Makes me wonder: They're not just your average Greek company, they are a subsidiary of an international multi. Can't they hire some PR pros who know how to handle a crisis? Or did the pros tell them to shut it up completely?

The cost of no advertising

It must cost them a lot. It's not that existing customers are switching in drones. But starting out with a new contract or switching your contract to Vodafone (something often done to get a new phone or new services) isn't really regarded as the cool thing any more. Plus: they have to hype their new added value services. 3G, video calls, all the toys. That is the business that goes down without exposure. Let's face it, the usefulness of a video call is near zero in most cases. Nobody thinks about it if it doesn't get hyped.

Security is hard. Once you start to occupy yourself with the field, you learn that sentence. No matter how well you do your stuff, there might still be an exploit out there with the name of your code or OS on it. And if you are smart you learn fast that the golden bullets they sell just don't cut it.

Learn something... or shut it up too?

What we can learn from the Greek Vodafone phone tapping scandal is that we better stay alert. The cost of a security breech might just be in a category that exceeds all our wildest nightmares.

Some people talk about them expecting Vodafone Greece to close down. They believe that Vodafone won't recover from this bomb. I don't think so. They will wait it out and some day it will all be mostly forgotten. Pushed back by the next big media bang. Hopefully they learned something from it. The other players in the market sure did, but I don't know if it's the right thing they learned. They probably had a very good look at their installed software. But if they found anything, they would not be so stupid as to make it public now. That's something of a solution too.

Posted by betabug at 23:26 | Comments (0) | Trackbacks (0)
22 February 2006

Do You Use PGP?

Encryption is not just for techies any more

This morning Rodolfo asked me if I use GPG (which is a program that implements PGP encryption, for example for sending secure mails). My answer is of course: "I do - almost every day." I recommend it to everyone. The reasons are well known, the old saying is that E-Mail is only about as secure as a postcard written with pencil. If you work for a stupid employer or use a mail server of a stupid company, it's even less secure. One problem with encrypting your mails if that the other side has to be using the stuff too. So here are some real world experiences...


Almost every day I communicate with a few people in my personal surroundings with E-Mail. Some of these mails contain personal stuff, some even "secret" stuff like banking information, passwords for various accounts, etc. But most of the are just "Hey, how is the weather there? Are you going to be out of town this weekend?" This stuff could be sent in the clear and unless someone was tracking my whereabouts and mood of the day, he would have an easy job (even easier than just reading my weblog!) But there is a reason I encrypt them all: It's a matter of habit.

Not only for the techies

Those people I communicate with are not computer experts. Which is quite remarkable, since in my experience usually only computer experts use PGP. They had learned how to use email and now I tought them how to use PGP with a plugin for their mail program (MacGPG with a plugin for Apple's Mail.app is one good example). But if I sent them an encrypted mail only once a blue moon they would have to dig out instructions, it would not work for some stupid little reason and we would be back to expensive and insecure phone calls. That way the idea is forgotten pretty fast.

Make it a habit

The solution is to make it a habit. I send only encrypted and signed mails to these people. If they send me an unencrypted mail by mistake (happens once in a while, especially in the beginning) I reply in encrypted mail and make sure to point out the mistake. After a while receiving and sending encrypted mail gets as easy as "normal" mail. A good mail plugin is a big help too, software can make things a lot easier.

In general the good thing is that most of the tasks to maintain a secure correspondence are quite easy. Once you have the setup, you get a few steps right and you are sending and receiving. Even things that baffle newbies for days (like signing other peoples public keys in order to be able to use them) can be done once and for good when you have a fixed set of correspondence. This should be no problem for example in a small company or a small workgroup.

Setup is a b...

I do have one big gripe with GPG though: The setup is a bitch. No way a newbie can do this on their own. Not only does it involve all that new terminology with keys, signatures, bits, and all that... it also involves a lot of knowledge about computer internals. Using the Terminal on the Mac, special directories, all that. The MacGPG project is working in the right direction there. For now the solution is that the newbie needs help: Someone to help through the setup. In a small group of people or in a small team this can be solved too. On a bigger scale this could be a job for user groups like MUS or HelMUG.

Posted by betabug at 10:34 | Comments (10) | Trackbacks (0)
01 March 2006

telnetd root Backdoor in Vodafone's Ericsson Systems?

Some rumors for ΑΔΑΕ/ADAE

The investigation in the Vodafone phone tapping scandal in Greece has lead to some information being published in the last days. What the published information from ADAE say boils down to this being an "insiders" job. I agree and I have some of what I would call "qualified rumors" for ΑΔΑΕ: Maybe they should have a look at the backdoor Ericsson puts in the telnetd...


Let's start with the facts, as publicized by the press based on ΑΔΑΕ (ADAE, "Hellenic Authority for the Information and Communication Security and Privacy"):

The Facts

Some days ago I had a little conversation with an IT sec guy who passed me some interesting information. I can't verify the stuff (no Ericsson AXE around) and also this information is about a year old, so things may have changed. But the information sounded reasonable, and after I read what's in the news today it sounds even more reasonable. That's why I'm going to spread it as what I would call a "qualified rumor". But read on and judge for yourself.

The Rumor

Disclaimer: It's just a rumor

Now, dear reader, you should take this as a rumor by a complete stranger. I actually don't expect anyone to really believe this, but it would be kind of nice if ΑΔΑΕ/ADAE had a close look at the telnetd binary on the machine in question. (And maybe it would still make sense to have that close look before any of the helpful technicians could cover up anything that might or might not have ben there in the first place.) Of course they might not find anything, then the result would have just been that I ruined my inexistent reputation by spreading a rumor.

Let's look at them together

But let us look at how the rumor fits in with the published facts:

If the Ericsson modified telnetd is real, then any Ericsson technicians helping in the investigation will likely hide it from view (unconscious or conscious in full conspiracy theory mode) or at least downplay it... "yeah, but that's not a problem, we always use this".

The statement that "only 3 people at Ericsson Sweden know the code" does not work for a proper password authentication system. When there is a regular auth system, then there is a way to change passwords or keys... and they should and likely will be changed on a customers installation. "Only 3 people know" points to a backdoor on the level of a "service account". Computer security history has taught us that "service accounts" are notorious for being spread illegally. If the rumor is true, then "only 3 people know" is at once what Ericsson wants us to believe and in fact many more know. At the same time it points to the rumor, because if "only 3 people know" then the access can likely not be changed.

Allowing access to a service only from an internal network is an additional measure usually taken to protect even password protected access services. Now, if the rumor is true, then the protection of access to that root shell is very weak, so security relies heavily on that "internal network" line. Which would obviously point any investigators to an "insider connection" (to be on the internal network one has to be an "insider"). Especially if one believes in the kind of snake oil security that the rumor tells us. When you trust in that stuff, then it must have been an insider, with super know how too.

But to tell you the truth, I do believe in the insider theory to some degree, even when we presume the rumor to be true. Given the scenario from the rumor, the insider does not have to be a James Bond type. A summer intern or a friends friend who is asked to try out a cool screen saver is all it takes. All we need is a tunnel to the internal network (and ssh -R can do wonders in that respect).

Now even swallowing this assumption together with the rumor, we still need some knowledge: First about the backdoor's existence, second about the proper environment variable to set for the telnet client. As for the first one: Well, the rumor got to me and I'm neither part of the telco industry nor some black hat, so why couldn't it have gotten so someone else. And if the rumor holds true, then some audit found the backdoor, so anyone with even a test installation could have found it. For the second one: That is easier than it may seem, at least for some people. This telnetd is likely the same for every customer. It would be troublesome, inefficient, and not very easy to test an installation, if one had to recompile for every customer with different settings. So I might be wrong, but I believe that whoever learns the magic env-var key to one mobile kingdom holds them all. Even if that does not work out, then we should keep in mind that this is telnet, completely unencrypted. It just takes more energy on the part of the insider to sniff out the telnet traffic on the local network for the proper environment variables.

My own, private conclusion

To me, the rumor fits in. But in the end it is still an unproven rumor, so I doubt that any more will come out of it.

Update: Bruce Schneier has posted about the wiretappings again. And the paper "Ta Nea" writes that at Vodafone and Ericsson together "not more than 10 people had access" to the surveillance systems (article in Greek).

Posted by betabug at 23:34 | Comments (5) | Trackbacks (0)
11 May 2006

Safety on the mobile Internet meeting

safeline.gr invited to a focus group

Through rather random events we learned about safeline.gr inviting the public to a meeting with the title "Safety on the mobile Internet". There wasn't much of the public following the invitation, the audience consisted of Mary and me. But we were truly interested despite that.

Safeline.gr is a website and organization that is still very unknown but very important. They are a hotline for reports on images of child abuse, racist and xenophobic content that violates Greek law, and other content that might be illegal. They operate in coordination with Greek providers and the Greek police's cyber crime office. If you ever saw something that you thought should be reported to the police - but you didn't because the local cops probably don't know a network from a clothes line - safeline.gr is the place to go.


The meeting started out with an introduction that cleared up a bit of our confusion with the name. Safety on the Internet is a wide field, and the term "mobile Internet" isn't so clearly defined either. Turns out safeline.gr is mostly interested in protecting children. Be that from exposing them to abuse, to upsetting content, or letting them fall prey to financial trouble or exploitation. The first few talks appeared much like on a convention, the presenter giving us information about his/her field of work. A lot of this stuff repeated the others, which seems to be an inherent problem in a meeting where everybody brings their talk without knowing what the others will be saying. Contents, notes, and even video should appear online some day. Until that, here are some of my thoughts...

While some of the talks were a bit technical, they weren't really geeky, except maybe for the prof from the ics.forth.gr who showed off his work with honeypot nets and showed the (mostly grey haired) participants that we have a problem with all the virii and worms floating around. The chief security guy from provider OTEnet talked about their abuse@ department, which he claims does much more than just lift the receiver. He says they have shut down customers for breach of Netiquette reasons, even if there were no actual laws broken.

After a while some of the talks began to be more opinionated, zooming in on the problem set of security for children, and taking wild stabs at solutions. We had exponents from consumer and children's rights organizations with us. So what were suggestions? Do we filter? Do we control children's every step (with the guy from Naftemporiki suggesting parents to force children to reveal their email login data, he got a good laugh and many shaking heads for that - I believe it won't take the kids long to open another hidden mail account). Do we educate children? Their parents? Do we (can we even) outlaw and censor some content on the Internet?

Personally I don't think there are any easy solutions to be had. And I was satisfied that neither did safeline.gr get confused and vouched for shot-from-the-hip solutions. Their Safety Tips (Στα Ελληνικά Συμβουλές ασφάλειας) are down to earth and pretty decent in my oppinion. The last bit of the meeting was spent discussing getting the message out. Where it is hard to reach the greek public through TV, because TV stations aren't interested in plain messages and educating their viewers, I think that spreading the word for safeline.gr via the Web and even by snowballing mobile messages might be the thing to do.

Posted by betabug at 17:18 | Comments (2) | Trackbacks (1)
27 May 2006

Mixmaster Revisited

And the weather is fine

While Tor writes about the weather in England, and the OpenBSD developers freeze their butts off (at 4 degrees Celsius) at the hackathon in Canada, over here I sit in front of the computer in shorts and without a T-Shirt on. It's hot. I'm not so sure this this world needs all that heat, with all the global surveillance etc. going on already (NSA wiretappings, wiretappings in Greece, data retention in the EU, putting people who disclose security vulnerabilities into the "criminal" drawer, ...) So I'm reading up on your basic cypherpunk privacy tools. Having a look at mixmaster especially, the mixmaster anonymous remailer network, and the apparently dead or frozen invisiblog.com anonymous blog platform...


There are better descriptions on how an anonymous remailer chain exactly is working, than anything I could give you in one paragraph. The short summary is that it allows you to send an email message with a certain degree of staying anonymous. The recipient can't deduce your email address, your provider, or even your IP number. This is done by sending your message through a "chain" of mixmaster servers, each one knowing only where the next hop is.

Why does any one want that? Imagine you found a security problem in the software from one of those companies who are too damn happy to sue even their pet rocks. Or imagine you work in some government office and discover that someone has got the finger in the cookie box. Imagine further on (yeah, that one's harder) that you would want these problems published, get known to the world. You wouldn't exactly be hot on revealing your identity. And these days the journalists aren't so hot either to go to jail to cover their sources (which is your butt in our example). Now you could send your mails out with mixmaster.

The dark side of anonymous mail is that those systems can be abused for, well... abusive mail. When abusers send out threats, the victims have zero chance to find the origins. Mixmaster operators and cypherpunks considered those points and decided that the choice is worth it.

But there is something else wrong with mixmaster, or rather a couple of points are wrong. These are mostly technical, starting with the technicality of the operation itself. It's damn hard to get running. You need to compile the software, download "statistics" files, experiment with settings. Even if your experimentation works out, there is still a chance that mails don't arrive.

My quest into the world of mixmaster led me to discover a lot of documents of the late 1990s vintage. Some of them are still valid, others refer to outdated stuff. Link rot is everywhere. The mixmaster network is still up and running, ready to be used by the daring with some technical ability. The network is pretty small, my downloaded stats list about 30 mixmaster servers, 10 of them with reported 100% reliability.

The small size of the mixmaster network is one of its biggest vulnerabilities. To follow one message through the mixmaster chain back to its sender, it is ultimately necessary to control all mixmaster servers. But with only 30 servers and the resources of organizations like the CIA (who can get away with e.g. building a network of secret prisons in eastern Europe), or the NSA (who can get away with spying on e.g. every phone call in Europe or building a database of every phone call in the USA), getting the upper hand on 30 machines shouldn't be too much of a problem. The only way to find out if Mixmaster operators are really pressed to reveal data would be to run your own server and find out the hard way - and then you probably couldn't tell. Maybe I'll elaborate on this thought a little bit more another time, there is someone knocking on my door...

While looking after the mixmaster thing, I came across invisiblog.com, a blogging platform that promises truly anonymous blogs. Using the cryptographic gadgets of PGP signing messages and sending them through mixmaster chains, not even the invisiblog owners know who runs your blog there. Two observations with that: First invisiblog.com seems to be either dead or frozen. No news, no new posts, no new blogs since October 20, 2005. The second observation: These blogs have a strange tone, anonymity bringing out strange things. The strangest post is this one who (if invisiblog.com did not allow messing with publishing dates) warned about the London bombings of July 7, 2005... on June 26, 2005.

Posted by betabug at 23:57 | Comments (0) | Trackbacks (1)
29 May 2006

Mix Some More... Mixminion

Type III remailer, alpha but easier

In my search for knowledge about Mixmaster, I discovered the successor to the anonymous remailer software: Mixminion. Mixminion is what they call a "Type III" remailer, whereas Mixmaster is Type II. The minion is trying to solve some of the problems with the old system. Even though it is still in alpha stage, it already solves one of my big problems with the old software, Mixminion is already much easier to use in some respects. For one thing it is smart enough to download the necessary stat files itself, also it's much easier to compile.


The Mixminion code is in large part written in Python, which makes it mucho sympatico to me. It also improves my ability to read the code, and maybe I could even contribute something. Development seems to be active. The software is still in a testing stage though and should not be used for sensitive usage where your anonymity really matters. There is a developer mailing list and there seem to be about 40 servers already online, a lot of them with very good uptime and latency values. I think that easier usable software leads to more reliability. Once Mixminion will be mature software, these numbers will improve even more.

Others seem to have noted the same (or similar) things I wrote about the usability of Mixmaster. Ethan Zuckerman writes about it in Anonymity and Usability - beyond oil and water. His post gives real world background, he is working with some people who may sometimes need anonymity to survive.

Another interesting reference is the Privacy BOX project from italian cypherpunks. It's a ready made little box with a complete privacy setup, from a Mixmaster/Mixminion remailer, to a Tor node, and even a firewall setup for your home, so you can install it at home and run it alongside with your home network.

Posted by betabug at 09:52 | Comments (2) | Trackbacks (0)
14 June 2006

IMAPS setup: Please wait for Mail.app to time out

Yes, there is an 'S' at the end of "IMAPS"

Why are some mail clients so obviously dumbed down in respect to secure IMAPS? For the server of HelMUG (where I'm co-serveradmin), I'm testing our soon-to-be IMAPS setup. We are going to open up only SSL based IMAPS, not plain IMAP. And what are programs like Apple's Mail.app (in 10.4) trying to do when you set up an account? They test the availability of the IMAP server only without SSL. Result: Users have to wait for that test to time out. Maybe the developers of that app have never heard or imagined a setup where security is at least a bit of a consideration...


When you set up the new account, you enter the most basic account information (username, password, mail server), then Mail.app tries to connect... and tries to connect... and tries to connect. At first I thought this would make it impossible to set up accounts with 10.4 with our setup. But you just have to wait for the timeout (some minutes), then ignore the warning message, and click on "continue". Only then can you tell your shiny mail client that you care to connect via SSL. Would it have been so hard to move that checkbox to the other side of the test? The user has to pass by this checkbox anyway, and it's vital for being able to connect to the right port.

Then I tested with Thunderbird, the mail client of the Mozilla project (where Firefox comes from). It's even worse. It does the same crap "I'll test if I can connect to your server before you enter all your information" dance too. But also it doesn't really let you know what it's doing. Even worse, when you finally get to tell it you want IMAPS, you have a choice of different options (amongst them "TLS" and "SSL" and some "maybe this or that", of which for Mac OS X Server 10.4 only "SSL" seems to do the trick, not "TLS" - which incidentally is only a nicer name for newer versions of SSL actually). OK, think that would have done the trick? Nonono, thank you, you also have to manually change the port to 993 too!

In my eyes, someone has dumbed these products down, with the thought that "nobody uses secure setups anyway, let's forget about all this SSL crap and make a really simple account setup". Which is nice and dandy, but it shouldn't make a secure setup seemingly impossible. Instead of just giving members the information "enter your account info, choose 'connect via SSL'", we will have to give them instructions for the complete dance.

Posted by betabug at 22:14 | Comments (1) | Trackbacks (1)
06 September 2006

Drinking with the Phrench

And "On the concept of signing PGP keys"
mitch at the lesbian ouzerie

For a few days a friend of Saad came over to Athens for work. Jerome (aka mitch) didn't have time for anything but work, but yesterday he managed to sneak out for a few hours. We went to the Ouzerie "Lesvos", which is run by people from the island of Lesbos, where they are said to be making the best Ouzo. Naturally we drank a few (small) bottles of Ouzo and ate some small plates of fish, meat balls, cheese, and salad. The food there is simple but good. A nice evening after all, we chatted with Jerome about work, countries, prices, OpenBSD, the student movement and employment laws in France, ... and we did some PGP key signing...


Right before he left (had to get up early for work tomorrow), we exchanged fingerprints for our PGP keys and had a good look at each others ID cards. (In the process we discovered that Jerome is from the Cognac region in France, but he drinks Ouzo nonetheless :-). When I came home I signed his public key that I have gotten before. The idea to use PGP encryption for mail and other things is uncommon enough, but even some people who use PGP are not common to checking fingerprints and signing keys. In some circles it is even considered signing PGP keys is "so linux kids". Well, it may be, but I think it's still a useful thing. I'm sitting here in the opposite corner of Europe from some of the people I communicate with. Encrypting mails is fine, but a digital signature also offers a trace of identity to things. PGP has this concept of the "web of trust", which just means that I can draw a line from me, to mitch (who came to visit in person), to some friend of both of us who I might not have met in person - and have a bit more of a certainty that there are people behind the keys out there.

All in all checking fingerprints and ID's was a business of 5 minutes, maybe count in another 5 minutes for actually signing the keys and sending the public keys back. Those 10 minutes result in a "pretty good" assumption that a mail from mitch or a direct friend is really from them and has not been tampered with. Worth it to me, especially when I get to drink Ouzo too, while signing.

Posted by betabug at 09:49 | Comments (0) | Trackbacks (0)
27 September 2006

Playing with One-time Pads

A crypto steckenpferd

"One-time pad" encryption is something between the holy grail and the torture chamber of cryptography. On one hand it is the only encryption method which is provable secure, on the other that security comes with a clause: "...if handled properly". The "proper" way to use one-time pad encryption makes it extremely unpractical, solves the wrong problem in today's crypto needs, and if ill-used OTP encryption may become as insecure as a children's "decoder-ring" from a cereal box.

In other words, a nice toy for me to play around with. My interests goes first to the "understanding it" stage, then to the "trying it out" stage, passing by "is it really good for anything", and finally to the "can I write some code for it" stage. Some thoughts on this follow...


No need to bore you with what exactly is One-time pad encryption and the details on how it's done (see e.g. wikipedia). The principle is that the encryption algorithm is simple, but the key is completely random and as long as the message. There is a beauty to that. While many crypto-enthusiasts have an everlasting love affair with OTPs, Bruce Schneier made a big point against them.

Scrambled SMS

I like OTP encryption, because it is something that you can try out yourself, with a pen and paper. You can make pairs of little sheets with keys to carry in your wallet, and -- if done properly -- you can send SMS messages to your friends that are completely unreadable to anyone without the corresponding key. The practical purpose of this exercise currently evades me, but it might be fun if you have a friend who is interested in these kind of games. For real life purposes it might be more useful to install GnuPG and send mails with PGP encryption.

Totally impractical

Why do I consider OTP encryption to be so impractical? First of all, it's a hell of a lot of work to generate the key pair papers properly. It might be good for short messages (ideal for today's SMS), but anything longer than 10-15 words needs a lot of patience. Then there is the real life aspect of the security of a OTP: Let's assume you want to hide a message from an overly authoritarian teacher. A search of your possessions will reveal the "pad" with all the keys. You will either loose them or risk sending messages that can be read. With a PGP key you run the risk that the software or encryption system may be compromised in some way, but at least when your key falls into the adversaries' hands, you can hope on your secret passphrase protecting the key.

Read once

The teacher example doesn't stop there: After sending your message you have to destroy your copy of the key being used. Now you can't read the message any more yourself! You could keep a cleartext copy around, but that could fall into your teachers hands. Same with answers you received: You can read them once, then you have to decide if you want to destroy them (making them unreadable forever) or risk having the decrypt papers discovered. This endpoint problem makes OTP more suitable for diplomatic missions, where the messages can be filed away in a safe. If you had that luxury in the teacher example, you could likely find other means of evading said teacher anyway. Of course spies use OTP encryption too, but their stakes are higher.

But useful without a computer!

Using OTP encryption may have a small level of usefulness, for example when traveling without a computer. You could send small, important data very confidential in SMS messages with your mobile phone (or even read them out over a normal phone. When you visit a company in a foreign country and have to tell your own company back home your "buy or sell" decisions without others knowing, this could be a valid scenario. OTP encryption is very simple (if tedious) and can be done with paper and pencil, no need for a computer.

Get into trouble

But in this scenario you have to take very much care of your "pad". A former employer of mine was once strip searched (and questioned while naked), and had his computer taken away only to be given back days later, on traveling to Israel. That certainly isn't the scenario where you want to have a couple of one-time pads discovered on you. Not only would your bit of business secrecy have been taken away, the "interrogators" would also certainly assume that you are a spy or worse. So better play that game at home.

Back to playing

One-time pad encryption requires large amount of random data, to be used as the encryption key. Apparently the "quality" of the randomness should be very high to foil statistical attacks. Computer generated "pseudo random" numbers won't do. There are true hardware "random number generators" out there, but for me to get into the spirit, some simple dice can do the work. They are also much more at the level of old fashioned spy stories, where the "sheets" for the OTP are generated by some poor soul sitting in a room and drawing numbers all day (e.g. in Neal Stephenson's Cryptonomicon).

My choice are some simple dice. I have them anyway, for playing Backgammon and for computing good passphrases and passwords after the diceware system. Dice produce numbers in the range 1 to 6, classical one-time pads need numbers in the range 0-24 (or 1-25 or the letters A-Z). I certainly don't want to generate fake random numbers with a computer, and I'm enough into the paranoia spirit in this game not to print out the key pads with a printer, but writing some code to fix up the key is fine for me.

Writing some code

So I spend an hour or so writing a little python script I call dicepad. It just takes the input you give it while rolling dice and then prints out the generated random number in form suitable for old fashioned one-time pad use. It's not really elegant, but simple enough to understand and change if you need it different. I didn't consider any security aspects of the program (except for working properly). For me this is enough of a game to keep considerations about compromised memory or libraries out of the way. If your computer is rooted, playing with OTP encryption won't help anyway. Enjoy and don't come crying to me when you are thrown in jail!

Posted by betabug at 19:42 | Comments (0) | Trackbacks (0)
03 November 2006

No Investigation on Ericsson in Wiretapping Scandal

Strange Decision from ΑΔΑΕ (ADAE)

According to the Greek news sites, the Greek Information Security Authority ΑΔΑΕ (ADAE) has decided not to investigate Ericsson for their involvement in the wiretapping scandal that was revealed in February of this year. As the "reason" they state that the law does not give their agency the role to investigate the manufacturers of telecoms equipment. Apparently this decision came out of a 4-3 vote, where 2 of the minority votes were by specialists from the investigative unit of ADAE.

Depending on your level of paranoia and/or believe in the orwellian state of the industry / the world / etc., this either comes as a surprise or something expected. Myself I haven't expected exactly this, but I certainly didn't expect anything to come out of the investigation conducted by ADAE. Ericsson might as well ship their systems with a backdoor as wide as a barndoor, the ADAE wouldn't notice. It's all a matter of agenda, and I suspect the agenda of the ADAE is to get this thing forgotten as fast as possible.


Posted by betabug at 10:26 | Comments (0) | Trackbacks (0)
28 December 2006

Forged E-Mails Enter Swiss Politics

Forged name under wish to change positions in regional government

According to an article from swiss newspaper Tages-Anzeiger (online in german likely only for a short while; NZZ reports too, TSR reports in french), forged mails where sent from a computer in the building of the swiss parliament in Berne. The mails (and SMS) carried the name of Laurent Schaffter, member of the regional government of the canton of Jura. Those mails expressed the wish to change his position as minister for "buildings and ecology", with the result that he got assigned a new position as minister for "health, social, and personnel". I've been waiting for something like this to happen, as it is much, much too easy to forge mails...


From the article it seems that the mails where carefully crafted, not too obviously going contrary to what the real person would have written. The mails stated in the form of a poll that Schaffter was uncertain in choosing which ministry he would like to have, they were "signed" with his name.

Due to the forgery having been discovered now, the positioning of ministries will start anew. Philippe Receveur, the current politician scheduled for the position of "buildings and ecology" said that he would not resist a new positioning, even though another politician from his party claimed that the assignment of seats followed democratic rules.

Oh, yes: Charges were filed. It is known from which computer in the parliament building those mails were sent from. But it isn't (yet) known who sent those mails.

My own reading into this is that any ministry with "public buildings" in the name is a hotspot for cash and crooked deals. It might well be that someone else wanted to have their hands on that. Forging a couple of mails is way to easy. It's about time that something as simple as digitally signing of mails (be it in the form of PGP or S/MIME) took hold in the heads of politicians and businesspeople.

With the situation as it is now, all that protects you from a well crafted mail forgery is that people will believe you when you shout: "that wasn't me!" In politics that might work, but in a business relationship it might well turn out to be the end of business relations and the start of a stroll through the legal system. It's way easier to start thinking about digital signatures on email now.

Posted by betabug at 14:38 | Comments (0) | Trackbacks (0)
07 February 2007

Phishing National Bank of Greece Customers

A glimpse into the pit

This morning at work I was greeted by a phishing mail (nothing rare) but in Greek - a first for me. The phishers are attempting to get people click on links labelled "homebank.nbg.gr", apparently the homebanking site of the National Bank of Greece - which will then take them to a site with a korean domain. In the mail message is the usual spiel about "you need to renew your login data". The message itself is quite "real" looking, with only a few "phishy" details...


First of all looking through the headers (which no normal National Bank of Greece customer would do): The message was sent through an IP address in Germany (likely a trojaned home PC, Received: from T78cb.t.pppool.de (t78cb.t.pppool.de [89.55.120.203])), and carried a header "X-Antivirus: skaner antywirusowy poczty Wirtualnej Polski S. A." which is kind of interesting. Maybe whoever made that phishing mail is residing in poland and didn't notice his antivirus software adding that line. The name in the "from:"-header is also very un-banklike: `From: "Adventure H. Jeanie" ', I don't think anyone working at a Greek bank would be called "Adventure". They didn't get the encoding of the subject header quite right either.

National Bank of Greece phishing mail message

The logo of the bank resides on the phishers servers, so it wasn't loaded at first in Mail.app (which is not set up to autoload remote images for me). Appart of that it looks genuine enough. I certainly didn't spot any glaring errors at first - something the phishing mails in German or English never seem to get right. There are some smallish mistakes in there though. Are only people with spelling problems attracted to a phishing "career", or do they think a few spelling mistakes will make their mails more believable?

The National Bank of Greece (Εθνική Τράπεζα της Ελλάδος) certainly has a bit of experience with phishers. Going straight to http://homebank.nbg.gr/ I was greeted with a lot of security instructions. Following those to the letter certainly would have saved any of the banks customers from being phished. Though I can't help being not so hot about the possibility that every one of their customers follows the rules for once...

Posted by betabug at 09:46 | Comments (4) | Trackbacks (0)
13 February 2007

ADAE / ΑΔΑΕ are you listening?

So... this Solaris telnet exploit tells us *what* about Vodafone?

It was forever and a day ago that I wrote about rumours about a telnetd root Backdoor in Vodafone's Ericsson Systems. Now like a puppy peeing on an old carpet, around comes this gem from the 80s: Solaris Telnet 0day or Embarrassment. Apparently a "hole" of embarrassing simplicity is still there since the 80s in the telnetd on Sun's Solaris systems, enabled by default.

No, I don't know if Vodafone and/or Ericsson has these Solaris based systems configured with telnetd left open. But according to said rumour I highly suspect it. Frankly I believe that these people have no interest whatsoever in the privacy of their customers. Maybe the phat fine Vodafone will likely have to pay will change that, but I doubt it. More likely it will just make sure that the next time something like this happens, nobody won't say a word.

Don't get me started about "closing access to telnet on the perimeter firewall" and "telnet should be fine on a secure network". Can anybody make sure that all of Ericsson's and all of Vodafone's employees are trusted on the level of their top system administrators (even the guy they send around for getting coffee and watering the plants)? So, ADAE are you listening?


Posted by betabug at 10:47 | Comments (1) | Trackbacks (0)
20 March 2007

PGP Talk for HelMUG

An introduction to encryption on email using PGP / GPG

Yesterday evening I was with citylop (of HelMUG fame) at the Dasein in Exarheia. We were going through my notes for a PGP Talk which I will be giving for the Hellenic Macintosh Users Group HelMUG. We also signed up for the Dasein's event room. The talk will be on Sunday, April 22nd (13:00 at the Dasein). The official invitation and a signup form are forthcoming. The event will be free - maybe we will let a hat go round in promotion of the user group - but participants will likely have to sign up in advance.

I will hold this talk in Greek. Yes, that's right. The betabug speaks Greek, even though giving a complete talk in that language still scares the hell out of him. You can bet that I will rehearse a couple of times.

Motivation for this is at once that I take a masochistic pleasure in public speaking (preparation is usually so bad that I swear each and every time to never do it again, but giving the talk is really fun). Also we want to get a series of talks going in promotion of HelMUG, to further spread the word that there is a Mac user group in Greece and that it's good for Mac users here to unite and help each other. So someone has to make a start!

Oh, about the talk. It's titled something like "Introduction to PGP - protecting your privacy in email". I'll give a very basic introduction to the why and how to encrypt and sign your mails. It's not going to be a workshop where you install software yourself (maybe another time), but rather an occasion to get a simple introduction to what you can do, even if you're not a tech-head.


Posted by betabug at 20:15 | Comments (2) | Trackbacks (0)
Prev  1   [2]   3   Next