Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Origins of Insecurity, LASCON 2013

The Origins of Insecurity, LASCON 2013

"The Origins of Insecurity" -- presented at LASCON, Austin, Texas on 2013-10-24

Nick Galbreath

October 24, 2013
Tweet

More Decks by Nick Galbreath

Other Decks in Programming

Transcript

  1. @ngalbreath #lascon2013 • Online advertising infrastructure • Because waiting for

    Google et al to cut you a check isn't a business model.
  2. @ngalbreath #lascon2013 Cryptography • A lot of noise going on

    without context that may or may not match your needs or requirements. (there is also good healthy debate on fixing problems) • Think of your threat model to your company (or you).
  3. @ngalbreath #lascon2013 TLDR; math's hard; let's go shopping (for access)

    http://www.foreignpolicy.com/articles/ 2013/10/15/the_nsa_s_new_codebreakers
  4. @ngalbreath #lascon2013 So Successful • I don't know of any

    monetary theft that involved breaking SSL/TLS or the math behind modern cryptography. • It's been so successful everything I know has been attacking data at rest.
  5. @ngalbreath #lascon2013 Can't Find the Fix • Source is here:

    http://bit.ly/1c3iZCC • Can't find the change • Can't find the bug report • Appears no empirical testing added to source tree. I'm not an Android expert and the source tree is very large. If you know the answers, please let me know!
  6. @ngalbreath #lascon2013 But How Did this Happen? "Contrary to many

    earlier reports, the flaw affects all versions of Android, not just 4.2 and earlier, Android Security Engineer Adrian Ludwig told Ars." http://arstechnica.com/security/2013/08/google-confirms- critical-android-crypto-flaw-used-in-5700-bitcoin-heist/
  7. @ngalbreath #lascon2013 Let's Take a Look • July 2006 code

    goes in tree: https://issues.apache.org/jira/browse/HARMONY-872 • October 2006 tests added https://issues.apache.org/jira/browse/HARMONY-1924 hmmmm.... so before we blame yuri...
  8. @ngalbreath #lascon2013 SHA1PRNG • Based on known cryptographic primitives: Yes

    • Open specification: ? • Open source reference implementation: ? • Test vectors: ? • Forced to use it: kinda, otherwise you need to find a signed provider. • Code approved in Harmony without tests: yes • Any empirical tests? No. • Any security review in 5+ years: ??
  9. @ngalbreath #lascon2013 #VUXBJU UIFSFTNPSF • "In addition to this developer

    recommendation, Android has developed patches that ensure that Android’s OpenSSL PRNG is initialized correctly. Those patches have been provided to OHA partners.We would like to thank Soo Hyeon Kim, Daewan Han of ETRI and Dong Hoon Lee of Korea University who notified Google about the improper initialization of OpenSSL PRNG." • More details here: http://emboss.github.io/blog/ 2013/08/21/openssl-prng-is-not- really-fork-safe/
  10. @ngalbreath #lascon2013 More Details • http://armoredbarista.blogspot.ie/ 2013/03/randomly-failed- weaknesses-in-java.html (although their

    paper is published and costs money) • Keith (k3170) Makan http://blog.k3170makan.com/ 2013/08/more-details-on-android- jca-prng-flaw.html#more
  11. @ngalbreath #lascon2013 NIST • NIST has a lot of great

    people, working very hard, • Probably has to deal with more conflicts of interest, stress, demands, and bullshit than you can imagine • but as human organization • ... it also has human failings too
  12. @ngalbreath #lascon2013 NIST Dual-EC-DRBG • SP 800-90 • 1 of

    3 PRNG algorithms specified • within 6 months of publication, research showed it was unusual • 3x slower, possible backdoor. • Standards process clearly got corrupted
  13. @ngalbreath #lascon2013 DUAL-EC-DRBG • Based on known cryptographic primitives: yes

    • Open and Fully specified: yes • Test vectors: yes • As a standard are you forced into using it? No! It's only one of three options.
  14. @ngalbreath #lascon2013 It's a Turd But we know exactly it's

    a turd! It's standard turd! That also got approved by ISO and others. It's not the first (WEP), and not the last
  15. @ngalbreath #lascon2013 But we knew in 2007 is was broken,

    and it's also very slow, and there 2 other choices in the standard!
  16. @ngalbreath #lascon2013 Fixing the CA System • Certificate Pinning •

    Certificate Pruning (ala Etsy/Zane Lackey) • HTTPS Strict-Transport-Security • http://certificate-transparency.org/
  17. @ngalbreath #lascon2013 App Security Network Security EndPoint Security IT/Internal Development

    Operations stuff you didn't write stuff you did write stuff people use Everything Else
  18. @ngalbreath #lascon2013 Proactive Tasks • Detection • Monitoring • Identity

    Management • Design and Architecture • maybe even Development but for reactive tasks...
  19. @ngalbreath #lascon2013 IT Internal Tech • Windows / Mac Operating

    Systems • Commercial Applications that run on employee laptops 99% C-based patches or Configuration Mgmt
  20. @ngalbreath #lascon2013 Tech Ops • Routers - C • Windows

    / Linux OS updates - C • Core server (application) updates - C • And configuration management
  21. @ngalbreath #lascon2013 Development • Input Validation problems • Configuration problems

    • Logical Problems - more interesting • cryptographic • Language platform problems (PHP, Java, et al)
  22. @ngalbreath #lascon2013 Language • 99% of patches to language are

    in.. C. • You don't see core libraries for languages (in the end language) patched that often in CVE
  23. @ngalbreath #lascon2013 Reactive Summary • Patching and Deploying • Configuration

    Management • Broken applications • Dealing with C based infrastructure
  24. @ngalbreath #lascon2013 The Theory • Use windows 7+, • Keep

    at patch level • Patch Flash • Patch Reader • Patch Java (or remove) • == 99% of vulnerabilities stopped Trail of Bits - Exploit Intelligence Project http://www.trailofbits.com/research/
  25. @ngalbreath #lascon2013 What can we learn from the hardest apps

    to deploy? Mobile and Desktop Apps and OS
  26. @ngalbreath #lascon2013 Key Points • Note it's not 100% instantly..

    there is time to correct for bad releases. • Releases every 4-6 weeks. • Only two version "live" at anytime • Old versions rapidly drop to under 3% of total. • What's going with that 3%?
  27. @ngalbreath #lascon2013 Android Key Points • Releases every 6+ months

    • At least 3 major versions active at any point in time. • Not in control of release process • Slow adoption • It's only this good since people buy new phones.
  28. @ngalbreath #lascon2013 Android Solution? • Remove everything from the OS,

    and make applications independent, that also self-update automatically.
  29. @ngalbreath #lascon2013 Apple and IOS • Just moved to having

    applications auto- update themselves. • Desktop is lagging behind although you can see the start of an "app store" model there.
  30. @ngalbreath #lascon2013 Wordpress • WordPress 3.7 introduces automatic background updates

    for security and minor releases (like updating from 3.7 to 3.7.1). http://wordpress.org/news/2013/10/ wordpress-3-7-release-candidate/
  31. @ngalbreath #lascon2013 Conclusion? • You can release faster • You

    can release safely • It's a competitive advantage • It makes things more secure
  32. @ngalbreath #lascon2013 Desktop Deployment • With all the containerization /

    VM technology, surely we can do something to speed patching and deployment. • Why does only one version need to be installed? • Can we make it so it's easier to roll back or undo? • Can we get feedback faster from our users if something isn't working?
  33. @ngalbreath #lascon2013 SSL/TLS OMG • Somehow it's turned into a

    science project. • Lots of bad information on the web. • security • performance • compatibility
  34. @ngalbreath #lascon2013 But Being Smart Won't Save You • True

    story • I had custom version of nginx+openssl running • I updated the os ('apt-get' or yum) • over-wrote custom version • My cipher suite changed.. silently.
  35. @ngalbreath #lascon2013 How can we make it safe to configure

    a server and keep it secure? ex: no warning when SSLv2 is enabled
  36. @ngalbreath #lascon2013 Ruby BrakeMan • Static analysis on commit or

    in real- time. • Sends email when it finds problems, and explains the fix • And sends positive mail when you fix it • I don't know anything about Ruby or RoR (I'm the dumbest guy), but with BrakeMan I'm not going to make rookie mistakes.
  37. @ngalbreath #lascon2013 If we can do it for Ruby, I'm

    pretty sure we can do it for apache.conf
  38. @ngalbreath #lascon2013 What happened when Google visited this site? Of

    the 1513 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-10-23, and the last time suspicious content was found on this site was on 2013-10-23. Malicious software includes 4 trojan(s). "1*GPS 3FTFBSDI
  39. @ngalbreath #lascon2013 PHP 5.5 Password Hashing Password Hashing Functions Table

    of Contents • password_get_info — Returns information about the given hash • password_hash — Creates a password hash • password_needs_rehash — Checks if the given hash matches the given options • password_verify — Verifies that a password matches a hash (SFBU "1*GPS FWFSZPOF
  40. @ngalbreath #lascon2013 How does this PHP API compare to @manicode's

    best practices? Do Business Level APIs exist for your platform?
  41. @ngalbreath #lascon2013 PRNG • By default, every language provides a

    non- cryptographic, insecure PRNG • Leftover from the 1980s and physics simulations and old computer science problems. • Scripting languages unfortunately copied this model. • And so, we get numerous applications using an insecure system for passwords, reset codes, and worse.
  42. @ngalbreath #lascon2013 Meanwhile a Secure Random is hidden • Every

    OS provides an API for this. • PHP even provides 2 or 3 different ways of doing this making it more confusing. • Since the Toy Randoms aren't random enough, people set seeds. random_set_seed(1); include "poisonedfile.php"
  43. @ngalbreath #lascon2013 If you need to do physics... • You'll

    likely link in another library anyways. • You are probably linking in a million other libraries anyways. • You have requirements that probably aren't going to be met by the default PRNG anyways.
  44. @ngalbreath #lascon2013 For toy applications • You demands aren't very

    high • Perfectly ok to use a secure random • For webapps, if they use a PRNG at all, most will use it only for a few numbers. • Not a performance problem
  45. @ngalbreath #lascon2013 And if it's too slow • A Secure

    PRNG will be "slower" • So write your own if it's a problem. • A decent high speed PRNG can be written in a few lines of code if need be. • Every language makes data structure tradeoffs • Why should PRNG be different?
  46. @ngalbreath #lascon2013 What is it? • Small C library to

    detect SQLi in user input. • Really fast • Low false positives • Testable • https://libinjection.client9.com/ But why I did write this in C?
  47. @ngalbreath #lascon2013 Why C? • Lowest Common Denominator • Be

    able to quickly integrate into other C infrastructure, including hardware. • Eliminate any performance issue that might be an excuse for not using it. • SWIG-generating bindings exist for PHP, Python, Lua • Or use ctypes or libffi • Let's write one for Ruby at this con!
  48. @ngalbreath #lascon2013 Hints of the Future • Javascript JITs /

    node.js showing competitive performance • C to LLVM to javascript (??) • PyPy: write a language in RPython and it creates a JIT (whoa) • http://cython.org restricted subset of python that compiles directly to C
  49. @ngalbreath #lascon2013 And replacing C bindings for scripting languages •

    lua CFFI - • Now in python lib.cffi • extra C code (either manually written or autogenerated) removed. • Allows for optimization for near native C performance
  50. @ngalbreath #lascon2013 It's us! • We know configuration management is

    a problem • We know patching and deploying is a problem • We know developers aren't experts in security • We know developers make mistakes • We know C, while essential, is fragile
  51. @ngalbreath #lascon2013 But I don't see much work in these

    areas. Offense and Blocking Technologies Dominate
  52. @ngalbreath #lascon2013 Open Source • Zillions of open source projects

    • Most do not have any "dedicated" security ... uhh.. security anything. • Get in the process.
  53. @ngalbreath #lascon2013 Powerful • writing fuzzers • compiling with different

    flags • finding test cases • writing test cases • in the development process
  54. @ngalbreath #lascon2013 libinjection • This summer, facilitated by the modsecurity

    Team, I worked with • Roberto Salgado @LightOS of http://www.websec.ca • Custom analysis and fuzzing of libinjection • Embarrassing me daily with new exploits. • This provided rapid acceleration of the quality. • Also checkout his SQLi cheat sheet: websec.ca/kb/sql_injection
  55. @ngalbreath #lascon2013 Certificate Transparency • Finding certificates that explode the

    parsing code. • Adding test cases • Decoding new exciting ISO time formats.