Think your wireless encryption is secure? [updated]

$17/ 20 min to crack WPA, the current standard for wireless encryption, and WEP is so weak you don’t even need a distributed cracker.

Just thought I’d share this reminder with you that for sending anything sensitive over wireless, always make sure you’re connecting to secure services using application level encryption (SSH, SSL, TLS, etc) in addition to the weaker wireless encryption.

Some older services and applications may want you to transmit sensitive data unencrypted and not support encryption natively.  If for some reason you have to work with one of these applications, you can secure the TCP connection using an SSH tunnel.

SSH (Secure Shell) tunnels can be used to secure any service as long as the client can connect to a Secure Shell on the remote network.

I recently wrote a shell script to automatically tunnel an insecure VNC remote desktop connection through SSH, and launch my remote desktop viewer, which then connects locally to the SSH tunnel instead of directly to the remote VNC service.

My local SSH client establishes the secure tunnel to the remote SSH server (residing somewhere on the application server’s side of the Internet, or on the app server itself).  The remote SSH server then forwards the insecure traffic to the proper remote TCP port- SMTP, POP3, FTP, Telnet, or whatever insecure service you want to use.

Thus the data connection is entirely encrypted, and this is transparent to the application so no plugins are required. Simply create the SSH tunnel, connect your application to localhost instead of the remote host, and SSH routes the traffic securely thru the tunnel.

To create an SSH tunnel in a Unix shell script (my VNC example here) you would do something like:

ssh -fgCN -i $identity -L 5902:$tunnelhost:5900 $rmtuser@$tunnelhost &

Where $identity is the public key identity file (generally ~/.ssh/id_dsa), $tunnelhost is the remote SSH server, and $rmtuser is the remote username.  5902 is the local port to connect to and 5900 is the remote service port.

The & forks it into the background and, then you can then connect your VNC client to TCP port 5902 on localhost.

This is an incredibly powerful tool to protect your privacy.  Research “SSH tunneling” if you’re interested in learning more.

SSH is a network terminal server system like Telnet, except with encryption options, public key login, tunneling, and other fun stuff.  This is just scratching the surface of what can be done with it.

Preserve Internet Freedom: Oppose Cybersecurity Legislation & Presidential Kill-switch

John Birch Society

“To amend the Homeland Security Act of 2002 and other laws to enhance the security and resiliency of the cyber and communications infrastructure of the United States.”  These are the words used to describe the latest cybersecurity bill, S. 3480 “Protecting Cyberspace as a National Asset Act of 2010,” introduced on June 10 and cosponsored by Senators Susan Collins (R-Maine), Joe Lieberman (I-Conn.) and Tom Carper (D-Del.)

Not content with establishing a gigantic framework for the federal government to control private sector Internet companies and those who use the World Wide Web, the new legislation, under the cosponsors’ claims of building a “public/private partnership” to increase “economic security, national security and public safety,” there is a most disturbing allocation of authority to the Executive Branch.

Emergency response authority would be granted to the President to protect critical infrastructure if any level of cyber vulnerability is detected by the federal government. Congress is supposed to be notified in advance of the exercise of the emergency powers and any emergency measures are also supposed to be the least disruptive as possible, expiring in 30 days unless re-extended. But a President could keep extending the measures indefinitely.

There are several acknowledgements given to international partners of the United States, and international agreements as well. If a declaration of emergency is declared by the President, then the Director of the Office of Cyber Security has the authority to coordinate responses with certain international partners to protect the critical infrastructure, and even international standards may be relied upon for use as cyber guidelines.

The 197-page bill that creates a super-sized bureaucratic agency with incredible power over private enterprise and private information sources and means of communication containing all sorts of hidden dictates is just another in a list of similar bills that keeps coming to the fore. The Senate Commerce Committee had previously approved a bill in March cosponsored by Sen. Jay Rockefeller (D-W. Va.) and Sen. Olympia Snowe (R-Maine.) that also contained a presidential “kill-switch” provision.

Whether it’s S. 3480, the Lieberman/Collins/Carper caper that gets the nod, or the Rockefeller/Snowe job, S. 773, the American people need to loudly and strongly voice their opposition to government monitoring and control of this country’s Information Technology systems and the infrastructure these systems run on.

The U.S. already possesses a very healthy and capable private IT security industry. Government interference would only destroy private protection initiatives and efforts, and allow faulty security and intelligence agencies and the Executive Branch to hold sway over the liberties of the people. Help stop this unconstitutional power grab and oppose any government intervention or interference in the private communications network by contacting your representatives in Washington D.C. as soon as possible.

Thank you,

Your friends at the John Birch Society

Defense Industry and Former High Level Spooks Plan Cyber-Attack Drill

The Bipartisan Policy Center has assembled a crack team of political ne’er-do-wells, script writers and production crew to stage a cyber attack drill today, dubbed “Cyber ShockWave.”

The event will take place in a mock White House Situation Room at the Washington DC Mandarin Oriental Hotel. Participants will presumably pretend to counter DDOS or hacking attacks, advising the president on what unilateral action he should take.

“… created by former CIA Director General Michael Hayden and the BPC’s National Security Preparedness Group, led by the co-chairs of the 9/11 Commission, Governor Thomas Kean and Congressman Lee Hamilton …”

If nothing else, this serves to drum up fear and reinforce the notion that the Feds need control over the internet.  Nevermind that private industry already does a pretty good job of handling its own network security.  We need the president and his gaggle of political non-experts to step in and command everything from the white house.

As we’ve seen in the past, what constitutes an emergency in the eyes of the federal government is not always what one might expect.

Seasoned veterans in whitewashing false flag terror, Governor Thomas Kean and Critter Lee Hamilton (9/11 Commission), along with former heads of intelligence including Michael Chertoff (DHS Domestic Gestapo) and Thomas Hayden (CIA Drug Cartel) will be directing the production.  It’s great to know we have patriots like these looking after our ‘tubes.

What could possibly go wrong?

GSM Encryption Has Been Cracked

December 30th, 2009
Cryptogon

The analog mobile phone systems from the 1980s sent conversations flying around, totally in the clear. Anyone with decent scanner used to be able to listen to the calls. Now, with a bit of open source software and some inexpensive hardware, in a way, it’s back to the future.

Keep in mind, however, that this has always been “cracked” for law enforcement and intelligence agencies. The encryption only kept GSM calls private from teenagers and the dudes with long beards who wear dirty black T-shirts and sit in their vans with their radio equipment and antennas. HA. This could bring on a new golden age for the scanheads.

Start counting the hours or days until “interesting” phone conversations start appearing in the internets.

Via: Daily Tech:

For 21 years, the same encryption algorithm, A5/1, has been employed to protect the privacy of calls under the Global Systems for Mobile communications (GSM) standard. With the GSM standard encompassing 80 percent of calls worldwide (AT&T and T-Mobile use it within the U.S.) — far more than the leading rival standard CDMA — this could certainly be considered a pretty good run. However, someone has finally deciphered and published a complete analysis of the standard’s encryption techniques in an effort to expose their weaknesses and prompt improvement.

Karsten Nohl, a 28-year-old German native, reportedly cracked the code and has published his findings to the computer and electronics hacking community. Mr. Nohl, who cites a strong interest in protecting the privacy of citizens against snooping from any party, says that his work showcases the outdated algorithms’ flaws.

At the Chaos Communication Congress, a four-day conference of computer hackers that runs through Wednesday in Berlin, he revealed his accomplishments. He describes, “This shows that existing GSM security is inadequate. We are trying to push operators to adopt better security measures for mobile phone calls.”

The GSM Association, the London-based group that developed the standard and represents wireless companies, was quick to blast the publication calling Mr. Nohl’s actions illegal and counterintuitive to the desire to protect the privacy of mobile phone calls. However, they insist that the publication in no way threatens the standard’s security.

Claire Cranton, an association spokeswoman, confirmed that Mr. Nohl was the first to break the code, commenting, “[Security threats from the publication of this standard are] theoretically possible but practically unlikely. What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.”

Mr. Nohl attended college in the U.S. and received a PhD in computer engineering from the University of Virginia. Via a similar publication, he managed to convince the DECT Forum, a separate standards group based in Bern, to upgrade its own security algorithm, improving the protection to the standard’s 800 million customers in the process.

And while the trade group is only on yellow alert, some security experts disagree with the group’s threat analysis, as well, saying the threat could be far more serious. One expert suggested that calls may soon need to be scanned for malicious activity, much as an antivirus scanner works on a computer.

Stan Schatt, a vice president for health care and security at the technology market researcher ABI Research in New York, opines, “Organizations must now take this threat seriously and assume that within six months their organizations will be at risk unless they have adequate measures in place to secure their mobile phone calls.”

The process of cracking the algorithm involved the help of 24 members of the Chaos Computer Club in Berlin, who helped generate the random combinations needed to try and reproduce the standard’s code book, so to speak. The vast log of binary combinations forms the basis of the A5/1 encryption — and how to undo it. And it’s now on torrents worldwide.

Despite that, Mr. Nohl insists that his actions aren’t illegal. He says he took great precautions to make sure his work was kept purely academic, in the public domain, and that it was not used to crack any actual digital telephone calls. He states, “We are not recommending people use this information to break the law. What we are doing is trying to goad the world’s wireless operators to use better security.”

A5/1 is a 64-bit security algorithm. Despite this particular algorithm’s run, 64-bit encryption is considered weaker by today’s standards. Today 128-bit algorithms are considered to be strong enough to protect most data. The GSM Association has devised a 128-bit successor to A5/1, dubbed A5/3, but it has failed to push the standard out across much of the industry.

The Association claims that there’s little danger of calls being intercepted as hackers would have to pick one call stream out of thousands at a cell phone tower. They say that this would take prohibitively expensive sophisticated equipment and software. Security experts disagree with this assessment — including Mr. Nohl who pointed out that there was a wealth of open source software and cheap equipment to accomplish exactly those sort of objectives.

Simon Bransfield-Garth, the chief executive of Cellcrypt, a company based in London that sells software, agrees, saying that the publications opens call interception to “any reasonable well-funded criminal organization”. He adds, “This will reduce the time to break a GSM call from weeks to hours. We expect as this further develops it will be reduced to minutes.”

Why is that a big deal? Over 3.5 billion people use GSM worldwide, including 299 million in North America.