It is available here.
In this issue, you will find an interview of Ari TAKANEN. He is the CTO of Codenomicon, a compay which is specialized in fuzzing-based tests. A good insight in Fuzzing.
This issue is more network oriented with the analysis of some XSS vulenrabilities, a new method of TCP connection that brings its vulnerabilities and of course Hole196 the latest weakness in WPA2.
I hope you’ll enjoy it and don’t hesitate to comment.
It did not took long for the hacking/hobbyist community to reverse engineer the API with Microsoft’s Kinect. Kinect device is the new gizmo for Xbox which uses the body as an input device.
Adafruit, a US company, offered a $3,000 bounty to the first developer who would provide a library to connect to the Kinect. Hector Martin is the winner. His library gives access the RGB data from the camera together with the depth map.
The first person who reported to be able to connect to Kinect was alexP from NUI. Nevertheless, he did not publish his drivers. He works with the open source group Natural User Interface (NUI). At the contrary,Hector Martin has published them as open source under the name LibFreenect. Meanwhile, Theo Watson has adapted this library to work on Mac OS X.
The initial reaction of Microsoft to Adafruit’s challenge was to threaten of legal suite in case of hacking.
With Kinect, Microsoft built in numerous hardware and software safeguards designed to reduce the chances of product tampering. Microsoft will continue to make advances in these types of safeguards and work closely with law enforcement and product safety groups to keep Kinect tamper-resistant
Microsoft has smoothened its position. It does not claim that this library is a hack (which stricto senso may be true).
Kinect for Xbox 360 has not been hacked–in any way–as the software and hardware that are part of Kinect for Xbox 360 have not been modified. What has happened is someone has created drivers that allow other devices to interface with the Kinect for Xbox 360. The creation of these drivers, and the use of Kinect for Xbox 360 with other devices, is unsupported. We strongly encourage customers to use Kinect for Xbox 360 with their Xbox 360 to get the best experience possible
The position of Microsoft is very smart. In no way does this library harm Microsoft business. Soon, hobbyists will use the Kinect and create most probably applications extending further than game. They may even come with some ideas that Microsoft’s engineers will be able to exploit. This may be even good advertisement for Kinect.
It reminds the use of Sony’s PS3 in fields unrelated to games. See security Newsletter #9.
Another winner is Adafruit, for $5,000, they made the headlines worldwide! and with the role of good guys!! That is cheap. 
Bertrand Monnet and Philippe Véry published a book entitled “Les nouveaux pirates de l’entreprise: Mafias et terrorisme“, i.e. “The new pirates of the enterprise: Mafia and terrorism”.
They clearly highlight the new risks that a company may face in front of organized crime and terrorist organizations. Organized crime is like the enterprise, it looks to maximize its revenue. The difference is that it does not care about regulation and ethics. Thus, they are in competition with legitimate business (parasitism, extortion, counterfeiting, direct investment…) Terrorist organizations look for means to finance their activities. The enterprise and its collaborators are nice targets. Many conclusions are similar to the one issued by the RAND see “Film Piracy, Organized crime and Terrorism“.
The bibliography is frustrating because not very precise. Of course, in this field, there are not a lot of available public data.
The conclusion of the authors is that every body in the enterprise should be concerned by these risks. According to me, the most important recommendation is that the Chief Security Officer (CSO) should be both security aware and BUSINESS aware. To cope with this type of risks, many decisions may have deep business implications.
As you may have guessed, the book is in French. For French readers, a point of vocabulary 🙂
J’ai découvert que je confondais depuis des années sécurité et sûreté. La sûreté s’applique à la protection contre des actions malveillantes. Étais je le seul dans l’erreur ?
Quantum cryptography is a strange beast. The first commercial solutions, for instance by Quantique ID, are already available. And they are already hacked. Researchers of the Norge Quantum Hacking group have succeed to succesfully eavesdrop communications.
Of course, the vulnerability was not in the concept of quantum cryptography itself but on some technological loopholes. As usually, weakness comes from implementation. They present a nice gallery of pictures illustrating the material and the methods used by the exploit.
It is not the first exploit of this team. See Cracked Quantum Cryptography?
Gaurav AGGARWAL, Elie BURZSTEIN, Collin JACKSON and Dan BONEH published an analysis of the private browsing mode in Internet Explorer, 8, Firefox 3.5, Safari 4, and Chrome 5.
What is private browsing mode? According to Mozilla:
Firefox 3.5 and later provide “Private Browsing,” which allows you to browse the Internet without Firefox saving any data about which sites and pages you have visited.
According to the researchers, all four browsers failed. Don’t panic!
The researchers provided a very drastic definition of private browsing that extends further than Mozilla’s one. For instance, they define four types of persistent state changes:
All browsers do a decent job for the first category. Nevertheless, they are less well-performing for the other categories. For instance, all the four browsers retain a SSL certificate generated while in private browsing mode. The certificate will leak the site address.
Most of the people are only concerned with the first category. Thus, they are safe. More paranoid people should study their browser and act correspondingly.
Interestingly, the paper proposed three goals versus a web attacker:
They also highlighted an under evaluated risk. Although the browser supports a private mode, it does not mean that the plug-ins act also in private mode. In other words, while the browser is in private mode, your addons may still leak information :Happy:
The 9th ACM Workshop on Digital Rights Management was held in Chicago on October 4, 2010. The conference was sponsored by Microsoft and Technicolor.
Following is a short highlights of my preferred papers:
The link with traitor tracing was dim. The conclusion was that traitor tracing is possible if and only if sanitizing is hard. The not surprising conclusion is that traitor tracing and privacy are contradictory.
I presented a paper, co-authored with ROBERT Arnaud (Disney) about Interoperable Digital Rights Locker.
The full program is available here.
Team Elite, a team of white hackers, disclosed last week Cross Site Scripting (XSS) vulnerabilities on the sites of three antivirus vendors: Symantec, ESET, and Panda Security. All three vendors promptly closed the vulnerabilities. The mere fact that the sites of security specialists host such well-known vulnerabilities highlights the difficult to create a clean secure software/site.
XSS is probably one of the most spread (and faster growing) vulnerability on the Web. The next issue of the security newsletter (#17, to be issued within a fortnight) will touch this issue of XSS. XSS is to Web sites what buffer overflow is to normal software: a well-known issue that nevertheless always appears.
The site of Team Elite is a nice repository of many vulnerabilities.