The Global Anti Piracy day

Posted on by
Reply

On 21st October, Microsoft launched an initiative called the global anti piracy day. The objective was to launch enforcement actions and education programs in 49 countries. See the Microsoft’s press release. This Global anti piracy day did not attract a lot of interest from media. Nevertheless, The Pirate Bay brought its “contribution” to this day. See Pirate Bay’s doodles.

More seriously, better awareness of the consequences and risks of counterfeiting and piracy is an important tool. It would be perhaps more interesting to have combined initiatives with many industries suffering piracy. It would be interesting to demonstrate the risks people take by using pirated, counterfeited goods (virus, fake devices, litigations, …) At the early day of CPTWG, the motto was “Keep honest people honest”. Increasing awareness is going in this direction.

SMS and spam

Posted on by
Reply

Yesterday, Luc CHATEL, the French minister of Industry and Consumption announced an initiative to stop spam on SMS. When receiving an alleged spammed SMS, user may forward it to a call center at number 33700.

How it will operate exactly is not extremely clear. The numerous comments from media described a simple method. When entering more in the details (see diagram ), the system is far more complex.
The number of the spam’s emitter will not be transferred with the first transfer. The user just receives an acknowledgment. OPTIONALLY, the user may forward the message a second time, at the same number 33700. Only then, the caller ID of the spam’s emitter will be transmitted. After the second “call”, the system starts to analyze and eventually trigger retaliation against the spammer.

An important information: the call to 33700 is not free. It costs the price of an SMS! When asked why this number was not free, the minister answered (interviewed by Jean Luc Hess on Radio Classique 22 October)that there were three potential entities that could pay for the service: the state, the telco operators, or the consumers. He preferred to put the burden on consumers. He considered it as a good citizen action.

This will simply not work, for at least two reasons:
– The two-step process is a non sense from usability point of view. How do you want the people to make a mental model of this system? Why should the user call twice the same number? I looked for a rationale. the best one I found was to restrict the number of starting analysis, thus reducing cost. Would each call trigger a human action, it would soon become too costly.
– Once more the economic incentives are not aligned. The person who suffers from the threat (spam) is also bearing the cost of the spotting. the entities that indirectly benefits from SMS spams, i.e. telco operators do not bear the cost of the countermeasures. Misaligned incentives generate failed security system.

33700 is probably a nice propaganda tool but will never be an efficient anti-spam tool. :Wink:

Homebrew: deeper and deeper

Posted on by
Reply

One of the most active hacking communities is the homebrew addict. They attempt to be able to run their own software, so called homebrew, on proprietary game consoles. And they are successful on many platforms: XBOX, Wii, iPhone, … Sony was smart when designing PS3. It allowed to run homebrew linux applications. This may perhaps explain the current resistant to hack. The homebrew community does not need to reverse engineer it.

To run their homebrews, they have to reverse engineer the system of the console. Although their aim is not to hack the games, they provide precious information to the game hacking community.

Latest exploit is for the Wii. Twizzer team is currently designing a hack, so called bootmii, that replaces Nintendo’s boot by their own boot. In other words, it will be the hacked boot that will control the console. Thus, it may come below the radar of Nintendo patches and upgrades.   🙁

They analyzed the chain of trusted boots and detected the first element of the chain that could be replaced (in this case boot2). And due to a bug that allows to illegally sign a piece of code, they replaced boot2 by bootMii. BootMii is not yet finalized. BootMii will be an extraordinary hacking tool for the Wii.

Nintendo may fix the signature bug. But it will only impact the future deployed products. The bug is in the non rewritable part of the deployed consoles.

Conclusion: Examine carefully your business model when eliminating howmebrew applications from the feature list.

Is WIFI still secure

Posted on by
Reply

This week, several news seemed to shake the basement of WIFI security. The first news was about WPA/WPA2 and the second one about WEP.

ElcomSoft is a company that designs tools to retrieve lost passwords. Their latest product adds two new features. First, it distributes the workload on distributed computers. Second, it may use NVidia Graphical Processing Unit (GPU) to gain a factor 20 in processing time compared to simple CPU. They announced a gain of 100 for cracking WPA/WPA2 passwords.

Of course, immediately the press has “reported” this exploit without often many insights. I have even seen some blogs reporting a gain of 10,000. The “exploit” of ElcomSoft is to use GPU and distributed computing. This is not new. Remember the use of several PS3 with cells to create collisions for SHA1 (See Security Newsletter #9). ElcomSoft still uses brute force against WPA/WPA2. Thus, good luck and a lot of patience.

The second news is that a Japanese researcher, Masakatsu MORII, who succeeded to crack WEP key in less than 1 second. He announced this exploit at CSS2008. The Japanese presentation is available at http://srv.prof-morii.net/~morii/image/CSS2008/CSS081010_WEP_slide.pdf (password WPE2008). We will have to wait some time to get an English version. It will be interesting to analyze the attack to see if it opens new methods to break keys. He drastically accelerated compared to the last exploit at 6 minutes. Nevertheless, WEP is considered for many years as too weak to protect Wifi. This is just nailing once more WEP’s coffin.

Was security of Wifi reduced this week? Clearly not with these announcements. The first one seems to be more a promotional trick to increase awareness of ElcomSoft. The second one hacks an already dead algorithm. By the way, check that you do not use WEP to protect your personal wireless network. I am sure you are already using WPA2

The economics of information security

Posted on by
Reply

Ross ANDERSON and Tyler MOORE wrote an interesting state of the art about economics of information security. Why does economics matter? The obvious answer is that it is about money. And money is one major driving factor of the software industry. This paper highlights a more compelling argument: many security failures come from unaligned incentives rather from bad design. For instance, I will suffer of the inadequacy of the Operating System to prevent a virus to crash my computer and not the OS’s editor (especially if it is in a dominant portion). Another example, the editor of a player reading AACS protected content does not suffer from the loss due to content piracy.

The survey explores many fields of information security and shows how economic analysis can help to understand failure or can strengthen security. For instance, to trigger network effect, it may be economically wise to lower security (at least security should not get in the way of potential customers) to become more attractive. Once the threshold passed, then too strong security can be a good way to lock in the market (second part of a good network effect). Another interesting topic is secure software development. It seems that should have few but extremely competent developers (in security) and have a lot of testers.

I am not fully aligned with the conclusions on DRM and Trusted Computing. But, here we may object that we do not have the same incentives :Happy: .

Definitively, a paper to read. Furthermore, taking into account economics in the design is probably a good thing. I will have to dive in game theory.

The paper is available here

Compliance rules?

Posted on by
Reply

HDCP strippers are devices that input an HDCP/HDMI signal and output a non-HDCP signal. Many such devices are available on the marker. I just went across a product called HDfury. It looks like a dongle with on one side a HDMI connector and on the other side a VGA-like connector. Gold plated connectors for the quality!

What I find interesting was the section dedicated on HDCP compliance in the product definition.

HDCP rules compliant: no end-user easy access to decrypted analog video.
Once screwed, this module becomes “a part of the display itself”.
The HDfury module is DIRECTLY screwed to the back of the RGB display (where SUB-D15 VGA port stand).

What about screwing it on a video acquisition card? I am not sure that the lawyers who drafted HDCP compliance and robustness rules did expect this understanding of their rules. The no easy access to analog video was for internal video. If I remember well the compliance rules, the analog output should be both resolution downsized (not 1080p) and also copy protected.

Nevertheless, they at least addressed the problem. To make the consumers feel happy? or to calm lawyers? :Wink:

Michael Moore, rights and P2P

Posted on by
Reply

Michael Moore, the brilliant provocative essayist, wanted to provide for free his latest documentary “Slacker Uprising.” Thus, he offered it on the Net at http://www.slackeruprising.com/. Unfortunately, the download does only work for US and Canadian citizens. Michael Moore does only hold rights for US Canada, but not for the rest of the world.

Without surprise, soon “Slacker Uprising” was available on P2P sites. Rumors claimed that the leakage was perhaps not unintentional. In a recent interview for TorrentFreak, he seems to confirm the rumors. In any case, Michael Moore is happy of these torrents.

This is not a surprise. If your objective is to denounce a problem (as claimed by Michael Moore), then your goal is to get the largest audience possible (and not to make the largest earning possible). Then P2P is a channel of distribution that you must not avoid. P2P offers both a large audience and a defense against censorship.

Would Emile Zola have made a video version of his famous “J’accuse” and distributed over YouTube and BitTorrent?