Hey! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

# Sécuday @ Lille on January 16th

## posted December 2014

SECURITY DAY will take place at the University of Lille 1, in France, on January 16th. People from Quarkslab (where I almost did my internship), ANSSI, Microsoft, ... will give talks. There is even one of my classmate Jonathan Salwan.

I'm trying to find a way to get there, so if you want to buy me a beer this might be the right place :D

comment on this story

# This blog now has a rss feed

## posted December 2014

As requested, I added a rss feed to this blog. It's available here in markdown, and here in html, choose whichever suits you best.

1 comment

# OneRNG

## posted December 2014

I like how people make an extreme effort to create "sure" source of random numbers.

OneRNG has released a new usb source. Everything is opensource (open hardware, open software), you can even create your own by following instructions on their websites.

OneRNG collects entropy from an avalanche diode circuit, and from a channel-hopping RF receiver. It even has a “tinfoil hat” to prevent RF interference — you can remove the hat in order to visually verify the components being used.

Now I'm wondering who is using that and for what

comment on this story

# Awesome nmap cheatsheet

## posted December 2014

High on Coffee has released a cheatsheet on nmap. Full of examples and tips. You can find it here

EDIT: There are also Linux Commands for Penetration Testers there. The blog seems pretty new and it already has really good content :)

comment on this story

# Git client vulnerability

## posted December 2014

A new vulnerability has been discovered on the git client. See Github's announcement

Repositories hosted on github.com cannot contain any of the malicious trees that trigger the vulnerability because we now verify and block these trees on push.

The official announcement and the updated and fixed version of git is here.

We used to allow committing a path ".Git/config" with Git that is running on a case sensitive filesystem, but an attempt to check out such a path with Git that runs on a case insensitive filesystem would have clobbered ".git/config", which is definitely not what the user would have expected. Git now prevents you from tracking a path with ".Git" (in any case combination) as a path component.

Git maintains various meta-information for its repository in files in .git/ directory located at the root of the working tree. The system does not allow a file in that directory (e.g. .git/config) to be committed in the history of the project, or checked out to the working tree from the project. Otherwise, an unsuspecting user can run git pull from an innocuous-looking-but-malicious repository and have the meta-information in her repository overwritten, or executable hooks installed by the owner of that repository she pulled from (i.e. an attacker).

comment on this story

## posted December 2014

Josip Franjković found a vulnerability in one of the file uploader of facebook.

He described what he did here

basically he uploaded a zipped file of a symbolic link to /etc/passwd

ln -s /etc/passwd link
zip --symlinks test.zip link

And since uploaders are always a mess to secure. Facebook just replied displaying the content of what he thought was the unzipped resume.

comment on this story

# Bruce Schneier

## posted December 2014

Schneier just gave a talk on security at Qcon in San Francisco. It was recorded and you can watch that here.

It's a high level talk that brings a lot of interesting points, like how much do we trust our devices, how companies are often doing very bad things in term of security, ...

The psychologist he's talking about is Daniel Kahneman, who won the nobel prize in economics for his work on Prospect Theory.

Prospect theory is a behavioral economic theory that describes the way people choose between probabilistic alternatives that involve risk, where the probabilities of outcomes are known. The theory states that people make decisions based on the potential value of losses and gains rather than the final outcome, and that people evaluate these losses and gains using certain heuristics.

comment on this story

# What might have been going on at Mtgox

## posted December 2014

I ran into an old post from nullc (Greg Maxwell one of the core Bitcoin developer) and it's interesting how small details might have been the fall of Mtgox.

First. You can't spend bitcoins you just mined.

Freshly generated Bitcoins (from mining) can not be spend until they are at least 100 blocks deep in the blockchain. This prevents the funds from vanishing forever if the chain reorgs.

The term "blockchain reorganization" is used to refer to the situation where a client discovers a new difficultywise-longest well-formed blockchain which excludes one or more blocks that the client previously thought were part of the difficultywise-longest well-formed blockchain. These excluded blocks become orphans.
Chain reorganization is a client-local phenomenon; the entire bitcoin network doesn't "reorganize" simultaneously.

see orphan block.

An orphan block is a well-formed block which is no longer part of the difficultywise-longest well-formed blockchain.
The block reward in an orphaned block is no longer spendable on the difficultywise-longest well-formed blockchain; therefore whoever mined that block does not actually get the reward (or the transaction fees). This phenomenon must be taken into account by mining pools that use any payout strategy other than "proportional".

And here is a misunderstand of the padding of ECDSA (Elliptic Curve version of the Signature Scheme DSA) that might have be the problem:

This issue arises from several sources, one of them being OpenSSL's willingness to accept and make sense of signatures with invalid encodings. A normal ECDSA signature encodes two large integers, the encoding isn't constant length— if there are leading zeros you are supposed to drop them.
It's easy to write software that assumes the signature will be a constant length and then leave extra leading zeros in them.

comment on this story

# Transform your messages into spam!

## posted December 2014

When you encrypt your mail through PGP or GPG it's great. But people can tell you're sending an important email. What if you could encrypt your message to something innocent? This is what spammimic does. It transforms your message into a spam message so no one can guess it's a legit message! This idea is so neat.

There is tons of spam flying around the Internet. Most people can't delete it fast enough. It's virtually invisible. This site gives you access to a program that will encrypt a short message into spam. Basically, the sentences it outputs vary depending on the message you are encoding. Real spam is so stupidly written it's sometimes hard to tell the machine written spam from the genuine article.

The encrypted messages look like that:

Dear Friend ; Thank-you for your interest in our publication
. If you no longer wish to receive our publications
simply reply with a Subject: of "REMOVE" and you will
immediately be removed from our club ! This mail is
being sent in compliance with Senate bill 1626 ; Title
3 , Section 308 . THIS IS NOT MULTI-LEVEL MARKETING
. Why work for somebody else when you can become rich
as few as 10 WEEKS ! Have you ever noticed more people
than ever are surfing the web plus nearly every commercial
on television has a .com on in it ! Well, now is your
your orders within seconds and deliver goods right
to the customer's doorstep ! You are guaranteed to
succeed because we take all the risk . But don't believe
us ! Prof Simpson who resides in Illinois tried us
and says "Now I'm rich, Rich, RICH" . This offer is
100% legal ! We BESEECH you - act now . Sign up a friend
and you'll get a discount of 20% . God Bless ! Dear
Friend , Especially for you - this amazing news ! We
will comply with all removal requests . This mail is
being sent in compliance with Senate bill 1618 ; Title
2 , Section 301 . This is not multi-level marketing
! Why work for somebody else when you can become rich
in 58 weeks ! Have you ever noticed people will do
almost anything to avoid mailing their bills plus most
everyone has a cellphone ! Well, now is your chance
and increase customer response by 170% ! You are guaranteed
to succeed because we take all the risk . But don't
believe us . Mr Jones of Georgia tried us and says
"Now I'm rich many more things are possible" ! This
offer is 100% legal ! So make yourself rich now by
get a discount of 60% . Best regards !
comment on this story

# Hacking PayPal Accounts with one click

## posted December 2014

An interesting 0day on paypal was discolsed by Yasser Ali.

We have found out that an Attacker can obtain the CSRF Auth which can be valid for ALL users, by intercepting the POST request from a page that provide an Auth Token before the Logging-in process, check this page for the magical CSRF Auth “https://www.paypal.com/eg/cgi-bin/webscr?cmd=_send-money”. At this point the attacker Can CSRF “almost” any request on behave of this user.

source

A CSRF attacks (Cross-Site Request Forgery) happens when you can send a link to someone (or embed it into an iframe on your website) and it makes the user do something on a particular website (like paypal) that he didn't intend to do. Or as the name of the attack says, it makes him send a request you forged from outside the website. A CSRF token is used to cancel this attack. It's usually a random value that is send along the request and verified server side. This value is difficult to predict and thus you usually can't forge it along the request.

comment on this story

## posted December 2014

Google is introducing a new Captcha, instead of trying to read a distorted word and write it down (because robots have troubles reading distorted words) you will just have to click on one button. Google will analyze small cues that prove that you are not a robot (like the movement of the cursor before clicking on the button). Some of those cues will only happen when the mouse will hover the widget, as google is not in control of the entire document when used outside of google's domain.

someone on hackernews:

It's definitely not only relying on cursor movements. A simple \$('iframe').contents().find('.recaptcha-checkbox-checkmark').click() proved that I'm not a robot, without me touching the mouse.

comment on this story

# Hack.Summit()

## posted December 2014

I'm overwhelmed with interviews those last days. I just spent more than 8 hours on one (remote location, late trains, low battery, no keys... long story).

And like this is not enough, Hack Summit just started

Right now Ed Roman is introducing the hack.summit(). talking about a lot of good stuff and giving some book recommendations.

EDIT: Some notes on what he just said:

• pair coding (when you code and someone is watching, or the inverse)
• remove distractions (mail, phone...)
• pretend to talk and explain what you're doing/coding (close to my theory about writing down stuff to organize your thoughts, and pretend to write stuff on the table with your fingers to memorize it)
• iterate quickly, fail quickly and often.
• use git, use the command line...

Now Scott Hanselman is talking but I have to go to the Champs Elysées drink some Glühwein at the Marché de noël some pardon me ;)

Now Tom Chi

comment on this story

# Retiring Crypt

## posted November 2014

Crypt, already omitted by most linux distributions, is being retired as well by OpenBSD: http://www.tedunangst.com/flak/post/retiring-crypt

The crypt function is a unix classic. Unfortunately, its age is showing. It’s an interface from another time, out of place on modern systems, and it’s time for OpenBSD to move on.

comment on this story

# Launching in 2015: A Certificate Authority to Encrypt the Entire Web

## posted November 2014

It was already pretty amazing when Cloudflare introduced Universal SSL (and this blog uses cloudflare ssl by the way).

Today the EFF has launched Let's Encrypt that aims to simplify the setup of SSL. They claim it takes 20-30 seconds to deploy SSL to your server. And this for free.

comment on this story