david wong

Hey! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

Sécuday @ Lille on January 16th

posted December 2014


SECURITY DAY will take place at the University of Lille 1, in France, on January 16th. People from Quarkslab (where I almost did my internship), ANSSI, Microsoft, ... will give talks. There is even one of my classmate Jonathan Salwan.

I'm trying to find a way to get there, so if you want to buy me a beer this might be the right place :D

comment on this story


posted December 2014

I like how people make an extreme effort to create "sure" source of random numbers.

OneRNG has released a new usb source. Everything is opensource (open hardware, open software), you can even create your own by following instructions on their websites.

OneRNG collects entropy from an avalanche diode circuit, and from a channel-hopping RF receiver. It even has a “tinfoil hat” to prevent RF interference — you can remove the hat in order to visually verify the components being used.

Now I'm wondering who is using that and for what

comment on this story

Git client vulnerability

posted December 2014

A new vulnerability has been discovered on the git client. See Github's announcement

Repositories hosted on github.com cannot contain any of the malicious trees that trigger the vulnerability because we now verify and block these trees on push.

The official announcement and the updated and fixed version of git is here.

We used to allow committing a path ".Git/config" with Git that is running on a case sensitive filesystem, but an attempt to check out such a path with Git that runs on a case insensitive filesystem would have clobbered ".git/config", which is definitely not what the user would have expected. Git now prevents you from tracking a path with ".Git" (in any case combination) as a path component.

More information about the vulnerability here

Git maintains various meta-information for its repository in files in .git/ directory located at the root of the working tree. The system does not allow a file in that directory (e.g. .git/config) to be committed in the history of the project, or checked out to the working tree from the project. Otherwise, an unsuspecting user can run git pull from an innocuous-looking-but-malicious repository and have the meta-information in her repository overwritten, or executable hooks installed by the owner of that repository she pulled from (i.e. an attacker).

comment on this story

Bruce Schneier

posted December 2014

Schneier just gave a talk on security at Qcon in San Francisco. It was recorded and you can watch that here.

It's a high level talk that brings a lot of interesting points, like how much do we trust our devices, how companies are often doing very bad things in term of security, ...

The psychologist he's talking about is Daniel Kahneman, who won the nobel prize in economics for his work on Prospect Theory.

Prospect theory is a behavioral economic theory that describes the way people choose between probabilistic alternatives that involve risk, where the probabilities of outcomes are known. The theory states that people make decisions based on the potential value of losses and gains rather than the final outcome, and that people evaluate these losses and gains using certain heuristics.

comment on this story

What might have been going on at Mtgox

posted December 2014

I ran into an old post from nullc (Greg Maxwell one of the core Bitcoin developer) and it's interesting how small details might have been the fall of Mtgox.

First. You can't spend bitcoins you just mined.

Freshly generated Bitcoins (from mining) can not be spend until they are at least 100 blocks deep in the blockchain. This prevents the funds from vanishing forever if the chain reorgs.

see chain reorganization.

The term "blockchain reorganization" is used to refer to the situation where a client discovers a new difficultywise-longest well-formed blockchain which excludes one or more blocks that the client previously thought were part of the difficultywise-longest well-formed blockchain. These excluded blocks become orphans.
Chain reorganization is a client-local phenomenon; the entire bitcoin network doesn't "reorganize" simultaneously.

see orphan block.

An orphan block is a well-formed block which is no longer part of the difficultywise-longest well-formed blockchain.
The block reward in an orphaned block is no longer spendable on the difficultywise-longest well-formed blockchain; therefore whoever mined that block does not actually get the reward (or the transaction fees). This phenomenon must be taken into account by mining pools that use any payout strategy other than "proportional".

And here is a misunderstand of the padding of ECDSA (Elliptic Curve version of the Signature Scheme DSA) that might have be the problem:

This issue arises from several sources, one of them being OpenSSL's willingness to accept and make sense of signatures with invalid encodings. A normal ECDSA signature encodes two large integers, the encoding isn't constant length— if there are leading zeros you are supposed to drop them.
It's easy to write software that assumes the signature will be a constant length and then leave extra leading zeros in them.

comment on this story

Transform your messages into spam!

posted December 2014

When you encrypt your mail through PGP or GPG it's great. But people can tell you're sending an important email. What if you could encrypt your message to something innocent? This is what spammimic does. It transforms your message into a spam message so no one can guess it's a legit message! This idea is so neat.

There is tons of spam flying around the Internet. Most people can't delete it fast enough. It's virtually invisible. This site gives you access to a program that will encrypt a short message into spam. Basically, the sentences it outputs vary depending on the message you are encoding. Real spam is so stupidly written it's sometimes hard to tell the machine written spam from the genuine article.

The encrypted messages look like that:

Dear Friend ; Thank-you for your interest in our publication 
  . If you no longer wish to receive our publications 
  simply reply with a Subject: of "REMOVE" and you will 
  immediately be removed from our club ! This mail is 
  being sent in compliance with Senate bill 1626 ; Title 
  . Why work for somebody else when you can become rich 
  as few as 10 WEEKS ! Have you ever noticed more people 
  than ever are surfing the web plus nearly every commercial 
  on television has a .com on in it ! Well, now is your 
  chance to capitalize on this . We will help you process 
  your orders within seconds and deliver goods right 
  to the customer's doorstep ! You are guaranteed to 
  succeed because we take all the risk . But don't believe 
  us ! Prof Simpson who resides in Illinois tried us 
  and says "Now I'm rich, Rich, RICH" . This offer is 
  100% legal ! We BESEECH you - act now . Sign up a friend 
  and you'll get a discount of 20% . God Bless ! Dear 
  Friend , Especially for you - this amazing news ! We 
  will comply with all removal requests . This mail is 
  being sent in compliance with Senate bill 1618 ; Title 
  2 , Section 301 . This is not multi-level marketing 
  ! Why work for somebody else when you can become rich 
  in 58 weeks ! Have you ever noticed people will do 
  almost anything to avoid mailing their bills plus most 
  everyone has a cellphone ! Well, now is your chance 
  to capitalize on this ! We will help you SELL MORE 
  and increase customer response by 170% ! You are guaranteed 
  to succeed because we take all the risk . But don't 
  believe us . Mr Jones of Georgia tried us and says 
  "Now I'm rich many more things are possible" ! This 
  offer is 100% legal ! So make yourself rich now by 
  ordering immediately ! Sign up a friend and you'll 
  get a discount of 60% . Best regards !
comment on this story

Hacking PayPal Accounts with one click

posted December 2014

An interesting 0day on paypal was discolsed by Yasser Ali.

We have found out that an Attacker can obtain the CSRF Auth which can be valid for ALL users, by intercepting the POST request from a page that provide an Auth Token before the Logging-in process, check this page for the magical CSRF Auth “https://www.paypal.com/eg/cgi-bin/webscr?cmd=_send-money”. At this point the attacker Can CSRF “almost” any request on behave of this user.


A CSRF attacks (Cross-Site Request Forgery) happens when you can send a link to someone (or embed it into an iframe on your website) and it makes the user do something on a particular website (like paypal) that he didn't intend to do. Or as the name of the attack says, it makes him send a request you forged from outside the website. A CSRF token is used to cancel this attack. It's usually a random value that is send along the request and verified server side. This value is difficult to predict and thus you usually can't forge it along the request.

comment on this story

Google: a new kind of Captcha

posted December 2014


Google is introducing a new Captcha, instead of trying to read a distorted word and write it down (because robots have troubles reading distorted words) you will just have to click on one button. Google will analyze small cues that prove that you are not a robot (like the movement of the cursor before clicking on the button). Some of those cues will only happen when the mouse will hover the widget, as google is not in control of the entire document when used outside of google's domain.

see more info on wired

edit: more info on google blog as well

someone on hackernews:

It's definitely not only relying on cursor movements. A simple $('iframe').contents().find('.recaptcha-checkbox-checkmark').click() proved that I'm not a robot, without me touching the mouse.

It seems to rely heavily on your cookies as well.

comment on this story


posted December 2014

I'm overwhelmed with interviews those last days. I just spent more than 8 hours on one (remote location, late trains, low battery, no keys... long story).

And like this is not enough, Hack Summit just started

Right now Ed Roman is introducing the hack.summit(). talking about a lot of good stuff and giving some book recommendations.

EDIT: Some notes on what he just said:

  • pair coding (when you code and someone is watching, or the inverse)
  • pomodoro technique (I'm already doing this, even made this)
  • remove distractions (mail, phone...)
  • pretend to talk and explain what you're doing/coding (close to my theory about writing down stuff to organize your thoughts, and pretend to write stuff on the table with your fingers to memorize it)
  • iterate quickly, fail quickly and often.
  • personalize your IDE
  • use git, use the command line...

Now Scott Hanselman is talking but I have to go to the Champs Elysées drink some Glühwein at the Marché de noël some pardon me ;)

Now Tom Chi


comment on this story