flak rss random

code integrity vs data security

On the last day of AsiaBSDCon, George Neville-Neil gave the keynote talk, Security Fantasies and Realities. Some of it was good and some of it was bad. One of the central points is that the ioshitsunami is coming and in order to save humanity we need to do more of the good security and less of the bad security. One of the, or perhaps just the, good security things to do is hardware root of trust, which I will call TPM, although it has a few brand names.

more...

Posted 26 Mar 2019 02:15 by tedu Updated: 26 Mar 2019 02:15
Tagged: security software thoughts

near match fast lockout

My phone decided it didn’t like my face and wouldn’t let me log in. Unusually, instead of giving me some retries, it immediately locked me out, requiring a passcode. At first I thought this might be a security measure, but I’m pretty sure it was just a glitch. However, it’s an interesting possibility for an authorization system. Fast lockout after a near match.

more...

Posted 15 Jan 2019 03:24 by tedu Updated: 15 Jan 2019 03:30
Tagged: security thoughts

a repo upon the deep

In reference to arbitrary code execution in various source control programs. Refer svn advisory. Remember A Fire Upon the Deep?

There’s some code archaeologists who dig up an artifact. They don’t know what it does, but it includes some instructions for how to unpack it. And so they follow the instructions. And they think they’re taking precautions to prevent it from doing bad stuff, but they screw up, and the evil AI is turned loose. And then bad stuff happens.

It’s funny how similar this is to today’s vulnerability. In theory, checking out a code repo should be a safe operation. All you’re doing is downloading some artifact from a server. Building the code, running the code, all that can be unsafe. But surely there’s no trouble to simply checking out some code?

Alas, a repo is not just a repo. Checking out a repo might require checking out other sub repos and external resources. And so a dumb read only artifact is actually a smart read/execute artifact. The artifact can’t be checked out without also interpreting some of its contents. And if interpreting happens to execute some unwanted shell commands... Bad stuff happens.

It’s a bug, and it’s fixed, but another lesson that nothing is ever simple when adding features. What looks like just a hostname over here could be interpreted as a shell command over there.

Posted 10 Aug 2017 19:38 by tedu Updated: 10 Aug 2017 19:38
Tagged: security software

hurray we won

A few thoughts after reading Are all BSDs created equally? by Ilja van Sprundel. Theo says OpenBSD is the best, Ilja fact checks.

more...

Posted 28 Jul 2017 02:17 by tedu Updated: 28 Jul 2017 02:17
Tagged: openbsd security software thoughts

moving to https

The time has finally come to switch everything to https. Actually, I’ve been using https for a while, but now it’s time to inflict, er invite, everyone else along for the ride.

more...

Posted 18 Jul 2017 15:12 by tedu Updated: 21 Jul 2017 22:29
Tagged: flak security thoughts web

observations re packet socket exploit

A few thoughts I had after reading Exploiting the Linux kernel via packet sockets. Not really about the exploit itself, but what it reveals about the state of systems security.

more...

Posted 10 May 2017 18:41 by tedu Updated: 10 May 2017 18:41
Tagged: security thoughts

vuln disclosure and risk equilibrium

Some thoughts based on a series of tweets.

more...

Posted 19 Apr 2017 14:37 by tedu Updated: 19 Apr 2017 14:39
Tagged: security thoughts

colliding, fast and slow

I found it hard to locate a good reference explaining how various hash attacks apply to password hashing. Somebody might reasonably ask how the SHA1 collision, or an extension thereof, would apply to bcrypt. Can bcrypt have collisions? It’s a strange question if you know the answer, but knowing that much requires synthesizing a fair bit of knowledge that’s not all in one place.

more...

Posted 28 Feb 2017 22:38 by tedu Updated: 05 Mar 2017 19:12
Tagged: security software thoughts

features are faults redux

Last week I gave a talk for the security class at Notre Dame based on features are faults but with some various commentary added. It was an exciting trip, with the opportunity to meet and talk with the computer vision group as well. Some other highlights include the Indiana skillet I had for breakfast, which came with pickles and was amazing, and explaining the many wonders of cvs to the Linux users group over lunch. After that came the talk, which went a little something like this.

more...

Posted 21 Feb 2017 22:02 by tedu Updated: 21 Feb 2017 22:18
Tagged: security software thoughts

using yubikeys everywhere

Everybody is getting real excited about yubikeys recently, so I figured I should get excited, too. I have so far resisted two factor authorizing everything, but this seemed like another fun experiment. There’s a lot written about yubikeys and how you should use one, but nothing I’ve read answered a few of the specific questions I had.

more...

Posted 20 Feb 2017 07:14 by tedu Updated: 21 Feb 2017 17:07
Tagged: computers gadget security software