Hey! I'm David, the author of the Real-World Cryptography book. I'm a crypto engineer at O(1) Labs on the Mina cryptocurrency, previously I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

more on the next page...

# Awesome nmap cheatsheet posted December 2014

High on Coffee has released a cheatsheet on nmap. Full of examples and tips. You can find it here

EDIT: There are also Linux Commands for Penetration Testers there. The blog seems pretty new and it already has really good content :)

comment on this story

# Git client vulnerability posted December 2014

A new vulnerability has been discovered on the git client. See Github's announcement

Repositories hosted on github.com cannot contain any of the malicious trees that trigger the vulnerability because we now verify and block these trees on push.

The official announcement and the updated and fixed version of git is here.

We used to allow committing a path ".Git/config" with Git that is running on a case sensitive filesystem, but an attempt to check out such a path with Git that runs on a case insensitive filesystem would have clobbered ".git/config", which is definitely not what the user would have expected. Git now prevents you from tracking a path with ".Git" (in any case combination) as a path component.

Git maintains various meta-information for its repository in files in .git/ directory located at the root of the working tree. The system does not allow a file in that directory (e.g. .git/config) to be committed in the history of the project, or checked out to the working tree from the project. Otherwise, an unsuspecting user can run git pull from an innocuous-looking-but-malicious repository and have the meta-information in her repository overwritten, or executable hooks installed by the owner of that repository she pulled from (i.e. an attacker).

comment on this story

Josip Franjković found a vulnerability in one of the file uploader of facebook.

He described what he did here

basically he uploaded a zipped file of a symbolic link to /etc/passwd

ln -s /etc/passwd link
zip --symlinks test.zip link

And since uploaders are always a mess to secure. Facebook just replied displaying the content of what he thought was the unzipped resume.

comment on this story

# Bruce Schneier posted December 2014

Schneier just gave a talk on security at Qcon in San Francisco. It was recorded and you can watch that here.

It's a high level talk that brings a lot of interesting points, like how much do we trust our devices, how companies are often doing very bad things in term of security, ...

The psychologist he's talking about is Daniel Kahneman, who won the nobel prize in economics for his work on Prospect Theory.

Prospect theory is a behavioral economic theory that describes the way people choose between probabilistic alternatives that involve risk, where the probabilities of outcomes are known. The theory states that people make decisions based on the potential value of losses and gains rather than the final outcome, and that people evaluate these losses and gains using certain heuristics.

comment on this story

# What might have been going on at Mtgox posted December 2014

I ran into an old post from nullc (Greg Maxwell one of the core Bitcoin developer) and it's interesting how small details might have been the fall of Mtgox.

First. You can't spend bitcoins you just mined.

Freshly generated Bitcoins (from mining) can not be spend until they are at least 100 blocks deep in the blockchain. This prevents the funds from vanishing forever if the chain reorgs.

The term "blockchain reorganization" is used to refer to the situation where a client discovers a new difficultywise-longest well-formed blockchain which excludes one or more blocks that the client previously thought were part of the difficultywise-longest well-formed blockchain. These excluded blocks become orphans.
Chain reorganization is a client-local phenomenon; the entire bitcoin network doesn't "reorganize" simultaneously.

see orphan block.

An orphan block is a well-formed block which is no longer part of the difficultywise-longest well-formed blockchain.
The block reward in an orphaned block is no longer spendable on the difficultywise-longest well-formed blockchain; therefore whoever mined that block does not actually get the reward (or the transaction fees). This phenomenon must be taken into account by mining pools that use any payout strategy other than "proportional".

And here is a misunderstand of the padding of ECDSA (Elliptic Curve version of the Signature Scheme DSA) that might have be the problem:

This issue arises from several sources, one of them being OpenSSL's willingness to accept and make sense of signatures with invalid encodings. A normal ECDSA signature encodes two large integers, the encoding isn't constant length— if there are leading zeros you are supposed to drop them.
It's easy to write software that assumes the signature will be a constant length and then leave extra leading zeros in them.

comment on this story

# Transform your messages into spam! posted December 2014

When you encrypt your mail through PGP or GPG it's great. But people can tell you're sending an important email. What if you could encrypt your message to something innocent? This is what spammimic does. It transforms your message into a spam message so no one can guess it's a legit message! This idea is so neat.

There is tons of spam flying around the Internet. Most people can't delete it fast enough. It's virtually invisible. This site gives you access to a program that will encrypt a short message into spam. Basically, the sentences it outputs vary depending on the message you are encoding. Real spam is so stupidly written it's sometimes hard to tell the machine written spam from the genuine article.

The encrypted messages look like that:

Dear Friend ; Thank-you for your interest in our publication
. If you no longer wish to receive our publications
simply reply with a Subject: of "REMOVE" and you will
immediately be removed from our club ! This mail is
being sent in compliance with Senate bill 1626 ; Title
3 , Section 308 . THIS IS NOT MULTI-LEVEL MARKETING
. Why work for somebody else when you can become rich
as few as 10 WEEKS ! Have you ever noticed more people
than ever are surfing the web plus nearly every commercial
on television has a .com on in it ! Well, now is your
your orders within seconds and deliver goods right
to the customer's doorstep ! You are guaranteed to
succeed because we take all the risk . But don't believe
us ! Prof Simpson who resides in Illinois tried us
and says "Now I'm rich, Rich, RICH" . This offer is
100% legal ! We BESEECH you - act now . Sign up a friend
and you'll get a discount of 20% . God Bless ! Dear
Friend , Especially for you - this amazing news ! We
will comply with all removal requests . This mail is
being sent in compliance with Senate bill 1618 ; Title
2 , Section 301 . This is not multi-level marketing
! Why work for somebody else when you can become rich
in 58 weeks ! Have you ever noticed people will do
almost anything to avoid mailing their bills plus most
everyone has a cellphone ! Well, now is your chance
and increase customer response by 170% ! You are guaranteed
to succeed because we take all the risk . But don't
believe us . Mr Jones of Georgia tried us and says
"Now I'm rich many more things are possible" ! This
offer is 100% legal ! So make yourself rich now by
get a discount of 60% . Best regards !
comment on this story

# Hacking PayPal Accounts with one click posted December 2014

An interesting 0day on paypal was discolsed by Yasser Ali.

We have found out that an Attacker can obtain the CSRF Auth which can be valid for ALL users, by intercepting the POST request from a page that provide an Auth Token before the Logging-in process, check this page for the magical CSRF Auth “https://www.paypal.com/eg/cgi-bin/webscr?cmd=_send-money”. At this point the attacker Can CSRF “almost” any request on behave of this user.

source

A CSRF attacks (Cross-Site Request Forgery) happens when you can send a link to someone (or embed it into an iframe on your website) and it makes the user do something on a particular website (like paypal) that he didn't intend to do. Or as the name of the attack says, it makes him send a request you forged from outside the website. A CSRF token is used to cancel this attack. It's usually a random value that is send along the request and verified server side. This value is difficult to predict and thus you usually can't forge it along the request.