Reports are flying in over Twitter about the latest Cold Boot attack demonstrations at CanSecWest. Looks like the folks over at Intelguardians are showing practical exploits using different techniques, including USB devices and iPods.

We’ve talked about this before, and it’s time to start asking your encryption vendors for their response.

I’m definitely heading up to Vancouver next year; there’s a lot of great stuff coming out of the show.

Technorati Tags: Cold Boot, Encryption, CanSecWest, Vulnerability

Remember that cold boot encryption attack we talked about last week? Looks like someone went out and released a public tool that replicates part of the functionality of the Princeton tool. I thought it would take a little longer; guess I was wrong. Does this change my advice? Not really- your best bet is still to maintain physical control of your laptop, and the odds are still pretty low you’ll have to deal with this in the real world. But keep asking your vendors how you need to configure your encryption product to limit the attack. Still, I’m always impressed with how quickly those Internets are able to recreate this stuff; talk about the end of security by obscurity. It’s almost as if there are an infinite number of really smart monkeys out there with computer science degrees.Thanks to Hack A Day for the link…

Even in my drug-addled state last week it was hard to miss the cold boot encryption attack released by Ed Felten and the Princeton Center for Information Technology Policy. This is some seriously impressive work with major implications, but despite all the articles I’ve seen there has been little information on how to evaluate and mitigate your personal or organizational risk.

That’s where I come in.

I’m not going to assume you know a lot about file and media encryption, so we’ll start with en explanation of how, and why, the attack works. Then we’ll evaluate the risk and discuss mitigation strategies. I’ll close with some suggestions for vendors to close out this vulnerability. And yes, this works on a Mac with FileVault.

What is the cold boot attack and how does it work?

All encryption systems need access to a key to encrypt and decrypt data. It doesn’t matter what you’re encrypting- a hard drive, file, database, or whatever, you need a key. When encrypting and decrypting data, because of how computer systems are designed, the key always passes through memory at some point. For smaller content this is a transient process and the key is only in memory for a short time (assuming the software is designed properly), but when you need constant access to data the key is kept in memory. This is nearly ubiquitous for full-disk encryption or file encryption systems that leave files open for read/write operations. It’s not something we worried about, because when you turn a computer off the RAM (memory for the non geeks) loses power and anything stored is lost. Thus we would password protect our encrypted systems so that even if they wake up from sleep mode, an attacker would have to reboot the system unless they had the key, confident this process would erase the key from memory and keep the data secure.

What the Princeton researchers demonstrated is that modern RAM doesn’t degrade immediately after power is removed. The contents of memory can persist from seconds to minutes, and that time extends when cold is applied to the memory. An easy way to do this is to just use a can of dust off spray.

That’s the first part of the attack- keeping the contents in memory after the system is shut down.

For the second part of the attack they use a special tool, which they haven’t made public, to recover memory contents from RAM. In the demo this tool is on a bootable USB drive, so merely rebooting the computer from this USB stick, ignoring the host operating system of the computer, allows them to scan memory and recover the encryption key. Additional work allowed them to recover a full key even if a few bits were lost as the memory degraded.

To execute the attack, the attacker opens the computer, sprays the memory with an upside-down can of dust off to cool it, then reboots off the USB device with their software for key recovery on it, thus recovering the keys and gaining access to the data.

If you use a boot password or something similar they perform the same attack, but remove the memory and place it into a different system for key recovery. Thanks to the cold spray you have more than enough time to pull this off.

Evaluating the Risk

There are no public tools for this attack but it’s only a matter of time. Your immediate risk is low, but don’t be surprised if tools appear reasonably soon. This is a serious vulnerability, with a probability of attack that only increases over time.

In other words, don’t panic, but keep your eyes open. Once a public tool appears it’s time to be more concerned.

The researchers outline how most current protection techniques only partially, if at all, mitigate this flaw. Since memory can be removed, BIOS locks and other restrictions are ineffective.

You are only at risk when your computer is powered on or in sleep mode and you lose physical control of it. Powering off your system begins the memory degradation process and you are safe within a few minutes.

Reducing Your Risk

The most effective method is to power off your system completely (not sleep or hibernate mode) when it’s at risk of physical loss. This is inconvenient, but I’m going to start powering off when I’m in higher risk areas (like airport security) and can’t maintain physical control of the system.

Which brings recommendation number 2- don’t let someone steal your computer. I personally maintain physical control over my system nearly all the time when it’s out of my home (and I have a pretty good security system there). At hotels is the greatest risk, and I do tend to power off when I’m out of the room. You sales guys should start getting into the habit of not using sleep mode when you leave your computer locked in a rental car. At least until the encryption and laptop vendors come up with alternative protections.

For those of you with very sensitive information, combine file and folder encryption for sensitive files with your whole disk encryption. A few vendors offer this (feel free to brag in the comments guys). Just close those sensitive files or images before entering sleep mode, and make sure they are password protected and not linked to your normal login credentials.

Also consider an encryption system that supports storing the keys on a smart card (not in memory). I don’t believe there are many practical options today, but expect to see them crop up thanks to this paper.

Finally, ask your vendor their plans to manage this risk. Today it’s not a big deal, but we don’t know if it will be 2 weeks, 2 months, or two years before public tools appear (and it’s safe to assume some governments have this by now — or more accurately, it would be unsafe and foolish to assume any government does note have this capability by now).

Thus, your overall risk is currently low but growing. You can reduce that risk through good habits and some additional software.

What Vendors Can Do

I don’t know to what degree this technique works on commercial encryption products, but vendors should evaluate the risk to their products and keep customers updated. Saying it isn’t a problem or the risk is low isn’t the right answer- you’ll lose customers that way. If you are working on a solution, let them know since the risk really is low for now.

I suspect we’ll see a couple of different approaches. Over time, this is something that will migrate into hardware- even just a small bit of RAM soldered to the board, probably integrated with some future, mythical, TPM. On the software side I have to believe there are ways we can reduce the risk- for example, flushing the active key from memory during sleep (while turning off hibernate, which writes memory to disk and is always bad anyway) and transitioning to a password protected temp key to access the primary key.

Hardware tokens/smart cards are another great option, assuming we can control active access to the key and you remember to unplug it. There are a lot of really smart engineers out there who will probably come up with fixes, at least for third party encryption tools, before this attack becomes widespread.

Conclusion

This is an impressive and serious attack we all need to take extremely seriously. You are at risk if you lose physical control of an encrypted system that is either powered on or in sleep or hibernate mode.

Turning off your system when it’s at greatest risk of loss or theft is a very effective mitigation, but it will be difficult to train average users to stop using sleep mode due to the convenience.

Using file encryption for sensitive content in combination with whole disk may also reduce the risk when done properly.

Talk to your vendor, and make sure they are REALLY not susceptible or have a roadmap to eliminate this method of attack. If they offer the protection, understand and implement the necessary configuration profile, which may not be the default.

Vendors: talk to your customers and get working on the problem if you are vulnerable. Recognize that hardware solutions are always longer term and you should really see if there is a way to offer protection within the software.

Me? I’m not too worried, but I have extremely good habits around the physical control of my laptop, and will now shut down more under certain circumstances. Since I have a fast Mac, rebooting isn’t all that bad anyway…

Technorati Tags: Cold Boot, Encryption, Key Management, Laptop Encryption, Vulnerability

1. Internet Explorer/ActiveX
2. QuickTime
3. Adobe Acrobat Reader

Each of these applications has plugin architectures and inadequate security models. Actually, IE 7 + Vista is a good model, but it will take 3 years for it to hit wide enough deployment.

Technorati Tags: Adobe Acrobat, Apple, Internet Explorer, Microsoft, Adobe, QuickTIme

According to IBM’s ISS (via eWeek), the number of publicly reported vulnerabilities dropped in 2007.

Pete Lindstrom cautiously (unusual for him) wonders if this means we’re over the hump.

I wanted to pick on Pete, but he was cautious enough in his wording that I don’t get to go all crazy and have too much fun at his expense. Here’s what I think is going on:

1. More researchers sell vulnerabilities. There is a big market, and I’m not just talking about the Zero Day Initiative or other “public” programs. Both good guys and bad guys are quietly buying them up.
2. Some researchers report vulnerabilities and don’t disclose them in public. I know at least a few who leave it up to the vendor to reveal any details.
3. Some irresponsible researchers and bad guys just pass them around in the dark, never issuing a disclosure. I suspect a fair few of these make it into the light eventually.
4. There is high risk to the researcher in disclosing web application vulnerabilities, since that’s effectively hacking someone’s site and is rarely, if ever, legitimate (or legal).

There is a lot of money involved in security research these days. Some of it good, some of it bad. Also, some researchers just don’t want to deal with the hassles and ugly tactics of certain vendors, while others don’t feel the need to disclose in public.

Overall, the landscape for reporting has changed in big ways over the past couple years, but I highly doubt the lower numbers are in any way related to an actual reduction in code vulnerabilities across the industry.

Technorati Tags: Vulnerabilities

Remember the good old days when vulnerabilities would just affect one platform? Back when there was NO WAY my Commodore 64 could be infected by your TRS-80?

It looks like there is a targeted attack going on (where a virus is created and only sent to specific targets so the antivirus companies don’t notice it). It takes advantage of a flaw in older versions of Microsoft Excel. Microsoft’s advisory is here.

It’s not the kind of thing most of you will have to worry about unless you become the target, but I’m always interested in 0day attacks and cross-platform vulnerabilities.

More from Brian Krebs and the Microsoft Advisory:

According to Microsoft’s security advisory, this vulnerability affects Microsoft Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac. People who are using Microsoft Office Excel 2007, Microsoft Excel 2008 for Mac or have installed Microsoft Office Excel 2003 Service Pack 3 are not affected.

Technorati Tags: 0day, Apple, Excel, Microsoft, Vulnerability, Targeted attack

I generally try and avoid short posts on the blindingly obvious, but it’s clear there’s a lot of focus on the Microsoft IGMP vulnerability- from both sides (good guys and bad guys).

SANS is starting to put some recommendations up, and unless you’re absolutely sure you have perfect patch management and everything is updated, it’s time to keep your eyes open.

For the non-geeks, Microsoft released a patch yesterday for a serious vulnerability in most versions of Windows that could allow someone to take over your system. Make sure you update.

There aren’t any known exploits in the wild, but that won’t last. Rumor is some of the consumer software firewalls won’t block this, so that isn’t enough protection.

Technorati Tags: Microsoft, Vulnerabilities, Patch

Sears isn’t having much luck these days.

First, they install spyware on their customers’ computers. If you “join the Sears community”, they install a proxy on your computer and intercept all web traffic.

Ugly, ugly, idiocy.

Now, it turns out they have a major logic flaw on their website. As reported by Brian Krebs at Security Fix, anyone can see anyone else’s purchase history with just their name, address, and phone number. Have those white pages handy? It seems to cover both online and offline purchases.

If you’re not paying attention to logic flaws in your databases and applications, this is a great example. While it’s good to make life easy for your customers, it’s bad when you make it easy for your next door neighbor to figure out if you really bought those new hedging shears that coincidentally look just like the ones they lost out of their shed last month.

This exploit was easily preventable with just a modicum of thought and the most cursory security review. Sears is too big a company to make this kind of mistake.

And the spyware? Sheer stupidity by someone in marketing is my guess. Maybe they and whoever screwed up at Sony BMG went to the same marketing school.

Wow. It’s 2008. How did that happen?!?

When I was younger I couldn’t wait for the future. What geek can? We all grew up on entirely too much science fiction; far more of which is now reality than I expected (other than the space program; hello? NASA? Anyone home?). Now that I get older I realize that while the future is great in concept, the reality is eventually I won’t be around for it anymore. Every year is a smaller fraction of life, and thus every year passes relatively more quickly.

Aw hell, I’m far too young to be thinking about garbage like this.

As 2007 closed many of us pundit types devoted our time to looking at current trends and predicting the next few years. If you’ve been following me and Hoff at all, you also know some of us are always thinking about how we can do security differently. Not that we’re doing it “wrong” today, but if you don’t look for what’s next you’ll always be playing from behind.

One big trend I’ve been seeing is the shift towards anti-exploitation technologies. For those who don’t know, anti-exploitation is where you build in defenses to operating systems and platforms so that when there is a vulnerability (and there will be a vulnerability), it is difficult or impossible to exploit. Java was my first introduction to the concept at the application level (sandboxing), and Vista at the operating system level.

There’s no single anti-exploitation technology, but a bunch of techniques and features that work together to make exploitation more difficult. Things like ASLR (library/memory randomization), sandboxing, and data execution protection.

Most of the anti-exploitation focus today is on operating systems, but conceptually it can be applied anywhere. One of my big concepts in Application and Database Monitoring and Protection (ADMP) is building anti-exploitation into business and (especially) web applications. I’ve even converted from credit monitoring to credit protection (via Debix) for anti-exploitation against identity theft.

There was a lot of focus in 2007 on vulnerability scanning and secure coding. While important, those can never solve the problems. The bad guys will always find some vulnerabilities before we do. Our programmers will always make exploitable mistakes- no matter how much we hammer them with training and the code with tools.

When designing security controls we must assume vulnerabilities will exist and we won’t always identify and mitigate them before they are discovered by attackers.

Not that anti-exploitation is some mystical perfect remedy; it too will fail, but the goal is for it to fail slowly enough that we are able to discover, detect, and mitigate vulnerabilities before they are exploited.

You’ll be hearing a lot more about anti-exploitation at all levels of the industry over the next few years, especially as we start seeing it outside of operating systems. It’s the one thing that gets me jazzed that we might be able to get a leg up on the attackers.

No, this isn’t science fiction. According to Wired’s Danger Room, an automatic defense system went out of control in South Africa during a live fire exercise. Nine soldiers lost their lives, and fourteen were injured.

I’m not going to make any jokes about this one, since we’ve crossed from the theoretical to the real, with a tragic loss of life.

There’s not much else to say.