UK security experts have cracked the sooper sekure new UK biometric passports. It took 48 hours. With 174 worth of sniffer hardware, attackers can read all the personal information off of any of the three million new UK passports in circulation

Boing Boing: UK RFID passports cracked

This paper examines the problem of surreptitious Internet interception from the eavesdropper’s point of view. We introduce the notion of ‘fidelity” in digital eavesdropping. In particular, we formalize several kinds of “network noise” that might degrade fidelity, most notably “confusion,” and show that reliable network interception may not be as simple as previously thought or even always possible. Finally, we suggest requirements for “high fidelity” network interception, and show how systems that do not meet these requirements can be vulnerable to countermeasures, which in some cases can be performed entirely by a third party without the cooperation or even knowledge of the communicating parties.

The Eavesdropper's Dilema - Matt Blaze et al... [PDF]

The card companies have implied through their marketing that the data is encrypted to make sure that a digital eavesdropper cannot get any intelligible information. American Express has said its cards incorporate “128-bit encryption,” and J. P. Morgan Chase has said that its cards, which it calls Blink, use “the highest level of encryption allowed by the U.S. government.

”But in tests on 20 cards from Visa, MasterCard and American Express, the researchers here found that the cardholder’s name and [credit card number] was being transmitted without encryption and in plain text.

Sounds like RFID Credit Cards are as bad as they could possibly be. Response from the PR people at the credit card companies is also as bad as it could possibly be.

“This is an interesting technical exercise,” said Brian Triplett, senior vice president for emerging-product development for Visa, “but as a real threat to a consumer — that threat really doesn’t exist.”

Brian Triplett sounds like Marie Antoinette. If there is a single RFID credit card that has my name, just my name, unencrypted, that is a privacy threat to the consumer that is unacceptable. Period.

But it gets worse:

The companies, however, argue that testing just 20 cards does not provide an accurate picture of the card market, which generally uses higher security standards than the cards that were tested. “It’s a small sample,” said Art Kranzley, an executive with MasterCard. “This is almost akin to somebody standing up in the theater and yelling, ‘Fire!’ because somebody lit a cigarette.”

The choice of analogy here is obviously intended to imply that the researchers may not have the legal right to tell the public what they are telling them. Its an implicit threat. Glad I don't have a Mastercard.

Researchers See Privacy Pitfalls in No-Swipe Credit Cards - New York Times

Here's video of Clint Curtis, a former programmer for Yang Enterprises (YEI) in Florida, testifying under oath that Representative Tom Feeney asked him to write a voting machine program to rig elections.

I'm not exactly sure what the deal is here, but this rabbit hole seems very, very deep, and I find it strange that I haven't heard any of this before given all of the drama about voting machines. This is either a crazy partisan conspiracy theory or its one of the worst corruption stories in this country's history. I haven't found any details that are, one their face, disprovable. On the other hand, the main story is being carried by blogs that seem a bit sensational and partisan. As they say, a broken clock is right twice a day... Anyone got any good information on this?

Update: Apparently Bev Harris isn't impressed. I don't think she understands the technical issues. However, her observation that there is no evidence is correct.

Boing Boing: Video testimony of vote machine whistleblower

It describes how to monitor who's voting for what via RF emissions.

Voting machine chess - Hack A Day

"It has become clear that Internet access in itself is a vulnerability that we cannot mitigate. We have tried incremental steps and they have proven insufficient." - Undersecretary of Commerce Mark Foulon

Computer System Under Attack - washingtonpost.com

ZERT members work together as a team to release a non-vendor patch when a so-called "0day" (zero-day) exploit appears in the open which poses a serious risk to the public, to the infrastructure of the Internet or both.

(BTW, you can just unregister the vulnerable DLL for this latest bug. You don't need a patch.)

Zeroday Emergency Response Team

I ran to the Shell Food Mart across the street from Wired News HQ, and found a Tranax Mini -Bank 1500 sitting oblivious next to the potato chips. I did not try the default password. But, I have to wonder, how many vulnerable ATM machines are out there?

For those that haven't dug into this, it sounds like the sort of password an idiot would have on his luggage.

Details about reecent ATM scams...

Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures. If an RSA key with exponent 3 is used it may be possible
to forge a PKCS #1 v1.5 signature signed by that key. Implementations
may incorrectly verify the certificate if they are not checking for
excess data in the RSA exponentiation result of the signature.

I can hear Nelson saying "HA-HA." The details are here but let me see if I can offer a simpler explanation.

In RSA, your public key is made up of an exponent and a modulus. In some RSA implementations, your public exponent is simply set to 3. Seems like a simple number, but you're going to tell everyone what it is anyway, and choosing a small number makes your calculations faster. (I'll use N for the modulus.)

As a reminder, public key crypto lets you encrypt something, or sign something. When you encrypt, you encrypt with the recipient's public key, and only their private key can decrypt. When you sign, you encrypt with your private key, and anyone with your public key can decrypt...

So, lets say your public exponent is 3. When someone wants to check your signature, they decrypt it with your public key. Literally, they perform this operation:

X = signature^3 modulo N

Now, RSA signatures are usually shorter then N before they are encrypted, so they get padded out to N first. It turns out that in some poor implementations of RSA its trivially easy to screw around with that padding so that a fake signature becomes a perfect cube, and the implementation won't examine what was inside the signature carefully enough to notice that you've done this. When your unencrypted signature is a perfect cube, it is easy to calculate it's cube root. This cube root will be accepted by RSA as a valid encrypted signature.

OpenSSL | RSA Signature Forgery (CVE-2006-4339)

While you're waiting for Acidus to finish his book, read this one.

"If you're even thinking of doing any security engineering, you need to read this book"
-- Bruce Schneier

"Even after two years on the shelf, Security Engineering remains the most important security text published in the last several years"
-- Information security Magazine

Ross Anderson is my favorite security researcher.

Security Engineering - A Guide to Building Dependable Distributed Systems