Monthly Archives: December 2015

Tell your SSL vendor to randomize the serial number of your certificate !

Are you using SSL for your business ?

Like many of you, we rely on SSL for checking our mails, and doing bank transfers. As I said previously, local banks reduce the amount of money spent of papers by actively encouraging clients to use Internet Banking. I have the latest Android on my mobile phone, and I can connect to Internet Banking using the latest security technologies. However, not everybody can afford the latest android smartphone. A lot of people are still using Android KitKat in Mauritius. If tomorrow, MCB or SBM decide to deprecate SHA-1 for their SSL (a hash algorithm which is getting dangerously weak), and go with SHA 256 (a more secure hash algorithm) only, a lot of clients might not be able to connect to Internet Banking. Why ? It's because many widely-used software do not support SHA-256 very well.

What can we do with certificates with SHA-1 hash ?

CloudFlare proposed here that generating certificates containing SHA-1 hash should randomize the serial number to make it more difficult to forge those digital certificate and impersonate your business. Note that this does not mean that you should not advise your clients to upgrade their hardware and software and relax. It buys your clients more time to properly budget for their upgrade costs of their hardware and software to be SHA 256 ready.

For example, hackers.mu uses SSL. We asked on our SSL vendor forum about randomizing the serial number. We recommend to Banks such as MCB and SBM to ask their SSL vendors about the possibility of randomizing the serial number, with 20-bit entropy. Any other businesses that rely on SSL for their business should consider formulating the same request to their SSL vendors. If your SSL vendor flatly refuses, then you have a reasonable argument for moving to another SSL vendor.

Wrong advice on Tor Usage from hacklog.mu

Hacklog.mu presentation on Tor

Hacklog.mu has a presentation on tor on the following page . On the same page, SM mentions that HTML5 elements could be used to leak information about an Internet User even with Tor. This is correct. Several developers were aware of the problem, and there were plans to fix this in orweb. See this URL for : details . This vulnerability was reported in 2013, and fixed in the same year . The presentation, by hacklog.mu, took place in 2014.

Firefox as the solution ?

Hacklog.mu uses firefox from Google Playstore, and configures it to work with Tor. From a security perspective, Firefox leaks more metadata than Orweb or tor-browser, due to the lack of patches that Orweb has. In fact, if you look at Tor-browser, you will realize that it's a modified version of Firefox, with a number of patches added on to protect the privacy of the users. Those patches are not in Firefox. Those patches provide several additional layers of security that Firefox on Android DOES NOT provide. The tor project constantly reworks the patches for their Tor-browser and applies the same design principles in Orweb/Orfox. See the design requirements for Orweb, OrFox and Tor-browser here We tested with Orweb & Orfox, and both do not leak, according to browserleaks.org. It is highly questionable to use Firefox, even with a Mobile proxy, as by default, Firefox is not designed to be as secure as Orweb, Orfox, and Tor-browser.

Conclusion

We recommend Internet users who want to remain anonymous to use orweb/orfox on Android and Tor-browser on their PCs instead of Firefox, and avoid the example presented on hacklog.mu. ^-^

Juniper backdoor explanation

A simple explanation of a backdoor

Irshaad Abdool contacted hackers.mu concerning the Juniper vulnerability here Unfortunately, reverse engineering a firmware image, and explaining assembly code doesn't cut it for a lot of the young IT folks :)

The vulnerability

A strcmp() call was inserted. strcmp() is used for string comparisons. If it's successful, you can proceed, if Not, you are denied. In this particular case, this was inserted right before the normal authentication with SSH (or telnet). So you had your normal login, that went through the normal SSH (and telnet) code, but right before that, you had a special user that could login, and bypass the normal SSH and telnet login. That's in summary how this vulnerability works.

If you have any questions, please send them to us :)

Belgacom & the Juniper backdoor in Mauritius

Juniper Security vulnerability

After Ajay Ramjatan talked about Juniper's latest vulnerability, Hackers.mu decided to dig further to know the critical infrastructure in Mauritius that rely on the affected Juniper series. To make it simple, it's an "authorized code that allows someone to remotely decrypt VPN traffic".

Belgacom in Mauritius

Belgacom is present in Mauritius and is selling bandwidth to various ISPs. It obtained its license in 2012. According to Frederic Jacobs' analysis on gist , Belgacom is vulnerable to this vulnerability. The question which we would like Belgacom to answer is how much of Internet traffic from Mauritius is going through vulnerable Juniper equipment ? While, looking for a twitter account for the Mauritian branch, we found none. So, we decided to ask to Belgacom main branch, in the hope that they can explain to us what is the impact on the Internet in Mauritius. Our tweet : here .

Let's see where this lead :)

Tor Users in Mauritius

How many tor users in Mauritius ?

Tor is an anonymizing Network, which is free of access by anybody. It hides your Internet Traffic. It is used world-wide by Journalists, dissidents, and various groups. The question of the number of Tor users in Mauritius has been on the mind of hackers.mu for a while. We expect at most around, 200 Users at most. Upon looking at the Tor statistics, we realised that there are around 700 active Tor Users from Mauritius !! We were shocked ! URL here: Tor from Mauritius.

Why is that number so high in Mauritius ?

One of the first acts of Internet Censorship in Mauritius occured in 2007, when ICTA ordered all of the ISPs to block facebook. We believe that this caused people to get interested in technologies such as Tor that protect their online privacy, and prevent censorship.

More cases of censorship ?

It is very likely that we will see more attempts by the government of Mauritius to censor the Internet. ICTA has deployed a blackbox to block child pornography. However, the setting up of the blackbox was shrouded in secrecy as Internet Users were not invited to the public consultation. Hackers.mu has been advocating the use of Tor in Mauritius since day one, on top of our other initiatives such as promoting signal, an SMS/voice encrypted communication medium, which is easy to use. We have also sent patches to Tor & Signal to try to make those privacy tools better.

Conferences about Freedom, Privacy and Security in Mauritius

We would like to see more conferences about protecting the privacy of Internet Citizens in Mauritius. The government should implement measures to protect our privacy, as written in the Constitution of Mauritius. The High number of Tor Users in Mauritius is a sign that people feel that their privacy is not being respected by the Government of Mauritius.

Evaluating linphone (Part I)

Feedback from France

Jean Elchinger wrote to us arguing that promoting signal is not a good idea. Instead, he proposed the idea of linphone for encrypted voice calls. Hackers.mu decided to evaluate linphone, and see if we could recommend it to Internet citizens in Mauritius.

What is Linphone ?

Linphone is a VOIP application that relies on the SIP protocol. Optionally, it supports encryption. However, this is not enabled by default. You can use linphone over wifi or even across 3g/4g networks.

Installation

We grabbed linphone from Google Play Store. The installation went more or less smoothly. We had to create a SIP account, and wait for the registration mail. Once you confirm by clicking on the link in the mail, it takes a few minutes until your account is usable. [linphone could have implemented a "WAITING for account activation" instead of saying "account deactivated". We found this slightly confusing]. Compared to signal, it takes longer to get up to speed. The advantage of linphone is that you can use the same client, as it supports MAC OS X & Linux.

Encrypting our voice calls

As we said earlier, linphone is closer to a VOIP client, and does not enforce, encryption by default. This requires users to go to settings > network > media encryption and selecting one of the options available.

Voice quality

We are waiting for other hackers.mu to create their SIP account to test the voice quality. This will be done in a future blog post.

Source code quality

When talking about online security, one of the first things hackers.mu does is to look at the source code, and see how well designed is the code. In the case of linphone, so far, we find the code to be quite good. We did suggest improvements to the randomization functions, and hackers.mu submitted a patch to the linphone developers. Geeky details here.

Recommendation for the masses ?

Will hackers.mu recommend linphone to Internet Users in Mauritius ? We could recommend it to technically savvy people who distrust Google. However, we feel that the UX & account creation process could be simplified further. Right now, signal is much more user friendly, and thus more suitable for massive user adoption.

BCP38 and Orange (Part II)

More gruelling tests

Yesterday, I was sitting behind a Linux-based modem. This time, I hooked my MAC OS X machine directly to the modem, and used the PPPoE client on the MAC to get a public IPv4 address. This has the advantage of eliminating any address rewriting by the Linux-based router.

Refresher: What is BCP-38 ?

BCP-38 is a recommended Internet Standard that essentially aims at eliminating Source Address Spoofing. This has been the cause of a lot of trouble lately on the Internet. A few days ago, A massive DDOS attack was launched againt the DNS infrastructure of the Internet. Had BCP-38 been implemented all over the world, we would see less of those attacks. Those attacks are crippling to the Internet, as almost any service (facebook, twitter, instagram) relies on DNS to work so that users can reach them.

Orange and BCP-38

Running spoofer for MAC again:
>> CAIDA IP Spoofing Tester v0.8d
>> http://spoofer.caida.org/
>> Copyright 2015 The Regents of the University of California
>> Copyright 2004-2009 Rob Beverly

The results

After running the test for a while, It gives you a URL which gives you a summary. Quoting from my URL :
Test run at: 2015-12-15 01:54:43
Test from: 41.136.240.95
Test OS: OSX
Sourced Probes: 93
Can spoof private address no
Can spoof routable address no
Largest neighbor prefix that can be spoofed none

Conclusion

Surprisingly, Orange(Mauritius) implements a fairly complete BCP-38. It is not possible to spoof a number of IP addresses from within the Orange network. Orange deserves some praise for their level of BCP-38 :) As for other ISPs such as Emtel and Bharat, we are currently looking at testing their BCP-38 compliance level.

BCP38 and Orange (Part I)

No stats on BCP-38

I sent a mail this morning to query about the status of BCP38 in Mauritius & Africa on the afnog mailing list. I could not get any statistics concerning the adoption of BCP38 in Mauritius & Africa. After discussing the matter with various hackers.mu and SM (of the Mauritius Internet Users), I decided to look around for tools that help to measure source address validation measures from Orange, my ISP.

What is BCP-38 ?

BCP-38 is a recommended Internet Standard that essentially aims at eliminating Source Address Spoofing. This has been the cause of a lot of trouble lately on the Internet. A few days ago, A massive DDOS attack was launched againt the DNS infrastructure of the Internet. Had BCP-38 been implemented all over the world, we would see less of those attacks. Those attacks are crippling to the Internet, as almost any service (facebook, twitter, instagram) relies on DNS to work so that users can reach them.

Orange and BCP-38

I found a nice tool known as spoofer, which is part of a University project that aims at profiling the deployment of BCP-38 across the Internet. After installing the tool, i fired it on another terminal :)
>> CAIDA IP Spoofing Tester v0.8d
>> http://spoofer.caida.org/
>> Copyright 2015 The Regents of the University of California
>> Copyright 2004-2009 Rob Beverly

The results

After running the test for a while, It gives you a URL which gives you a summary. Quoting from my URL :
Test run at: 2015-12-14 08:41:05
Test from: 41.136.242.104
Test OS: LINUX
Sourced Probes: 93
Can spoof private address no
Can spoof routable address no
Largest neighbor prefix that can be spoofed none

Conclusion

Surprisingly, Orange(Mauritius) seems to implement BCP-38. However, It might also be my router which is filtering spoofed addresses from my machine. Tomorrow, I will use a standard modem, and later I will hook it directly. My test tomorrow might reveal some interesting issues :)

nsd & crypto improvement

NSD

NSD is an open source implementation of an authoritative DNS server. It has a very good security record, and lower memory usage compared to ISC BIND. As part of hackers.mu quest to make the Internet better, we decided to look into NSD's crypto related parts, and see how we can improve it for all of the NSD users in Mauritius.

We came across cases of modulo biases in the form of arc4random() % foo. From a mathematical point of view, this causes a bias, causing the randomization to be slightly less random. This is NOT good :). Our patch uses arc4random_uniform() which is an iterative solution which reduces modulo bias. NSD took our patch and committed it:
10 December 2015: Wouter
- 4.1.7 release
- trunk has 4.1.8 in development.
- take advantage of arc4random_uniform if available, patch from Loganaden Velvindron.


Another small step to make the Internet more secure :)

nsd & crypto improvement

NSD

NSD is an open source implementation of an authoritative DNS server. It has a very good security record, and lower memory usage compared to ISC BIND. As part of hackers.mu quest to make the Internet better, we decided to look into NSD's crypto related parts, and see how we can improve it for all of the NSD users in Mauritius.

We came across cases of modulo biases in the form of arc4random() % foo. From a mathematical point of view, this causes a bias, causing the randomization to be slightly less random. This is NOT good :). Our patch uses arc4random_uniform() which is an iterative solution which reduces modulo bias. NSD took our patch and committed it:
10 December 2015: Wouter
- 4.1.7 release
- trunk has 4.1.8 in development.
- take advantage of arc4random_uniform if available, patch from Loganaden Velvindron.


Another small step to make the Internet more secure :)