![Breaches, patches, leaks and tweaks! [Audio + Text] – Naked Security](https://nakedsecurity.sophos.com/wp-content/uploads/sites/2/2023/01/s3-ep119-1200-1.jpg?w=775 "Breaches, patches, leaks and tweaks! [Audio + Text] – Naked Security")
Latest epidode – pay attention now.
DOUG. Breaches, breaches, patches, and typios.
All that, and extra, on the Naked Security podcast.
[MUSICAL MODEM]
Welcome to the podcast, everyone.
I’m Doug Aamoth; he’s Daul Pucklin…
…I’m sorry, Paul!
DUCK. I feel I’ve labored it out, Doug.
“Typios” is an audio typo.
DOUG. Exactly!
DUCK. Yes… properly carried out, that man!
DOUG. So, what do typos should do with cybersecurity?
We’ll get into that…
But first – we like to begin with our This Week in Tech History section.
This week, 23 January 1996, model 1.0 of the Java Development Kit mentioned, “Hello, world.”
Its mantra, “Write once, run anywhere”, and its launch proper as the online’s reputation was actually reaching a fever pitch, made it a wonderful platform for web-based apps.
Fast-forward to at this time, and we’re at model 19, Paul.
DUCK. We are!
Java, eh?
Or “Oak”.
I consider that was its authentic identify, as a result of the one who invented the language had an oak tree rising exterior his workplace.
Let us take this chance, Doug, to clear up, for as soon as and for all, the confusion that plenty of individuals have between Java and JavaScript.
DOUG. Ooooooh…
DUCK. Lots of people suppose that they’re associated.
They’re not associated, Doug.
They’re *precisely the identical* – one is simply the shortened… NO, I’M COMPLETELY KIDDING YOU!
DOUG. I used to be, like, “Where is this going?” [LAUGHS]
DUCK. JavaScript principally received that identify as a result of the phrase Java was cool…
…and programmers run on espresso, whether or not they’re programming in Java or JavaScript.
DOUG. Alright, superb.
Thank you for clearing that up.
And as regards to clearing issues up, GoTo, the corporate behind such merchandise as GoToMyPC, GoToWebinar, LogMeIn, and (cough, cough) others says that they’ve “detected unusual activity within our development environment and third party cloud storage service.”
Paul, what do we all know?
GoTo admits: Customer cloud backups stolen along with decryption key
DUCK. That was again on the final day of November 2022.
And the (cough, cough) that you simply talked about earlier, after all, is GoTo’s affiliate/subsidiary, or firm that’s a part of their group, LastPass.
Of course, the large story over Christmas was LastPass’s breach.
Now, this breach appears to be a unique one, from what Goto has come out and mentioned now.
They admit that the cloud service that in the end received breached is similar one that’s shared with LastPass.
But the stuff that received breached, not less than from the way in which they wrote it, sounds to have been breached in another way.
And it took till this week – almost two months later – for GoTo to come back again with an evaluation of what they discovered.
And the information shouldn’t be good in any respect, Doug.
Because an entire load of merchandise… I’ll learn them out: Central, Pro, be a part of.me, Hamachi and RemotelyAnywhere.
For all of these merchandise, encrypted backups of buyer stuff, together with account knowledge, received stolen.
And, sadly, the decryption key for not less than a few of these backups was stolen with them.
So meaning they’re basically *not* encrypted as soon as they’re within the palms of the crooks.
And there have been two different merchandise, which have been Rescue and GoToMyPC, the place so-called “MFA settings” have been stolen, however weren’t even encrypted.
So, in each circumstances we now have, apparently: hashed-and-salted passwords lacking, and we now have these mysterious “MFA (multifactor authentication) settings”.
Given that this appears to be account-related knowledge, it’s not clear what these “MFA settings” are, and it’s a pity that GoTo was not a bit bit extra specific.
And my burning query is…
..do these settings embody issues just like the telephone quantity that SMS 2FA codes may be despatched to?
The beginning seed for app-based 2FA codes?
And/or these backup codes that many providers allow you to create a couple of of, simply in case you lose your telephone or your SIM will get swapped?
SIM swapper despatched to jail for 2FA cryptocurrency heist of over $20m
DOUG. Oh, sure – good level!
DUCK. Or your authenticator program fails.
DOUG. Yes.
DUCK. So, if they’re any of these, then that might be massive hassle.
Let’s hope these weren’t the “MFA settings”…
…however the omission of the small print there signifies that it’s most likely value assuming that they have been, or might need been, in amongst the info that was stolen.
DOUG. And, talking of attainable omissions, we’ve received the requisite, “Your passwords have leaked. But don’t worry, they were salted and hashed.”
But not all salting-and-hashing-and-stretching is similar, is it?
Serious Security: How to retailer your customers’ passwords safely
DUCK. Well, they didn’t point out the stretching half!
That’s the place you don’t simply hash the password as soon as.
You hash it, I don’t know… 100,100 occasions, or 5000 occasions, or 50 occasions, or one million occasions, simply to make it a bit tougher for the crooks.
And as you say… sure., not all salting-and-hashing is made equal.
I feel you spoke pretty not too long ago on the podcast a couple of breach the place there have been some salted-and-hashed passwords stolen, and it turned out, I feel, that the salt was a two digit code, “00” to “99”!
So, 100 totally different rainbow tables is all you want…
…an enormous ask, however it’s do-able.
And the place the hash was *one spherical* of MD5, which you are able to do at billions of hashes a second, even on modest gear.
So, simply as an apart, when you’re ever unlucky sufficient to endure a breach of this type your self, the place you lose clients’ hashed passwords, I like to recommend that you simply exit of your technique to be definitive about what algorithm and parameter settings you might be utilizing.
Because it does give a bit little bit of consolation to your customers about how lengthy it’d take crooks to do the cracking, and due to this fact how frenziedly you want to go about altering all of your passwords!
DOUG. Alright.
We’ve received some recommendation, after all, beginning with: Change all passwords that relate to the providers that we talked about earlier.
DUCK. Yes, that’s one thing that you must do.
It’s what we’d usually suggest when hashed passwords are stolen, even when they’re super-strongly hashed.
DOUG. OK.
And we’ve received: Reset any app-based 2FA code sequences that you simply’re utilizing in your accounts.
DUCK. Yes, I feel you would possibly as properly do this.
DOUG. OK.
And we’ve received: Regenerate new backup codes.
DUCK. When you do this with most providers, if backup codes are a characteristic, then the previous ones are mechanically thrown away, and the brand new ones substitute them totally.
DOUG. And final, however definitely not least: Consider switching to app-based 2FA codes when you can.
DUCK. SMS codes have the benefit that there’s no shared secret; there’s no seed.
It’s only a really random quantity that the opposite finish generates every time.
That’s the benefit of SMS-based stuff.
As we mentioned, the unhealthy factor is SIM-swapping.
And if you want to change both your app-based code sequence or the place your SMS codes go…
…it’s a lot, a lot simpler to begin a brand new 2FA app sequence than it’s to vary your cell phone quantity! [LAUGHS]
DOUG. OK.
And, as I’ve been saying repeatedly (I’d get this tattooed on my chest someplace), we are going to regulate this.
But, for now, we’ve received a leaky T-Mobile API chargeable for the theft of…
(Let me verify my notes right here: [LOUD BELLOW OFF-MIC] THIRTY-SEVEN MILLION!?!??!)
…37 million buyer data:
T-Mobile admits to 37,000,000 buyer data stolen by “bad actor”
DUCK. Yes.
That’s a bit bit annoying, isn’t it? [LAUGHTER]
Because 37 million is an extremely massive quantity… and, mockingly, comes after 2022, the 12 months by which T-Mobile paid out $500 million to settle points relating to an information breach that T-Mobile had suffered in 2021.
Now, the excellent news, when you can name it that, is: final time, the info that received breached included issues like Social Security Numbers [SSNs] and driving licence particulars.
So that’s actually what you would possibly name “high-grade” id theft stuff.
This time, the breach is massive, however my understanding is that it’s fundamental digital contact particulars, together with your telephone quantity, together with date of start.
That goes a way in direction of serving to crooks with id theft, however nowhere close to so far as one thing like an SSN or a scanned picture of your driving licence.
DOUG. OK, we’ve received some suggestions if you’re affected by this, beginning with: Don’t click on “helpful” hyperlinks in emails or different messages.
I’ve received to imagine {that a} tonne of spam and phishing emails are going to be generated from this incident.
DUCK. If you keep away from the hyperlinks, as we at all times say, and you discover your personal method there, then whether or not it’s a reputable e mail or not, with a real hyperlink or a bogus one…
…when you don’t click on the great hyperlinks, you then received’t click on the unhealthy hyperlinks both!
DOUG. And that dovetails properly with our second tip: Think earlier than you click on.
And then, after all, our final tip: Report these suspicious emails to your work IT staff.
DUCK. When crooks begin phishing assaults, the crooks typically don’t ship it to 1 individual inside the corporate.
So, if the primary individual that sees a phish in your organization occurs to lift the alarm, then not less than you will have an opportunity of warning the opposite 49!
DOUG. Excellent.
Well, for you iOS 12 customers on the market… when you have been feeling disregarded from all of the current zero-day patches, have we received a narrative for you at this time!
Apple patches are out – previous iPhones get an previous zero-day repair ultimately!
DUCK. We have, Doug!
I’m fairly joyful, as a result of everybody is aware of I like my previous iOS 12 telephone.
We went by means of some glorious occasions, and on some prolonged and super-cool bicycle rides collectively till… [LAUGHTER]
…the fateful one the place I received injured properly sufficient to recuperate, and the telephone received injured properly sufficient you could barely see by means of the cracks of the display anymore, however it nonetheless works!
I like it when it will get an replace!
DOUG. I feel this was after I discovered the phrase prang.
DUCK. [PAUSE] What?!
That’s not a phrase to you?
DOUG. No!
DUCK. I feel it comes from the Royal Air Force within the Second World War… that was “pranging [crashing] a plane”.
So, there’s a ding, after which, properly above a ding, comes a prang, though they each have the identical sound.
DOUG. OK, gotcha.
DUCK. Surprise, shock – after having no iOS 12 updates for ages, the pranged telephone received an replace…
…for a zero-day bug that was the mysterious bug mounted a while in the past in iOS 16 solely… [WHISPER] very secretively by Apple, when you keep in mind that.
DOUG. Oh, I keep in mind that!
Apple pushes out iOS safety replace that’s extra tight-lipped than ever
DUCK. There was this iOS 16 replace, after which a while later updates got here out for all the opposite Apple platforms, together with iOS 15.
And Apple mentioned, “Oh, yes, actually, now we think about it, it was a zero-day. Now we’ve looked into it, although we rushed out the update for iOS 16 and didn’t do anything for iOS 15, it turns out that the bug only applies to iOS 15 and earlier.” [LAUGHS]
Apple patches all the things, lastly reveals thriller of iOS 16.1.2
So, wow, what a bizarre thriller it was!
But not less than they patched all the things ultimately.
Now, it seems, that previous zero-day is now patched in iOS 12.
And that is a kind of WebKit zero-days that sounds as if the way in which it’s been used within the wild is for malware implantation.
And that, as at all times, smells of one thing like adware.
By the way in which, that was the one bug mounted in iOS 12 that was listed – simply that one 0-day.
The different platforms received a great deal of fixes every.
Fortunately, these all appear to be proactive; none of them are listed by Apple as “actively being exploited.”
[PAUSE]
Right, let’s transfer on to one thing super-exciting, Doug!
I feel we’re into the “typios”, aren’t we?
DOUG. Yes!
The query I’ve been asking myself… [IRONIC] I can’t keep in mind how lengthy, and I’m certain different persons are asking, “How can deliberate typos improve DNS security?”
Serious Security: How dEliBeRaTe tYpOs would possibly imProVe DNS safety
DUCK. [LAUGHS]
Interestingly, that is an concept that first surfaced in 2008, across the time that the late Dan Kaminsky, who was a well known safety researcher in these days, discovered that there have been some important “reply guessing” dangers to DNS servers that have been maybe a lot simpler to take advantage of than individuals thought.
Where you merely poke replies at DNS servers, hoping that they only occur to match an outbound request that hasn’t had an official reply but.
You simply suppose, “Well, I’m sure somebody in your network must be interested in going to the domain naksec.test just about now. So let me send back a whole load of replies saying, ‘Hey, you asked about naksec.test; here it is”…
…and so they ship you a totally fictitious server [IP] quantity.
That signifies that you come to my server as an alternative of going to the actual deal, so I principally hacked your server with out going close to your server in any respect!
And you suppose, “Well, how can you just send *any* reply? Surely there’s some kind of magic cryptographic cookie in the outbound DNS request?”
That means the server might discover {that a} subsequent reply was simply somebody making it up.
Well, you’d suppose that… however keep in mind that DNS first noticed the sunshine of day in 1987, Doug.
And not solely was safety not such an enormous deal then, however there wasn’t room, given the community bandwidth of the day, for long-enough cryptographic cookies.
So DNS requests, when you go to RFC 1035, are protected (loosely talking, Doug) by a novel identification quantity, hopefully randomly generated by the sender of the request.
Guess how lengthy they’re, Doug…
DOUG. Not lengthy sufficient?
DUCK. 16 bits.
DOUG. Ohhhhhhhh.
DUCK. That’s kind-of fairly brief… it was kind-of fairly brief, even in 1987!
But 16 bits is *two complete bytes*.
Typically the quantity of entropy, because the jargon has it, that you’d have in a DNS request (with no different cookie knowledge added – a fundamental,original-style, old-school DNS request)…
…you will have a 16-bit UDP supply port quantity (though you don’t get to make use of all 16 bits, so let’s name it 15 bits).
And you will have that 16-bit, randomly-chosen ID quantity… hopefully your server chooses randomly, and doesn’t use a guessable sequence.
So you will have 31 bits of randomness.
And though 231 [just over 2 billion] is plenty of totally different requests that you simply’d should ship, it’s on no account out of the odd as of late.
Even on my historic laptop computer, Doug, sending 216 [65,536] totally different UDP requests to a DNS server takes an nearly immeasurably brief time period.
So, 16 bits is sort of instantaneous, and 31 bits is do-able.
So the concept, method again in 2008 was…
What if we take the area identify you’re trying up, say, naksec.check, and as an alternative of doing what most DNS resolvers do and saying, “I want to look up n-a-k-s-e-c dot t-e-s-t,” all in lowercase as a result of lowercase appears to be like good (or, if you wish to be old-school, all in UPPERCASE, as a result of DNS is case-insensitive, keep in mind)?
What if we glance up nAKseC.tESt, with a randomly chosen sequence of lowercase, UPPERCASE, UPPERCASE, decrease, et cetera, and we keep in mind what sequence we used, and we look forward to the reply to come back again?
Because DNS replies are mandated to have a replica of the unique request in them.
What if we are able to use a few of the knowledge in that request as a sort of “secret signal”?
By mashing up the case, the crooks must guess that UDP supply port; they must guess that 16-bit identification quantity within the reply; *and* they must guess how we selected to miS-sPEll nAKsEc.TeST.
And in the event that they get any of these three issues flawed, the assault fails.
DOUG. Wow, OK!
DUCK. And Google determined, “Hey, let’s try this.”
The solely downside is that in actually brief domains (in order that they’re cool, and straightforward to write down, and straightforward to recollect), like Twitter’s t.co, you solely get three characters that may have their case modified.
It doesn’t at all times assist, however loosely talking, the longer your area identify, the safer you’ll be! [LAUGHS]
And I simply thought that was a pleasant little story…
DOUG. As the solar begins to set on our present for at this time, we now have a reader remark.
Now, this remark got here on the heels of final week’s podcast, S3 Ep118.
S3 Ep118: Guess your password? No want if it’s stolen already! [Audio + Text]
Reader Stephen writes… he principally says:
I’ve been listening to you guys speak about password managers lots not too long ago – I made a decision to roll my very own.
I generate these safe passwords; I might retailer them on a reminiscence stick or sticks, solely connecting the stick after I must extract and use a password.
Would the stick strategy be moderately low threat?
I assume I might change into accustomed to encryption methods to encode and decode info on the stick, however I can’t assist feeling that will take me method past the straightforward strategy I’m in search of.
So, what say you, Paul?
DUCK. Well, if it takes you method past the “simple” strategy, then meaning it’s going to be sophisticated.
And if it’s sophisticated, then that’s an excellent studying train…
…however possibly password encryption shouldn’t be the factor the place you need to do these experiments. [LAUGHTER]
DOUG. I do consider I’ve heard you say earlier than on this very programme a number of totally different occasions: “No need to roll your own encryption; there are several good encryption libraries out there you can leverage.”
DUCK. Yes… don’t knit, crochet, needlepoint, or cross-stitch your personal encryption when you can presumably assist it!
The problem that Stephen is making an attempt to resolve is: “I want to dedicate a removable USB drive to have passwords on it – how do I go about encrypting the drive in a convenient way?”
And my advice is that you must go for one thing that does full-device encryption [FDE] *contained in the working system*.
That method, you’ve received a devoted USB stick; you plug it in, and the working system says, ‘”That’s scrambled – I want the passcode.”
And the working system offers with decrypting the entire drive.
Now, you’ll be able to have encrypted *information* contained in the encrypted *machine*, however it signifies that, when you lose the machine, the whole disk, whereas it’s unmounted and unplugged out of your pc, is shredded cabbage.
And as an alternative of making an attempt to knit your personal machine driver to try this, why not use one constructed into the working system?
That is my advice.
And that is the place it will get each simple and really barely sophisticated on the similar time.
If you’re operating Linux, you then use LUKS [Linux Unified Key Setup].
On Macs, it’s very easy: you will have a expertise known as FileVault that’s constructed into the Mac.
On Windows, the equal of FileVault or LUKS is named BitLocker; you’ve most likely heard of it.
The downside is that if in case you have one of many Home variations of Windows, you’ll be able to’t do this full-disk encryption layer on detachable drives.
You should go and spend the additional to get the Pro model, or the business-type Windows, so as to have the ability to use the BitLocker full-disk encryption.
I feel that’s a pity.
I want Microsoft would simply say, “We encourage you to use it as and where you can – on all your devices if you want to.”
Because even when most individuals don’t, not less than some individuals will.
So that’s my recommendation.
The outlier is that if in case you have Windows, and you purchased a laptop computer, say, at a client retailer with the Home model, you’re going to should spend a bit bit of additional cash.
Because, apparently, encrypting detachable drives, when you’re a Microsoft buyer, isn’t necessary sufficient to construct into the Home model of the working system.
DOUG. Alright, superb.
Thank you, Stephen, for sending that in.
If you will have an attention-grabbing story, remark or query you’d prefer to submit, we’d like to learn it on the podcast.
You can e mail suggestions@sophos.com, you’ll be able to touch upon any one in all our articles, or you’ll be able to hit us up on social: @NakedSecurity.
That’s our present for at this time – thanks very a lot for listening.
For Paul Ducklin, I’m Doug Aamoth, reminding you, till subsequent time, to…
BOTH. Stay safe!
[MUSICAL MODEM]