TechMiso

In what appears to be a complete reversal from previous rulings across the nation, a federal judge for the 5th Circuit Appeals Court in New Orleans has ruled that breaking digital rights management (DRM) is not considered a violation of the ban imposed by the Digital Millennium Copyright Act (DMCA) if it was not done in the pursuit of copyright infringing.

General Electric did not infringe on a power supplier’s digital copyrights when it used protected software unlocked through a hacked security key, the 5th Circuit ruled. “Merely bypassing a technological protection that restricts a user from viewing or using a work is insufficient to trigger the (Digital Millennium Copyright Act’s) anti-circumvention provision,” Judge Garza wrote for the New Orleans-based court. “The DMCA prohibits only forms of access that would violate or impinge on the protections that the Copyright Act otherwise affords copyright owners.”

The ruling by Judge Garza is a step in the right direction for opponents of DRM and the anti-circumvention ban written in to the DMCA. While the ruling will surely be appealed, since there has now been a split decision between the 5th circuit and the others around the nation there is a strong chance a Supreme Court challenge will be heard in the future. Equally as important, now that there is a precedent set in the 5th circuit, it will be interesting to see the impact this ruling has on upcoming cases in the same and other circuits. Will other courts adhere to the same line of reasoning offered by Judge Garza?

Just as Sony Corp. of America vs. Universal City Studios – the Betamax Case – opened the doors for the very fair use we pride ourselves on today, we can only hope for similar good things from whatever case does end up weaving its way through the court system up to the Supremes. It is inevitable that one case will end up deciding the future of DRM just as the Betamax Case did in the past. It will happen, it is just a matter of time.

Ever considered the thought that the U.S. government, such as the NSA, has the capability to break in to an SSL-encrypted session between you and your bank, and eavesdrop on that conversation? That idea alone should cause you to pause the next time you see the padlock icon in your browser light-up when you think you are browsing securely.

In a purely hypothetical example, the U.S. government can force a Public Key Infrastructure (PKI) to give them a publicly trusted certification for www.amazon.com. They then poison your DNS and route your traffic for www.amazon.com to a site they own that has the fake certification installed. Your browser then gives you that pretty green bar or little lock and you think everything is cool, safe and secure. Or… they can put a device between you and your target and then perform SSL interception.

Never put anything past the U.S. government and its intelligence gathering capabilities. I think that is a safe theory to operate under. Even though suspension of disbelief is required in movies like Enemy of the State and Deja-Vu, where the government employed nifty intel collecting techniques, something as simple as eavesdropping on SSL-encrypted communications should not be underestimated.

In fact, performing an SSL man-in-the-middle “attack” using a web proxy server and SSL decryption is not difficult at all. It is exponentially more believable in a corporate setting, where the IT guys control the operating system and web browser, however that does not mean it is unheard of elsewhere.

What is the point? Be careful who you trust when you are supposedly surfing securely. Educate yourself on the security techniques used by SSL and how they function. While in most cases there is nothing to be concerned with, it is important to understand that SSL is not the end-all be-all of network security. It has its own shortcomings as eloquently articulated in this article.

Thomas Ryan of Provide Security setup a fake identity using a photo of a hot looking female as a means of portraying the potential security threats posed by social networking sites like LinkedIn, Facebook and Twitter. Ultimately the experiment worked as the profiles were used to successfully socially engineering the U.S. government, military and intelligence communities.

And so it apparently was. She was an avid user of LinkedIn – a social-networking site for professionals sometimes described as “Facebook for grown-ups.” Her connections on it included men working for the nation’s most senior military officer, the chairman of the Joint Chiefs of Staff, and for one of the most secret government agencies of all, the National Reconnaissance Office (NRO), which builds, launches and runs U.S. spy satellites. Others included a senior intelligence official in the U.S. Marine Corps, the chief of staff for a U.S. congressman, and several senior executives at defense contractors, including Lockheed Martin Corp. and Northrop Grumman Corp. Almost all were seasoned security professionals.

It is great to see the U.S. government finally start to embrace social networking, but is the cost of being socially engineered worthwhile? How so many “smart” people fell victim to this ruse may appear to be surprising, but it really should not be. A picture of a hot chick is worth a lot of capital, especially in geek circles. Couple that with a wicked resume and connections to people in important organizations and you have a formula for socially engineering anyone, much less the government.

Hopefully the vulnerabilities exposed by social networking usage in this exercise will be used to help better educate the government, military and intelligence communities. This is one thing lacking in the government – quality education about the dangers of online social networking and the threats these tools pose to our government.

AppleInsider has taken the aforementioned Secunia vulnerability report to task, dismantling the claim that Apple has the highest number of security holes.

Secunia’s vulnerability counts reset when Microsoft changes the name of its product, but continue to accumulate for Apple because the company hasn’t rebranded Mac OS X since 2003, when Secunia began keeping track. Browsing Secunia’s database, it appears Mac OS X has suffered from hundreds of vulnerabilities while Microsoft’s Windows has racked up far fewer, but that’s only because Microsoft’s regular rebranding efforts reset Secunia’s clocks.

At the same time, Secunia does not break up Apple’s vulnerability counts by each reference release of Mac OS X, so its current vulnerability listings date back through Jaguar, Panther, Tiger, and Leopard, as well as the currently installed base of Snow Leopard.

How Secunia arrives at its totals are also puzzling, as according to its own statistics Apple’s Mac OS X was affected by 6 “advisories” in 2010, only one of which has not yet been patched. That issue is rated as “not critical” and can only be exploited by local users.

This is the article I should have written, but unfortunately I did not have the time to conduct the necessary in-depth research to write such an eloquent response to the obviously bogus report. AppleInsider should be praised for clearly articulating their dissection of the claims made in the report, especially since Secunia carries a lot of weight in the security industry.

It is obvious Secunia need to tweak their methods to better express an accurate depiction of the operating system vulnerability landscape. The first thing Secunia needs to do is retract the graph, which is what most people are paying close attention to. A visual representation of the number of vulnerabilities, with Apple sitting atop the chart, clearly does the security industry an injustice by not accurately reporting the current vendor vulnerability situation.

Although Mac OS X has remained virtually free of any large-scale virus or malware outbreaks, according to a report released by security firm Secunia the operating system ranks at the top of the most vulnerabilities chart in terms of the sheer number of exploits available.

Mac OS has remained relatively untouched by major viruses and hacking efforts in the past, as most ne’er-do-wells may have considered the operating system’s market share and thus potential for private information less enticing than those of Microsoft’s Windows. With the rise of Mac market share and the popularity of the iPhone, however, there is little doubt that Apple platforms will become major malware targets in the near future.

Surely this is rather unbelievable to most people, who expected to escape from Microsoft security vulnerability hell by switching to Mac OS X. Apparently the numbers do not lie, however I cannot help but feel the numbers are somewhat off.

I own a Mac at home but administer Windows XP at work, insofar as I am a network security professional whose job is to protect the network from bad guys and evil corporations incapable of adequately programming their software. Thinking back over the last couple years, I cannot fathom how Secunia came to the conclusion that Apple has a higher number of vulnerabilities than Microsoft. It is unbelievable, especially considering the large number of Windows patches I am required to push out on a monthly basis. Contrast that to the number of Apple patches I’ve installed on my home laptop and it just feels like the scales are tipped towards Microsoft by a large margin.

Check out the report for the full details.

Update: I failed to seize the opportunity to dissect the crappy Secunia report, but AppleInsider has taken charge, clearly dismantling the claims that Apple has the highest number of vulnerabilities. It is a wonderful read and is essentially the article I should have written.

Security researches have discovered a fatal flaw in a widely used authentication routine and plan to discuss their findings at the Black Hat conference later this month in Las Vegas. The researches have not yet publicly disclosed the affected application, although it initially appears as if OpenID and oAuth are vulnerable to this newfound attack.

They found that some versions of these login systems are vulnerable to what’s known as a timing attack. Cryptographers have known about timing attacks for 25 years, but they are generally thought to be very hard to pull off over a network. The researchers aim to show that’s not the case.

The attack is thought to be so difficult because it requires very precise measurements. It cracks authentication tokens by measuring the time it takes for a computer to verify a digital signature. On some systems, the server will check a cryptographic signature on a token sent by the user to prove that he has logged into the system. It will kick back an error message as soon as it spots a bad character. This means a computer returns an error for a completely bad token a tiny bit faster than one where the first character is correct.

Since OpenID and oAuth are affected, sites such as Twitter and digg are vulnerable as they make use of these routines to provide additional functionality not seen in average web sites. Ultimately, what this attack facilitates is allowing an attacker to masquerade as a legitimately authenticated user without having to login to the site. While timing attacks such as this are difficult to pull off, they are not inconceivable.

What does this mean for the average user? Probably nothing much at this point since the keys to this particular kingdom lay in the hands of the web site operators. It will be up to the service providers making use of the affected libraries to either switch to an unaffected library or modify the existing one.

If you are a developer, and are using OpenID and/or oAuth then you should definitely be concerned. Pay strict attention to the paper these researchers plan to present at Black Hat to see if the libraries you are using are affected and in need of modification.

Apparently the idea of being able to sit on ones fat ass and ostensibly get paid to “surf porn” for YouTube is not the dream job that it’s all cracked up to be:

“You have 20-year-old kids who get hired to do content review, and who get excited because they think they are going to see adult porn,” said Hemanshu Nigam, the former chief security officer at MySpace. “They have no idea that some of the despicable and illegal images they will see can haunt them for the rest of their lives.”

What is it that is so despicable about the imagery submitted to YouTube? Our always-connected culture has turned to uploading photographs of graphic gang killings, animal abuse, twisted forms of pornography (although “twisted” is quite subjective) and intense bullying. Videos containing this content are flagged, which is where the reviewers come in to play. They attempt to determine whether the material is safe for public consumption on Google’s flagship video sharing site.

Being constantly bombarded with such horrific imagery is taking its toll on the content screening team members, who are increasingly turning to professional psychological assistance to help them deal with problems associated with the evil content they are subjected to daily.

One major outsourcing firm with staff in the Philippines was aware of the risks of this type of work and hired a local psychologist to assess how it was affecting its 500 content moderators. The psychologist, Patricia M. Laperal of Behavioral Dynamics, said she had developed a screening test so the company could evaluate potential employees, and helped its supervisors identify signals that the work was taking a toll on employees.

Ms. Laperal also reached some unsettling conclusions in her interviews with content moderators. She said they were likely to become depressed or angry, have trouble forming relationships and suffer from decreased sexual appetites. Small percentages said they had reacted to unpleasant images by vomiting or crying.

It sure sounds like working as a content reviewer is not the glamorous job you might think it to be. While some folks are sure to be more sensitive to the imagery, as a whole it appears to be pretty tough to be constantly subjected to malicious content.

With video sharing being so pervasive young folks have this idea that all they need to do to become famous on the internets is create the next greatest viral video. A small percentage of folks appear to be taking that to the extreme, using the opportunity to take advantage of people.

If you believe that your ticket to stardom is hurting someone on a video submitted to YouTube then you are sadly mistaken – do something more constructive with your time and – here’s a novel idea – work for the fame.

Jeremiah Grossman has uncovered a fatal privacy flaw in Apple’s Safari Web Browser v4 and v5 which allows a malicious web site to surreptitiously extract data automatically filled Jeremiah Grossman by way of the “AutoFill” functionality.

All a malicious website would have to do to surreptitiously extract Address Book card data from Safari is dynamically create form text fields with the aforementioned names, probably invisibly, and then simulate A-Z keystroke events using JavaScript. When data is populated, that is AutoFill’ed, it can be accessed and sent to the attacker.

There is currently no fix available for this vulnerability. Until Apple does release a security update addressing this exploit, immediately turn off the AutoFill feature in Safari. Either that or modify your Address Book Card to something with innocuous data.

On a side note, according to Grossman he informed Apple over a month ago about the exploit but has yet to receive a response. No surprise there – Apple is renown for not responding to such submissions. This is not to say they will not provide a response, but rather to keep the issue on the down-low, which is really how Apple rolls when it comes to flaws with their products.

A recently discovered flaw with Windows shortcut LNK files is being exploited by installing malicious software which is then used to gain administrator level access by esoterically installing a rootkit.

Microsoft has already warned users, in the Microsoft Security Advisory (2286198), that hackers are exploiting an unpatched Windows vulnerability within the Windows Shell component where Windows incorrectly parses shortcuts. Since the warning, Microsoft has reconfirmed what researchers discovered this exploitation to be an issue with shortcut (.LNK) files. The vulnerability is apt to allow malicious code to be executed most likely through removable drives. When executed, the malware includes a Trojan horse which can implement attack code that downloads a rootkit and then remain undetected while running.

Several version of Windows are affected by the Shortcut flaw including Windows 7 and the now-unsupported Windows XP SP2 (Service Pack 2 – As of July 13, 2010 Microsoft no longer provides security updates or support for Windows XP SP2). Researchers have noticed that the related Shortcut flaw malware is mostly from an infected USB drive.

There is a strong chance anti-virus software would not have caught this malware, mainly because it is a 0day but also because it is becoming exceedingly difficult to adequately detect rootkit installations. There is strong evidence suggesting the attackers will take advantage of this vulnerability to spread malware through Windows XP SP2 installations since Microsoft is opting not to offer a patch for that version of the operating system. A lot of SP2 installs are floating around the internets, for some reason completing ignoring the fact that Microsoft released XP SP3 well over 18 months ago.

The Washington Post has a fascinating expose of the post-911 government after concluding an interesting two-year investigative journalism project.

To ensure that the country’s most sensitive duties are carried out only by people loyal above all to the nation’s interest, federal rules say contractors may not perform what are called “inherently government functions.” But they do, all the time and in every intelligence and counterterrorism agency, according to a two-year investigation by The Washington Post.

What started as a temporary fix in response to the terrorist attacks has turned into a dependency that calls into question whether the federal workforce includes too many people obligated to shareholders rather than the public interest — and whether the government is still in control of its most sensitive activities. In interviews last week, both Defense Secretary Robert M. Gates and CIA Director Leon Panetta said they agreed with such concerns.

The Post investigation uncovered what amounts to an alternative geography of the United States, a Top Secret America created since 9/11 that is hidden from public view, lacking in thorough oversight and so unwieldy that its effectiveness is impossible to determine.

I have not read through even a small percentage of the content available online so formulating an opinion on the subject matter is going to take some time. However, I have direct experience where contractors regularly act on behalf of the US government even though doing so is against the law. In most cases this is not malicious, but because the job has to get done and sometimes “acting on behalf of the US government” is so subjective that the answer could be debated for years.

Nonetheless, the Washington Post should be commended for the exceptional amount of time it took to amass all the data they have compiled and placed online for public consumption. This is the type of journalism we need, whereby the press performs those much needed checks against what our government is doing on a daily basis. These expose’s are an important part of democracy and will only serve to make America stronger in the longrun.