The Weekly Ink #29
THE WEEKLY INK
The Weekly Ink is the weekly newsletter brought to you by Duo Labs, with curated links of interest in the security world to help educate and entertain on security happenings and culture.
If you have links that you think would be interesting for inclusion and commentary, send them our way at firstname.lastname@example.org.
Last week, we wrote about Yahoo's radical experiment in attempting to eliminate passwords as a requirement for users to log in. Well, it turns out that Hilton Hotels & Resorts also (inadvertently) made it possible to access customers' HHonors accounts without passwords -- or, well, anything except 9-digit account ID numbers...
All this came about because of a flaw in which a logged-in user could simply ask the HHonors servers to read and write account details for other customers. Ironically, researchers discovered this flaw in Hilton's website in the midst of a campaign to convince users to upgrade from 4-digit PINs to strong(er) passwords in exchange for 1000 rewards points (Hilton had to suspend the program while they fixed their website).
Of course, Hilton certainly isn't alone in having made this sort of brain-dead error, and I'm sure it'll be a while yet before we can put this class of bugs to bed. Still, one hopes that Hilton's devs will at least add this to their test suite; anything less would be inn-excusable. For now, I probably won't find myself staying at a Hilton property without some reservations.
Beware the Crypto Unicorns
This week, Techcrunch posted a writeup singing the praises of a new "secure messaging app", Zendo. Secure messaging apps are all the rage these days, but Zendo proposes a unique twist: it's designed to encrypt messages using a very old, very simple, and generally very impractical technique called a "One-Time Pad". To use One-Time Pads, you have to exchange a large amount of key material, so if you're the sort of person who thought PGP key-signing parties were cool, maybe it is the app for you.
Now, One-Time Pads -- described by Zendo as "the unicorns of cryptography" -- do have some very interesting properties; when generated and used correctly, they provide provably unbreakable confidentiality. That said, there be an awful lot of scary dragons hidden in that one adverb, "correctly". So, as often happens when some untested crypto scheme gets breathless media coverage, the security community exploded with snark:
Some might brush this aside as but a chili reception from the peanut gallery, or even turn around and egg Zendo's creators on in this crypto-noodling. Fortunately, Joseph Bonneau went beyond simple snark and penned a detailed technical post on the Freedom to Tinker blog explaining exactly why this sort of thing is not a great idea:
It's important to keep in mind that there are hundreds of things that can go wrong in a secure messaging app, ranging from entropy failures to backdoored devices to malware. One risk, which is a relatively low-priority one, is that the ciphers or other symmetric primitives will be broken. Removing this reliance on secure symmetric primitives is all the one-time pad can get you in a perfect world.
So: even if Zendo does turn out to be reasonably secure, its creators chose to attack the wrong problem. If you find yourself looking for a "new favorite secure messaging app", might I recommend TextSecure and Signal?
Unauthorized Digital Certificates Issued for Google Domains
On Monday, Google reported that they had detected some unauthorized digital certificates for Google domains. It turns out that CCNIC had issued an intermediate CA certificate to MCS Holdings, who turned around and used it in a rather sketchy way:
CNNIC responded on the 22nd to explain that they had contracted with MCS Holdings on the basis that MCS would only issue certificates for domains that they had registered. However, rather than keep the private key in a suitable HSM, MCS installed it in a man-in-the-middle proxy. These devices intercept secure connections by masquerading as the intended destination and are sometimes used by companies to intercept their employees’ secure traffic for monitoring or legal reasons. The employees’ computers normally have to be configured to trust a proxy for it to be able to do this. However, in this case, the presumed proxy was given the full authority of a public CA, which is a serious breach of the CA system. [emphasis added]
MCS claims that this was completely unintentional. Whether or not it was, this episode (not the first of its kind) shows that Google's continuing work on pinning and Certificate Transparency is critical to keep trusted vendors honest and maintain the security of the digital certificate ecosystem.
RSA Conference has a new Dress Code
I'll let our good friend Mark take this one:
Except, wait... does this mean they won't let me wear my unicorn outfit?