This is the abstract for a paper that was scheduled to be presented at Black Hat
USA 2007 security conference next month. It was removed without explanation
from the conference Web site this week, and promised to circumvent security afforded by Trusted Platform Module chips:
“…The attack procedure (TPMkit) involves an attack on the TPM chip.
TPMkit lets you overcome technologies such as Vista's BitLocker. TPMkit
also bypasses remote attestation and thus, will allow to connect over
Trusted Network Connect(TNC) (although the system might not be in
TPMkit bypasses the security checks mentioned (in the above paragraphs) and thus, you will never know that you are using a
compromised or changed system.
will be demonstrating how to break TPM. The demonstration would include
a few live demonstrations. For example, one demonstration will show how
to login and access data on a Windows Vista System (which has TPM +
More information on TPMkit (as it evolves) will be released.”
Read the full abstract on NetworkWorld.
This morning, while having a little fun with VMWare Server, I stumbled on VMWare’s list of free virtualized environments.
If you have any VMWare product installed on your box, you’ll definitely
want to check this list out. Anyhow, like I already said, I stumbled on
this list and quickly browsed the available products. That’s when I
ended up on a very interesting security package named JanusVM.
JanusVM is a virtualized security environment that allows you to surf
the internet absolutely securely and privately. It was designed to run
on VMware Player (or Server) and brings together openVPN, Tor, Squid, Privoxy and dns-proxy-tor to give you a transparent layer of security that is compatible with most TCP based applications.
- WiFi Support.
- Supports multiple users in a LAN.
- Protects you from most man-in-the-middle attacks.
- Protects your identity and your true location by masking your IP Address.
- Encrypts and re-routes your DNS request and ALL TCP traffic to ensure strong privacy.
- Strips out most privacy sensitive information your web browser may leak.
- Blocks popups, annoying ads, banners, and other obnoxious Internet junk.
- Very simple setup and operation.
- Works transparently for applications using TCP.
Setup is very easy. Just download and install VMWare player, download JanusVM and follow these simple instructions.
After setting up the environment, if you decide to keep JanusVM running on your box, please consider giving a small donation to the developer. Your donations will surely encourage him to keep on working on this fantastic project.
Nice, I'm downloading this now. Usually the presence of Tor on a corporate laptop is eyed suspiciously. Found on Geeks are Sexy.
password-recovery vendor Thursday accused Intuit Inc. of hiding a
backdoor in its popular Quicken personal finance program that gives it
— and perhaps government agencies — access to users’ data files.
called the charges baseless, and said that although there is a way to
unlock Quicken’s encrypted data, it’s only used by the company’s
support team to help customers who have forgotten their passwords.
a statement, Elcomsoft Co. Ltd., a Russian maker of password-recovery
tools, said Quicken versions since 2003 have used strong encryption
designed to foil hackers. But those editions also have a backdoor that
unlocks the encryption with the 512-bit RSA key that Intuit controls.
is very unlikely that a casual hacker could have broken into Quicken’s
password protection regimen,” Vladimir Katalov, Elcomsoft’s CEO, said
in the statement. “[We] needed to use advanced decryption technology to
uncover Intuit’s undocumented and well-hidden backdoor, and to
successfully perform a factorization of their 512-bit RSA key.”
“Very unlikely…” my ass. Read the full article at CSOonline.com.
We describe a new simple but more powerful form of linear cryptanalysis. It appears to break AES (and undoubtedly other cryptosystems too, e.g. SKIPJACK). The break is “nonconstructive,” i.e. we make it plausible (e.g. prove it in certain approximate probabilistic models) that a small algorithm for quickly determining AES-256 keys from plaintext-ciphertext pairs exists – but without constructing the algorithm. The attack’s runtime is comparable to performing 64^w
encryptions where w
is the (unknown) minimum Hamming weight in certain binary linear error-correcting codes (BLECCs) associated with AES-256. If w
< 43 then our attack is faster than exhaustive key search; probably w < 10. (Also there should be ciphertext-only attacks if the plaintext is natural English.)
Even if this break breaks due to the underlying models inadequately approximating the real world, we explain how AES still could contain “trapdoors” which would make cryptanalysis unexpectedly easy for anybody who knew the trapdoor. If AES’s designers had inserted such a trap door, it could be very easy for them to convince us of that. But if none exist, then it is probably infeasible difficult for them to convince us of that.
We then discuss how to use the theory of BLECCs to build cryptosystems provably
1. not containing trapdoors of this sort,
2. secure against our strengthened form of linear cryptanalysis,
3. secure against “differential”cryptanalysis,
4. secure against D.J.Bernstein’s timing attack.
Using this technique we prove a fundamental theorem: it is possible to thus-encrypt n bits with security 2^cn , via an circuit Qn containing < cn two-input logic gates and operating in < c log n gate-delays, where the three cs denote (possibly different) positive constants and Qn is constructible in polynomial(n) time. At the end we give tables of useful binary codes.
Interesting paper from Warren D. Smith (pdf).