lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 30 May 2014 20:22:24 +1000
From: Alfie John <alfiej@...tmail.fm>
To: fulldisclosure@...lists.org
Subject: Re: [FD] TrueCrypt?

On Fri, May 30, 2014, at 08:02 AM, Justin Bull wrote:
> Closed source and Microsoft is notoriously known to play ball with LEO
> and government. It's an ill-fitting shoe.

The fact that I can go to the Google Play Store on my desktop, click
install on an app, then a couple of minutes later pick up my phone to
see it automagically installed should demonstrate why encryption is
*useless* on a modern operating system. As these days auto-update and
push events are the norm, encryption is a mute point if malware can be
installed on a target machine to record your keys without any effort.
Taken this further, if you are a target activist/journalist/sysadmin
using "modern hardware", you're pretty much pwned.

How much work would it take to go back an do an binary audit of Windows
XP? Since it's closed source, we could at least narrow down the effort
to services that are currently running. To trigger any suspicious code,
maybe install a dated GnuPG and send an encrypted email in a lab network
to see what other libraries are pulled in.

If this was done in under a VM, it could also record what memory
locations and code paths were run. Do this a couple of thousand times
(each under a cleanly installed image) to get a general memory/code
footprint. Next, do the same thing but now:

  - On install, set the country to one in the "Axis of Evil"
  - Have some suspect words in the plain-text of the message
  - Use Arabic or perhaps Russian

Record the memory locations and code paths but this time see if there
were any other branches that were triggers. After removing
translations/locale specific code/data, you would then have a basis for
some interesting analysis.

This may sound like a lot of work, but I'm sure this would be fun side
project for someone on FD.

Alfie

-- 
  Alfie John
  alfiej@...tmail.fm

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ