Blog‎ > ‎

Hacking, Security, ROA, ICREACH, MAINWAY, Skype, Web, DANE, TLSA, DNSSEC

posted Oct 1, 2014, 7:56 AM by Sami Lehtinen   [ updated Oct 1, 2014, 7:58 AM ]
  • In many cases even if critical servers have been hacked. It often seems that the servers have been hacked by script kiddies, and they haven't exploited the potential of the servers network connections or data at all. Of course if they're really professional, that's also the impression they might like to give, in case caught. But in reality, I guess real pro's wouldn't leave any signs about hacking the system. This only tells, that hackers have hacked so many systems that they don't even care, what data the systems contain and they got way too much of it. Unless there's something that can be automatically detected, downloaded and used, they don't even bother to manually take a look around. Nor they bother to write per case scripts to steal data. If it doesn't happen fully automatically, it's too trouble some to dig around manually.
  • Googles statistics for email encryption, how large part of email messages are encrypted during transport.
  • Yet another silly term: Different integration styles using Rest Oriented Architecture (ROA), it's so fun to play jargon games.
  • Project ICREACH / CRISSCROSS / PROTON tells very clearly how beneficial and effective even simple metadata is for data analysis. You don't want to even think about what kind of analysis can be done from all the data which Facebook and similar sites are collecting. There's also table which tells all the data collected by ICREACH extension. Which isn't surprising at all, we all knew that the data could be collected, if required. But most of people believe it's not being collected.
  • This also reveals why you might be suddenly subject of 'random check' after doing phone calls to certain numbers at critical times. Even if that hasn't ever happened before nor since that. As well as it reminds what SIGNINT people have known for very long time, even if data is fully and strongly encrypted, the communication patterns alone way too much.
  • I personally believe that it's better not to log data at all. If there's no data, you can't give it to anyone. What ever is being stored, can be alter 'abused'.
  • Project MAINWAY
  • Now it seems that Skype is forcing (Linux) clients to be updated. Old clients still used P2P, but now version which sends everything via MS spy data centers is being forced even for Linux users. Actually they have implemented this so badly, it's completely ridiculous and other chat clients do it much better. Earlier Skype delivered messages directly, and showed when message was getting delivered. After they clearly hastily changed something. Skype started to deliver messages to MS data center and showed that messages were delivered, even if those weren't delivered to the recipient. Many chat apps clearly show if message is delivered to data center, recipient, and if it has been actually seen. But Skype failed on multiple aspects after their lousy spy update.
  • Bad security, it's simply everywhere. Even if the front of site or service would look to be secure. It doesn't mean that rest of the system would be.
  • And that's major problem with any secure system. Even if parts of it would be secure, there's no guarantee what so ever that rest of the system is secure. I see astounding examples about that almost daily. Security is high, until some integration channel uses plain text http or ftp for data transport over Internet, with weak or non existing authentication. In worst cases, using the same credentials you can also access a ton of other data, because only directory separation is used for different data sets. In some cases, the same credentials can be also used for remote desktop / SSH logins. Which makes me smile and cry every time that happens. Yes, even high profile businesses do those ridiculous fails, repeatedly. In many cases, they don't even bother to fix those, when I'm letting them know about insecure system configuration.
  • Read The DNS-Based Authentication of Named Entities (DANE) / Transport Layer Security Association (TLSA) RFC 6698 / Transport Layer Security (TLS) Protocol: TLSA
  • DNSSEC TLSA VALIDATOR add-on for Web Browsers
  • DNSSEC configuration checker & validator (online service)