Saturday, December 17, 2005

Microsoft is moving the GUI code back out of the kernel in Vista according to this article. This is bad news: Finding local priviledge escalation bugs might become hard in the future.

The move of the GUI into the kernel (done with NT 4.0) was a misguided attempt at increasing performance in order to get people to switch from Win9x to NT - something that did not work until Windows 2000 / XP really. A lot of headaches (outside of the usual out-of-bounds-memory-access-bugs) were created by that move (shatter attacks etc). From the defender's standpoint, this totally makes sense. I have a feeling that security-wise the gulf between MS and all other closed-source vendors (which have to operate under market conditions and thus can't pump a few billion into security) is widening.

Coming back to audit "random" closed source code after having worked on MS binaries is a bit like auditing a "random" open-source project after having spent time on well-audited bits of OpenSSH. You're surprised that things can be so easy.

Tuesday, December 13, 2005

Blogging is strange. You write down a few lines of half-coherent something under the delusion that nobody is reading the blog, and out of a sudden you show up cross-referenced in blogs that you read yourself regularly. With such a large crew blogging at Matasano (what used to be Thomas Ptacek's blog) they have a blog-update-frequency that leads to their blog being about as productivity-destructive as slashdot.

I am seriously flattered to be mentioned there (and scared that my rants are actually read).

One of today's posts there mentions DJB's crypto algorithms, specifically Salsa20. Now, I am not a cryptographer, but I do not trust Salsa, for a variety of reasons:
  • It looks too much like MD4/MD5.
  • We have very limited understanding on why a wild mixture of ADD/XOR/ROL would produce equation systems that are hard to solve. Yes, nonlinearity over GF(2)^32 and over Z/2^32Z are given by mixing boolean functions and addition, but this paper gives some pretty neat insight into how just mixing ADD/XOR (without the ROL) is trivially solvable. I don't trust a single rotation that much.
  • Avoiding integer multiplication (whose representing BDD can grow exponentially with the number of bits and is thus hard to model using the methods in the paper) is something which I would not do - I know DJB cares a lot about timing, but given the choice of potentially leaking a few cycles and making the output of an operation ridiculously complicated (while at the same time tackling the problem of weak differential propagation in the high-order bits) I chose the latter.
  • DJB might be over-emphasizes timing. His AES S-Box stamps RDTSC output into packets, which is many orders of magnitudes more precise than any measurement you will get IMHO. True, caching issues (and cache alignment issues) can easily eat up 100 cycles, but that is still a lot less than a timer tick, the measure that in the most optimistic scenarios you'd be likely to get.
All in all, I do not trust systems built on just mixing ADD/XOR/ROL. There is a reason for the name of this blog.
Allright, I have 8 minutes of free time before I need to run to the computational algebra lecture, and I will spend it by dropping a few thoughts about Dan Geer's "login"-article advocating moving away from a monoculture.

My two points on his proposed 'artificial diversity':
1) It will increase resitence against total extinction. A worm will need more than one bug to wipe all harddisks.
2) It will also make sure that skilled attackers will get their hand on useful information.

So please do it. Listen to Dr. Geer.

The (brief) reasoning: Let's take the pool of computers in an organisation. Lets also take a useful piece of information (for example, a source tarball) and distribute it randomly on a small subset of the computers in the organisation. In the monoculture example, I would need an exploit for the monocultureOS. In the diversity example, I need an exploit for any of the OSs on which the information that I want is stored. Joy. Please diversify !

Saturday, December 10, 2005

One of the lectures I am attending, "Algebra and Algebraic Geometry from an algorithmic perspective", is, while often interesting, also insanely frustrating: The professors assistant poses the exercise problems, but does not synchronize progress with the professor (who lectures, but frequently drifts off on a tangent, leaving the students confused as to wether they are "on a tangent" or "on the lecture subject"). This puts us in the situation that we usually get the theoretical background needed to solve a given exercise sheet one to two weeks after the sheet had to be handed in. After some somewhat-fruitless long hours on the last sheet, I was advised that the proof I am looking for can be found in Grothendieck's "EGA IV". Trying to find EGA IV via google, I stumbled over Grothendieck's nonmathematical writings. They are surprisingly interesting to read:

http://acm.math.spbu.ru/RS/

Tuesday, November 15, 2005

My procrastination skills have reached fearsome levels. It is 10:20 pm, I am supposed
to present some paper tomorrow morning at 8:30, and I am here blogging instead of
reading it for the first time. Great.

On a different note, I found a pretty amusing blog:

http://teh-win.blogspot.com/

It's very refreshing to see a blog talking "cleartext", and to know that I am not alone
in some of my thoughts. Then again, I am definitely guilty of talking the same tired
shit over and over again ;)

A friend once said after I talked to him about getting lost doing some crypto math for
a week that "crypto is fun, eh ? Like doing morphine...". He was right. I have been digging
into some crypto shit again, and it's extremely hard to not lose yourself in it.

There's a bunch of exciting shit going on though: My two coworkers, Ero & Rolf, both
seem to be moving here, which means (even) less sleep and more cool work.

Friday, September 30, 2005

Running a business while going to university, while being very exciting, is already hugely frustrating. You permanently feel you're underachieving in all cathegories:

1. I feel I am not as good a mathematicians as I could (should) be, due to time constraints imposed by programming and running the business.
2. I feel I am not as good a programmer as I could (should) be, due to time constraints imposed by studying and running the business.
3. I feel I am too slow in dealing with business paperwork etc. etc. due to time constraints imposed by programming and math.

Anyhow, I guess that's the price of trying to be a jack-of-all-trades (or at least being unwilling to give up two of the three things I am doing).

What is good though: We finally finished SABRE BinNavi, and I personally think we brought
debugging into the 2000's. Very few people realize that debuggers have been stuck in the 80's for a long while (here is your registers window, here is your data window, here is your code window), and BinNavi is definitely a step forwards. Now I need to get Jython tied in to v1.1, so I can have the scriptable debugger I always wanted to have.
(blatant plug: check these flash movies to see what I mean, specifically Chapter 4)

Aside from that I have been reading Forster's Lectures on Riemann surfaces, and slowly getting back into it. The good thing about working on Navi was that it has made me unapologetic about drawing lots of pictures to clarify math situations, even though most mathematicians I talk to look down on visualisation.

Still on my to-read-list: Rudeanu's "Lattice Functions and Equations" and a larger volume here on computer algebra and various (surprising) applications for Groebnerbases.

I still have a stack of IDAPython crap that I wanted to post to OpenRCE. Hrm. I need longer days.

Anyhow, back to Forster.

Thursday, August 18, 2005

There seems to be some odd blog war going in a triangle between Thomas Ptacek, Some guy called Lindstrom, and Adam Shostack.

Lindstrom's posts can be seen here:

If you read his posts, you can see that he clearly has no clue about code auditing. Anyone who has a passion for bugs and has done some serious work on finding bugs will agree that in high-exposure programs such as OpenSSH or IIS it is getting harder and harder to find decent bugs. And there would not be a hacker-side anti-disclosure movement if this wasn't the case.

It is amusing how everybody and his dog tries to dress up their ideas in fake-economic-speech, too. Economics has gotten to be an interesting form of science -- someone comes up with an idea and then tries to build "science" arguing in his direction. The empirical part is usually showing that at least one set of data does not contradict the claim and then deduce generality. Bloody brilliant.

Ahwell. Reading the discussion makes me tired. Anyone who thinks that bugs are not getting rarer in core internet daemons is living in a parallel universe or hasn't audited in recent years.

Sunday, August 07, 2005

I have to admit I really enjoy reading Thomas Ptacek's blog. It's refreshingly honest in a security industry full of smokes, mirrors, and sockpuppets.

Friday, August 05, 2005

Reverse Engineering C++ code is always a bit of a pain because it is so unobvious which language constructs generate what assembly-level code. Contrary to what a C compiler does a C++ compiler has to jump through all sorts of odd hoops in order to make the "OO" part work.

After posting a question about this to www.openrce.org, I got a few replies with some VERY useful links which I'd like to share here:
(thanks to Erlend & Igorsk for the links ! :)

Doc1
Doc2
Doc3
For those of you that speak german, this is an interesting link:

http://www.bsi.de/ausschr/einkauf/auftrag27684.htm

Basically, the german government wants to purchase a device to find bugs that
communicate with the outer world via infrared/optical means.

For me as somebody totally clueless about surveillance/eavesdropping devices,
I am intrigued by the idea of using infrared for communication with the outside
world: One the one hand, since the beam can be so highly direction, I'd assume
it is going to be extremely hard to detect it (aside from putting lots of smoke/
particles into the air), and can also be minituarized significantly (as one doesn't
need much of an antenna to emit the waves).

Interesting.