To attempt to rectify this SPF was created. To setup SPF you add either a TXT or an SPF record to the DNS zone you will be sending from. This record defines which servers are allowed to send mail that is coming from that domain. So on my domain danielhall.me I could publish an SPF record that says only my mail server is allowed to send mail that ends in @danielhall.me. Any mailservers receiving mail that is from my domain but not coming from an address listed in my SPF record can see that the mail is likely forged and throw it away. SPF works well in most situations but fails at a very common use case. If someone I send mail to tries to forward it to another address using an automatic process (no clicking forward in their client) then the mail will appear to come from my domain when it gets to the user it was forwarded to, however it will have came from the original recipients mailserver.

DKIM solves this problem by giving each sending mailserver a cryptographic key pair. The public keys is then published in a DNS record in that zone and stores the private key somewhere safe on the server. The server then proceeds to sign the headers (especially the From: header) and the body of all outgoing emails. This signature is then attached to the email as an extra header. When the receiving server get the email it gets the signature and uses that along with the list of signed headers to verify the signature against the public key of the signing domain. This means as long as the mail has passed through an authorised mailserver at any point it will be considered valid.

Setting up a DKIM is relatively simple process. You will need access to the  zone records for your domain and access to the configuration of all the mailservers which all mail originating at your domain passes through. You also need to be aware that signing mail makes it slightly more processor intensive to send an email. If you send a large amount of email this difference could be quite significant. If you’re using sendmail you may be able to alleviate it by switching to a less resource hungry MTA like Exim. You should also note that in some configurations DKIM can not be setup. For example if you use masquerading in sendmail DKIM will always fail as sendmail will modify the from header after signing.

Ultimately DKIM is a good move for the internet community at large, especially when combined with SPF. DKIM mail is assured to come from the sender and can be cryptographically proven so. While it does take more take a little more effort to setup and maintain it assures mail from your domain is secure and can be assured to have come from you or your company. Ultimately DKIM can protect your company against phishing attempts and boost your spam scores.

Random thought: What would Email look like if it were designed today?

Many sites offer web services, xml data and json encoded data. These can provide almost anything from the weather, to search results, to advanced APIs. To use these services from your site using javascript you’ll have to employ one of the methods below.

Signing Javascript

Firefox allows you to sign your Javascript and place it in a jar file. This will give your code more privileges, You can also request these permissions explicitly without having your code signed, but having a dialog box appear for every AJAX request could get very tiring for the user. Another problem with this approach is that it isn’t documented very well and its Firefox specific. The first link in the references section deals with this method.

Access-Control Headers

This is the w3 approved method of allowing a client from another domain to access your web service. It is a server side method and requires no changes on the client to implement. This is both and advantage and a disadvantage. If you have control over the server then this method is simple, otherwise (for sites such as Yahoo API or other public services) you will not be able to implement this. It should also be noted that this was implemented in Firefox 3.5 so it can’t be used with earlier versions, or other browsers.

To use this method you tell your service to output extra headers that tell the browser whether access was allowed or denied.

Flash Enabled xmlhttprequest

This method involves using an invisible flash player to perform the actual request then handing the result back to the Javascript for processing. Flash still performs permission checking by looking for a /crossdomain.xml file in the root directory of the domain the request is being made to. There are several libraries that implement this approach and a few even implement in a way which is compatible with xmlhttprequest. One downside is this Flash is required, though recently Flash is required for several major sites and most browsers will have it installed.

Add Sites To Trusted Zone

Internet Explorer allows and denies cross-domain based xmlhttprequests based on the security setting. This approach is likely not going to be used on the Internet as it requires user interaction and is Internet Explorer specific. On a corporate Intranet this is slightly less difficult but not by much.

Apache mod_proxy

With this method you use the same server you shared the page from to proxy the requests automatically to the server with the data you’re fetching. For this to work your version of Apache has to be compiled with proxy support or you need to have the mod_proxy dso loaded. This method increases the latency of requests as they must first go via your server. It should also be noted that this cannot be implemented in .htaccess file and must be done in the main configuration.

Manual Proxy

If you don’t have control over your servers configuration then you can mimic the above method by writing a script that forwards the variables required and forwards back the data. This approach can even be more preferable than the above method as it allows you to preprocess the variables and cache the data if required.

References

http://www.mozilla.org/projects/security/components/signed-scripts.html

http://dev.w3.org/2006/waf/access-control/

http://developer.yahoo.com/javascript/howto-proxy.html

https://developer.mozilla.org/En/HTTP_Access_Control

http://ejohn.org/blog/cross-site-xmlhttprequest/

http://ajaxpatterns.org/XMLHttpRequest_Call

http://ajaxpatterns.org/Flash-enabled_XHR

Random Thought: Can you use AJAX to make web applications cleaner?

EncFS is an encrypted filesystem based on FUSE. It transparently encrypts files stored in it and places them on another volume. This is in contrast to block level encrypted filesystems which transparently encrypt the data under the filesystem layer as it is being written to disk. Think of EncFS as a bind mount, except that the source for the mount is encrypted and the place it is mounted to is the only place it is available unencrypted.

The main advantage of EncFS filesystems is that when backing up only the files which have changed need to be backed up. This means it works perfectly with tools such as rsnapshot. Another advantage is that the filesystem doesn’t need a block of disk allocated to it and will shrink and expand as the files inside change.

Finally because this is all implemented with FUSE it is all done in userspace. No root access is required (apart from setting FUSE up) to create and alter encfs filesystems.

Setting Up an EncFS Volume

So the first thing you need to do to setup an encfs volume is to install FUSE and EncFS. If you don’t have root access you will have to ask your sysadmin to do this for you, otherwise follow your distribution specific method of installing new packages. On Fedora it is called ‘fuse-encfs’ and on Debian/Ubuntu its called ‘encfs’. On some older systems users wishing to use FUSE may need to be added to the correct group.

First you need to decide where you will put the encfs volume, and where you’ll mount it. I usually put mine in /home/daniel/.crypt and mount it to /home/daniel/crypt. But feel free to name it whetever you want. When you’ve decided run the EncFS with those arguments, for example to use the example I specified it would look like this:

<daniel@server ~>$ encfs /home/daniel/.crypt /home/daniel/crypt
The directory "/home/daniel/.crypt/" does not exist. Should it be created? (y,n) y
The directory "/home/daniel/crypt" does not exist. Should it be created? (y,n) y
Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?>

Standard configuration selected.

Configuration finished.  The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 2:2:1
Filename encoding: "nameio/block", version 3:0:1
Key Size: 192 bits
Block Size: 1024 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File holes passed through to ciphertext.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism.  However, the password can be changed
later using encfsctl.

New Encfs Password:
Verify Encfs Password:

As you can see the directories don’t need to be created first. There is also a prompt for what security settings you want to use. Hitting enter will give you standard settings, but for something more powerful you should hit ‘p’ then enter. You can now proceed to place files in /home/daniel/crypt and they will be encrypted and placed into /home/daniel/.crypt. If you don’t believe me go ahead and check.

See? I told you so. Now you can unmount it using ‘fusermount -u /home/daniel/crypt’ and mount it again using encfs /home/daniel/.crypt /home/daniel/crypt and typing your password.

Random Thought: When travelling to other countries, local laws may mean that customs can search your laptop, including encrypted filesystems. You may have to reveal your key, or be arrested.

The Internet filter, quite simply put is technically infeasible. The filter will work by directing all requests from Australian users towards a site containing RC content to a filtering device. This device then relays all requests to that site to the actual server, unless a requests is made for a blocked page, which will instead return a page indicating the site is blocked. This is similar to the way the firewall in China and other countries with a national Internet filter. This method is effective in that it is often 100% effective (which means that every page on the blocked list is blocked, with no false positives) when done right. There is a problem however, this method does not scale well. If the government were to block a page on a large site (as was attempted to Wikipedia in the UK) then the filter would not be able to handle the load. Secondly it appears to the administrators of that site that all requests are coming from a few IP adresses. This could cause Wikipedia to eventually block all Australians either because the requests will look similar to a DDOS or because they have no way to distinguish between users and need to prevent abuse. Although the filter may be 100% accurate at blocking web traffic it will not be capable of dealing with many other varieties of Internet data.

The proposed filter will only be capable of filtering standard web traffic from web browsers. The Internet consists of a large number of computers talking in any number of protocols. While web traffic is one of these there are many other ways to exchange information. This filter will not be capable of filtering email, bit torrent, edonkey, gnutella, XMPP, DDC, SSH, VPN, TOR and that is only naming a small portion. Many people caught to have been in possession of child pornography and other illegal content are found to have downloaded it via peer to peer technology. This is because standard web traffic makes it easy to trace and identify the owner, where as peer to peer traffic can be hidden much easier. Secondly web traffic can be ‘tunnelled’ or hidden inside these other protocols and this way completely bypass the filter. This means anyone with sufficient knowledge or five minutes to learn will be able to configure their PC to hide their data amongst an SSH or VPN connection. These technical arguments come from my experience as a systems Administrator, but there are other arguments not so technical.

Steven Conroy has said that the filter will only deal with RC rated content, however there is no transparency about what will be blocked. The government can’t publish a list of sites that are blocked because that will effectively give people looking for this content a list of places to find it. Without knowing what sites are being blocked we won’t know if or when the government decides that they would like to start blocking sites that are debating for or against abortion, euthanasia or any other politically sensitive topic. It may be interesting to know that the definition for RC content includes pages instructing in any crime, which would include euthanasia. A representative for Steven Conroy has specifically stated the filter won’t be filtering pages related to euthanasia but because of this broad definition it could be changed at any time and we wouldn’t know until after the material was blocked.

I am a Unix Systems Administrator, and for the reasons listed above, and more covered better by other bloggers, I am opposed to the filter proposed by Senator Steven Conroy and the Labor government. I urge my readers who are also opposed to the filter to write to your local MP, to Senator Conroy, to Tony Smith (Shadow Minister Minister for Broadband, Communications
and the Digital Economy). If all else fails and the Government does not see sense then use your vote. The filter will not work and will waste taxpayer money that could be used in many better ways.

Random Thought: Will posting instructions about how to bypass the filter be illegal?

The user sees

You register your fingerprint using the built in reader and it saves it as your password. Next time you go to login you choose your username, swipe your finger and the PC verifies it against the one you scanned last time. If it matches then the computer logs you in.

What actually happens

1. You open up the fingerprint reader application on your laptop, it adds hooks into the Windows login system (Credential Providers).
2. You scan in one or more fingers and register them to your account.
3. The application stores the fingerprints for later use, some will even store them unencrypted.
4. When the user goes to login next time they select their username and scans a finger.
5. The fingerprint reader takes the scan and compares it to the previous scan
6. If the scan matches one of the stored scans then the user is authenticated

Why its not secure

How often do you write down your password? If you do where would you leave it? Now think about your fingerprint. Where would you leave your fingerprint? In general people don’t constantly where gloves and end up leaving fingerprints all over the place, on glasses, door handles, keyboards, touch screens and mobiles. It is a little bit harder to copy a fingerprint but security by obscurity is not an excuse. So it can be argued that a password is more secure (in that its harder to obtain) than a fingerprint.

Most fingerprint authentications allow you to use either your fingerprint, or your password. This effectively doubles the possible attack vectors for trying to get into the system. A malicious attacker can now either use a dictionary attack against your password, a fingerprint based attack against the fingerprint reader, or look for holes in either system.

Why it may actually endanger you

Do you know how the fingerprint reader is storing your fingerprints? Is it storing them as bitmaps, as a collection of swirls and whorls or as a md5 hash or some key identifiable features? If you can’t answer that question with 100% certainty then you should be concerned. If someone managed to hack your machine and retrieve bitmaps of your fingerprints then they could use them to open any other fingerprint locks you have, or implicate you in a crime.

Finally if someone is determined enough to break a law to hack your computer they could simply cut off your fingers to gain access to your PC. Of course if the fingerprint sensor has a warmth sensor they might need to microwave them first. I would hope though that you keep something that sensitive or valuable under all sorts on encryption and armed guards.

Don’t rely on fingerprint readers for added security, that is quite simply not the case. Fingerprint readers are primarily for convenience, and they could put your security and your wellbeing in danger.

Random Thought: What is this obsession with altering perfectly fine machines to remove an component that never bothers anyone? Dyson has the bladeless fan, and recently we’re seeing the spokeless bike. Have you ever looked at a fan and said: “Those blades really make that fan so annoying!”?

Generating a GPG key

If you haven’t had a GPG or PGP key before, or the one you previously has has expired you will need to generate a new keypair. A keypair consists of a private key, that you keep absolutely secret, and a public key, that you publish to the world.

You should generate a GPG key on your desktop and not on a server. Most likely a server will not have enough entropy in its random number generator and could take a while. All you then have to do is:

gpg --gen-key

You then answer the questions as follows:

• The type of key that you want is ‘DSA and Elgamal’ this way you can both encrypt messages and sign them.
• 1024 bits is probably enough, if you are planning a long expiry for your key you may want to choose 2048, and if your extremely paranoid use 4096.
• I’d suggest a key expiry of two years for a 1024 bit key, but remember you can set an expiry later, and you can also revoke your key at any time if you believe it is compromised.
• Then you fill in your details in the prompts
• Never use a key without a passphrase, any compromise of your key will result in all data people have encrypted for you being compromised and people will be able to sign things as coming from you.

After you enter the details you computer will start generating some very large numbers using cryptographically secure random data, and checking if those numbers are prime. Once your computer has two prime numbers it will generate your keys and save them for you.

Add extra uids to the key

A key can contain many uids. For example your key may contain a work uid and a home uid. If you work at many different companies or have a large number of email addresses then you could have many uids. The uids are what people who sign your key are indicating they trust. So I might decide to indicate that I trust your work uid but because I don’t know you personally  To add new uids to the key you type:

gpg --edit-key
Command> adduid

Then just as before you enter all your details. You can list the uids on the key by typing ‘uid’ at that same prompt. When you are done type ‘save’ to save the key.

Entering the web of trust

The first thing you should do is decide what keyserver you would like to publish your keys to. Most keyservers sync with other ones so this is not really that important. I would suggest hkp://keys.gnupg.net but the choice is up to you. When you have decided what keyserver you want to use place an entry in your ~/.gnupg/gpg.conf file like that says ‘keyserver hkp://keys.gnupg.net’ or whatever server you would like to use.

Now you are ready to build the inner circle of your web of trust. To do this you need to get other people to sign your keys, and them to sign yours. The more signatures you build up the easier it is to find a common link between you that is trusted.

To download another persons key you use the receive key argument for GPG. For example to download my key you can use any of the following commands:

gpg --search-keys "Daniel Hall"
gpg --search-keys "smarthall@gmail.com"
gpg --recv-keys "A3A386ED"

The first two may produce multiple matches and may ask you to select which particular key to download. At this point you should contact the user and confirm their ID so you get the right key.

Now that you’ve downloaded your friends keys you need to confirm who they are and then if all check out sign their keys. When you sign somebodies key you need to be extremely careful, signing a key is your declaration to the world that you trust that this key represents this person. If you sign keys without checking you could end up trusting people who aren’t who they say they are and people will begin to stop trusting you. To verify somebody you should meet them personally (or at an absolute minimum talk over the phone) to get their key fingerprint. As you are signing check that this fingerprint matches the key you are about to sign. To sign my key you could use the following command:

gpg --sign-key "A3A386ED"

Then you upload their key to the keyserver again to ensure that your signature on that key is now visible for the world to see. It is polite to ask people before you sign their key as many spam like signatures on a key may look bad in the eyes of others. If you had just signed my key you would upload it with:

gpg --send-key "A3A386ED"

Now all you need to do is get other people to sign your keys. I’d suggest you start with those people whose keys you have just signed as they’ll be the most willing to help you. You aim is to get enough signatures so that everybody who will need to send an encrypted document to you can find someone they trust who trusts you. It is a little more complicated than that but its essentially the idea.

Random Thought: What should the random thought on my next blog post be? Hrmmmm.

Encrypting

To encrypt a file symmetrically using GPG just run:

gpg --symmetric <filename>

It will prompt you for a password twice and create a <filename>.gpg file in the current directory. If you want to put the encrypted text in an email then add the –armour flag. The –armour flag will cause gpg to instead output a <filename>.asc file which consists of ASCII text.

Decrypting

You decrypt it like any other GPG encrypted file:

gpg -d <filename>.gpg

This will prompt you for the password and decrypt the file, printing it to standard out.

Tips

• Don’t send the password and the attachment over the same medium, especially not in the same message. I suggest you send the email with the file and call and tell them the password.
• GPG uses really strong encryption, much more secure than that used in zipfile encryption. That said if you set the password to ’123′ or ‘password’ no amount of encryption will help you. Your encryption is only as secure as the weakest point.
• With enough time files like this can be cracked using brute force. You should still do all that you can to prevent the encrypted file falling into the wrong hands.
• You really should setup GPG keys and publish them to a keyserver. That way you won’t have to worry about secure passphrase distribution.

Random Thought: How did people find the first search engine?

In a flash of inspiration last night I think I may have found a solution! My first instinct was to put a poster next to or on the ATM that shows what the ATM looks like. There are a few problems with this though. First, the scammer can simply replace the poster, secondly only the security concious will check it. So this is really a non solution.

So what if you placed pictures of critical parts in the software and display them when the user first puts in their card. Show a shot of the card insertion point, the keyboard and and overall picture. Scammers can’t simply place a poster over the screen as the user needs it to use the ATM. You ask the user to confirm all the pictures and if any don’t match you don’t let them enter their PIN, and possibly eat their card.

I’m not sure how this would work in practice. If the recent response to Vista’s UAC is anything to go by people will probably just click accept on anything. This may get the pictures in their face though. So after seeing this many pictures of ATMs they might more easily notice something amiss. Maybe its a bit ambitious, maybe its not quite scammer proof. What do my readers think?

Random Thought: I’m getting an Android phone because it runs on an ARM CPU. That and my Windows phone is on its last LEGS.

So the key part of why a SSH agent and SSH agent forwarding forwarding is so useful is due to the way keys can be attacked. If I wanted to get your SSH private key I could find some flaw in the system that would give me that /home/you/.ssh/id_rsa file you have. Of course a malicious user with root access to the system could just go in and grab it. You can prevent this kind of attack by setting a passphrase on the key. Of course the root user could replace SSH with a special version designed to get your passphrase, steal the key out of memory or setup a keylogger. This means effectively that your private key is not safe on any system where a person you don’t trust has root access, or has other users and exploitable vulnerabilities.

Single Private Key on Multiple Machines

In this example you’re trusting the security of every single machine you have your private key on. Should it get compromised then you have to revoke you public key from every host, and regenerate private keys to place on every host. Every time you put your private key on a machine you increase the chances that it could be compromised.

Multiple Private Keys On Multiple Machines

So we’re getting a little closer to a good solution. In this instance we don’t have to generate our key and roll it out to all hosts in event of a compromise. You can also have segregate groups, on set of keys for work, another for home and so on. Your keys can still be compromised easily though, and once compromised they can be used until you revoke them manually.

SSH Agent Forwarding

There is a way to keep your key safe from compromise. Now I’ll have to explain how SSH authenticates you using your key. When your authenticating with SSH keys your key isn’t sent, the server sends you some random data and challenges your client to encrypt it with your private key. It then verifies the encrypted data by decrypting it with the public key and checking if it matches the data originally sent. Now the way most people would SSH from the second host to another third host is to utilise a private key on the second host to connect to the third host. Unfortunately this method means that you have to store a key (that is open for compromise) on the second host. SSH agent forwarding tells the SSH client on the second server to send the challenge data through to the SSH client (or ssh agent) on the first host. The agent encrypts the data and sends it via the SSH session to the third client.

The beauty of this method is that the second host never sees a private key, and the challenge data is useless to try and connect to a different host. Even if the second host is compromised there isn’t a private key there to compromise. It should be noted that if the second host is compromised it can still request the agent identify for a different host, or the session to the third host can be taken over. Both these are temporary though and unless the malicious user installs their key (something easy to notice) they cannot get back in.

Diagram detailing how an SSH connection is authenticated using agent forwarding.

If you want to know more about how this works, there is a wonderful tech tip at http://unixwiz.net/techtips/ssh-agent-forwarding.html.

But how?

SSH agent forwarding is even easier than copying keys all over the place. The first step is to generate keys for all the machines you log on to directly. You need to be sure these machines are secure and that your keys will stay safe, though this is sometimes not possible. You then add the generated public key to the authorized hosts file of all the machines you will connect to from this one, including ones that take two or more steps to get to. Finally you edit your ~/.ssh/ssh_config file to tell SSH to forward your agent through those hosts. Include the intermediate hosts in this list, but not the endpoints. You could also use SSHmenu to add the arguments automatically to those SSH commands. The following disables forwarding to all hosts, and explicitly enables it to fred, and aaron.missgner.com.

Host fred
  ForwardAgent yes

Host aaron.missgner.com
  ForwardAgent yes

Host *
  ForwardAgent no

Random thought: Linux has Plug ‘n Pray too, you plug the device in and pray the drivers aren’t proprietary.