Saturday 30 March 2024

xz without seatbelts ?

 XZ without seatbelts ?


After the discovery of the xz backdoor by Andres Freund (https://www.openwall.com/lists/oss-security/2024/03/29/4), we, the cyberstorm.mu team, were very concerned. We started looking at xz-utils closer.

 

The primary maintainer of xz-utils, Lasse Collin, started auditing commits made by "Jia Tan", after CVE-2024-3094 was published. I saw some accusations against Lasse Collin and I think that he doesn't deserve such criticism. In fact, github should restore his github account immediately ! He is doing the right thing.

 

Lasse noticed something that caught my attention as I had worked on xz-utils sandboxing code long-time ago.

commit f9cf4c05edd14dedfe63833f8ccbe41b55823b00 (HEAD -> master, origin/master, origin/HEAD)
Author: Lasse Collin <lasse.collin@tukaani.org>
Date:   Sat Mar 30 14:36:28 2024 +0200

    CMake: Fix sabotaged Landlock sandbox check.
    
    It never enabled it.


 

This immediately caught my attention. I wanted to know when the Linux sandboxing code had been disabled. Lasse commit deleted a single line:

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 1f019167..0e4d464f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1001,7 +1001,7 @@ if(NOT SANDBOX_FOUND AND ENABLE_SANDBOX MATCHES "^ON$|^landlock$")
         #include <linux/landlock.h>
         #include <sys/syscall.h>
         #include <sys/prctl.h>
-.
+
         void my_sandbox(void)
         {
             (void)prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);

 

I got intrigued by this and wanted to know when this happened. Using git blame, it was fairly easy to know when:

 

328c52da8 (Jia Tan       2024-02-26 23:02:06 +0800 1004) .

 

It was added by "Jia Tan" on the 26th of February 2024. Here is the commit message:

 

commit 328c52da8a2bbb81307644efdb58db2c422d9ba7
Author: Jia Tan <jiat0218@gmail.com>
Date:   Mon Feb 26 23:02:06 2024 +0800

    Build: Fix Linux Landlock feature test in Autotools and CMake builds.
    
    The previous Linux Landlock feature test assumed that having the
    linux/landlock.h header file was enough. The new feature tests also
    requires that prctl() and the required Landlock system calls are
    supported.

 

As part of his "Fix", "Jia Tan" sabotaged the sandbox code on Linux. Why was this done ?

 

Did this code make it into a release ? Yes, it's part of the backdoor release of xz 5.6.1:

# Sandboxing: Landlock
if(NOT SANDBOX_FOUND AND ENABLE_SANDBOX MATCHES "^ON$|^landlock$")
    # A compile check is done here because some systems have
    # linux/landlock.h, but do not have the syscalls defined
    # in order to actually use Linux Landlock.
    check_c_source_compiles("
        #include <linux/landlock.h>
        #include <sys/syscall.h>
        #include <sys/prctl.h>
.

Here are some speculations: There might be 0-day vulnerabilities in xz that are  protected against by the sandbox code. I think it's good to run xz in some kind of sandbox, especially for decompression. 

 

It's clear that this was done by highly experienced crackers. I remember PHK's video about "Operation Orchestra" BOYS programme. 

https://www.youtube.com/watch?v=fwcl17Q0bpk&t=1385s

 

 

//Logan

(logan@Cyberstorm.mu team -- https://twitter.com/loganaden_42)

 

 

 

 




Monday 20 November 2023

Mauritian universities are no longer in the game.

Introduction 

Mauritius is a tiny island with only 1.3 million people. Surprisingly, it has a high number of public Tertiary education institutions: University of Mauritius, University of Technology, University des Mascareignes and Open Univeristy. The information is obtained from this link: https://www.hec.mu/hei. All of those universities receive money from the government and have some kind of involvement in Computer Science & technology.


How much money do they get ?

University of Mauritius: Rs 615.8 M
University of Technology: Rs 70 M
University of Mascareignes: Rs 125.9 M
Open University: Rs 10 M

This is a LOT of money which is being poured into those universities every year as part of yearly grants. I would expect a LOT more from UoM, and UdM given that they are the 2 major beneficiaries. Every year, we have to work very hard to pay taxes to sustain this.

Gateway to Africa

Mauritius has often advertised itself as the gateway to Africa. How much of that is true today as African countries develop better infrastructure and increase access to the internet ? Personally,  I no longer buy this. I think we, as Mauritians, need to wake up. Countries such as Tunisia are rapidly positioning themselves as Suitable hosts for niche domains in the area of cryptography which is used by several companies to secure internet communications on a daily basis. 

Tunisia organized in 2023 the AfricaCrypt conference https://africacrypt2023.tn/ which is recognized by a prestigious and well respected academic organization known as IACR or International Association for Cryptologic Research. None of the Mauritian universities were present. Due to our geography, we remain isolated.

Mauritius is widely considered to have contributed to cryptography (see: https://www.theregister.com/2018/11/02/ssh_rc4_security/) for a long time. A large part of this work is done by the cyberstorm.mu group which is made up of students and engineers. However, the academic presence of Mauritian Universities at AfricaCrypt is ... 0. 

Repositioning Mauritius

The next AfricaCrypt conference is in Cameroon (https://www.africacrypt2024.com/). Will Universities of Mauritius have some kind of presence there ? Are we still a relevant leader in Africa ?

I hope to see at least a university from Mauritius present in the program committee of AfricaCrypt for 2024.

By browsing the list of committee members for 2023:

  • Riham AlTawy, university of Victoria, Canada
  • Laila El Aimani, University of Caddi Ayyad, Marocco
  • Hoda Alkhzaimi, NYU Abu Dhabi, United Arab Emirates
  • Greg Alpar, Open University, The Netherlands
  • Kevin Atighechi, University of Clermont-Ferrand, France
  • Hatem M. Bahig, Ain Shams University, Egypt
  • Hussain Benazza, UMI, ENSAM Meknes, Morocco
  • Shivam Bhasin, Tamasek Lab, Nanyang Technological University, Singapore
  • Sebastien Canard, Orange Labs, France
  • Suvradip Chakraborty, ETH, Switzerland
  • Chitchanok Chuengsatiansup, University of Melbourne, Australia
  • Tingting Cui, HangZhou DianZi University, China
  • Joan Daemen, Radboud University, The Netherlands
  • Youssef El Housni, ConsenSys R&D, France
  • Georgios Fotiadis, University of Luxembourg
  • Emmanuel Fouotsa, University of Bamenda, Cameroun
  • Gina Gallegos-Garcia, Instituto Politécnico Nacional, Mexico
  • Romain Gay, IBM Research, Switzerland
  • Loubna Ghammam, ITK Engineering Gmbh (Bosch), Germany
  • Satrajit Ghosh, IIT Kharagpur, India
  • Lorenzo Grassi, Radboud University, The Netherlands
  • Javier Herranz, Universitat Politècnica de Catalunya, Spain
  • Akinori Hosoyamada, NTT, Japan 
  • Sorina Ionica, University of Picardie, France
  • Juliane Kramer, TU Darmstadt, Germany
  • Fabien Laguillaumie, University of Montpellier, France
  • Patrick Longa, Microsoft Research, Redmond, US
  • Marc Manzano, SandboxAQ, Spain
  • Sarah McCarthy, University of Waterloo, Canada
  • Marine Minier, Université de Lorraine, France
  • Mainack Mondal, Indian Institute of Technology (IIT), India
  • Abderrahmane Nitaj, University of Caen Normandie, France
  • Sami Omar, University of Bahrein, Bahrein
  • Yanbin Pan, Chinese Academy of Science, China
  • Sikhar Patranabis, IBM Research, India
  • Christophe Petit, University of Birmingham, United Kingdom
  • Elizabeth A. Quaglia, Royal Holloway, University of London, United Kingdom
  • Divya Ravi, Aarhus University, Denmark
  • Joost Renes, NXP, The Netherlands
  • Yann Rotella, Université Paris-Saclay, France
  • Simona Samardjiska, Radboud University, The Netherlands
  • Ali Aydin Selçuk, TOBB University of Economics and Technology, Turkey
  • Dave Singelee, KU Leuven, Belgium
  • Djiby Sow, University of Dakar, Senegal
  • Pontelimon Stanica, Naval Postgraduate School, Monterey, USA
  • Vanessa Vitse, University of Grenoble, France
  • Souheib Yousfi, University of Carthage, Tunisia

 


we can see Tunisia, Cameroon, Senegal and Morocco. Even Singapore is present despite being a small country. 

Are we still playing football ?

Mauritius has a strong football culture. However, we aren't known for our strong performance during FIFA. We are mostly known as a tourist destination. No big country is sweating when Mauritius plays a football match because we are not considered a threat. We are out of the global football game.

For cryptography, we are taken seriously as Mauritius has contributed to both design and implementation of cryptography which is used globally. and yet, we have 0 academic contribution to AfricaCrypt. 

Mauritius as a country specialized in cryptography

Having laid out the foundation of a niche market in Mauritius, we are in a unique position to become the african leaders. However, our major pain point is the lack of academic involvement in cryptography from Mauritian Universities. Once we are able to fix this, we can move forward to doing Research with Practical application that can create new markets for Local companies in Mauritius. Are our universities ready to do that ?

Sunday 6 November 2022

IETF 115 hackathon

 First onsite hackathon since 2019 

Cyberstorm.mu has operated efficiently by getting people together online since covid-19. After a lot of requests for an actual hackathon, it was time to get back to a face to face hackathon. We chose a nice venue close to Blue Bay. The beach was walking distance from us.

We admit that cyberstorm.mu has been less active due to a number of factors. Personally, i got less and less time to spend during the weekends. However, it was time to get back into the game. It was great to see students from University of Mauritius (Keelan Cannoo, Jeevesh "Sarvesh" Dindyal & Darshan N) joining us. I think that it brings some fresh perspective into our "aging" group. 

Kifah Meeran, Jeremie Daniel, Nathan Mangar and Jagveer Loky were finally back together. It was a long time since we all meet physically. It was interesting to see the mix of seasoned ietf participants and new blood.

I spent my time most reviewing code of others and offer hints of how to tackle tricky TLS issues.

Slides here with one pic: https://github.com/IETF-Hackathon/ietf115-project-presentations/blob/main/ietf_115_tls_hackathon.pdf

Additionally, i think it's great to see new faces with some fairly ambitious ideas :-)

We did experiment with unstable wifi. At one point, we fixed this by pointing the antenna in the same direction as the hotel's wifi antenna. It didn't help that a coconut tree was right in the path.








Wednesday 3 August 2022

Operation ARC4

 

Operation ARC4

We (cyberstorm.mu ) decided to take this as a challenge: How can we make the Internet in Mauritius a little bit more secure against “Sniffing” attacks ?

We, the cyberstorm group, have been working on encryption since 2017, way before “Sniffing” became news for Mauritius. We implemented TLS 1.3 (An encryption system) inside several open source applications and forever changed the perception about Mauritius as a tourist-only destination (see: https://blogs.cisco.com/developer/ietf-103-hackathon) ! We are therefore keenly aware of where there could be potential weaknesses in the current Internet encryption systems.

In our efforts to make encrypted traffic more resistant for attackers, we have to think very hard about current weaknesses of encryption protocols such as TLS or SSH. One of the most critical components of ANY cryptographic protocol is a good source of random number generation. We have published our work within the Internet Engineering Task Force (IETF) which is the standards body for several encryption protocols such as TLS.

Indeed, if you look at TLS 1.3 IETF RFC 8446 :

If a server established a TLS connection with a previous version of
TLS and receives a TLS 1.3 ClientHello in a renegotiation, it MUST
retain the previous protocol version. In particular, it MUST NOT
negotiate TLS 1.3.
Structure of this message:
uint16 ProtocolVersion;
opaque Random[32];

Now, let us assume that the Random 32 bytes field wasn’t as randomized. After all, randomization is hard. Could this lead to a country being able to decrypt partially Internet traffic ? 


Could we make it more random ? Turns out OpenBSD developers got an idea. How about we make the rekey interval of arc4random(), a popular randomization API, less predictable ?


This is what we worked on during Operation ARC4 . A hackathon is a collaborative event where developers get together to work on specific goals in a limited amount of time. We audited several implementations of the arc4random() API and attempted to make it better. This particular patch was adopted in libbsd. There’s no time for long talks or endless debates. Our efforts will eventually ship in your Smartphones (Android or Iphone). If you're building any kind of online service using Linux or *BSD servers, you will also benefit from this ! The faster you update your servers and phones, the more secure you will be.


Why does cyberstorm.mu work on encryption? Short answer: We love it. Long answer is that we care about privacy of Internet Users. We see ourselves as artists and the internet is one big canvas. Unlike a lot of other IT people who have 0 coding in Open Source cryptographic/encryption code, we believe in “Rough consensus and running code”. In other words, actions speak louder than words. You can join the cyberstorm.mu community and actively take part in making the internet in Mauritius and around the world more secure by working with us on the facebook group:

https://www.facebook.com/groups/Cyberstorm.mu

Twitter:

https://twitter.com/CyberstormMu/



Loganaden Velvindron

(Cyberstorm.mu founding member)





xz without seatbelts ?

 XZ without seatbelts ? After the discovery of the xz backdoor by Andres Freund ( https://www.openwall.com/lists/oss-security/2024/03/29/4 )...