Keeping computer and technology news simple.

May 3, 2008

(IN)SECURE Magazine #16




(IN)SECURE Magazine #16 has been released. For those unfamiliar, its a PDF with no DRM, and always has excellent infosec content

May 1, 2008

Microsoft Discloses Government Backdoor on Windows Operating Systems

Microsoft may have inadvertently disclosed a potential Microsoft backdoor for law enforcement earlier this week. To explain this all, here is the layman term of a backdoor from Wikipedia:

A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device.


According to an article on PC World: “The software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool that ships with Windows.

Not a big deal until you keep reading: “Although Microsoft is reluctant to give out details on its botnet buster — the company said that even revealing its name could give cyber criminals a clue on how to thwart it

Stop the press for second or two and look at this logically: “users who have installed the Malicious Software Removal tool” followed by “ Microsoft is reluctant to give out details on its botnet buster — the company said that even revealing its name could give cyber criminals a clue on how to thwart it”, what? This is perhaps the biggest gaffe I’ve read thus far on potential government collusion with Microsoft.

We then have the following wording: “Microsoft had not previously talked about its botnet tool, but it turns out that it was used by police in Canada to make a high-profile bust earlier this year.” So again, thinking logically at what has been said so far by Microsoft; “We have a tool called Malicious Software Removal tool…”, “we can’t tell you the name of this tool since it would undermine our snooping…”, “it’s been used by law enforcement already to make a high-profile bust earlier this year.

Remember a “Malicious Software Reporting Tool” is a lot different from a “Malicious Software Removal Tool”. Understanding networking, computing, botnets, let’s put this concept into a working model to explain how this is nothing more than a backdoor. You have an end user, we’ll create a random Windows XP user: Farmer John in North Dakota. Farmer John in North Dakota uses his machine once a week to read news, send family email, nothing more. He installed Microsoft’s Malicious Removal Tool. Farmer John’s machine becomes infected at some point and sends Microsoft information about the compromise: “I’m Farmer John’s machine coming from X_IP_Address”.

A correlation is done with this information and then supposedly used to track where the botnet’s originating IP address is from. From the article: “Analysis by Microsoft’s software allowed investigators to identify which IP address was being used to operate the botnet, Gaudreau said. And that cracked the case.” This is not difficult, detect a DST (destination) for malware sent from Farmer John’s machine. Simple, good guys win, everyone is happy.

The concept of Microsoft’s Malicious Software Removal tool not being a backdoor is flawed. For starters, no information is ever disclosed to someone installing the Windows Malicious Software removal tool: “Windows will now install a program which will report suspicious activity to Microsoft”. As far as I can recall on any Windows update, there has never been any mention of it.

“But this is a wonderful tool, why are you being such a troll and knocking Microsoft for doing the right thing!”. The question slash qualm I have about this tool is I’d like to know what, why, when and how things are being done on my machine. It’s not a matter of condemning Microsoft, but what happens if at some point in time Microsoft along with government get an insane idea to branch away from obtaining other data for whatever intents and purposes?

We’ve seen how the NSA is allowed to gather any kind of information they’d like (http://www.eff.org/issues/nsa-spying), we now have to contend with Microsoft attempting to do the same. Any way you’d like to market this, it reeks of a backdoor: (again pointing to the definition) A backdoor in a computer system … is a method of bypassing normal authentication, … obtaining access to … , and so on, while attempting to remain undetected. There’s no beating around the bush here on what this tool is and does.

This is reminiscent of the 90’s with the NSA’s ECHELON program. In 1994, the NSA intercepted the faxes and telephone calls of Airbus. What resulted was the information was then forwarded to Boeing and McDonnell-Douglas in which they snagged the contract from under Airbus’ feet. In 1996, the CIA hacked into the computers of the Japanese Trade Ministry seeking “negotiations on import quotas for US cars on the Japanese market”. Resulting with the information being passed off to “US negotiator Mickey Kantor” who accepted a lower offer.

As an American you might say “so what, more power to us” but to think that any government wouldn’t do it to its own citizens for whatever reason would be absurd. There are a lot of horrible routes this could take.

What happens if slash when for some reason or another the government decides that you should not read a news site, will Microsoft willingly oblige and rewrite the news in accordance to what the government deems readable?

How about the potential to give Microsoft a warrantless order to discover who doesn’t like a President’s “health care plan”, or who is irrate and whatever policy; Will Microsoft sift through a machine to retrieve relevant data to disclose to authorities?

That doesn’t include the potential for say technological espionage and gouging of sorts. What’s to stop Microsoft from say, mapping a network and reporting all “non-Microsoft” based products back to Microsoft. The information could then be used to say raise support costs, allow Microsoft to offer juicier incentives to rid the network of non MS based products, the scenarios are endless.

Sadly, most people will shrug and pass it off as nothing. Most security buffs, experts, etc., haven’t mentioned a word of it outside of “the wonderful method to remove, detect, botnets!” and I don’t necessarily disagree it’s a unique way to detect what is happening, but this could have been done at the ISP and NSP level without installing a backdoor. Why didn’t law enforcement approach botnets from that avenue? Perhaps they have, this I’m actually certain of which leads me to believe this is a prelude of something more secretive that has yet to be disclosed or discovered.

http://www.pcworld.com/businesscenter/article/145257/microsoft_botnethunting_tool_helps_bust_hackers.html
http://cryptome.org/echelon-ep-fin.htm (ECHELON MISHAPS)
MORE ON MICROSOFT’S POTENTIAL GOVERNMENT BACKDOOR

Researchers at HP have solved the 37-year mystery of the memory resistor, the missing 4th circuit element.

PHOTO: R. Stanley Williams

1 May 2008—Anyone familiar with electronics knows the trinity of fundamental components: the resistor, the capacitor, and the inductor. In 1971, a University of California, Berkeley, engineer predicted that there should be a fourth element: a memory resistor, or memristor. But no one knew how to build one. Now, 37 years later, electronics have finally gotten small enough to reveal the secrets of that fourth element. The memristor, Hewlett-Packard researchers revealed today in the journal Nature, had been hiding in plain sight all along—within the electrical characteristics of certain nanoscale devices. They think the new element could pave the way for applications both near- and far-term, from nonvolatile RAM to realistic neural networks.

The memristor's story starts nearly four decades ago with a flash of insight by IEEE Fellow and nonlinear-circuit-theory pioneer Leon Chua. Examining the relationships between charge and flux in resistors, capacitors, and inductors in a 1971 paper, Chua postulated the existence of a fourth element called the memory resistor. Such a device, he figured, would provide a similar relationship between magnetic flux and charge that a resistor gives between voltage and current. In practice, that would mean it acted like a resistor whose value could vary according to the current passing through it and which would remember that value even after the current disappeared.

But the hypothetical device was mostly written off as a mathematical dalliance. Thirty years later, HP senior fellow Stanley Williams and his group were working on molecular electronics when they started to notice strange behavior in their devices. “They were doing really funky things, and we couldn't figure out what [was going on],” Williams says. Then his HP collaborator Greg Snider rediscovered Chua's work from 1971. “He said, ‘Hey guys, I don't know what we've got, but this is what we want,' ” Williams remembers. Williams spent several years reading and rereading Chua's papers. “It was several years of scratching my head and thinking about it.” Then Williams realized their molecular devices were really memristors. “It just hit me between the eyes.”

The reason that the memristor is radically different from the other fundamental circuit elements is that, unlike them, it carries a memory of its past. When you turn off the voltage to the circuit, the memristor still remembers how much was applied before and for how long. That's an effect that can't be duplicated by any circuit combination of resistors, capacitors, and inductors, which is why the memristor qualifies as a fundamental circuit element.

The classic analogy for a resistor is a pipe through which water (electricity) runs. The width of the pipe is analogous to the resistance of the flow of current—the narrower the pipe, the greater the resistance. Normal resistors have an unchanging pipe size. A memristor, on the other hand, changes with the amount of water that gets pushed through. If you push water through the pipe in one direction, the pipe gets larger (less resistive). If you push the water in the other direction, the pipe gets smaller (more resistive). And the memristor remembers. When the water flow is turned off, the pipe size does not change.

Such a mechanism could technically be replicated using transistors and capacitors, but, Williams says, “it takes a lot of transistors and capacitors to do the job of a single memristor.”

The memristor's memory has consequences: the reason computers have to be rebooted every time they are turned on is that their logic circuits are incapable of holding their bits after the power is shut off. But because a memristor can remember voltages, a memristor-driven computer would arguably never need a reboot. “You could leave all your Word files and spreadsheets open, turn off your computer, and go get a cup of coffee or go on vacation for two weeks,” says Williams. “When you come back, you turn on your computer and everything is instantly on the screen exactly the way you left it.”

Chua deduced the existence of memristors from the mathematical relationships between the circuit elements. The four circuit quantities (charge, current, voltage, and magnetic flux) can be related to each other in six ways. Two quantities are covered by basic physical laws, and three are covered by known circuit elements (resistor, capacitor, and inductor), says Columbia University electrical engineering professor David Vallancourt. That leaves one possible relation unaccounted for. Based on this realization, Chua proposed the memristor purely for the mathematical aesthetics of it, as a class of circuit element based on a relationship between charge and flux.

Image: J. J. Yang/HP Labs

Chua calls the HP work a paradigm shift; he likens the addition of the memristor to the circuit design arsenal to adding a new element to the periodic table: for one thing, “now all the EE textbooks need to be changed,” he says.

So why hadn't anyone seen memristance? Chua actually produced a memristor in the 1970s with an impractical combination of resistors, capacitors, inductors, and amplifiers as a proof of concept. But memristance as a property of a material was, until recently, too subtle to make use of. It is swamped by other effects, until you look at materials and devices that are mere nanometers in size.

No one was looking particularly hard for memristance, either. In the absence of an application, there was no need. No engineers were saying, “If we only had a memristor, we could do X,” says Vallancourt. In fact, Vallancourt, who has been teaching circuit design for years, had never heard of memristance before this week.

"now all the EE textbooks need to be changed" -IEEE Kirchoff Award winner Leon Chua on the discovery of the memresistor.

But the smaller the scales of the devices scientists and engineers were working with got, the more the devices started behaving with the postulated “memristor” effect, says Chua, who is now a senior professor at Berkeley.

There had been clues to the memristor's existence all along. “People have been reporting funny current voltage characteristics in the literature for 50 years,” Williams says. “I went to these old papers and looked at the figures and said, ‘Yup, they've got memristance, and they didn't know how to interpret it.' ”

“Without Chua's circuit equations, you can't make use of this device,” says Williams. “It's such a funky thing. People were using all the wrong circuit equations. It's like taking a washing machine motor and putting it into a gasoline-powered car and wondering why it won't run.”

Williams found an ideal memristor in titanium dioxide—the stuff of white paint and sunscreen. Like silicon, titanium dioxide (TiO2) is a semiconductor, and in its pure state it is highly resistive. However, it can be doped with other elements to make it very conductive. In TiO2, the dopants don't stay stationary in a high electric field; they tend to drift in the direction of the current. Such mobility is poison to a transistor, but it turns out that's exactly what makes a memristor work. Putting a bias voltage across a thin film of TiO2 semiconductor that has dopants only on one side causes them to move into the pure TiO2 on the other side and thus lowers the resistance. Running current in the other direction will then push the dopants back into place, increasing the TiO2's resistance.

HP Labs is now working out how to manufacture memristors from TiO2 and other materials and figuring out the physics behind them. They also have a circuit group working out how to integrate memristors and silicon circuits on the same chip. The HP group has a hybrid silicon CMOS memristor chip “sitting on a chip tester in our lab right now,” says Williams.

The implications for circuit design may be niche at the moment. “This will require a fair amount of work to exploit,” says Columbia's Vallancourt. Applications will have to be identified in which the memristor's unique characteristics offer possibilities not covered by today's components.

Williams is in talks with several neuroscience/engineering labs that are pursuing the goal of building devices that emulate neural systems. Chua says that synapses, the connections between neurons, have some memristive behavior. Therefore, a memristor would be the ideal electronic device to emulate a synapse.

By redesigning certain types of circuits to include memristors, Williams expects to obtain the same function with fewer components, making the circuit itself less expensive and significantly decreasing its power consumption. In fact, he hopes to combine memristors with traditional circuit-design elements to produce a device that does computation in a non-Boolean fashion. “We won't claim that we're going to build a brain, but we want something that will compute like a brain,” Williams says. They think they can abstract “the whole synapse idea” to do essentially analog computation in an efficient manner. “Some things that would take a digital computer forever to do, an analog computer would just breeze through,” he says.

The HP group is also looking at developing a memristor-based nonvolatile memory. “A memory based on memristors could be 1000 times faster than magnetic disks and use much less power,” Williams says, sounding like a kid in a candy store.

Chua agrees that nonvolatile memory is the most near-term application. “I'm very happy that this is a breakthrough,” he says. “The reality is that at the nanoscale, this effect becomes dominant, and you'll find it whether you like it or not. I'm glad I can point people in the right direction.”

Source.

Previous entries: