TOWR Security Brief: 25 August 2016

Hi everyone,

Please accept our apologies for the delays on getting this brief out.  I’m filling in for Kit on this post, so the formatting might be a different than you’re used to.

In this week’s brief, we’re going to talk about:

  • Surveillance in Baltimore
  • NSA Word Games
  • 3DES and Blowfish vulnerabilities
  • Vulnerabilities in Juniper Firewalls

Baltimore:
https://t.co/Eq3iVAs2Lw

From Bloomberg, news of surveillance in Baltimore. Of particular interest is an airborne live feed surveillance system that can view an entire city.

“In 2006 he gave the military Angel Fire, a wide-area, live-feed surveillance system that could cast an unblinking eye on an entire city.

The system was built around an assembly of four to six commercially available industrial imaging cameras, synchronized and positioned at different angles, then attached to the bottom of a plane. As the plane flew, computers stabilized the images from the cameras, stitched them together and transmitted them to the ground at a rate of one per second. This produced a searchable, constantly updating photographic map that was stored on hard drives. His elevator pitch was irresistible: “Imagine Google Earth with TiVo capability.””

Remember that the next time you’re at a protest.


NSA Word Games:
https://www.eff.org/deeplinks/2016/08/nsa-word-games-mass-v-targeted-surveillance-under-section-702

The EFF recently published an article illustrating how the NSA torments language to downplay its surveillance of the American people.

“Since 2008, the NSA has seized tens of billions of Internet communications. It uses the Upstream and PRISM programs—which the government claims are authorized under Section 702 of the FISA Amendments Act—to collect hundreds of millions of those communications each year. The scope is breathtaking, including the ongoing seizure and searching of communications flowing through key Internet backbone junctures,[1]the searching of communications held by service providers like Google and Facebook, and, according to the government’s own investigators, the retention of significantly more than 250 million Internet communications per year.[2]

Yet somehow, the NSA and its defenders still try to pass 702 surveillance off as “targeted surveillance,” asserting that it is incorrect when EFF and many others call it “mass surveillance.”

Our answer: if “mass surveillance” includes the collection of the content of hundreds of millions of communications annually and the real-time search of billions more, then the PRISM and Upstream programs under Section 702 fully satisfy that definition. ”

That’s what, in statement analysis, is called a personal dictionary. Make sure when you’re speaking to someone that you know what they mean when they use a particular word or phrase.


3DES and Blowfish Vulnerabilies:
https://threatpost.com/new-collision-attacks-against-3des-blowfish-allow-for-cookie-decryption/120087/

Threat Post recently published an article regarding the possibility of older ciphers used to encrypt authentication cookies for the web being cracked.

“RC4 apparently is no longer the lone pariah among smaller cryptographic ciphers. Already broken and set for deprecation by the major browser and technology makers, RC4 could shortly have company in Triple-DES (3DES) and Blowfish. Researchers are set to present new attacks against 64-bit ciphers that allow for the recovery of authentication cookies from 3DES-protected traffic in HTTPS and the recovery of usernames and passwords from OpenVPN traffic, which is secured by default by Blowfish.”

Our advice is to always make sure your browser is up to date, use two-factor authentication where possible, and if privacy is really important use TAILS or Tor Browser.


Juniper Firewall Exploit:
http://www.scmagazine.com/juniper-confirms-leaked-nsa-exploits-affect-its-firewalls-no-patch-released-yet/article/518235/

Speaking of our friends at the NSA, security appliance manufacturer Juniper Networks just revealed that, unsurprisingly, they have a vunerability that could allow access to, well, pretty much anyone. How does your traffic flow across the internet? Who else is compromised and hasn’t publicized it yet?

That’s it for this briefing.  Stay tuned, we’ll have more coming soon.  Thanks for your feedback and input!

Author: Steve

Steve is a father of two, husband of one, devoted follower of Christ, IT guy, and jack of all trades. He’s a liberty activist, blogger, gun lover, and general class radio operator. He read entirely too much Heinlein as a child and routinely fails at his attempts to become the “competent man”.

One thought on “TOWR Security Brief: 25 August 2016”

Leave a Reply

Your email address will not be published. Required fields are marked *