Flackery
June 29, 2008 at 10:21 am
Inexplicably, my e-mail address seems to have wound up on the distribution lists of a number of PR people, who are now sending me press releases announcing new hardware and software a few days before the news officially hit the wire.
There are lots of problems with this setup. Notably:
- Since I didn’t ask for these releases, they’re unsolicited. Since they’re not addressed to me but mailed to a distribution list, they’re bulk messages. Since they’re transferred by e-mail, this makes them unsolicited bulk e-mail, which is the official name for spam. To say nothing of the fact that most of the e-mails include no obvious way to opt-out from future communiques.
- These are press releases, so they’re written to absolutely destroy my chances of gleaning any useful information whatsoever about the product being discussed. This is by design, as press releases focus on explaining what industry the product will revolutionize and how it will increase leveraged synergies for the manufacturer instead of, you know, telling me why the hell I should care about the product.
- Possessing no useful information about the product, and not having seen it since it hasn’t even been announced yet, what am I supposed to do with the “information”? Write or care about it, sight unseen, based on the press release?
So, new rules. I’m usually interested in both new software and hardware. If you want me to look at software you’ve built, send me a short technical description of why I should care, along with a link to a demo install if it’s a web app or a download link if it’s not. If you want me looking at hardware, send me the technical specs and tell me how, if you’ve managed to interest me, I can get my hands on a unit to play with — you can have it back in perfect condition when I’m done. In both cases, include the e-mail address of a technical contact, which is someone I can ask questions and expect intelligent technical answers. In neither case should you actually send me the press release itself.
Following these simple guidelines, dear PR people, will win you a reprieve from my spam filter despite the fact that you’re still sending me spam. Failure to follow them will, on the other hand, earn you a permanent date with said spam filter (he goes by “Bubba”) and cause me to report you to Spamhaus, your ISP for violating their terms of service, and inform the company you’re representing of your uncouth business practices.
Much love.
I’m off to Vancouver tomorrow to keynote the 20th annual FIRST conference, where I get to tell a bunch of smart security people that we’re massively screwing the pooch as an industry. It’s great fun. In fact, I’m pretty sure I’m becoming the official boogeyman of the security conference circuit — costume ideas appreciated.
Anyway, if you’re in Vancouver, New York, Helsinki, Concepción (Chile) or Barcelona in the upcoming months — see the handy-dandy talk list — and want to grab a beer or commiserate about the world, the human condition, and the heart-breaking ennui of it all, send an e-mail. The boogeyman will oblige. First scare is free.
A new malware variant by the name Gpcode.ak has been raising eyebrows in the security community. Upon infecting a computer, the trojan will encrypt the user’s documents, leaving a text file which demands money in exchange for a decryption key.
There are no new ideas here: encryption malware has been around for the better part of a decade, Adam Young and Moti Yung wrote a book about cryptovirology in 2004, and even Gpcode itself has been around since 2005, albeit with a far more primitive approach to encryption that the current incarnation.
The latest instance gets the crypto mostly right: it creates a unique 128-bit RC4 (Arcfour) key on each machine and uses a random initialization vector for each file it targets. The IV is written to the beginning of the file, encrypted by the per-machine key, run through MD5, and the output constitutes the per-file key, used to encrypt each file with RC4. At the end, the main per-machine RC4 key is encrypted with a 1024-bit RSA public key which the malware carries within its payload. The malware author can then send a tailored, per-machine decryptor to folks who pay up.
If you keep backups, you can obviously treat this attack as a simple data loss scenario. And if you don’t have backups and badly need the files back, you have no option but to pay: when used correctly, cryptography works. In their encrypted form and without the RSA private key, the files are as good as garbage. Anti-virus companies have no technological defense against this, can’t make any, and are being appropriately forthcoming:
A security company on Friday asked for help cracking an encryption key central to an extortion scheme that demands money from users whose PCs have been infected by malware. … “Along with antivirus companies around the world, we’re faced with the task of cracking the RSA 1024-bit key,” said Aleks Gostev, a senior virus analyst [at Kaspersky Lab].
See? Completely reasonab… wait, what? Factor the key? Seriously?
Arjen Lenstra and Eric Verheul estimate that, in 2009, a machine that can factor a RSA-1024 key in a day would cost $250 million. With a massive cluster of regular computers, such a computation would take years. And it gets better: 2048-bit RSA keys are considered impractical to factor before the year 2030, while 3072-bit keys are likely to provide protection beyond then. Do you see where this is going?
Even if the present key is factored, it’ll take the malware author mere minutes to generate a stronger one, insert it into the malware payload, and send it on its merry way. And we won’t be able to factor that one.
In fact, focusing on the cryptography in the malware misses the point entirely. What the malware is exposing is the far simpler fact that our desktop security systems are fundamentally broken, as there is no reason that a piece of malware executing silently in the background should have access to a user’s files without interaction or approval. If file access was securely brokered, we wouldn’t have to care about the crypto.
We know how to build desktop systems that are both drastically more secure and more usable than the ones in use today. Prototypes like CapDesk and Polaris demonstrate this on mainstream systems, while my own Bitfrost does so on the OLPC laptops. You won’t see ransomware on the XO-1.
When it comes to Gpcode, factoring the RSA key is the dumbest possible course of action. I know it, the security community knows it, and Kaspersky Lab knows it. It’s a press gambit, and one that I found distasteful at first. But I’ve come around: it grabs headlines, and maybe a proliferation of headline-grabbing, panic-sowing, fear-inducing threats like cryptoviral ransomware is exactly what’s needed to overcome inertia from operating system vendors and finally move us towards a more secure desktop.
Much love, Kaspersky Lab. Let’s go factor some keys.
