Posts tagged ‘defcon’

TorrentFreak: The Art of Unblocking Websites Without Committing Crimes

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

networkThe blocking of sites such as The Pirate Bay, KickassTorrents and Torrentz in the UK led to users discovering new ways to circumvent ISP-imposed censorship. There are plenty of solutions, from TOR and VPNs, to services with a stated aim of unblocking ‘pirate’ sites deemed illegal by UK courts.

Last month, however, dozens of these went offline when the operator of Immunicity and other related proxy services was arrested by City of London Police’s Intellectual Property Crime Unit. He now faces several charges including breaches of the Serious Crime Act 2007, Possession of Articles for Use in Fraud, Making or Supplying Articles for use in Frauds and money laundering.

While it’s generally accepted that running a site like The Pirate Bay is likely to attract police attention, merely unblocking a domain was not thought to carry any such risk. After all, visitors to torrent sites are just that, it’s only later on that they make a decision to infringe or not.

In our earlier article we discussed some of the possible reasons why the police might view “pirate” proxies to be illegal. However, there are very good arguments that general purpose proxies, even ones that are expressly setup to bypass filtering (and are able to unblock sites such as Pirate Bay), remain on a decent legal footing.

One such site is being operated by Gareth, a developer and networking guru who grew so tired of creeping Internet censorship he began lobbying UK MPs on the topic, later moving on to assist with the creation of the Open Rights Group’s Blocked.org.uk.

After campaigning and documenting Internet censorship issues for some time, Gareth first heard of last month’s proxy arrest during a visit to the United States.

“I was at DefCon in Las Vegas when the news of the Immunicity arrest reached me and I realized that for all my volunteer work, my open source applications, operation of Tor relays, donations and letters to MPs to highlight/combat the issues with Internet censorship, it was not enough,” the developer told TorrentFreak.

“I felt that this issue has moved from a political / technical issue to one about personal liberty and Internet freedom. e.g. first they came for the ‘pirate proxies’, then the Tor operators, then the ISPs that don’t censor their customers. The slippery slope is becoming a scary precipice.”

Since his return to the UK, Gareth has been busy creating his own independent anti-censorship tool. He’s researched in detail what happened to Immunicity, taken legal advice, and is now offering what he hopes is an entirely legal solution to website filtering and subsequent over-blocking (1)(2).

“Unlike Immunicity et al I’m not specifically building a ‘Pirate Proxy’. Granted people might use this proxy to navigate to torrent websites but were I to sell a laptop on eBay that same person may use it for the same reasons so I see no difference,” he explains.

“In fact Section 44, subsection 2 of the Serious Crimes Act 2007 even states [that an individual] is not to be taken to have intended to encourage or assist the commission of an offense merely because such encouragement or assistance was a foreseeable consequence of his act.”

The result of Gareth’s labor is the anti-censorship service Routing Packets is Not a Crime (RPINAC). People who used Immunicity in the past should feel at home, since RPINAC also utilizes the ability of popular browsers to use Proxy Auto-Config (PAC) files.

In the space of a couple of minutes and with no specialist knowledge, users can easily create their own PAC files covering any blocked site they like. Once configured, their browser will silently unblock them.

Furthermore, each PAC file has its own dedicated URL on RPINAC’s servers which users can revisit in order to add additional URLs for unblocking. PAC ‘unblock’ files can also be shared among like-minded people.

“When someone creates a PAC file they are redirected to a /view/ endpoint e.g. https://routingpacketsisnotacrime.uk/view/b718ce9b276bc2f10af90fe1d5b33c0d. This URL is not ephemeral, you can email it, tweet it (there is a tweet button on the left hand side of the site) etc and it will provide the recipient with the exact same view.

“It’ll show which URLs are specified to be proxied, which have been detected as blocked (using the https://blocked.org.uk database) and if the author passed along the password (assuming the PAC was password protected) they can add or remove URLs too,” Gareth explains.

“Each view page also has a comments section, this could allow for a small collection of individuals to co-ordinate with a smaller subset of password possessing moderators to create a crowd sourced PAC file in an autonomous fashion. There is also a ‘Clone’ button allowing anybody to create their own copy of the PAC file with their own name, description and password if the PAC file they’ve received isn’t quite what they need.”

This user-generated element of the process is important. While dedicated ‘pirate’ proxy sites specifically unblock sites already deemed illegal by the UK courts (and can be deemed to be facilitating their ‘crimes’), RPINAC leaves the decision of which sites to unblock completely down to the user. And since no High Court injunction forbids any user from accessing a blocked domain, both service and user remain on the right side of the law.

In terms of use, RPINAC is unobtrusive, has no popups, promotions or advertising, and will not ask for payment or donations, a further important legal point.

“To avoid any accusations of fraud and to avoid any tax implications RPINAC will never ask for donations,” the dev explains. “The current platform is pre-paid for at least a year, the domain for 10. At a bare minimum PAC file serving and education for creating local proxies will continue indefinitely.”

Finally, Gareth notes that without free and open source software his anti-censorship platform wouldn’t have been possible. So, in return, he has plans to release the source code for the project under the GPL 3.0 license.

RoutingPacketsIsNotACrime can be found here and is compatible with Firefox, Chrome, Safari and IE. Additional information can be sourced here.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Krebs on Security: How Secure is Your Security Badge?

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Security conferences are a great place to learn about the latest hacking tricks, tools and exploits, but they also remind us of important stuff that was shown to be hackable in previous years yet never really got fixed. Perhaps the best example of this at last week’s annual DefCon security conference in Las Vegas came from hackers who built on research first released in 2010 to show just how trivial it still is to read, modify and clone most HID cards — the rectangular white plastic “smart” cards that organizations worldwide distribute to employees for security badges.

HID iClass proximity card.

HID iClass proximity card.

Nearly four years ago, researchers at the Chaos Communication Congress (CCC), a security conference in Berlin, released a paper (PDF) demonstrating a serious vulnerability in smart cards made by Austin, Texas-based HID Global, by far the largest manufacturer of these devices. The CCC researchers showed that the card reader device that HID sells to validate the data stored on its then-new line of iClass proximity cards includes the master encryption key needed to read data on those cards.

More importantly, the researchers proved that anyone with physical access to one of these readers could extract the encryption key and use it to read, clone, and modify data stored on any HID cards made to work with those readers.

At the time, HID responded by modifying future models of card readers so that the firmware stored inside them could not be so easily dumped or read (i.e., the company removed the external serial interface on new readers). But according to researchers, HID never changed the master encryption key for its readers, likely because doing so would require customers using the product to modify or replace all of their readers and cards — a costly proposition by any measure given HID’s huge market share.

Unfortunately, this means that anyone with a modicum of hardware hacking skills, an eBay account, and a budget of less than $500 can grab a copy of the master encryption key and create a portable system for reading and cloning HID cards. At least, that was the gist of the DefCon talk given last week by the co-founders of Lares Consulting, a company that gets hired to test clients’ physical and network security.

Lares’ Joshua Perrymon and Eric Smith demonstrated how an HID parking garage reader capable of reading cards up to three feet away was purchased off of eBay and modified to fit inside of a common backpack. Wearing this backpack, an attacker looking to gain access to a building protected by HID’s iClass cards could obtain that access simply by walking up to a employee of the targeted organization and asking for directions, a light of a cigarette, or some other pretext.

Card cloning gear fits in a briefcase. Image: Lares Consulting.

Card cloning gear fits in a briefcase. Image: Lares Consulting.

Perrymon and Smith noted that, thanks to software tools available online, it’s easy to take card data gathered by the mobile reader and encode it onto a new card (also broadly available on eBay for a few pennies apiece). Worse yet, the attacker is then also able to gain access to areas of the targeted facility that are off-limits to the legitimate owner of the card that was cloned, because the ones and zeros stored on the card that specify that access level also can be modified.

Smith said he and Perrymon wanted to revive the issue at DefCon to raise awareness about a widespread vulnerability in physical security.  HID did not respond to multiple requests for comment.

“Until recently, no one has really demonstrated properly what the risk is to a business here,” Smith said. “SCADA installations, hospitals, airports…a lot of them use HID cards because HID is the leader in this space, but they’re using compromised technology. Your card might not have data center or HR access but I can get into those places within your organization just by coming up to some employee standing outside the building and bumming a light off of him.”

Organizations that are vulnerable have several options. Probably the cheapest involves the use of some type of sleeve for the smart cards. The wireless communications technology that these cards use to transmit data — called radio-frequency identification or RFID – can be blocked when not in use by storing the key cards inside a special RFID-shielding sleeve or wallet. Of course, organizations can replace their readers with newer (perhaps non-HID?) technology, and/or add biometric components to card readers, but these options could get pricey in a hurry.

A copy of the slides from Perrymon and Smith’s DefCon talk is available here.