Earlier today, this article from ComputerWorld came across my desk.  The headline grabbed my attention, having indicated controversy and disagreement, which of course I’m going to look into.  The article, which cites Microsoft’s semi-annual security intelligence report, claims that  Microsoft has only been right in it’s vulnerability exploitability predictions about 27% of the time.  Others quoted in the article purport that since their accuracy is so low, what’s the point?

They’re obviously missing the point, and I suggest that the premise of even trying to calculate such a metric as its accuracy is fundamentally flawed.

The numbers in the article, and really, any numbers you would care to calculate and be able to prove, can only be made using public information.  This means you count the number of exploits publicly known about, compare that to the number of vulnerabilities with a particular rating, and get your percentage.  This is what the article and the people it cites do.  This calculation, and it’s results, are useless.

If you read the “mission statement” from the top of the Exploitability Index page, you will find the following:

The Microsoft Exploitability Index is designed to provide additional information to help customers better prioritize the deployment of Microsoft security updates. This index provides customers with guidance on the likelihood of functioning exploit code being developed for vulnerabilities addressed by Microsoft security updates within the first thirty days of that update’s release.

Nowhere in that statement does it say anything about exploit use or disclosure, because it’s irrelevant to the point of the rating.  The rating is about how exploitable the vulnerability is, and whether or not exploit code is likely to be developed for it within thirty days, not whether or not it’s likely that such an exploit would get used, used widely, put in a product, partially or fully disclosed, posted to milw0rm, or anything else.  Granted, the next section on that page mentions the “release” of exploit code, but what does that actually mean?  It could mean any number of the list of actions that I just mentioned.  Microsoft couldn’t possibly hope to rate (guess, really) whether or not an exploit will surface publicly for a vulnerability and when.  All they have to make a determination with is the technical information about the vulnerability itself which is really only enough to make a determination about how difficult it would be to develop an exploit, not whether or not it will really happen or what the motivations of the person who does so will be toward disclosure after the fact.

Now in addition to all that, if you consider the fact that there are private exploits out there in the big bad scary world, any statistic you care to draw from the public exploit count is completely useless.  Because really, who cares all that much about the public exploits?  Sure they might get used more, but it’s the private ones that I’m far more worried about when considering defense.  Thinking back over the last few months of Microsoft Bulletins, I’m personally aware of a number of those vulnerabilities that have exploits written for them that are still not public, many of which likely never will be.  Granted, I have a more privileged view into this data pool than most people due to knowing some really smart and really talented people, but those people are only a small subset of those out there who are capable, and most of the people I know are not maliciously motivated.  If just my narrow view of what exploits exist shows this obvious difference in public versus private data sets, really, who knows how drastically different these two data sets really are?  How accurate the index is as a prediction is simply an impossible metric to even attempt to calculate.

People should stop trying to use the Exploitability Index as a mystic oracle that can predict the future, and use it for what it actually is, just another metric to consider when prioritizing patches.  Having a metric that indicates which vulnerabilities have a higher probability of having any exploit developed for them, public or private, is useful and is exactly what the index indicates.  It’s an informed classification of what could-be, nothing more.

After staying with some of my local Vegas friends during BlackHat, I went over and checked into the Riviera for DEFCON 17 on Thursday afternoon.  After dropping my bags in my room and getting my temporary paper badge because they were already out of the electronic badges, I ran back up to my room for a bit and then headed over to the Microsoft party which I already wrote about in my BlackHat USA 2009 post.  After an extremely long night I crashed in the early morning and slept through most of the first day of DEFCON talks.  I did however catch Richard Thieme’s talk about UFOlogy, which was one of the talks I really wanted to see.

Shortly after Richard’s talk and some discussion with friends about what to do for dinner, I started not feeling well so I went back up to my room.  After an hour or two I knew I really was sick because I started getting the fever sweats, cold chills, and headache, so I ordered some room service since I probably needed to eat, called it a night and went to sleep.  I stayed in bed pretty much all day Saturday and only came downstairs once in the afternoon during the conference to speak during the Metasploit track, and then went right back upstairs to my room.  By then I had a horrible cough and chest congestion, but was feeling much better regardless, so I decided to take a walk for a couple hours and let the dry desert air into my lungs for a bit.

I hadn’t yet walked the length of the Strip this visit, and also hadn’t eaten a FatBurger, both of which are personal Vegas traditions.  Since I was running out of days in Vegas during which to accomplish these, I decided to walk from the Riviera up on the North end of the Strip all the way down to FatBurger which is near the South end of the strip, get a burger, and then walk back, which took around 2.5 hours and immensely helped my lungs and cough.

By the time I got back to the Riviera, I was feeling well enough to attend some parties, so I went up to the Penthouse for a while to check out the IOActive Freak Show party for a bit.  It was similar to last year’s party, but had some new attractions so that wasn’t too bad.  I tried to dance for a bit but my chest cold was severely holding me back since I could only dance for a few minutes before not being able to breathe.  I left that party shortly after Keith went on since I couldn’t really dance and he started off with tracks that were a little too glitchy for my taste anyhow.  Unfortunately I missed the fire dancer at the IOActive party who had a fire hoop like my friend Angi’s, but living in Austin surrounded by burners I think I’m a bit spoiled regarding fire spinning/dancing/performance anyhow.  After leaving the Penthouse I took the Ninja Shuttle over to the Ninja Party and hung out there for a few hours talking to friends and waiting in line at the bar until I decided not to push my recent health luck and went back to my room at the Riviera and went to sleep.

On Sunday I slept a little late still trying to fully recover until I needed to check out of my room.  Unfortunately this meant that I missed Richard Thieme’s other talk on BioHacking, but I did manage to catch a few more of the talks before I had to head to the airport to catch my plane back to Austin.  You can read my thoughts on the talks that I saw below:

Hacking UFOlogy 102: The Implications of UFOs for Life, the Universe, and Everything – Richard Thieme

Richard is an exceptional speaker, and I personally love UFO and extraterrestrial lore and pop culture.  It’s fun to try and sift through all the conspiracy theory, misinformation, pop-culture, and cover up to try and see if there’s any truth there, and that’s what Richard’s talk was essentially about.  It was also a follow-up to the talk he gave the previous year, Hacking UFOlogy 101.  It’s always a pleasure to hear Richard speak because he’s very engaging and has very well organized content, even if he does never seem to be able to cover it all.

MSF Telephony – I)ruid

Since the Metasploit track was available at both BlackHat and DEFCON, I had the opportunity to give my talk a second time.  I presented a turbo-talk about the new telephony library that I’ve added to Metasploit.  I discussed exploiting systems with Metasploit over dial-up and the new Metasploit Wardialer, both of which use the new telephony library.  It didn’t go quite as well as it did at BlackHat, however I was rushing to try and get it down to about 10 minutes due to some scheduling conflicts and confusion and the Metasploit track having more content for DEFCON than it did at BlackHat.  I managed to hit the 10 minute mark, and my voice held out even though my throat was dry, scratchy, and I wanted to cough the entire time.

eXercise in Messaging and Presence Pwnage – Ava Latrope

I had briefly looked at Extensible Messaging and Presence Protocol (XMPP) back when I was doing a lot of research in the VoIP security space, and remembered it looking like a huge pile of attack opportunity.  XMPP is basically an interoperability standard borne of Jabber which provides a protocol for managing Instant Messaging sessions and communication, presence applications, and is beginning to merge a bit with some of the VoIP and “Unified Communications” systems.  After seeing this talk, I’m glad to know that I was pretty much correct.  Ava’s talk was short but did a good job explaining what XMPP is, what it’s generally used for, some of it’s attack surface, and then detailed some DoS and amplification attacks that are possible due to the way the protocol is designed.

Unmasking You – Joshua “Jabra” Abraham and Robert “RSnake”

I only caught the last half of this talk, but basically the Google “Safe Browsing” functionality phones home.  A LOT.  Like, way more often than is probably necessary.  How often do they update their site and URL filters anyway?  Anyhow, if you’re an 31337 h4×0r and you like to hide the source of your traffic when you h4x, but then use the Internet normally when you’re not, the uniquely identifying information that the Google “Safe Browsing” functionality sends to Google when updating it’s filters every 0.23435151 seconds or so will easily track you across your covert and overt sessions, through Tor, across proxies, you name it.

AAPL- Automated Analog Telephone Logging – Da Beave and JFalcon

I had met Da Beave  and JFalcon via the Telephreak BBS a year or so ago and had yet to meet either of them in person, so I went and checked out their talk.  They covered the newest iteration of iWar, spoke a bit about HD’s WarVOX, and showed some interesting systems they’ve found over dialup.  Basically it was VoIP-ish wardialing in about 20 minutes, since it was a turbo talk.

Last week and through the weekend I was in Las Vegas for this year’s annual block of hacker conferences, BlackHat USA and DEFCON.  This year was a bit different for me as my employer no longer covers conference expenses (even if you’re speaking!), so since I was there not representing a company and entirely on my own dime, I stayed with some local friends for the first half of my stay and did a lot less gambling… none actually.  My gracious hosts did a lot of ferrying me around for the first half of my stay as well to help me avoid cab fares.

One of the highlights of BlackHat was obviously the Pwnie Awards.  This industry awards ceremony, highlighting the successes and failures of the security industry of the past year, has quickly become one of my favorite parts of BlackHat.  If you’re interested, you can find this year’s nominees and winners listed over at the Pwnie Awards website.  The impromptu dinner afterward was very enjoyable as well, where I shared a meal with the likes of the lovely Shyama Rose, that beef-hunk (nsfw) Alex Sotirov, Pusscat, who needs no introduction, the code machine I call a boss, HD Moore, some d00d from Rhode Island, slow, and a slew of other interesting and intelligent people.

I didn’t make it to many parties this year, but one of the few BlackHat parties that I did make it to was the Microsoft party over at Treasure Island.  An awesome mix of people made for some good conversations, but the music indoors was horrible…  The DJ was playing all kinds of early-90’s tunes like Bel Biv Devoe, Boys II Men, etc. Outside the music was much better (house!) except that the DJ kept having to stop the music for any number of reasons, the longest of which being the Pirate show going off just outside the balcony on the waterfront between the club and the street.

Overall BlackHat was a fairly enjoyable experience.  I would have liked to have seen more of the presentations but due to an extremely late night Wednesday night culminating in my friend locking himself out of his hotel suite, soaking wet, in his boxers, I ended up sleeping late on Thursday and then attempted to get over to DEFCON early to get registered and get one of the electronic badges to play with.  You can however read my thoughts on the various presentations I did see below:

Practical Windows XP/2003 Heap Exploitation – John McDonald, Chris Valasek

This was probably the most technically interesting talk that I attended at BlackHat.  The few times I’ve had to exploit something via the heap in the past, it was always a pain-in-the-ass, inexact science involving sprays and hoping that call instruction ends up in the right place.  This talk however was about none of that.  It was about exploitation using the heap and it’s structure itself, and attempting to not leave the heap in a corrupted state (or at least a corrupted state that it was aware of).  John and Chris did an excellent job of describing the heap and it’s internal layout and structure to those of us in the audience that weren’t all that familiar with it, such as the heap free bitmap.  They also covered how the heap is managed and the various algorithms used to do so.  They then covered the existing heap security mechanisms and how those worked, such as heap cookies, safe un-linking checks, and process termination when something is noticed to be awry.  Following all of this groundwork to bring the audience up to speed they briefly touched on existing exploitation techniques such as overwriting the look-aside list, bitmap flipping attacks, and faking a populated list.  Finally they got into the meat of their presentation, the new exploitation tactics that they had developed.  These included a bitmap XOR attack and a couple of new tricks using the look-aside list, but the really interesting one was leveraging a 1 byte overflow to de-sync the heap cache and create a “shadow” free list which is used when allocation is requested for specific sizes.  This allowed the return of the same memory address every time that an allocation for these specific sizes was made, which is really, really cool.  Finally they listed some of the tools that they use when working in this space and performed a demo.  The impression I was left with was that to accomplish exploitation this way was a LOT of work, but I guess when you really, really need to exploit that vulnerability and all you have to work with is the heap, it is possible (:

Sniff Keystrokes With Lasers/Voltmeters Side Channel Attacks Using Optical Sampling of Mechanical Energy and Power Line Leakage – Andrea Barisani, Daniele Bianco

Neither of these attacks are anything new; I’ve read papers detailing both of these attacks before.  These researchers did however seem to refine the attacks a bit from what I remember reading many years ago.  This was however the funniest presentation I saw at BlackHat, with the researchers having an ongoing narrative about “The Hacker” and “The Washed-Up Porn Star” with still pictures and even a video, which was really very funny and over-dramatic.  Regarding the sniffing techniques, the first was to use an oscilloscope or voltmeter to measure the line voltage where a computer was plugged in.  When the keyboard sent character codes to the computer, the power differential for each bit of the character code would show up as a wave in the line power, and could be detected and read with fairly high accuracy.  But what if the computer isn’t plugged into line power? That’s where the second attack came in…  The second attack was using a laser microphone to listen to keystrokes by bouncing the laser off of the computer itself, such as the lid of a laptop computer.  This technique was much less exact because it was detecting audio, and you had to do some fairly boring post-analysis of the keystroke patterns to attempt to decipher what the words being typed were.  Again, nothing new here, both of these attacks have been refined and published in various journals over the years.

Analyzing Security Research in the Media – Panel

This was an interesting panel discussion seating a number of Information Security Journalists who mostly answered questions from the moderator.  I believe they were going to take some questions from the audience toward the end, but I had to duck out early to prepare for my own presentation that was coming up in the next time slot.  The questions that I heard asked and their summarized responses were:

1. What makes a threat newsworthy?

The panel mostly agreed on the answer to this one, which was a combination of widespread impact, whether or not it involved a new or exciting product, the amount of damage it could do or how quickly it could spread.  They also indicated that many times they relied on the experts in whichever field was applicable to help identify the big stories.

2. How does someone bring a story to a journalist and do you have any advice to give for doing so?

One panelist said to know your reporter and build a rapport.  Most of the panel seemed to agree that this was all about building relationships with reporters so that they come to know you and trust the information you bring them.

3. The Panel was asked about their thoughts on the relationship between Security Journalists and the Mainstream Media.

It’s fairly obvious that the mainstream media tends to sensationalize, and most Panelists noted this fact.  They also indicated that the mainstream media tends to take a more passive posture regarding security journalists where they follow the stories and may pick up an interesting one now and then but they don’t really proactively engage with the security journalists.  One Panelist indicated that many security journalists will drop a story when the mainstream media picks it up because that usually indicates that the story is over or played-out.

4. The Panel was asked if they have any advice for bloggers and journalists on maintaining accuracy in technical details.

One Panelist indicated that there should always be some form of journalistic process involving fact checking, source checking, a sanity check from another blogger/journalist, etc. however another Panelist said that it really depends on the type of blogger or journalist, and the different types have different requirements.  Expert individuals blogging about their field of expertise may not necessarily require the same types of self-scrutiny that faux-journalists require, and ranting bloggers aren’t held to the same standards because they’re not trying to be a reputable source of information.  One Panelist also mentioned trying to avoid bias via agenda if you’re trying to be a real journalist, however certain bias if it promotes good behaviors in the reader such as encouraging additional personal research can be a good thing.

5. The Panel was asked about their thoughts on the overall journalism industry’s current struggles and perceived diminishing quality.

Most of the panel agreed that the way of physical print journalism was definitely dying, because the primary revenue stream that kept them in business, advertisement sales, just wasn’t there anymore. One Panelist noted that the current trend was to produce short, quick stories rather than longer more in-depth pieces.  Many indicated that digital journalism was the future, and much of that would be seeded by sources such as blogs.

Metasploit Framework Telephony – I)ruid

Donning my black hat for a while, I presented a turbo-talk about the new telephony library that I’ve added to Metasploit.  I discussed exploiting systems with Metasploit over dial-up and the new Metasploit Wardialer, both of which use the new telephony library.  Overall I felt my talk went really well, although I did rush through it a bit and ended at 15 minutes instead of my target 20.

Todd Manning and I have a new whitepaper available over at BreakingPoint on simulating Distributed Denial-of-Service (DDoS) attacks using the BreakingPoint product.  You can read more about the paper in my BreakingPoint blog post, or just grab the paper here.  If you’re a BreakingPoint customer, you’ll want the bundled version which comes with test cases and other supporting materials.

When a book is so well-received by your peers as The IDA Pro Book has been, even if reverse engineering isn’t a huge part of what you do every day, you pretty much have to give it a read.  The creator of IDA Pro, Ilfak Guilfanov, even recommends it himself for a number of reasons, calling it “the most thorough and accurate IDA Pro book.”  Even though I don’t do a whole lot of reversing, I do use IDA on occasion, so I thought it in my best interests to read this book.  Authored by Chris Eagle, a co-author of one of my favorite security books, Gray Hat Hacking, I had fairly high expectations.  I was not disappointed.

It’s no secret that I’m a spelling, grammar, and punctuation Nazi.  Let me first begin by not talking about the book’s content, but it’s presentation.  Other than a small hand-full of issues falling into those categories, this book was nearly flawless in it’s presentation, and that’s saying a lot at around 600 pages.  The few copy edits I noted have been posted by the publisher (and subsequently removed, I assume into a new revision being printed) on the book’s errata page.  It’s obvious that a lot of effort was put into presentation, and it’s refreshing to read such a well organized and well presented technical book.

The first few chapters of The IDA Pro Book in Part I do an excellent job of setting the reader who’s not all that familiar with the world of reverse engineering up with a solid foundation.  Chapter 1 explains the various types of programming languages, compilers and linkers that convert those languages into machine code, the theory of and approaches to disassembly of machine code, and the various reasons why you would want to attempt such a thing.  Chapter 2 enumerates a number of tools used for profiling compiled machine code such as executables and library files in order to collect a wealth of information that can then be used in the disassembly process to guide and assist a flexible disassembler such as IDA Pro as well as some more limited disassemblers.  Chapter 3 then gives the reader their first look at the world of IDA with a little bit of background regarding where to purchase it, support options, and getting it installed.  At this point, the reader is ready for the practical lessons that lie ahead.

Part II begins with Chapter 4 on getting started.  This covers launching IDA, loading the files intend for disassembly, how IDA stores data in it’s own internal database, and an introduction to the desktop. Chapter 5 then details all of the available displays provided by the IDA desktop.

Once familiar with the desktop and it’s available displays, Chapter 6  and Chapter 7 familiarize the reader with disassembly navigation and manipulation in IDA, respectively.  The chapter on disassembly navigation walks the fine line between providing enough information to give the reader a foundation of understanding upon which to build and information overload; not a trivial task when discussing run-time memory management, call stack layout, function calling conventions, compiler nuances, and how IDA disassembles, infers, tracks, and manages all of this and then presents it to the user in a somewhat readable and easily navigable display.  The chapter on disassembly manipulation

The final three Chapters in Part II cover how IDA handles datatypes and data structures, code and data cross-references, and finally the myriad of ways that you can interface with IDA such as the GUI, console mode on various platforms, and batch mode.  Overall, Part II is a solid introduction to IDA .

The four chapters comprising Part III clue you into some advanced features of IDA, such as customizing the tool, the options available to you for library code recognition using the FLIRT engine and it’s signature, extending IDA’s knowledge of all the various things that it is aware of, and finally patching binaries and a few limitations.  The content in these chapters isn’t entirely necessary for the casual IDA user, however if you use IDA extensively you would be well served to file this information away in your grey matter.

Part IV is where things really get interesting, especially if you’re comfortable writing code or scripts.  This section is all about extending IDA and tailoring it to your own specific needs, such as scripting with IDC, developing for IDA using the SDK, creating plug-ins, and so forth.  I won’t go into much detail here as I have not yet had the opportunity to really use the information contained in this section, however those of you that would know who you are.  This is the reference for you.

The next section, Part V, covers how you apply all of the knowledge and skills that you’ve learned so far to the real world.  Consider this “Applied IDA Pro”.  This section instructs you on dealing with binaries built using different compilers and various compiler nuance, analyzing obfuscated code which you will likely encounter if working with any form of malware, and using IDA for software vulnerability analysis.  If you make your living in the security industry, you definitely want to read these chapters as there are many useful nuggets of information to be had.

Finally, Part VI introduces the IDA debugger and details how it interacts with the IDA disassembler.  Since the book’s publication, IDA Pro 5.4 has shipped which includes support for a total of eight debuggers in addition to it’s own.  As such, this part of the book is already ab it dated, however there is still useful information to be had, such as how IDA interacts with debuggers.  You can find a list of all of the supported debuggers, and tutorials on their use, at the Hex-Rays web site.

Again, I would like to reiterate that this was an extremely well written book and while I didn’t read it cover-to-cover, I did read much, much more of it than I usually do when reading a technical book.  It’s ability to hold my attention alone (I’m extremely ADD) is testament to it’s quality, and I highly recommend this book to anyone from the person looking to begin using IDA Pro to the seasoned veteran.  There truly is something there for everyone.

Most that know me know that I’m an avid gamer.  I play video games, board games, card games, puzzles, pretty much anything I can get my hands on.  Because I like puzzles and strategy games, I’ve regularly been asked what I think the most strategic game I’ve ever played is, and I’ve gotten more than the occasional odd look when I don’t respond with “Chess” or “Go”, but with “Magic: The Gathering“.

Magic: The Gathering, hereafter referred to as “MTG” or simply “Magic”, is a collectible card game (CCG) wherein you assume the role of a wizard battling one or more other wizards.  You do battle by drawing and playing cards from your customized deck and battle against other players with their own customized decks.  I consider Magic to easily be the most strategic game I’ve ever played based on the sheer number of possible card combinations and card interactions alone.  Individual cards represent spells and are categorized by one or more colors of magic, white, black, red, green, blue, or colorless, each with it’s own specialties and weaknesses, as well as spell type which affects how it is cast and affects play, whether it be an immediate but transient effect, a lasting effect, the summoning of a creature to do battle with, etc.  Without getting too detailed, each card essentially has it’s own rules and game mechanics printed directly on it alongside artwork, icons relating to how it is cast and it’s properties, and “flavor text” which more often than not is simply hilarious.  With all these variables, and the number of cards printed to date, the combinations are about as close to infinite as your likely to get.

I got pulled into the world of Magic in it’s earlier years, just after the Legends expansion but before The Dark.  I actually have a complete set of The Dark, which at one time was worth quite a bit of cash…  Back then near the beginning Magic was considered to be a Trading Card Game (TCG), and people regularly played with decks created from the entire pool of available cards at the time.  Because the company that created the game, Wizards of the Coast, was a start-up, print runs were limited and rare cards were sought after like prized jewels.  It was not uncommon to trade upwards of forty or fifty individual cards to someone to get one really rare and powerful card like a Mox or a Chaos Orb.  Obtaining and using these rare cards in your deck was not necessarily the path to success as a player, however, as the really respected and revered players were those that could devise the most subtle, useful, or devastating card combinations for use in their decks and actually be able to pull them off during play.  Combinations such as the decimating Channel + Fireball, or my personal favorite of all time, instant infinite life points via 4 Nether Shadows + Life Chisel could completely destroy or demoralize opponents when you laid down the appropriate cards.  I consider this to be the Golden Age of Magic, and for years I spent many a weeknight and weekend at various comic and game shops competing in, and occasionally hosting, Magic tournaments and casual play.

So when did Magic lose it’s magic for me?  About the time that Magic shifted from being considered a TCG to a CCG.  As Wizards of the Coast grew, fueled by their financial success found in Magic, to the point that they even acquired TSR, the creators and IP holders of the most infamous role playing game of all time, Dungeons & Dragons, they began to pump out more and more expansion sets to the game and the print runs of those sets got bigger and bigger.  It used to be that rare cards were actually rare and not just indicated as rare by gold-colored icons on the “rare” cards in an over-produced set, essentially making rares as common as the commons of old, and commons literally a dime a dozen.  No longer do you need to trade with other players, nor do most consider trading a productive use of their time, to get your rares or complete your sets since nowadays you can just pick through a shop’s card box or display case and buy your way to what you want for much less out of pocket than it would have cost you to employ the same strategy back in the day. This is a direct effect of the over-production of cards, just ask anyone that remembers the avalance of cards that was Fallen Empires, but also an effect of a second factor… re-prints.

As the expansion sets grew in number and the overall card pool exploded in size, Wizards of the Coast realized that ensuring the balance of card combinations and affects among this ever-expanding card pool would be impossible.  To mitigate this, they created different game types that essentially defined what cards were allowed to be played within the type.

• Type 1, now called “Vintage” is essentially every card ever printed with a short “banned and restricted” list, banned cards being outright disallowed in play and restricted cards being limited to one per deck.
• Type 1.5, now called “Expanded” is essentially the same as Type 1 but with an expanded banned and restricted list.
• Type 2, now called “Standard” allows only cards from the current main card set and the most recent three expansion sets.

Every so often Wizards of the Coast will also release a new core set, currently Tenth Edition, within which they will retire certain cards from the core set and add others in.  Their decision to begin to reprint cards from the older expansions in the core set both destroyed certain cards’ rarity and monetary value but also decimated much of the lore and community aspect of the original game which centered around trading for these highly sought after cards and their use in play.  There are still a few cards that they have not reprinted in the core set or a subsequent expansion, but since most officially sanctioned tournaments and players now focus exclusively on Type 2 games, you can’t use them in play most of the time anyway.  When you then add in the Magic: Online version of the game which utilizes virtual instances of the cards, some of which you can move from the virtual to the real world, there’s very little concept of “rarity” or “value” left.

I do understand why Wizards of the Coast moved to this game architecture, because being able to pick and choose from any card ever made to construct your deck, which you really can now do because most of them have been reprinted multiple times, you can create some insanely efficient decks at destroying your opponent.  Because of the sheer number of unique cards and the impossibility of actually balancing the Type 1 card pool, an alternative was necessary.  Unfortunately that alternative and how it was achieved destroyed a lot of what I enjoyed about the original game.

I still play both the Online version as well as the tabletop game on occasion, especially if I can find someone willing to play Type 1 or 1.5, but it just doesn’t hold the same attraction for me anymore in this Type 2-centric era.  This has resulted in my not playing often enough to keep up with what the theme of the current Type 2 sets are, or what the current Type 2 killer combos are, etc., which in turn further prevents me from playing very often.  The pace at which new expansions come out foster this, and it’s a self-perpetuating cycle.  Magic is now more of a lifestyle than a hobby and it demands all the attention and devotion of your average MMORPG to keep up with and learn the intricacies of all the new cards.  Wizards of the Coast has however super-simplified Dungeons & Dragons with their recent 4th Edition, so perhaps I’ll go play that.

First let me say that this article is not meant to diminish the work that Alexander Sotirov et. all have been doing for the past 6 months.  It’s good work, has brought about some awesome results, and has demonstrated what was once a theoretical attack on PKI certificates based on MD5 hash collisions.  What I’m amazed at is that it had the impact that it actually did.

I’m also surprised that Verisign then whined about not having any details about the problem or enough time to fix the problem before the details were made public at the recent Chaos Communication Congress.  Ignoring for the moment that they did have information directly from this research effort via Microsoft and it got “lost in the holiday mix”, what more information do you really need than the fact that MD5 has been broken for years and you shouldn’t have still been using it in the first place?  Verisign’s products and business model is almost entirely based on cryptography; they really should be current with their core-competency subject-matter and really have no excuse at all to still be using MD5 anywhere.

The National Institute of Standards and Technology (NIST) decertified MD5 for secure operations nearly a decade ago.  This was the point when the people responsible for it’s use in various security systems (like PKI!) should have started the process of selecting a successor hash algorithm for their systems to use and migrating to it.  Significant advances in MD5 hash collision attacks, among other algorithms, were later presented at CRYPTO 2004. This was the point, nearly six years after the original NIST decertification, that usage of MD5 should have been minimal and if you were still using it you should have immediately addressed that fact.

And here we are, an additional four years later, and MD5 is still being used in SSL certificates issued by the “industry leaders” of that space.  And they claim they didn’t have enough time to fix the problem? Really?

The thing about cryptanalysis is that once an algorithm is broken, no matter how trivial that initial break may be, it only gets worse from there.  I’m concerned that the companies that manage all of these PKI systems that are now moving away from MD5 are apparently moving to SHA-1.  NIST has already recommended abandoning SHA-1 in favor of SHA-2 (256, 512, etc.) and is scheduled to decertify SHA-1 in 2010.  SHA-1 has already been successuflly colission-attacked back in 2005, and as I said, attacks against SHA-1 will only get worse now that it’s initially been broken.  These companies should be skipping SHA-1 entirely and moving straight to at least SHA-256 or SHA-512 until the currently ongoing NIST hash competition selects the next standard hash algorithm which will then be renamed to SHA-3 (my money’s on skein).  Anyone moving from MD5 to SHA-1 is only setting themselves up for a likely repeat of the same problems in a couple of years from now.

A number of years ago, Microsoft led the charge by moving away from a dynamic patch release schedule to a monthly patch release schedule, essentially creating an imposed monthly patch cycle for their customers.  Since then, many other vendors have followed suit.  There are opinions and arguments supporting both a release schedule philosophy as well as a release upon completion philosophy, and today I’m going to outline where I stand on the issue.

If you couldn’t tell from the title, I am 100%, wholeheartedly, against vendor-scheduled patch release.

That said, let me outline why:

First, regularly scheduled patch release cycles create a known window of opportunity for attackers.  If an attacker has an exploit for a new 0day vulnerability in a Microsoft product, and they know that Microsoft generally releases patches for vulnerabilities they’ve become aware of on the second Tuesday of the month, when do you think an attacker is likely going to start using said exploit, potentially disclosing the vulnerability, to maximize the amount of time that systems are likely to be vulnerable to it?  You guessed it, on the second Tuesday of the month.  This behavior on the part of attackers has been proven many times, as recently as this last Patch Tuesday.  This potentially puts customers at greater risk as the vendor may be sitting on a patch for a vulnerability that is being actively exploited as that patch waits in their queue for the next regularly scheduled release.

Second, regularly scheduled patch releases lock customers into, at best, the same patch frequency as the vendor release schedule.  This is actually tied to a lot of proponents argument for such a release cycle, as it supposedly allows customers to schedule predictable change management windows during which to apply the patches.  I would argue that most enterprises do this anyway; when a patch is released has little bearing on when it is likely to be applied, unless it is an extremely critical patch and warrants an emergency out-of-cycle deployment.  Regardless, shouldn’t these types of scheduling decisions be made by the administrators of the systems and enterprise management, based on factors relevant to them and their individual situation, rather than by the vendor?  Some enterprises may themselves impose a more infrequent quarterly patch cycle, while smaller companies may be dynamic enough to patch once a week, or without any schedule at all.  Release of the patches alongside information about the vulnerabilities, as soon as they are developed and tested by the vendor, would seem to be the only responsible course of action.

Third, regularly scheduled patch cycles also create enormous, unbalanced workloads once a month for pretty much everyone involved, except the vendor releasing them.  Releasing all of the patches once a month at the exact same time causes systems administrators to scramble  to test and prepare for deployment the ever-increasing number of patches released in order to get as many as possible into the next maintenance window.  Microsoft itself even acknowledged this problem in 2004 when it began it’s Security Bulletin Advance Notification Program, which releases some details of the patches a few days early to help alleviate the inevitable scramble every second Tuesday of the month by allowing IT patch testers to prepare early the test systems and applications that the patches will be applied to.

Industries and companies that are built on or rely on patches for content, such as my current and a number of my previous employers, are also affected.  The McAfee Remediation Manager content team (formerly Citadel Security Software) heavily relies on vendor patch releases for content.  TippingPoint, and other IDS/IPS vendors, rely on vulnerability and patch analysis for development of some of their vulnerability and attack signatures and filters.  As a Security Researcher at BreakingPoint Systems, I regularly reverse-engineer vendor’s patches to uncover the vulnerabilities being patched in order to write exploits, or “strikes”, for our BPS testing product.  The point is, ever since Microsoft switched to a monthly patch cycle, every second Tuesday of the month has been at best hectic and at worst, dreaded, for any number of IT departments and patch-related content shops around the globe.  It’s not surprising that many in the industry now refer to this day as “Black Tuesday.”  Microsoft attempted to address this problem with their patch cycle by recently launching the Microsoft Active Protections Program, which essentially gives the program member organizations a lead on vulnerability information with an associated embargo on discussing or releasing anything related until they themselves release the associated bulletins and patches.  This program alleviates much of the scramble of the security content shops by changing their hustle to get content out as fast as they can after release on Patch Tuesday to a development window prior to Patch Tuesday, but this program does absolutely nothing for the systems administrators that still must scramble once a month.

It is my opinion that while structure and predictibility are usually good things, when it increases risk to customers, forces behavior that may not be what’s best for those being forced, and creates bursts of unbalanced workload for your customers, it may not be the best course of action.  I hope that one day Microsoft and the other vendors that followed suit recognize that what works for them may not be in the best interests of their customers and move back to a more dynamic and responsive patch release system.

I’m not going to talk about their underlying quest to end the Federal Reserve (with which I wholeheartedly agree), or about their multi-site raid by the FBI last year where all of their current inventory and all of the metals backing the Liberty Dollar warehouse receipts (paper currency) were confiscated.  No, I’m not going to talk about any of their politics or their legal troubles; what I am going to talk about is their currency model.

First, I want to state that I’ve been a proponent of the American Liberty Dollar (ALD) for many years, and still am.  Even with the flaws in their currency model that I’m about to outline, they are in my opinion still, by far, the best model for an alternative currency to the U.S. Dollar (USD) on the market today, and they have by far the largest market share.  I currently have a number of Silver Liberties (the bullion round “coin”) from the original $10 silver base.  With all the politics and legal trouble surrounding the Liberty Dollar, why do I still have these you ask?  Well, the Silver Liberties are still each 1 troy ounce of .999 fine silver and still worth their weight, which is largely the entire point of the Liberty Dollar; regardless of what happens to the Liberty Dollar organization itself, or the Federal Reserve, or our U.S. Government, you still hold something of real value.  Unfortunately I also still have a number of the ALD warehouse receipts (the paper currency), which are now essentially worthless except for their collector’s value, at least until the FBI is forced to return the metals confiscated in their raids that back the warehouse receipts, if that ever happens.

The primary flaw that I see in the current Liberty Dollar currency is that in an attempt to make it easily exchangeable in a USD denominated economy, they tied the face value of the coins and warehouse receipts directly to the USD.  If you’re unfamiliar with the Liberty Dollar, let me explain how this works.  The formula and system for moving the silver base up or down is well documented and openly published, which is a good thing.  In a nutshell however, the face value of the Liberty Dollar is based upon the amount of metal contained or represented, and loosely on how much that amount of metal is currently worth in USD.  When I purchased my Liberty Dollars way back during the $10 silver base period, an ounce of silver was going for about $6.50.  As the value of silver in USD increased, and the thirty day moving average (30DMA) stayed over $7.50 an ounce, the Liberty Dollar “moved up” from the $10 silver base to the $20 silver base.

What this means is that, immediately, all Liberty Dollars in specie, paper, and digital forms doubled in face value.  If you had Liberty Dollars before the move up you essentially profited because the underlying commodity increased in value.  If you had digital Liberty Dollars (eLD), your amount of eLD in your account doubled the next day.  If you had paper warehouse receipts, you could redeem them for the new $20 Silver Liberties. If you had $10 Silver Liberties in specie form, you were offered a special re-minting rate to exchange them for new $20 Silver Liberties.  At this point, all of my Liberty Dollars doubled in face value, but of course retained their original minted face values.  Since then, the Liberty Dollar has “moved up” once again to the $50 silver base, again increasing my Liberty Dollars’ face values an additional 150%.  Essentially, all my $10 face value, one ounce coins are actually $50 face value, I just never had them re-minted (which is an issue I’ll discuss below).

Subsequent move-up and move-down points adhere to this schedule:

Move Up Points:

• $10 to the $20 Silver Base is 30DMA over $7.50 for 30 consecutive days. Note: The Liberty Dollar moved up from the $10 base to the $20 base on Thanksgiving Day, November 24, 2005. Holders of the Liberty Dollar doubled their money.
• $20 to the $50 Silver Base is 30DMA over $16.00 for 45 consecutive days. Note: The Liberty Dollar Moved Up to the $50 Silver Base on March 23, 2008.
• $50 to the $100 Silver Base is 30DMA over $41.50 for 60 consecutive days.
• $100 to the $250 Silver Base is 30DMA over $84.00 for 75 consecutive days.
• $250 to the $500 Silver Base is 30DMA over $211.50 for 90 consecutive days.

Move Down Points:

• $20 to the $10 Silver Base is 30DMA under $6.50 for 90 consecutive days.
• $50 to the $20 Silver Base is 30DMA under $15.00 for 135 consecutive days. Note: This is where we currently are with a Move Down point of January 16, 2009.
• $100 to the $50 Silver Base is 30DMA under $40.50 for 180 consecutive days.
• $250 to the $100 Silver Base is 30DMA under $83.00 for 225 consecutive days.
• $500 to the $250 Silver Base is 30DMA under $210.50 for 270 consecutive days.

Now, obviously, my one ounce Silver Liberties are not worth their current $50 face value in the underlying metal, and never were.  This is the first flaw with the ALD currency model that I’d like to address.  As you can see from the schedule above, regardless of however much silver you hold and it’s actual value in USD, it’s minted USD face value is always more than the value of the underlying silver.  This does indeed make the ALD a “value-backed currency” as advertised, and it is definitely better to have some backing of value to your currency than what you have in the USD, which is none.  The biggest flaw that I see here is that the move values are exponentially lower than the silver base value that they trigger a “move up” to or “move down” from.  While short-term spikes in value tend to be volatile, and this would seem to make sense, longer-term stable value increases in the underlying metals essentially create an over-valuation of what the currency is really worth in the underlying metal.  The much longer periods of time that the higher silver bases require to trigger a move down versus the periods of time required to trigger a move up  also tend to lock in these higher valuations during market fluctuations, essentially promoting move ups and delaying move downs.  Just look at the current valuation of silver;  My Silver Liberties have only been worth around $10 in silver for months now, however the ALD silver base doesn’t move back down to the $20 base until mid January.  If set to the same time periods as the move up schedule, the move down would have already happened and the silver base, and thus the face values, would currently be much more in line with reality.

While I obviously disagree with the particular move-triggering value amounts, as I’m inclined to believe a schedule with move points of values between the actual face values being moved between would be more value-realistic (such as a move point of  $15 to move up from the $10 silver base to the $20 silver base, and then perhaps a move up point of $35 to move from the $20 sliver base to the $50 silver base).  At least the USD face value of the ALD does indeed fluctuate alongside the USD value of the underlying metal, which is much better than just stamping a completely made-up face value onto a coin as is done with the one ounce silver American Eagle ($1???).  “But Dustin,” you say, “under your scenario, what would prevent someone from selling a $10 face value Silver Liberty for the $14.50 it’s worth in it’s underlying silver, then buying another $10 face value liberty with $10 of that $14.50?”  At the point that you have a more realistic valuation of your alternative currency versus the USD based on it’s underlying metals, it’s face value would essentially represent an ALD face value, not a USD face value, and you’d essentially be dealing with a currency exchange which hopefully no one would be ignorant enough of the value of their currency to give you such a sweet, sweet deal.  Essentially, with more value-realistic move points, $10 USD would no longer equal $10 ALD.

The obvious problem that this fluctuation of the ALD’s face value creates is that as the silver-base moves up and down, the face value on minted specie may or may not be out of date.  My Silver Liberties, for example, were minted during the $10 silver base, and thus have a $10 face value on them even though the ALD is currently at the $50 silver base and should have a $50 face value, had I had them re-minted (wait for it…).  Ironically, they’re currently each actually worth about $10 due to their underlying silver, but a mere few months ago their actual value was fluctuating between $17 and $19, nearly double their minted face value. Were I to go and spend these at a merchant who accepts ALD, I would obviously want to use their supposed $50 value rather than their $10 face value.  Either the merchant must recognize the silver-base value that the coin or warehouse receipt was issued at and do the value conversion themselves, or I would have had to have my coins re-minted at the move point.

Which brings me to the third flaw I see in this model; the cost of re-minting.  If you intend to use your Liberty Dollars as currency, which is the supposition of owning them in the first place (silver bullion is much more attractive as a metals investment), you likely need to have any of your existing coins exchanged for the newly minted coins with the new silver-base face values on them, your warehouse receipts redeemed for the same or for new warehouse receipts with the correct face values, etc.  In the case of metal specie, this involves shipping costs based on weight.  The more coins you have, the heavier and therefore more expensive that is going to be.  The Liberty Dollar organization also charges a fairly hefty re-minting fee, currently at $3.25 per ounce… ouch!  That’s currently nearly 35% of the actual value of the metal.  Luckily that includes return shipping, but you likely now understand why I never re-minted my $10 base Silver Liberties.  Note that this is a service fee, and is paid any time you re-mint, likely removing any kind of value increase you achieved from the value increase of the underlying metal.  Granted, a move between silver base values doesn’t happen often, but it has happened twice in the nearly seven years that I’ve owned Liberty Dollars, and is about to happen a third time in a move back down to the $20 silver base.  In a more volatile market, as we’re likely to see in the future due to the recession we’re entering and increased meddling in the market by our ever-so-wise Federal Government and their ridiculous private-sector bailouts, these moves up and down could easily happen more and more often.

So, because these three primary (and inter-related) flaws that I’ve outlined above spawn entirely from the Liberty Dollar’s USD-based face value, it has become my opinion that an improved Liberty Dollar model, or any competing model, should not tie itself directly to the USD in any way and truly be an “alternative” currency.  I understand why the Liberty Dollar’s monetary architect chose to do this in order to create an easily understandable environment and method for exchange with the current currency denomination of the land, but I believe it has ended up causing more problems than it has solved.

What I believe is generally needed is a return to a just weights and measures based economy where products and services are priced in weight of another commodity, in this case gold and silver, and payment for such is measured fairly and justly.  The Liberty Dollar and other alternate currencies are a step in the right direction, but as mentioned they all generally tie themselves back to the USD.  Accomplishing such a change unfortunately requires a complete paradigm shift in point-of-sale when dealing with “cash”; cash registers would need to be able to accurately weigh any metals provided for payment, and pricing would obviously either need to be priced in weights or priced in multiple currencies such as USD and silver.  Merchants and service providers would likely need to regularly change their prices, either the USD prices or the silver prices, as the exchange rate (value of silver in USD) fluctuates.  I would tend to believe that, over time, the currency with real value’s prices (silver) would stabalize and the USD prices would be the ones changing regularly.  One upside to a model like this is that .999 fine silver rounds  and .9999 fine gold rounds are fairly plentiful and could be used as “cash”, whether they be American Eagles, Liberty Dollars, generic bullion rounds or bars, etc.  Minted face values in USD no longer matter, because products are priced based in weight of the metals which have intrensic value.  The cooresponding down-side is that half-ounce, quarter-ounce, tenth-ounce, etc. specie are much less common and these would be needed to make change for less valuable products.  One ounce of silver is currently worth around $10, so my frequent trip to Whataburger would likely start costing me $10 (one ounce silver) until the merchant could readily make change with half, quarter, or tenth ouce silver bullion.  Fortunately we’re rapidly moving into a paperless and cashless world where exact amounts of commodities such as metals can be digitally represented and exchanged without this physical barrier through your bank or metals warehouse.  Banks and metals warehouses could also issue warehouse reciepts in small denominations of silver for use as paper currency as the Liberty Dollar attempted to do.  You would essentially get pre-printed bank-specific warehouse reciepts for various weights of silver from your bank’s ATM.  These advancements in technology should theoretically make it even easier to move from a debt-based fiat currency like the USD to again using metals commodities as currency.

It’s common understanding these days that the more factors of identification that a user has to provide to an authentication system, the more trustworthy and secure it likely is.  Single-factor authentication is usually accomplished by providing something you know, like a password or PIN number.

As two-factor authentication became more and more mainstream, the two factors involved have usually been something you know, and something you have, like a credit card, crypto-key USB device, a code generated every so often by a electronic card you keep in your wallet, a smart-card that can respond directly to cryptographic challenges, or an RFID or other radio device.  The most common use of two-factor authentication is how bank customers authenticate to an ATM machine; they must provide something they have, their bank card, and something they know, it’s PIN.

As cheap ways to collect biometrics have begun to emerge, these two factors have begun to shift from something you know and something you have, to something you know and something you are.  This notion of something you are, generally referred to as biometrics, include things like your finger or palm print, iris pattern, voice print, or even your DNA.  Using something you are to authenticate is obviously more inexpensive than providing users with something they need to have, however some more advanced authentication systems now require all three-factors for authentication.

Enter the fourth factor of authentication: somewhere you are.

But how do you reliably prove where you are if you’re not authenticating physically in person? And how strong of an identifier is your location anyway?

Some authentication systems such as those used in online banking and other web applications, where the number of users being authenticated makes providing all of them with a hardware device or crypto-card cost prohibitive, have already begun to require a kind of hybrid factor between the second and fourth factors mentioned above.  If you have previously been properly authenticated, the web application may create a cookie or some other indentifier in your computer system that it can retrieve, essentially turning your computer or web browser into both something you have and somewhere you are.  The cookie itself is the something you have, and these are now being generally tied to the network source address of your computer, which is somewhere you are.  If this cookie no longer exists, or no longer matches your network source address, the authentication system may ask for additional identifying information to further validate your identity.  While not flawless, this type of thing is a step in the right direction.

As GPS devices continue to become smaller and cheaper, the something you have may also begin to double as the somewhere you are, or more specifically, somewhere it is.  It stands to reason that if you are authenticating, and you have the something you have there with you, then the somewhere it is is equivalent to the somewhere you are.  If after authenticating to your bank from your home, perhaps via three-factor authentication, you have this device transmit where it is to use as a fourth-factor of identification, further strengthening your provable identity.  Authentication systems could also potentially be programmed with the geographical boundaries of a secured area, like a military base or campus, and only allow authentication from wireless devices if they are located within the geographical boundaries.

While a user’s location cannot difinitively identify a single user, it can however prove both context information and relationship information, similar to the concept of authentication groups used in user and password systems.  If a user is authenticating from a physically secured area within a military base that only officers with a certain clearence are allowed to access, the location can contextually provde group association, but not who the individual user is.

Thus far, I have only found one company claiming to provide a four-factor authentication system, Priva Technologies.  Their Cleared Security Platform however do not use somewhere you are as the fourth factor, but rather some proprietary challenge response between the ClearedKey hardware device (something you have) and the authentication system.  Without any detail published about how this works, it is hard to tell if this is truly a fourth factor, or if it falls under the second factor in that it is a property of the hardware device and thus a more robust something you have.

It is also my opinion that the Cleared Security Platform does not even use true three-factor authentication.  When authenticating, you really only provide the primary authentication system with something you have, the ClearedKey, and something you know, your passowrd.  The third-factor, something you are is actually provided to a seperate, secondary authentication system in the ClearedKey itself, presumably preventing the ClearedKey from operating and being used to authenticate to the primary authentication system if the user didn’t biometrically authenticate to it first.  Priva markets this behavior as a way to prevent the expense and complexity of maintaining a centralized biometrics database connected to the primary authentication system, which is a fine argument and attractive goal, however this technically splits the authentication in two turning it into a single-factor authentication to the ClearedKey, then a two-factor authentication to the Cleared Security Platform since it doesn’t actually send the biometrics data.

It is important to note that for an authentication system to truly be multi-factor, it has to require at least one of each of the identification factors described above; something you know, something you have, something you are, and somewhere you are.  An authentication system requiring two seperate passwords or two seperate crypto keys is not employing two-factor authentication.