Tag Archives: virus bulletin

Researchers crack Bitcrypt ransomware

There are 256 (28) different bytes and only ten different digits. So if your secret (RSA) key consists of 128 digits rather than of 128 bytes, the entropy of the key (that is, the amount of ‘surprise’ to an attacker) is a whole lot lower.

No shit, Sherlock. Apparently, this somewhat basic fact was beyond the understanding of those who wrote the Bitcrypt ransomware, probably inspired by the sad success story of CryptoLocker. In practise, it meant the difference between “only the NSA can crack your key” and “anyone can crack your key”. Two researchers from Airbus cracked the key and thus were able to restore the encrypted files on a friend’s computer, without paying the 0.4BTC ransom.

More at Virus Bulletin here.

Windows Error Reporting used to discover new attacks

Security firm Websense published a report that explains how they can use error reports generated by Windows to discover new targeted attacks (‘APTs‘ in security hipster speak). It’s interesting, but it barely touches on the fact that these reports being sent in cleartext is also a serious problem. I wrote a blog on both sides of this issue for Virus Bulletin.

(I’m not sure if anyone is reading my musings here, but I thought it might be a nice idea to link to things I write elsewhere. I also hope to find inspiration to write the odd thing that has nothing to do with computers or security at all.)

There is no ‘I know what I am doing’ trump card in security

Ever since Edward Snowden revealed details of the NSA‘s PRISM program, I had been wanting to write something about it.

While most people in the security community are rather unhappy, if not outraged, about PRISM, a lot of focus has been on the fact that the NSA is apparently evil.

While this may be true, I don’t think this is relevant. Of course, no one wants to be spied upon by an organisation they consider evil. But what I think is relevant here is that even if the people at the NSA are good and well-meaning, mass-surveillance is still very wrong. (As Robert Graham put it: “NSA is wrong, not evil”.)

So, inspired by the Black Hat keynote given by the NSA‘s director gen. Keith Alexander, I wrote a blog post about it:

We have all been there. To continue the product you’re working on, you need to get some extra permission: a port needs to be opened, or perhaps some files need to be uploaded onto a protected system. You ask the IT department for this permission and, much to your frustration, they won’t give it to you until you’ve explained in full detail why you need it, and even then they will have to check with their management.

“But I know what I’m doing. And my manager says it is fine.”

Read the rest of the post at Virus Bulletin.