Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

I left the Last Supper Club (the venue in Seattle’s Pioneer Square area for today’s talks) a bit early, but not before catching some great talks. Two in particular were memorable today:

First, Dan Kaminsky discussed how some ISPs, such as Earthlink, are replacing DNS responses for non-existent sub-domains with pointers to ad hosts.  For example, www.jwsecure.com exists.  But evil.jwsecure.com doesn’t (at least, not yet …).

So what if someone is out there surfing the web, using Earthlink as their ISP, and they request evil.jwsecure.com?  They
should get some sort of no-host response.  But instead, they get PPC ads.

Well, that’s a problem, because the ISP doesn’t own the parent domain, jwsecure.com.  And its owner isn’t benefitting from those ads. And furthermore, isn’t the ISP misrepresenting the owner of the parent domain?  It’s an aspect of net neutrality that I hadn’t been aware of.

The second cool talk this morning was given by a former colleague of mine, Dan Shumow, on the possibility of a backdoor in a published NIST elliptic-curve-based pseudo-random number generator.  The brouhaha is actually not new (see http://www.realtime-websecurity.com/articles_and_analysis/2007/11/backdoor_in_new_encryption_sta.html), although I certainly benefitted from a live explanation.

What was even more interesting about Shumow’s talk was the reaction among some of the ToorCon crowd when he raised the point mentioned toward the end of the article link above.  Namely, that there is suspicion among the academic community about why the NSA would, via NIST, publish an algorithm with such an obvious flaw.  That point was amplified by Bruce Schneier (quoted above).

In effect, Shumow asked the ToorCon audience, “Is the NSA slipping?”  I could not have been more surprised at the strongly voiced reply, which was, in effect, “No way, the NSA is always 10 steps ahead when it comes to  cryptography.” In other words, the NSA is infallible when it comes to information security, so this must be a fully intentional part of their master plan.

I’m not sure why that response struck me so.  It’s partly because the debate is essentially “malicious intent” versus “just plain incompetence”.  Pretty silly, when you step back and think about it.

But it’s more than that.  After all, man is fallible, and the cryptographers at the NSA put their pants on one leg at a time, just like the rest of us.  Just because you have a giant budget doesn’t mean you’re never wrong.

On one hand, you should never underestimate an adversary. On the other hand, some members of the hacker nderground have either decided that their adversary is unbeatable, or that it’s no longer an adversary. Equally shocking in either case.

Permalink |

1 Comment »

  1. […] My original post - http://www.jwsecure.com/dan/2008/04/19/toorcon-seattle-2008-day-2-review/ […]

    Pingback by Dan Griffin’s Blog » More on Kaminsky’s DNS sub-domain hijacking research — April 25, 2008 @ 11:52 am

RSS feed for comments on this post. TrackBack URL

Leave a comment