Josh Wieder

Some time ago I wrote a post about the dismaying history of US government attempts to regulate encryption out of existence . I had to omit quite a bit; it was a post and not a book after all. One of the details left out of the story was the DHE_EXPORT cipher suites. During the 90's, developers were forced by the US government to us deliberately insecure ciphers when communicating with entities in foreign countries (readers will remember from the last post that law makers were convinced that encryption should fall under the same rules as weapons technology, and thus could not be shared with anyone outside the Father Land). These insecure ciphers became DHE_EXPORT. The DH stands for Diffie-Hellman; the key exchange system that bears their name was first published in 1976. Along with the cipher suite was a mechanism to force a normal encrypted transaction to downshift to a lower-bit DHE_EXPORT cipher. As so many short-sighted technology regulations have done in the past, this silly

Amazon S3 subscribers recently received a form letter like this one: Dear AWS Customer, This message explains some security improvements in our services. Your security is important to us. Please review the entire message carefully to determine whether your use of the services will be affected, and if so what you need to do. As of 12:00 AM PDT May 20, 2015, AWS will discontinue support of SSLv3 for securing connections to S3 buckets. Security research published late last year demonstrated that SSLv3 contained weaknesses in its ability to protect and secure communications. These weaknesses have been addressed in Transport Layer Security (TLS), which is the replacement for SSL. Consistent with our top priority to protect AWS customers, AWS will only support versions of the more modern TLS rather than SSLv3. You are receiving this email because some of your users are accessing Amazon S3 using a browser configured to use SSLv3, or some of your existing applications that use Amazon S3 a

I came across this photo of a section of the Guantanamo Bay Prison library this morning and found it interesting: The copy of Aron Ralston's 127 Hours was specified by the photographer as being specifically dog-eared, but personally the Nora Roberts novel to the right appears to have been more thoroughly examined. Is trashy romance a Jihadi thing? What really got my attention, though, was the *multiple* copies of Jean-Jacques Rousseau's Social Contract (that appear to be untouched).   Prison censors even in domestic US prisons tend to omit any works of political philosophy from the library - when you do see prisoners reading this stuff they typically have to make special arrangements to get it by purchasing it directly from the publisher or through an inter-library loan as part of an in-prison education program. A colleague of mine recently published a series of damning articles on the prison health system in the state of Florida; wardens of prisons who were implicated

McAfee's suite of antivirus services have come pre-installed on Windows computers for a long time. I don't use the product, but I frequently have to use computers that have had Windows installed with McAffee pre-bundled somehow. I've often struggled to completely remove all of the components of their software packages. I recently picked up a new laptop with Windows 8.1 - my first time using this version of Windows for a laptop. I was dismayed to find McAffee preinstalled. I will say this for them - they have gotten better since the last time I went through this many years ago. Better, as in uninstalling using the utility provided by McAfee did not break Windows. The uninstaller still left bits of McAffee's software behind, though. Specifically, what gets left behind is the McAfee Update Manager; a utility designed to download applications from the McAfee corporate servers and install those applications on your computer with minimal human intervention. Registry

Yesterday I released a blog post in which I explained that at least one Wikileaks property, wlstorage.net, is distributing a series of malicious program s as part of a torrent file dump related to the Global Intelligence Files retrieved from Stratfor by Jeremy Hammond and several others. I am slowly going through the malicious files in order to better understand what they are attempting to do. The work primarily involves extracting Visual Basic macros and OBE structures from documents, disassembling executables that are thus scraped from the payload document. Even for files using well documented exploits, as many of these files are, this is slow-going and tedious work that I invite readers experienced in security research to contact me about to offer assistance. One such executable retrieved from the Stratfor files is gifiles-2014\gifiles\attach\151\151784_Command.com . As with the files reviewed yesterday, this was retrieved from the  gifiles-2014.tar.gz.torrent file downloaded fr

Click here for the second post on this topic, which includes more detailed technical information. Hector Monsegur, formerly sabu of Lulzsec, has offered his point of view on this post. Get his opinion by reading my third post on the topic. In my fourth post on this topic, I explain how malware is not limited to the Stratfor leak torrent - curated links throughout the Wikileaks.Org website allow users to download individual infected files . This series of posts is beginning to receive coverage from several newspapers around the world. German speakers should check out the story in Neue Zürcher Zeitung / New Zurich Times . For English speakers, I recommend The Register from the UK for an excellent summary of these findings . Beginning in  February 27, 2012 , the controversial news organization Wikileaks has been publishing a large and growing trove of emails from the private intelligence firm  Strategic Forecasting, Inc (more widely known as  Stratfor). The leak publication bega

Applian is a company that makes some fairly widely circulated media software - FLV players, RTMP stream recorders, stuff like that. They are somehow affiliated with NirSoft. Nirsoft makes forensics tools that are often mis-diagnosed as malicious software; its less clear what Applian could be doing to get the same red-flags. But red-flagged they were, by Google's malware team no less. Google's usual plan of red-flagging what appears like bad programs through their browser and search engine while not blocking downloads is a sensible way to get the word out without being overly intrusive. However, when the content that Google believes is malicious is being hosted on their own ASN, it is less clear how appropriate that is. Most system administrators are more comfortable with removing malicious software from their networks. A strange choice.