Cryptography & Security Newsletter

Feisty Duck’s Cryptography & Security Newsletter is a periodic dispatch bringing you commentary and news surrounding cryptography, security, privacy, SSL/TLS, and PKI. It's designed to keep you informed about the latest developments in this space. Enjoyed every month by more than 50,000 subscribers. Written by Ivan Ristić.

It’s been a few years since we’ve had a high-profile case, but companies running active network (man-in-the-middle) attacks against end users is nothing new. Antivirus tools claim to do it for security reasons, but most other companies do it to inject ads. Profit is king. Actively intercepting customer traffic in order to spy on the competition seems novel, definitely unethical, and potentially illegal. Now, a lawsuit from May 2023 claims that Facebook—now Meta—did exactly that from 2016 through 2019.

This is not the first time that Facebook’s Onavo VPN application was in the news. After acquiring Onavo in 2013, Facebook continued to use it to monitor users’ habits. In 2018, Apple updated its privacy guidelines to stop apps from collecting other apps’ data for analytics. The new lawsuit provided more information about the interception, and we now know that special root certificates were used to fully intercept traffic of other apps, most prominently Snapchat (Facebook’s big competitor at that time), YouTube, and Amazon.

If you care about technical details, Twitter user @HaxRob got their hands on an older version of the Onavo app and examined its contents. And if that’s not enough, there’s Zuckerberg’s email from 2016 complaining about how encryption is preventing Facebook from knowing what goes on with Snapchat.

Short News

Here are some things that caught our attention since the previous newsletter:

• CA/Browser Forum’s ballot SC-70 clarifies that CAs must talk directly to authoritative sources of information for DNS, WHOIS, and IP address data. We wrote about this ambiguity biting CAs a couple months ago, in Newsletter #108. Thanks to Aaron Gable (Internet Security Research Group / Let’s Encrypt) for initiating this improvement for everyone’s benefit.
• Scott Helme writes in a blog post about PCI DSS 4.0 effectively making Certificate Transparency mandatory.
• Nick Sullivan et al. have proposed privacy.txt.
• The war against encryption and privacy continues. European police chiefs have issued a joint declaration condemning end-to-end encryption. The Belgian presidency made a new proposal to chip away at encryption. In the US, FISA Section 702 has been renewed and expanded. And in the UK, the "snooper's charter" has been approved to become law.
• Thore Göbel and Daniel Huigens have published a whitepaper covering Proton’s key transparency efforts.
• An open-source xz package has been backdoored, in an effort that took two years of persistent effort. In the end, the backdoor was discovered virtually by accident. The backdoor is triggered on the RSA key validation and uses an embedded ED448 public key to let only the original author in. If you’re interested in the technical details, take a look at the xzbot repository.
• Randar is an exploit for Minecraft which breaks incorrect usage of java.util.Random to reveal the location of players currently loaded into the world.
• Juicebox is an open-source key-recovery protocol that aims to bridge the gap between security and usability.
• April was a very exciting month in the post-quantum cryptography space because a new quantum algorithm for lattice problems was published, promising polynomial solutions. It would have been huge if it was true. Cryptographers raced to evaluate the claims, but in the end, a bug in the algorithm was discovered. (The paper has been updated with the information about the bug.)
• Ross Anderson has died. He was a security researcher and professor, well-known for his book Security Engineering. Bruce Schneier has a blog post in memoriam.
• The Real World Crypto 2024 videos are available for your viewing pleasure.
• PuTTY, in versions 0.68 through 0.80, has a critical vulnerability (full vulnerability write up available online) that makes it possible to uncover its private key from only sixty observed signatures. PuTTY is a very popular SSH client. Products that bundle PuTTY are also affected, such as FileZilla, WinSCP, TortoiseGit, and TortoiseSVN.
• The European Commission has issued a recommendation to its member states to start work on adopting post-quantum cryptography.
• Eric Rescorla has another blog post out, this time on design choices for post-quantum TLS.
• NIST released a public draft of its new guide, Product Development Cybersecurity Handbook: Concepts and Considerations for IoT Product Manufacturers.
• A new study looks into how the new HTTPS DNS resource record is used: Deciphering the Digital Veil: Exploring the Ecosystem of DNS HTTPS Resource Records.
• Teetje Stark writes in a blog post about the insecure defaults and easy-to-misuse AES-GCM APIs in the Node.js crypto module, which lead to exploitable vulnerabilities.
• CA/Browser’s ballot SC-067 explores multiperspective domain validation.
• Martin R. Albrecht and Kenneth G. Paterson wrote a paper about analyzing cryptography in the wild.
• Mike Agrenius Kushner writes in a blog post about post-quantum safe certificates.
• Avi Wigderson received the Turing Award for his work on randomness in computation. A Quanta article examines Avi’s work.
• Cloudflare will stop using Let’s Encrypt a month before the cross-signed certificate chain with IdenTrust expires in September 2024. The goal is to continue providing service to 2.96 percent of Android users.
• Haberdashery is a collection of high-performance, constant-time implementations for various crypto algorithms, from Facebook/Meta.
• Chrome wants to improve session cookie security with device binding, which would make the cookies useless anywhere except on the original client. There have been discussions about this for years, with previous proposals often wanting to use TLS (but not this one).
• Nintendo’s now-obsolete Wii U game console doesn’t implement certificate validation correctly. As a result, anyone can impersonate official Nintendo servers. How do we know about this? Well, Nintendo actually shut down those servers on April 8, which was a cue for Pretendo to release the exploit.
• Researchers have discovered flaws in Nextcloud’s end-to-end encryption.
• OpenSSL 3.3.0 has been released, with further QUIC improvements.
• This month ten years ago, Heartbleed was unleashed onto the world.
• It took fifty-one years for Zodiac’s second cipher to be broken. This paper explores the cipher’s extraordinary story.
• Deirdre Connolly talks about post-quantum cryptography in Going Post Quantum.
• Microsoft has launched a preview of its managed code signing offering, called Trusted Signing.