Boletn del Criptonomicn
Ao I, n 3
11 de mayo de 1998

******************************************
En este boletn os presento ms herramientas de seguridad, para proteger la intimidad, borrar tus huellas e incluso para ocultar el cdigo fuente de tus pginas Web. 

*******************************************

En este boletn:

1. Protege tu sistema Windows 95
2. Borra tus huellas
3. Oculta el cdigo fuente de tus pginas
4. Fallo de seguridad en el S/MIME en Outlook '98
5. Informacin sobre suscripcin y cmo borrarse

******************************************
1. Protege tu sistema Windows 95

PC World os presenta una serie de consejos para modificar la Poltica del Sistema Windows de manera que consigas mejorar la seguridad de tu sistema. Podrs:

Esconder tus propiedades,
Crear intimidad en tu escritorio,
Proteger tu Registry,
y deshacer estas restricciones, claro.

Ms informacin en:

http://www.pcworld.com/cgi-bin/database/body.pl?ID=980501165351

******************************************
2. Borra tus huellas

Un par de adolescentes prodigio de 17 aos han desarrollado una aplicacin para borrar tus huellas cuando navegas por Internet. Funciona para Netscape y podrs encontrarla en:

http://www.geocities.com/SiliconValley/Vista/5610/cyt.html

(Mi agradecimiento a Luis Ventura por proporcionarme el enlace)

******************************************
3. Oculta el cdigo fuente de tus pginas

Ya sabemos que cualquiera puede editar el cdigo HTML de nuestras pginas y por ejempo fusilar nuestras aplicaciones en JavaScript. Bien, aqu presento una utilidad que tericamente oculta el cdigo HTML, pero que en la prctica es una patata. Si alguien quiere probarlo, lo encontrar en:

http://www.geocities.com/SiliconValley/4274/jammer.htm

Si os interesa el tema de la ocultacin del cdigo fuente HTML, podis seguir una interesante discusin en:

http://discussions.developer.com/HyperNews/get/forums/JavaScriptDoc/350.html

(Mi agradecimiento a Manuel Porras por proporcionarme el enlace)

******************************************
4. Fallo de seguridad en el S/MIME en Outlook '98

Aqu tenis un informe sobre un problema de seguirdad en Outlook '98. Estad atentos aquellos que lo usis.

"This problem describes issues with the Protected Storage subsystem in NT and Win9x, and in particular, its use with S/MIME and Outlook '98.

Situation:

A user has obtained a Digital Certificate from Verisign to use with
S/MIME, and during installation, has chosen to set their security
level to "Medium" (which means that each time their certificate is
used, a dialog will appear informing them). Said certificate can be
used to both digitally sign, and encrypt, a message sent from Outlook '98.

After creating a message and setting the options to sign & encrypt,
the user presses the "Send" button. The message window closes and the Protected Storage dialog appears informing them of the use of their certificate. The dialog has 3 buttons and an "X" to close it. "Ok", "Cancel", and "Details". The message is not acted on until this dialog is closed by clicking "Ok", "Cancel", or the "X".

Based on the presentation of a "Cancel" button, the user decides (for whatever reason) that the action should not be completed. The natural assumption is that the message will not be sent.

Problem:

The message is sent, and what's worse, by clicking on the cancel
button, the message is sent without encryption.

What happens is that the request to apply the digital certificate (and then use that mechanism to encrypt the message) is completely cancelled, but the message gets sent anyway.

The targeted recipients will receive a message that appears to have a digital certificate (they will see a little blue ribbon icon beside
the message), but when they open it a dialog will appear indicating a problem with the signature of the message. This dialog lists a variety of information about the signing of the message that is supposed to be based on the presence of an actual signature. However, since the sender cancelled the use of their signature, no certificate is actually attached.

The receiver is told, for example, that the message;

- The signature is invalid
this makes sense, it was never signed)

- The message is digitally signed
yet it isn't

- The contents were not altered after it was signed
it was never signed, so how does it know this?

- The certificate is not revoked
it was never signed, so how does it know this?

- The certificate is not expired
it was never signed, so how does it know this?

- The certificate is trusted
it was never signed, so how does it know this?

- Email address on certificate is same as sender's address
it was never signed, so how does it know this?

- There are other failure reasons
When there are other failure reasons Outlook states "You can look at
the problems with the certificate by selecting View Certificate", but
the View Certificate button is grayed because there was no
certificate!

To top that off, Outlook has a View Message button on this dialog.
When you click that button Outlook displays the message that was sent,
unencrypted.

Risks:

The risks here should be obvious. When the original Protected Storage
dialog box appears to inform you of the use of your certificate, users
are going to believe that hitting Cancel is going to cancel their
message entirely. If the message composed was intended to be
encrypted, due to its sensitive nature, and they do hit Cancel, this
sensitive information will be sent in clear text.

Further, no other information is provided to the sender. They are not
informed that the message has been sent anyway unencrypted. If the
recipient views the contents by using the View Message button, they
are then able to reply to that original message. If they do reply,
Encryption has been automatically dropped from the Options, but again,
this has been done without notification to the user. Hence a
conversation could carry on between the two individuals without either
of them realizing that the messages were being sent unencrypted.

The warning dialogs do not explain to the recipient what is wrong with
the message, just that its an invalid signature. Since they can still
see the message (albeit by clicking a few unfamiliar buttons), they
may obviously believe everything is proceeding.

WorkAround:

One workaround for this issue is to not set the security level to
Medium or High but to use Low instead. This prevents the dialog box
from appearing at all, so its not possible to mistakenly send
unencrypted messages in the fashion described above.
Unfortunately, this workaround introduces another exploit possibility.
If the setting is set to Low, then a rogue process could cause a
message to be created by your machine and sent, signed with your
certificate, all without you knowing. The purpose of the Medium
setting is to avoid precisely this possibility.

So in other words, you're damned if you do and damned if you don't.

Setting your security level to High is not a workaround. You will then
be presented with numerous dialog boxes, none of which provide any
useful information as to what is taking place (same true with the
Details dialog at the Medium setting, it simply tells you that
"Outlook" is trying to "Read" information from Protected Storage, not
that its sending a particular message with contents "blah blah").

Solution:

The "Cancel" button must either cancel the message entirely, or should
not be present. I prefer to see it cancel the message entirely. The
reasoning is that should a rogue application actually create a message
on my behalf and sign it with my certificate, not only do I want to
know this has happened, but I want to prevent the message from being
sent at all. When certificates are accepted for some important reason,
the effort involved in explaining to the recipient why they received a
message with my invalid signature is going to be too high.

If a message is going to be sent regardless, then two changes must be
made to the current procedure;

1) The "Details" button must be able to display the contents of
whatever has been signed/encrypted with my use of Protected Storage.
Since there is no way to view the message from within Outlook at this
point in the process, then this dialog must facilitate that.

2) The recipient "Invalid Signature" dialog box must not put pretty
green check marks beside all of those things it has no way of
confirming. Without a signature, it obviously cannot verify whether or
not its valid, expired, revoked, or anything else. The false positive
defaults for these items in that dialog are completely incorrect and
lead to a false level of trust (gee, everything but "other" is Ok, I
guess the message is "mostly" Ok!).

Comments:

With the security level set to Medium, this appears to be a bug not an
exploit. Users may take actions that they believe will have a
different effect. Microsoft is already aware of this issue.
If this is not fixed swiftly (and I currently have an open incident
with MS Premier Support Services on this issue), the use of S/MIME in
Outlook '98 is seriously compromised.

Other uses of Protected Storage and the Medium security setting have
not been investigated, there may be other issues of more or less
importance that this problem relates to (including the possibility
that this may be used as an exploit).

To those that may suggest the use of PGP, Network Associates Inc. have
confirmed that PGP will not be supported in Outlook '98 until some
time between August and October of '98. While some aspects of PGP
5.5.2 do work well in Outlook '98, many ways of GP'ing PGP exist and
its not a stable choice (not to mention that they're support only
provides "best effort" to resolve issues with Outlook '98).

Cheers,
Russ Cooper
R.C. Consulting, Inc. - NT/Internet Security
http://www.ntbugtraq.com
http://www.ntbugtraq.com/ntsecurity"

******************************************
5. Informacin sobre suscripcin y cmo borrarse

Para borrarse de este servicio basta con enviar un correo a la direccin cripto-request@iec.csic.es con el siguiente mensaje (sin asunto o "subject"):

leave

desde la misma cuenta de correo en la que recibs el boletn.

Tenis ms informacin en la pgina

http://www.iec.csic.es/criptonomicon/suscripcion.html

******************************************

(C) Copyright 1998 Criptonomicn
http://www.iec.csic.es/criptonomicon

Un servicio ofrecido libremente desde el Instituto de Fsica Aplicada del CSIC por Gonzalo lvarez Maran
email: gonzalo@iec.csic.es