Items from security-related news (E74.Sep-2006)

Forging some RSA signatures with pencil and paper
Presenter: Daniel Bleichenbacher
Place: Crypto 2006 Rump Session, Santa Barbara, CA
Date: August 22, 2006

The presentation showed that incorrect parsing of the padding in signatures can result in easy forgeries for signatures based on RSA with exponent 3. Unfortunately, the OpenSSL library has this error. This means that many applications that depend on OpenSSL are vulnerable. See

One vulnerable application is the Domain Name Service (DNS) resolver based on the widely used BIND software. BIND uses OpenSSL and inherits the vulnerability. Because the error in in the verifier, security-conscious administrators will want to make sure that they do not use a signing key based on exponent 3.

Event: NIST Second Cryptographic Hash Workshop
Date: August 14, 2006

A tentative timeline of the development of new hash functions has been posted on the Hash Workshop web site:

This topic was discussed in the Second Cryptographic Hash Workshop. Details about the workshop and a program are available at the same web site listed above.

The Hash Workshop Program Committee
Notes from a panel at the NIST 2nd Hash Workshop
Paul Hoffman and Arjen Lenstra ran a panel at the Workshop, and they collated notes from several attendees:
AOL's Privacy Offense
Date: August 21 2006, 3:55 PM EDT

"Security and Privacy" is a common term, and the brouhaha about AOL's attempt to help researchers shows why privacy remains an elusive goal in a world of increasing Internet use. We've known for a long time that large collections of information can yield surprising inferences when properly collated, but the amazing insights into the personal lives of AOL users was astonishing. Caveat espicator.

Spam Filter Design To Benefit From Internet Routing Data

Source: Georgia Institute of Technology
Date: September 13, 2006
Contributed by: Richard Schroeppel

Research conducted at the Georgia Institute of Technology's College of Computing identified two additional techniques for combating spam: improving the security of the Internet's routing infrastructure and developing algorithms to identify computers' membership in "botnets".

Nick Feamster, a Georgia Tech assistant professor of computing and his Ph.D. student Anirudh Ramachandran will present their findings on Sept. 14, 2006 in Pisa, Italy, at the Association for Computing Machinery's annual flagship conference of its Special Interest Group on Data Communication (SIGCOMM).

From 18 months of Internet routing and spam data the researchers learned that:
* Internet routes are being hijacked by spammers;
* they can identify many narrow ranges within Internet protocol (IP) address space that are generating only spam, and
* and they can identify the Internet service providers (ISP) from which spam is coming.

"We know route hijacking is occurring," Feamster said. "It's being done by a small, but fairly persistent and sophisticated group of spammers, who cannot be traced using conventional methods."