1. 6

    Team lobste.rs, @lattera, @nickpsecurity?

    1. 5

      Haha. I would love it if I had the time to play. Perhaps next year. Thanks for the ping, though. I’ve forwarded this on to a few of my coworkers who play CTFs.

      1.  

        I’d love to if I hadn’t lost my memory, including of hacking, to that injury. I never relearned it since I was all-in with high-assurance security at that point which made stuff immune to almost everything hackers did. If I still remembered, I’d have totally been down for a Lobsters hacking crew. I’d bring a dozen types of covert channels with me, too. One of my favorite ways to leak small things was putting it in plain text into TCP/IP headers and/or throttling of what otherwise is boring traffic vetted by NIDS and human eye. Or maybe in HTTPS traffic where they said, “Damn, if only I could see inside it to assess it” while the data was outside encoded but unencrypted. Just loved doing the sneakiest stuff with the most esoteric methods I could find with much dark irony.

        I will be relearning coding and probably C at some point in future to implement some important ideas. I planned on pinging you to assess the methods and tooling if I build them. From there, might use it in some kind of secure coding or code smashing challenge.

      1. 2

        I’m glad to see that they recommend SafeStack in conjunction with SSP. I’m extra glad we’re doing that for base applications in HardenedBSD. Some ports have SafeStack enabled as well. :)

        1. 1

          Since LLVM and Clang are permissively licensed will this go upstream?

          1. 4

            I emailed Todd and his intentions are to make an attempt at upstreaming after letting it soak for additional testing in OpenBSD for a time. I might toy around with the patch in HardenedBSD.

          1. 4

            Why the choice of Python 3? I probably wouldn’t use any tool like this that doesn’t solely depend on /bin/sh (or can’t be executed via /rescue/sh). The reason being is that if my boot environment is so screwed up that non-base applications (like python) don’t work, yet statically-compiled applications in base (like /rescue/sh) do work, I can’t use zedenv but I can use beadm. My main use case for boot environments is for installing updates and sometimes updates go haywire. I have hit, and am 100% sure I will hit, instances where my environment is so screwed up, only /rescue will rescue me.

            1. 3

              I wanted to build something that’s easily maintainable, and while sh is great, it’s not a programming language. I realize that complex applications can be created with sh, but over time they can become unwieldy. I think they are great for small scripts like starting up services in rc.d, and scripting things quickly, but when I want to build something that can be used or long-term, I would rather use a programming language.

              Part of the point of boot environments, you’re so that you don’t have to enter /rescue. You create a boot environment for the new update, do the update there, and if things go haywire you boot into the old boot environment. At that point, you can mount your broken boot environment, do some surgery, and once fixed you can reboot into it.

              If things are so haywire that all of your boot environments aren’t working, and you have to use /rescue, it’s probably not related to boot environments. If it is, you can always use zfs to fix your problem.

            1. 2

              This is yet another project that has piqued my curiosity, only to find it participates in open source vendor lock-in by requiring Docker. Due to that, I’m unable to use it.

              1. 2

                it participates in open source vendor lock-in by requiring Docker

                Can you explain what is “vendor lock-in” about Docker?

                Isn’t Docker now part of an “open container initiative” or something?

                AFAIK, it’s usually not too difficult to de-Dockerify something.

                1. 1

                  Because Docker isn’t supported everywhere and won’t be. It’s not supported on the BSDs. Unless there’s a business requirement to run Linux, I only run BSD.

                  1. 3

                    I’ve never heard of “vendor lock-in” meaning “it doesn’t run everywhere”. By that definition almost all software is “vendor lock-in”. Mostly I’ve heard the phrase used to refer to data formats and data in general. But whatever the case may be, the Dockerfile doesn’t mean Docker is required. You’re free to try building it and running it on BSD without Docker.

                    1. 1

                      The old definition of cross-platform code meant it runs on the widely-used platforms regardless of what a vendor chooses. The project itself controls it. This code, if tied to Docker, will only use the hosts and targets Docker supports. Its locked into what that project chooses. I haven’t heard of open-source, vendor lock-in before but it makes sense: many OSS foundations are easier to use than modify heavily.

                      These people probably have no intention to put Docker on BSD or take over Docker development. They’ll depend on upstream to do that or not do that. So, they’re locked in if the Docker dependency isn’t easily replaceable by them or their users. If it is easily replaceable, I’d not call it lock-in: just a project preference for development and distribution with cross-platform being limited to Docker’s definition of platforms. Which maybe be enough for this project. I can’t say any more than that since I’m just glancing at it.

                      1. 1

                        This code, if tied to Docker, will only use the hosts and targets Docker supports

                        For probably the third time now: this project is not “tied to Docker”, and the concept of “tied to Docker” for a single piece of code is borderline nonsensical.

                        There are projects that are “tied to Docker”, but that most likely means they assemble multiple software pieces together via a docker-compose.yml file, not a Dockerfile file.

                        1. 1

                          It does appear that I misread the project. I looked at their deployment guide and Docker is front-and-center. However, it appears that the project does not have a hard dependency on Docker.

                          For those projects that do have a hard dependency on Docker, my statement still stands. Docker, in those cases, is a form of open source vendor lock-in due to deliberate non-portability.

                          1. 0

                            Docker, in those cases, is a form of open source vendor lock-in due to deliberate non-portability.

                            Let’s Internet rage at non-portable BSD-specific features as well then.

                    2. 2

                      Docker, in fact, literally only runs on Linux. It uses a wide variety of Linux-specific functionality, and all extant Docker images contain Linux x86 binaries. On Windows and OS X, Docker runs on Linux in a VM (a setup which is impressively fragile and introduces an incredibly variety of weird edge cases and complications).

                1. 11

                  I have to wonder how much time is spent during the researching of a vulnerability in coming up with the perfect dad-joke moniker for it and registering a domain name…

                  1. 3

                    Usually more time than alerting vendors and allowing them to come up with a fix. See also: Meltdown and Spectre.

                    1. 5

                      Really, you think six months was spent dreaming up the meltdown name?

                      1. 1

                        Did all vendors, including OpenBSD, get six months advanced notice with Meltdown?

                        1. 5

                          I don’t think it’s possible to draw any conclusions on the time spent naming the vuln from the list of vendors that weren’t notified.

                  1. 8

                    To prevent mutt from auto invoking GPG use the following in your ~/.muttrc:

                    set pgp_decrypt_command = “false”
                    set pgp_auto_decode = no
                    set pgp_use_gpg_agent = no
                    set crypt_autopgp = no
                    set crypt_verify_sig = no
                    set crypt_use_gpgme = no

                    I found it still calling pgp_decrypt_command even after setting all other variables, hence preemptively setting it to “false” as we don’t know what triggers the vuln.

                    1. 8

                      At least by using mutt/neomutt, we’ve secured ourselves against HTML-based exfiltration attacks. :)

                      1. 4

                        Most HTML-aware MUA these days don’t auto-load external resources either

                        1. 4

                          Still I find it a bit worrying that mutt is so eager to shell out to a command by default and apparently ignoring the auto decode flag - wonder if there are more, less popular formats that make it try calling random stuff. @fcambus found plenty in Lynx when he started pledging it.

                          1. 1

                            Maybe it’s just a bug?

                        2. 5

                          The efail paper (warning: pdf) has a table that shows mutt has no exfiltration channels. I believe pgp to be safe with mutt in the context of the efail attacks.

                          1. 1

                            yeah, when I wrote the comment the paper was not available yet (or I wasn’t yet aware it was published).

                        1. 6

                          Things I self host out of my home:

                          • HardenedBSD-based NAS
                          • OpenSMTPd + Dovecot + Rainloop as Tor Onion Services (once I write a little self-service web interface for creating/modifying/deleting users, I’ll open this one to the general Tor userbase)
                          • GitLab in a HardenedBSD jail as a Tor Onion Service

                          I plan to set up the following services out of my home:

                          • Mastodon as a Tor Onion Service
                          • IRCd as a Tor Onion Service

                          It’s really easy for me to run various Tor Onion Services since my home has a special fully Tor-ified network. Just plug in a device and all its traffic automagically gets routed through Tor.

                          1. 1

                            No mask-source in the listen directive? I wonder what client IP address gets added to Received headers…

                            1. 1

                              The IP of the Tor-ified firewall:

                              May  9 15:27:58 smtpd-01 smtpd[63268]: smtp-in: New session a2beaff0a42f673a from host 10.5.5.2 [10.5.5.2]
                              May  9 15:28:02 smtpd-01 smtpd[63268]: smtp-in: Started TLS on session a2beaff0a42f673a: version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256
                              May  9 15:28:07 smtpd-01 smtpd[63268]: smtp-in: Accepted message 32a60c1b on session a2beaff0a42f673a: from=<shawn@3w2s7tpb5mc7ubsjjnzp4oxvqupjeoywzwdxfvfnjn3toqbuzgkn7kqd.onion>, to=<shawn@mdz2craqs4gvefg5wbgwvc5rovlvh6tmanzoraykznm2wdrk5xqtsdid.onion>, size=1342, ndest=1, proto=ESMTP
                              May  9 15:28:07 smtpd-01 smtpd[63268]: delivery: Ok for 32a60c1b3108639f: from=<shawn@3w2s7tpb5mc7ubsjjnzp4oxvqupjeoywzwdxfvfnjn3toqbuzgkn7kqd.onion>, to=<shawn@mdz2craqs4gvefg5wbgwvc5rovlvh6tmanzoraykznm2wdrk5xqtsdid.onion>, user=shawn, method=maildir, delay=2s, stat=Delivered
                              May  9 15:28:18 smtpd-01 smtpd[63268]: smtp-in: Closing session a2beaff0a42f673a
                              

                              So, everything’s still 100% anonymous.

                              edit[0]: Here’s what the raw email looks like, with all the headers:

                              Return-Path: <shawn@mdz2craqs4gvefg5wbgwvc5rovlvh6tmanzoraykznm2wdrk5xqtsdid.onion>
                              Delivered-To: shawn@3w2s7tpb5mc7ubsjjnzp4oxvqupjeoywzwdxfvfnjn3toqbuzgkn7kqd.onion
                              Received: from smtpd-01 (192.168.254.2 [192.168.254.2])
                              	by tormail-01 (OpenSMTPD) with ESMTP id ce94b548
                              	for <shawn@3w2s7tpb5mc7ubsjjnzp4oxvqupjeoywzwdxfvfnjn3toqbuzgkn7kqd.onion>;
                              	Wed, 9 May 2018 11:28:17 -0400 (EDT)
                              Received: from localhost (smtpd-01 [local])
                              	by smtpd-01 (OpenSMTPD) with ESMTPA id 69a12445
                              	for <shawn@3w2s7tpb5mc7ubsjjnzp4oxvqupjeoywzwdxfvfnjn3toqbuzgkn7kqd.onion>;
                              	Wed, 9 May 2018 15:27:21 +0000 (UTC)
                              Date: Wed, 9 May 2018 15:27:20 +0000
                              From: Shawn Webb <shawn@mdz2craqs4gvefg5wbgwvc5rovlvh6tmanzoraykznm2wdrk5xqtsdid.onion>
                              To: shawn@3w2s7tpb5mc7ubsjjnzp4oxvqupjeoywzwdxfvfnjn3toqbuzgkn7kqd.onion
                              Subject: Test of work MTA 01
                              Message-ID: <20180509152720.thmkyagug6xk565o@smtpd-01>
                              MIME-Version: 1.0
                              Content-Type: text/plain; charset=us-ascii
                              Content-Disposition: inline
                              User-Agent: NeoMutt/20180323
                              
                              This is a test of my work MTA 01.
                              
                            1. 5

                              I just recently set up an MTA (OpenSMTPd) behind my Tor-ified network. Setting up an MTA behind Tor, especially when Tor is the authoritative DNS server on the network (as it should be in this setup), can be quite difficult to get right.

                              Tor’s built-in DNS server does not support MX record lookups and returns a zero-record DNS result with an rcode of 4 (NOTIMPL). This causes MTAs like Postfix and OpenSMTPd to freak out. If the DNS server returned an rcode of 0 (NOERROR), OpenSMTPd would have fallen back to a simple A/AAAA lookup.

                              I already had at my disposal a very special custom, modular DNS server that can perform any arbitrary action on a DNS request and on the corresponding response. I simply wrote a module for this DNS server that overwrote the response’s rcode to 0 if it was 4 prior to handing the response back to the originating client.

                              I set my resolv.conf to point to my custom DNS server. My custom DNS server was configured to point to Tor as its upstream resolver.

                              At that point, OpenSMTPd started working! I can now send emails to (almost) any domain, even other .onion servers. After sending some test emails, I found out that Google-hosted email services block MTAs behind Tor.

                              1. 1

                                Wow, that’s a great writeup, thanks. The more I read about PF, the more I want install a BSD on my router…

                                Are you still using this torified web access? Do you manage to keep your sanity despite the captchas? I find Cloudfare and google really annoying when accessed though Tor.

                                1. 3

                                  I’ve been sitting 100% behind my Tor-ified setup both at work and at home for around a year now. I use the Privacy Pass extension to help with captchas.

                              1. 1

                                As someone who just barely set up two OpenSMTPD instances, thanks for the heads up! Will there be a backwards compat shim, by any chance?

                                1. 1

                                  Does HardenedBSD prevent ptrace?

                                  1. 4

                                    We’ve hardened ptrace by:

                                    1. Setting security.bsd.unprivileged_proc_debug=0 by default.
                                    2. Implementing PaX NOEXEC and enforcing it across the ptrace boundary.
                                    3. Hardening [lin]procfs to prevent tampering with the process address space and registers through modifying key files in /proc/[pid]

                                    Hardening [lin]procfs with regards to ptrace may cause you do go “huh? what?” linprocfs and procfs use the ptrace functions behind-the-scenes. procfs isn’t used much on FreeBSD, anyways, but we might as well plug the same types of holes while hardening ptrace itself.

                                    1. 1

                                      To me, the architecture of ptrace/proc/linprocfs makes it tricky to secure a system. It’s probably not easy to do better than Linux in this area. Have you considered alternative ways of offering process debugging that don’t involve ptrace?

                                      1. 1

                                        I prefer DTrace, but that, too, has its issues. It’s still possible to modify some data with DTrace, but it is a bit more limited in that respect than ptrace. I’m unsure one could port libhijack to using dtrace as a backend and keep full functionality.

                                  1. 5

                                    Those are some pretty flaky arguments regarding OpenBSD. What is “theoretical” SMP? I’m running this from a 4-core OpenBSD laptop. You know, non-theoretically. Same language snark goes with vmm: they tried to implement a hypervisor? I’ll be sure to inform mlarkin of his failure to execute. It may not be what the author wants, but that’s a different story. Anyway, if there are good comparisons between the two systems security-wise, they look like they’re in that chart from https://hardenedbsd.org/content/easy-feature-comparison. Is it up to date with the recent anti-ROP efforts?

                                    1. 2

                                      It is. OpenBSD has an SROP mitigation, whereas HardenedBSD doesn’t. HardenedBSD has non-Cross-DSO CFI (Cross-DSO CFI is actively being worked on), whereas OpenBSD doesn’t. HardenedBSD also applies SafeStack to applications in base. CFI provides forward-edge safety while SafeStack provides backward-edge safety (at least, according to llvm’s own documentation.)

                                      HardenedBSD inherits MAP_STACK from FreeBSD. The one thing about OpenBSD’s MAP_STACK implementation that HardenedBSD may lack (I need to verify) is that the stack registers (rsp/rbp) is checked during syscall enter to ensure it points to a valid MAP_STACK region. If FreeBSD’s syscall implementation doesn’t do this already, doing so would be a good addition in HardenedBSD.

                                      So, there’s room for improvement by both BSDs, as should be expected. It looks like OpenBSD is starting the migration towards an llvm toolchain, which would allow OpenBSD to catch up to HardenedBSD with regards to CFI and SafeStack.

                                      Sorry for the excessive use of commas. I enjoy them perhaps a bit too much. ;)

                                      1. 1

                                        I haven’t read the whole article, because I’m not interested in HardenedBSD.

                                        What is “theoretical” SMP? I’m running this from a 4-core OpenBSD laptop. You know, non-theoretically.

                                        The article is indeed vague about it, but I think the author meant scalability issues. Too much time spent in the kernel space.

                                        Same language snark goes with vmm: they tried to implement a hypervisor? I’ll be sure to inform mlarkin of his failure to execute.

                                        I don’t have any experience with virtualization, but the point seems to be that you can only have OpenBSD and Linux guests under an OpenBSD host which compares less than something like bhyve.

                                        1. 1

                                          SMP

                                          From what I have read about SMP on OpenBSD its not that it would not detect 4 or 64 cores, its that its subsystems (like FreeBSD 5.0 for example) were not entirely rewritten to fully itilize all cores, that in many places still so called GIANT LOCK is used, may have changed recently, sorry if information is not up to latest date.

                                          vmm

                                          Now ints very limited, can You run Windows VM on it? … or Solaris VM? Last I read about it only OpenBSD and Linux VMs worked.

                                          Is it up to date with the recent anti-ROP efforts?

                                          I am not sure, You may ask here - https://www.twitter.com/HardenedBSD - or on the HardenedBSD forums - https://groups.google.com/a/hardenedbsd.org/forum/#!forum/users

                                          1. 3

                                            or Solaris VM? Last I read about it only OpenBSD and Linux VMs worked.

                                            It runs Illumos derivatives (eg. OpenIndiana). There’s a speicific feature missing that FreeBSD/NetBSD need which is being worked on. It doesn’t run Windows because Windows needs graphics.

                                            1. 2

                                              Thanks for clarification, I hope that graphics support/emulation will also came to vmm soon.

                                              I added that information to the post.

                                          2. 1

                                            I’m not sure, the article seems like it makes an honest enough comparison between hardenedBSD and OpenBSD that I make OpenBSD a priority to consider the next time I need truly secure OS.

                                            1. 3

                                              The “One may ask…” paragraph is so slanted toward HardenedBSD over OpenBSD that I’d have immediately assumed a HardenedBSD developer or fan was writing it.

                                              1. 1

                                                Tried my best, I thought that it was clean enough from the article that OpenBSD is secure for sure while HardenedBSD aspires to that target with FreeBSD codebase as start …

                                              2. 1

                                                Tried my best, I thought that it was clean enough from the article that OpenBSD is secure for sure while HardenedBSD aspires to that target with FreeBSD codebase as start …

                                            1. 8

                                              I have Let’s Encrypt set up to renew two weeks prior to it expiring just in case of outages like this. This gives me two weeks to resolve issues.

                                              1. 3

                                                Theoretically you could also set your nginx service to verify and reissue the cert as well.

                                                1. 2

                                                  What toolchain do you use? We had a wrinkle along the way that certbot was reporting the cert was not yet up for renewal. @nanny guessed that nginx needed to be restarted and I did that at the same time @alynpost force-reissued the cert and one or both of those fixed the issue for us.

                                                  We’ve been wanting to move to acme-client for a while.

                                                  1. 3

                                                    I use acme-client since certbot causes Python to create memory mappings that are both writable and executable, which is a huge no-no in my book.

                                                    1. 2

                                                      If you have the spare time, I’d love a PR to our ansible repo to move to acme-client. We haven’t had the expertise to change over with confidence, and it sounds like you’d avoid at least one failure mode we hadn’t thought of. :)

                                                      1. 1

                                                        I wish I had the time, but unfortunately I don’t.

                                                        1. 2

                                                          No worries, I’ll get to it eventually. (Or maybe some other lobster reading this will volunteer.)

                                                  2. 1

                                                    I didn’t bother with timing for mine, I just set up a cron job to call renew once a week, since the client doesn’t do anything if it isn’t available to be renewed yet.

                                                  1. 6

                                                    I run HardenedBSD 12-CURRENT on all my systems, be them laptops, desktops, servers, or appliances. I love having all the goodies of FreeBSD but with exploit mitigations and security hardening baked in.

                                                    1. 2

                                                      I find it funny that this is the entire premise of why my libhijack tool was written so many years ago. And now it’s a syscall. ;)

                                                      1. 2

                                                        Unpopular opinion time!

                                                        These types of services can not work as marketed. If you don’t use their DNS-over-TLS service, then you’re still sending DNS queries and getting the responses back over plaintext. US ISPs, Comcast being the biggest offender, are known to hijack those requests.

                                                        Even with DNS-over-TLS, it’s possible for a passive attacker to infer queries based on packet metadata. The size of packets aren’t going to change for when I do an A record lookup for google.com yesterday versus today. A passive attacker could pre-compute the packet data length for the most common domains (Alexa top million, for example).

                                                        The only real solution is to mix different kinds of traffic in to a network specially crafted for privacy/anonymization, like Tor, which supports tunneling DNS queries.

                                                        1. 3

                                                          If you don’t use their DNS-over-TLS service, then you’re still sending DNS queries and getting the responses back over plaintext.

                                                          Well… yeah. Of course you don’t get any security benefits if you don’t use TLS. (Well, even without it you do get some, but it really buys you very little.)

                                                          Even with DNS-over-TLS, it’s possible for a passive attacker to infer queries based on packet metadata. The size of packets aren’t going to change for when I do an A record lookup for google.com yesterday versus today.

                                                          You can pad an HTTPS query URL with random data. Google even documents it.

                                                          1. 3

                                                            Cloudflare actually addresses that in their blog post:

                                                            While DNSSEC ensures integrity of data between a resolver and an authoritative server, it does not protect the privacy of the “last mile” towards you. DNS resolver, 1.1.1.1, supports both emerging DNS privacy standards - DNS-over-TLS, and DNS-over-HTTPS, which both provide last mile encryption to keep your DNS queries private and free from tampering.

                                                            An attacker can also observe server name indication in your TLS connections to see who you’re contacting anyway. Preventing hijacking is much more significant in my opinion.

                                                            1. 2

                                                              Not all resolvers support DNSSEC. Not all people even like or trust DNSSEC.

                                                              Either way, I don’t buy that Cloudflare’s solution, especially when using plaintext DNS, enhances security. It simply allows more entities to snoop and/or modify your data en-route.

                                                              1. 2

                                                                That’s true, your ISP can still snoop the DNS traffic going to Cloudflare. But it does make it harder for them to send you bogus records than if you were querying them directly. Assuming Comcast isn’t modifying my traffic in flight, which I agree is sadly a big assumption, I trust Cloudflare more. Right now I use Google DNS, which has all the same problems you’re describing. At minimum, I’m happy Cloudflare is championing a more secure version of DNS (over HTTP / TLS), even if it isn’t perfect.

                                                                I have considered setting up a recursive DNS resolver on a $2.50/mo VPS and tunneling DNS from my home network to there. The IANA of course provides the root information for the root DNS servers, so it wouldn’t be that hard.

                                                                So I guess I don’t disagree with you. DNS is a complete shitshow one way or another, there’s no way to deny that. Unpopular or not, your opinion is objectively correct. It’s more of an uncomfortable fact than an opinion.

                                                                1. 1

                                                                  It’s trivial for an ISP to anycast announce 1.1.1.1 and 8.8.8.8 wholly within their own network, capturing all of your DNS requests anyway. They can configure (or not, who would even notice?) all the same features available on CloudFlare or Google. I would be very surprised if people are already not doing it. If you wanted to be sneaky about it you can even set up a reverse proxy for the web content.

                                                                  1. 1

                                                                    Some Linux nerd might run traceroute and blog about it.

                                                                    In any case, if you’re using Cloudflare DNS over HTTPS, they can’t forge Cloudflare’s certificate.

                                                          1. 2

                                                            I used to be a kde4 user years ago until a friend of mine showed me i3wm. I’m now a big fan of i3wm. Combining i3wm with tmux, vim, and BSD (HardenedBSD, specifically) has enabled me to be so much more efficient.

                                                            1. 6

                                                              Somebody is lying, I wonder who?

                                                              https://www.trustico.co.nz/news/2018/symantec-revocation/certificate-replacement.php

                                                              Further, Jeremy Rowley of DigiCert sent an e-mail to us requesting the following :

                                                              “Can you please send a listing of the certificate serial numbers along with their private keys? Once we get that list, we’ll confirm the private key and revoke the certs as requested. Thanks!”

                                                              Trustico® followed the requests of DigiCert by initially recovering Private Keys from cold storage and subsequently e-mailing the associated order number and Private Keys to DigiCert in a ZIP file. The file did not contain any other type of data.

                                                              Trustico® allows customers to generate a Certificate Signing Request and Private Key during the ordering process. These Private Keys are stored in cold storage, for the purpose of revocation.

                                                              By Djikstra’s Whiskers, this all gets weirder and stupider the more I read.

                                                              1. 3

                                                                Looks like a long email thread has some more info.

                                                                What appears to be a reasonable summary, from one of the emails in the thread:

                                                                From what I’ve read, it appears the situation here is that Trustico wanted to revoke all their customer certs from Digicert so they could do a mass migration to another CA (which is not a proper reason to revoke). When asked for proof by Digicert that the certificates were compromised and needed to be revoked, Trustico sent Digicert 23,000(!) private keys that they had stored due to the fact that they were generated by their web-based system in order to effectively make them compromised.

                                                                1. 3

                                                                  DigiCert is the only CA I know that hasn’t fucked up badly and has a good process in place.

                                                                  1. 1

                                                                    Does anyone have the above-linked trustico link cached? Firefox is rejecting its SSL/TLS cert for me.

                                                                    1. 2

                                                                      I used a website to take an image capture of it: https://imgur.com/a/wmiYA

                                                                      1. 1

                                                                        It’s Dijkstra’s Whiskers :^)

                                                                      1. 7

                                                                        with this extra $50 million they’ll surely have the resources to support federating their servers. let’s see it moxie.

                                                                        1. 3

                                                                          I hope so too, but Moxie Marlinspike voiced quite principal concerns against federations before https://signal.org/blog/the-ecosystem-is-moving/

                                                                          1. 5

                                                                            That was the day I realised I had to boycott Signal too

                                                                            1. 2

                                                                              Generally I don’t like “me too” posts, but in this case, me too! This is unacceptable. Using phone numbers as sole userids, is also unacceptable in my book.

                                                                              1. 1

                                                                                What is wrong with using phone numbers as ids? Was it wrong 50 years ago?

                                                                                1. 4

                                                                                  First, I don’t want to give my phone number to strangers. I am okay with giving my e-mail address (or some other kind of token) to strangers.

                                                                                  Second, at least for myself, e-mail addresses are eternal, while phone numbers are very ephemeral. Especially if you travel or move a lot.

                                                                                  Third, Signal doesn’t just depend on your phone number, it somehow depends on your SIM card (not sure of tech details). You can’t change your SIM card and continue to use Signal smoothly. For me this is a blocker. It means I can’t use Signal even for testing purposes, as I switch SIM cards often.

                                                                                  Apple iMessage gets this right. You can have any number of ids, including phone numbers or e-mails. I am identified by either one of those. I can be contacted by people who have either in their address book. And I can switch my SIM card any time I want. Of course, iMessage is not equivalent to Signal, nor is iMessage a good example to follow apart from the UX.

                                                                                  Also I must add a fourth point about Signal. Until relatively recently there was no way to use it on a real computer. Now there’s an Electron application, which to me still means there is no way to use it on a real computer. I do not know if 3rd parties can implement real native desktop applications or not, but there are no such applications today.

                                                                                  1. 3

                                                                                    Third, Signal doesn’t just depend on your phone number, it somehow depends on your SIM card (not sure of tech details). You can’t change your SIM card and continue to use Signal smoothly. For me this is a blocker. It means I can’t use Signal even for testing purposes, as I switch SIM cards often.

                                                                                    I have a burner phone that was initially set up with a throw-away prepaid SIM. After doing the initial setup (including with Signal), I threw away the SIM and put the phone in airplane mode. The phone now sits behind a fully Tor-ified wireless network. Signal’s still working fine.

                                                                                    Maybe if I were to put in a new SIM card, Signal might go crazy.

                                                                                    And since this is a burner phone that sits behind Tor with a number that’s meant to be public, here it is: +1 443-546-8752. :)

                                                                                    1. 2

                                                                                      I have a burner phone

                                                                                      You can’t legally acquire a pre-paid SIM in the European Union without registering it against your ID. They did it to ‘thwart terrorism’.

                                                                                      1. 1

                                                                                        Interesting. They give out pre-paid SIMs as promotions on the street here in Sweden, or at least they used to. Maybe the ID check comes at the first top-up.

                                                                                        1. 1

                                                                                          In the past you were able to obtain them anonymously.

                                                                                          They still give them away like candy but it won’t operate unless you register it by providing your ID at the operator. Though I’m speaking based on Poland - don’t know how other countries regulated this.

                                                                                          1. 1

                                                                                            I see. I don’t know if it’s a specific EU-related law / regulation or whether each country has their own rules.

                                                                                            1. 2

                                                                                              Some EU countries have regulations limiting the possibility to purchase prepaid cards to the stationary shops of telecommunications operators. Such solutions have been adopted i.a. in Germany, United Kingdom, Spain, Bulgaria and Hungary. Obligation to collect data concerning subscribers who use telecommunications services can be found i.a. in the German law.

                                                                                              source: http://krakowexpats.pl/utilities/mandatory-registration-of-prepaid-sim-cards/

                                                                                              Funny I thought it was a cross EU law. Regardless, that still makes it very annoying that signal has no other means of making an ID. I don’t really want to give my mobile to everyone, and there is no way to use signal anonymously in countries that do regulate sim registration.

                                                                                        2. 1

                                                                                          What that would do is create a black market for pre-paid SIMs, where you have a single entity registering tons of SIMs and reselling them pre-activated.

                                                                                          1. 2

                                                                                            That is what is happening on the street, criminals approach durnkards etc. to register a SIM on them and resell or use that themselves.

                                                                                            Point is, for a regular person there is no legal way to obtain an anonymous SIM. Creating a legal entity registering SIMs is also not possible. This means that signal can’t be used anonymously if you want to stay on the legal side.

                                                                                            1. 2

                                                                                              Completely agreed. It’s unfortunate to see such silly laws that are so easy to be skirted around. All it does is make people who would otherwise be honest and trustworthy break the law.

                                                                                        3. 1

                                                                                          At least in my country, phone numbers can, and eventually, will be reallocated when not in use for several years. So aren’t you running at a small risk that someone else might register ‘your’ number with Signal in a few years?

                                                                                        4. 1

                                                                                          I cornered a Signal dev at a networking event in December and emphasized how much I also want to communicate via Signal without giving out my phone number. They were aware of how much demand there is for that feature but politely declined to make a public commitment - at the time they were maybe 8 devs and their productivity is limited. Hopefully they’ll be able to expand and address the feature.

                                                                                          1. 1

                                                                                            A me-too-style reply for what @lattera said.

                                                                                            A friend lives abroad and got a local SIM on a visit once. When he went back, he discarded his SIM, unknown to me.

                                                                                            When I heard he might be visiting again, I sent a Signal message asking if this still works. To our surprise, it did.

                                                                                            So this myth needs to be busted.

                                                                                            It may have a bug, though, as I sent a Signal message to another friend and got a reply from a foreign phone number. He told me it’s the number of a SIM he used on a business trip.

                                                                                            That’s a different issue someone else can hunt down, but Signal is more anonymous than eg. Bitcoin as it stands today.

                                                                                    2. 1

                                                                                      this is so dumb

                                                                                      • it’s a messaging app… how much can people’s expectations evolve? how have they evolved since signal’s inception?
                                                                                      • the cost of switching between services is low only for services that already have mass adoption. if moxie started fucking around with the protocol and people weren’t having it, network effects mean there would be no alternative (whatsapp and facebook messenger are not alternatives)