Security
Darkcoin: A cryptocurrency with more anonymity
Since the release of Bitcoin in 2009, open-source cryptocurrencies have had a substantial economic impact on the world. The most popular ones have millions and, sometimes, billions of dollars worth of currency in circulation. While cryptocurrencies provide a digital form of cash transactions, they have also raised the ire of those who argue that they sustain online black markets. A new currency, Darkcoin, which had an open-source release in September, has a distinction from its competitors in its focus on making transactions untraceable.
The project was announced in January 2014, but was only released as open source in September, when project members deemed the technology ready for mainstream use. Based on Bitcoin, Darkcoin seeks to improve upon that foundation, particularly with regard to anonymity. As the project notes: "With Bitcoin, transactions are published to the blockchain and you can prove [who] made them, but with Darkcoin the anonymization technology makes it impossible to trace them.
"
For those unfamiliar with how Bitcoin transactions operate, here's a quick primer. When trying to create a new digital cash system from scratch, the same problem that the music and movie industry have faced crops up: how to stop computers from copying valuable bits? Bitcoin solves this problem by incorporating a public ledger in its code. Everyone who wants to use Bitcoin has to download a copy of the complete database of all the Bitcoin transactions ever made, and keep it up-to-date. This database is known as the blockchain.
To give a financial incentive for individuals to provide the computing infrastructure necessary to keep the database and Bitcoin network working, and to provide a controlled means to increase the number of Bitcoins in circulation to deal with inflation, the ability to "mine" Bitcoins is built into the software. Those who provide nodes to help sustain the Bitcoin network also devote resources to brute force instances of an automatically-generated cryptography problem. This problem is a cryptographic classic: the Byzantine Generals' Problem. The first miner to solve an instance of this problem is awarded some free Bitcoins from a combination of automatic transaction fees from across the Bitcoin network, along with a set number of Bitcoins (presently, twenty-five, though that will diminish, eventually to zero, over time). The code is designed to adapt the difficulty of the cryptographical problem to the computational power of the network so that, on average, the problem will be solved every ten minutes.
The blockchain leads to a privacy problem: while a paper cash transaction is not easily traceable, every Bitcoin transaction is publicly recorded. To mitigate this problem, transactions are recorded using pseudonyms (Bitcoin addresses); users can generate as many different addresses as they want. For some, this approach is insufficient; tracing the transaction history in the blockchain or other techniques may be able to deanonymize Bitcoin owners.
Darkcoin's claimed innovation to address this issue is its mixing
software named DarkSend, which uses
decentralized "masternodes" in a fashion somewhat similar to
onion routing: "Obfuscation is achieved by using network nodes in
order to break up and reroute the flow of money in a way that is hard to
track down
". Masternodes are given a financial incentive to operate,
but must hold an initial minimum amount of Darkcoin to participate, to try
to deter surveillance:
DarkSend also pools Darkcoin before completing transactions, to make it much less clear where payments originated from. Basically, instead of paying someone directly, one pays into a pool, managed by the masternodes. When that pool grows large enough, the pool then pays the recipients, making it difficult to trace the source of the payments. As stated in the Darkcoin FAQ, masternodes never actually hold the Darkcoin from the pool, so they cannot steal any. Payments from pools are all equal sums to further obfuscate the source. That is, buying something for ten Darkcoin could contribute to a pool that, when it reached 1000 Darkcoin, would complete 100 different transactions each for ten Darkcoin. In the project's words:
Security researcher Kristov Atlas's detailed analysis
[PDF] of DarkSend offers an analogy to help explain it: "Imagine
you're flying in a helicopter trying to track a red car on the highway, and
it passes under a bridge. If two red cars emerge on the other side of the
bridge, it's ambiguous which one you want to follow
" (page
4). Atlas's article is worth the read for anyone interested in
cryptocurrency security. He breaks down which types of entities take part in DarkSend, what role they play, and how that role may or may not compromise transactional anonymity. For example, masternodes, which play a critical role in mixing Darkcoin before completing transactions, are also a potential avenue for compromising user privacy: "Malicious Masternodes can record the input and output relationships for any transaction they are chosen to orchestrate
" (page 10).
The actively developed code is available under the X11 license at
Darkcoin's GitHub
repository. Discussion happens on the project's official forums and on a dedicated subreddit. The project leads are
ambitious and appear to have a semi-academic approach with frequent
releases of white papers. A recent paper [PDF] describes "transaction locking": a proposed means "to enable instant validation of payments without having to wait for blockchain confirmation
". This would make Darkcoin transactions competitive with credit cards for speed of validation; another improvement over Bitcoin. A message from the project's official Twitter account states that this technology will be coming soon to Darkcoin.
No matter how well-done, a cryptocurrency is merely of academic value if no vendors will accept it as payment. With many merchants offering goods and services in exchange for Darkcoin, this appears not to be an issue for the currency. A Canadian vineyard got the ball rolling this past May, when it announced that it will "be the first retail business to accept DarkCoin
". The official Darkcoin forums have a section where vendors can advertise that they accept Darkcoin. The list is diverse: there's a law office in Brazil, a VPN service based in Belize, a VHS-to-digital conversion service in Texas, and many more. A merchant directory lists several other vendors, including an auction site, a computer hardware vendor, a board game company, and a house planner.
With Darkcoin's focus on online privacy, certain questionable or illegal activities have capitalized on the new currency. Gambling, drugs, and guns all appear to be available to those who hold Darkcoin. All of these black markets are hidden services on Tor to avoid law enforcement actions. Nonetheless, there are plenty of legitimate uses for Darkcoin. With a focus on privacy, ambition from its developers to break new technical ground, and strong interest from vendors, Darkcoin will likely continue to make an impact in cryptocurrency technology innovation.
Brief items
Security quotes of the week
“We don’t know how many of these votes were actually counted or shouldn’t have been counted versus lost, or how many people tried to use this system but were unable to get ballots,” says [Felten], a foremost expert in the vulnerabilities of electronic voting both at polling stations and via the Internet. “We can’t measure it, but certainly there are indications of overflowing mailboxes, big backlogs and problems processing requests. So I don’t think you could conclude at all that this was a successful experiment.”
The company—one the country’s largest wireless carriers, providing cell phone service for about 123 million subscribers—calls this a Unique Identifier Header, or UIDH. It’s a kind of short-term serial number that advertisers can use to identify you on the web, and it’s the lynchpin of the company’s internet advertising program. But critics say that it’s also a reckless misuse of Verizon’s power as an internet service provider—something that could be used as a trump card to obviate established privacy tools such as private browsing sessions or “do not track” features.
The most-valuable, second-richest telecommunications company in the world is bankrolling a technology news site called SugarString.com. The publication, which is now hiring its first full-time editors and reporters, is meant to rival major tech websites like Wired and the Verge while bringing in a potentially giant mainstream audience to beat those competitors at their own game.
There’s just one catch: In exchange for the major corporate backing, tech reporters at SugarString are expressly forbidden from writing about American spying or net neutrality around the world, two of the biggest issues in tech and politics today.
Garrett: Linux Container Security
Matthew Garrett considers the security of Linux containers on his blog. While the attack surface of containers is likely to always be larger than that of hypervisors, that difference may not matter in practice, but it's going to take some work to get there:
- Strong auditing and aggressive fuzzing of containers under realistic configurations
- Support for meaningful nesting of Linux Security Modules in namespaces
- Introspection of container state and (more difficult) the host OS itself in order to identify compromises
A "highly critical public service announcement" from Drupal
The Drupal project has put out an advisory that if you haven't already patched the recent SQL injection vulnerability, it's probably too late. "Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement."
New vulnerabilities
devscripts: directory traversal
| Package(s): | devscripts | CVE #(s): | CVE-2014-1833 | ||||||||
| Created: | October 28, 2014 | Updated: | June 17, 2015 | ||||||||
| Description: | From the CVE entry:
Directory traversal vulnerability in update in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. | ||||||||||
| Alerts: |
| ||||||||||
ejabberd: incorrectly allows unencrypted connections
| Package(s): | ejabberd | CVE #(s): | CVE-2014-8760 | ||||||||||||
| Created: | October 24, 2014 | Updated: | March 30, 2015 | ||||||||||||
| Description: | From the Mageia advisory:
A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttls_required is set. | ||||||||||||||
| Alerts: |
| ||||||||||||||
file: out-of-bounds read flaw
| Package(s): | file | CVE #(s): | CVE-2014-3710 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 29, 2014 | Updated: | November 28, 2014 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat bugzilla:
An out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
kernel: multiple vulnerabilities
| Package(s): | kernel | CVE #(s): | CVE-2014-3688 CVE-2014-3687 CVE-2014-3673 CVE-2014-3690 CVE-2014-8086 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 28, 2014 | Updated: | February 4, 2015 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the CVE entry:
Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag. (CVE-2014-8086) From the Red Hat bugzilla: It was found that Linux kernel's sctp stack is prone to remotely triggerable memory pressure issue caused by excessive queueing. A remote attacker could use this flaw to cause denial-of-service conditions on the system. (CVE-2014-3688) Kernel panic is encountered when sctp stack receives duplicate asconf chunks. (CVE-2014-3687) Kernel panic (via skb_over_panic) is encountered when sctp stack receive a malformed asconf chunks. (CVE-2014-3673) I was found that the host cr4 value can change across vm entries on the same vcpu and yet it was being treated as being constant. This can interfere with, for example, PR_SET_TSC settings (cr4/TSD bit), leading to inconsistent state. A local, unprivileged user could use this flaw to cause denial of service on the system. (CVE-2014-3690) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
kernel: multiple vulnerabilities
| Package(s): | kernel | CVE #(s): | CVE-2014-3610 CVE-2014-3611 CVE-2014-3646 CVE-2014-8369 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 28, 2014 | Updated: | April 23, 2015 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat bugzilla:
If the guest writes a noncanonical value to certain MSR registers, KVM will write that value to the MSR in the host context and a #GP will be raised leading to kernel panic. A privileged guest user can use this flaw to crash the host. (CVE-2014-3610) There's a race condition in the PIT emulation code in KVM. In __kvm_migrate_pit_timer the pit_timer object is accessed without synchronization. A local guest user with access to the PIT i/o ports could use this flaw to crash the host. (CVE-2014-3611) On systems with invvpid instruction support (corresponding bit in IA32_VMX_EPT_VPID_CAP MSR is set) guest invocation of invvpid causes vm exit, which is currently not handled and causes unknown exit error to be propagated to userspace. A local unprivileged guest user could use this flaw to crash the guest. (CVE-2014-3646) A flaw was found in the way iommu mapping failures were handled in kvm_iommu_map_pages() function in the Linux kernel (introduced by the fix for CVE-2014-3601). A privileged user in the guest could use this flaw to crash the host in case the guest has access to passed in device. (CVE-2014-8369) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
kernel: denial of service
| Package(s): | kernel | CVE #(s): | CVE-2014-3645 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 29, 2014 | Updated: | October 29, 2014 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat advisory:
It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
keystone: information leak
| Package(s): | openstack-keystone | CVE #(s): | CVE-2014-3621 | ||||||||||||||||
| Created: | October 23, 2014 | Updated: | November 12, 2014 | ||||||||||||||||
| Description: | From the Red Hat advisory:
A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admin_token. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue. (CVE-2014-3621) | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
konversation: information disclosure
| Package(s): | konversation | CVE #(s): | CVE-2014-8483 | ||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 29, 2014 | Updated: | March 9, 2015 | ||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Mageia advisory:
Due to and out-of-bounds read issue in Konversation in The ECB Blowfish decryption function, a malicious client can cause either denial of service or disclosure of information from process memory by using an improperly formed message. | ||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||
mythtv: SSDP reflection attacks
| Package(s): | mythtv | CVE #(s): | |||||
| Created: | October 29, 2014 | Updated: | October 29, 2014 | ||||
| Description: | From the Mageia advisory:
MythTV's UPNP component was susceptible to SSDP reflection attacks and has been hardened to disallow SSDP device discovery from non-local addresses as mitigation. | ||||||
| Alerts: |
| ||||||
nova: privilege escalation
| Package(s): | openstack-nova | CVE #(s): | CVE-2014-8750 | ||||||||||||
| Created: | October 23, 2014 | Updated: | November 3, 2014 | ||||||||||||
| Description: | From the Red Hat advisory:
A race condition flaw was found in the way the nova VMware driver handled VNC port allocation. An authenticated user could use this flaw to gain unauthorized console access to instances belonging to other tenants by repeatedly spawning new instances. Note that only nova setups using the VMware driver and the VNC proxy service were affected. (CVE-2014-8750) | ||||||||||||||
| Alerts: |
| ||||||||||||||
packstack: unexpected firewall disable
| Package(s): | packstack | CVE #(s): | CVE-2014-3703 | ||||
| Created: | October 23, 2014 | Updated: | October 29, 2014 | ||||
| Description: | From the Red Hat advisory:
It was discovered that the nova.conf configuration generated by PackStack did not correctly set the libvirt_vif_driver configuration option if the Open vSwitch (OVS) monolithic plug-in was not used. This could result in deployments defaulting to having the firewall disabled unless the nova configuration was manually modified after PackStack was started. (CVE-2014-3703) | ||||||
| Alerts: |
| ||||||
php: three vulnerabilities
| Package(s): | php | CVE #(s): | CVE-2014-3669 CVE-2014-3670 CVE-2014-3668 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 23, 2014 | Updated: | January 9, 2015 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Fedora advisory:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
phpmyadmin: cross-site scripting
| Package(s): | phpmyadmin | CVE #(s): | CVE-2014-8326 | ||||||||||||||||||||
| Created: | October 24, 2014 | Updated: | November 3, 2014 | ||||||||||||||||||||
| Description: | From the Mageia advisory:
In phpMyAdmin before 4.1.14.6, with a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analyzing executed queries. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
pidgin: multiple vulnerabilities
| Package(s): | pidgin | CVE #(s): | CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 | ||||||||||||||||||||||||||||
| Created: | October 24, 2014 | Updated: | December 11, 2014 | ||||||||||||||||||||||||||||
| Description: | From the Debian advisory:
CVE-2014-3694: It was discovered that the SSL/TLS plugins failed to validate the basic constraints extension in intermediate CA certificates. CVE-2014-3695: Yves Younan and Richard Johnson discovered that emotictons with overly large length values could crash Pidgin. CVE-2014-3696: Yves Younan and Richard Johnson discovered that malformed Groupwise messages could crash Pidgin. CVE-2014-3698: Thijs Alkemade and Paul Aurich discovered that malformed XMPP messages could result in memory disclosure. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
rubygem-httpclient: allows ssl negotiation
| Package(s): | rubygem-httpclient | CVE #(s): | |||||||||
| Created: | October 28, 2014 | Updated: | October 29, 2014 | ||||||||
| Description: | From the Fedora advisory:
Updated to 2.4.0 which stops hard-coding ssl v3 and allows ssl negotiation. | ||||||||||
| Alerts: |
| ||||||||||
sddm: multiple vulnerabilities
| Package(s): | sddm | CVE #(s): | CVE-2014-7271 CVE-2014-7272 | ||||||||||||
| Created: | October 28, 2014 | Updated: | December 4, 2014 | ||||||||||||
| Description: | From the Red Hat bugzilla:
[ 1 ] Bug #1149608 - CVE-2014-7271 sddm: user "sddm" can login without authentication. [ 2 ] Bug #1148659 - sddm: multiple flaws in SDDM display manager leading to privilege escalation to root [ 3 ] Bug #1149610 - CVE-2014-7272 sddm: several local privileges escalation issues | ||||||||||||||
| Alerts: |
| ||||||||||||||
wget: symlink attack
| Package(s): | wget | CVE #(s): | CVE-2014-4877 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 28, 2014 | Updated: | March 29, 2015 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Mageia advisory:
Wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Page editor: Jake Edge
Next page:
Kernel development>>