Re: [perpass] perens-perpass-appropriate-response-01

Nicholas Weaver <nweaver@ICSI.Berkeley.EDU> Fri, 06 December 2013 21:20 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 976841AE09C for <>; Fri, 6 Dec 2013 13:20:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.702
X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_12=0.6, J_CHICKENPOX_14=0.6, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id j60TC-N4Mfrm for <>; Fri, 6 Dec 2013 13:20:51 -0800 (PST)
Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU []) by (Postfix) with ESMTP id EBF201AE08E for <>; Fri, 6 Dec 2013 13:20:50 -0800 (PST)
Received: from localhost (localhost.localdomain []) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 6E82A2C400B; Fri, 6 Dec 2013 13:20:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU
Received: from rock.ICSI.Berkeley.EDU ([]) by localhost (maihub.ICSI.Berkeley.EDU []) (amavisd-new, port 10024) with LMTP id gcFMahan56st; Fri, 6 Dec 2013 13:20:46 -0800 (PST)
Received: from [] ( []) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id C18C12C4004; Fri, 6 Dec 2013 13:20:46 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_5E27A00F-567F-40F6-992A-6C06947DEB49"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
In-Reply-To: <>
Date: Fri, 6 Dec 2013 13:20:46 -0800
Message-Id: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
To: Bruce Perens <>
X-Mailer: Apple Mail (2.1510)
Cc:, Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
Subject: Re: [perpass] perens-perpass-appropriate-response-01
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 06 Dec 2013 21:20:52 -0000

On Dec 6, 2013, at 11:48 AM, Bruce Perens <> wrote:

> Then make the default whatever your preference is.

The default MUST BE "ALWAYS HTTPS, ALWAYS".  Period.  Anything less is abdicating user safety.

>> Especially for "javascripts and CSS" which you seem so happy to pass in the clear: You let an attacker see a SINGLE ONE of your cleartext JavaScript or CSS fetches and you are FUBAR. Game over, you're p0wned, have a nice day. 
> See your fetches? I understand MITM, etc., but see them?

Yes, SEE just one of these "inconsequential" fetches is sufficient.  If the attacker can see your fetches he can execute a man-on-the-side attack through packet injection.  A wiretap is only passive if the wiretapper doesn't want to bother spending the couple of hours of from-scratch code to turn it into an active attacker.

Lets take a concrete example.  

You, Bruce, have nothing to fear from the US government.  But hey, you're doing stuff of some economic significance, and economic significance = valid tagret.  Therefore, in this brave new world, you're a valid target to say, well, France. [1]  And France's wiretap infrastructure knows the IP you commonly use (there are several tricks to possibly find this out).

All the wiretap has to do is wait for that single inconsequential Javascript fetch from your computer to pass by the wiretap, say, as part of a completely innocent and unrelated Air France ad campaign that happened to be on a web page you happened to visit.

When it sees the TCP packet containing the HTTP GET, it spoofs an injected reply packet back to you.  If your browser gets the spoofed reply first (and it will, the spoofed reply has a head start in the race), it acts on the spoofed reply.

This spoofed reply contains a small piece of Javascript which creates a little, tiny 1x1 hidden iFrame that opens onto France's exploit server [2], which now runs a full suite of code in your browser to p0wn you.  

Actually doing packet injection is downright trivial:  I've written up a TCP packet injector in a few hours on a lark, and several years ago it was a staple of Defcon WiFi pranks, say, by turning every large image into Off the shelf tools and a little glue are pretty much sufficient for any country to do this [3]. 

In the past, it was only the purvue of pranksters and censorship (the Great Firewall).  And, it turns out the NSA.  Thanks to the NSA, now the future of packet injection is not, well, bright, but readily available to a whole UN worth of attackers.

So yes, a single fetch seen by the adversary is sufficient if the adversary wants to attack you.  If you are lucky, your adversary is all countries your traffic traverses except your own.

[1] I selected Country B, err, France for a reason in this.

But pick your country.  

[2] The NSA's software suite for this is called FOXACID.  Everybody else just uses Metasploit's Browser Autopwn, its the same thing. 

[3] For those without the exploit expertise, please contact your local FinFly, Hacking Team, and Vupen sales representatives.  They'd be happy to help provide malcode and exploits to tie into your Metasploit autopwn system. The packet injector itself?  Just have an undergrad write it.  Its a good lab exercise for a networking class.

Nicholas Weaver                  it is a tale, told by an idiot,                full of sound and fury,
510-666-2903                                 .signifying nothing