Archive for February, 2007 Page 2 of 4

« Older Entries
Newer Entries »
Feb 24

USB flash SnoopStick “The moral spyware”

in Confidentiality, Hardware and Quick Note. Comments Printable version Printable version

sskey300I came across SnoopStick last week. According to their web site a Snoopstick is described as this :

SnoopStick is a USB flash drive type device that allows you to monitor what your kids, employees, or anyone using your computer is doing while on the Internet.”

However it is not a hardware device just two software bundled on an cheap USB key. It as nothing to do with a hardware key logger or such. If the soft have been ship on a CD it have been the same (but it wouldn’t have been look as good I guess).

More over using these software is dangerous for sure and mostly illegal :

 

As Symantec said the server is a plain spyware: Snoopstick reports confidential information ranging from IM to web page to a third party namely Solid Oak Software. The client software connect to Solid Oak Software server and retrieve the information collected.

  1. It is illegal to spy on someone.
  2. You don’t know what the soft really reports. Nothing prove that the data you acess are the only one reported by the spyware
  3. You don’t know where the data are stored or who acess it.
  4. Data may even been eavesdrop as far as I know.

But what’s make this product so evil is that is try to justify the installation of spyware by moral reason. Moreover it ask you to pay for that. Trying to sell a spy ware as a moral software is disgusting. Fooling people to make them pay for a cheap USB key with spy ware in it is a pure and simple scam. The saddest part is that it has have positive feedback from parents.

Lastly the site said it is invisible well it is an other lie just look for the following keys in your registry:

# C:Documents and SettingsAll UsersApplication Data{67E71F41-70D9-4823-8EC0-78BC232B5E7A}instance.dat
# C:Documents and SettingsAll UsersApplication Data{67E71F41-70D9-4823-8EC0-78BC232B5E7A}mia.dll
# C:Documents and SettingsAll UsersApplication Data{67E71F41-70D9-4823-8EC0-78BC232B5E7A}SnoopStick.dat
# C:Documents and SettingsAll UsersApplication Data{67E71F41-70D9-4823-8EC0-78BC232B5E7A}SnoopStick.exe
# C:Documents and SettingsAll UsersApplication Data{67E71F41-70D9-4823-8EC0-78BC232B5E7A}SnoopStick.msi
# C:Documents and SettingsAll UsersApplication Data{67E71F41-70D9-4823-8EC0-78BC232B5E7A}SnoopStick.par
# C:Documents and SettingsAll UsersApplication Data{67E71F41-70D9-4823-8EC0-78BC232B5E7A}SnoopStick.res
# C:WINDOWSInstaller[RANDOM NUMBER].msi
# %System%logsClientSSFileUpdater.txt

An other lie for a product that offers to do illegal action.

Feb 20

A comparison between DVB conditional access and secure IP multicast Article Review

in Authentification, Confidentiality, Cryptography, In Publications and Technology. Comments Printable version Printable version

This article published at MWCS in 2005, by H.S. Cruickshank, M.P. Howarth, S. Iyengar and Z. Sun, propose to replace the current DVB (Digital Video Broadcasting) conditional access (CA) by an IP multicast system. DVB is the standard used for TV satellite. Conditional access is the mechanism used in satellite television to restrict the diffusion to authorized customers. Because the signal is broadcasted to everyone with no control, it rely on cryptographic means to do so. There is many CA systems available such as Viaccess, Connax or Nagravision.

I was interested in this article because it provides a concret and overview of how DVB work and in particular how CA is enforced. As far as I know this is one of the only paper that present DVB scheme in great details. It is far more usable that the Wikipedia page for instance. If you are curious of DVB and satellite in general this is a nice introduction article.

Concerning the multicast protocol replacement, I am not convinced because the strength of DVB is its ability to work without decoder feedback. If this introduce security problems on the other hand it makes it usable everywhere in the world.

Please note that some information about the cryptographic algorithm are inaccurate. For instance Viaccess used AES or RC6 for encryption and not triple DES. EMM are also cycled very often on some CA systems, TPS cycle at least two time by hour for instance, to prevents rogue cards.

Two under looked security gaps of DVB are:

  1. The ability to performs replay attacks on Smart card
  2. The card sharing technique that use Internet to share EMM faster that they cycle. (look for Gbox in Google if your are interested in practical uses)

In conclusion this work is valuable as it provides a reference paper about DVB system that can be used as starting point.

Detailed information (5W-H report)

  • What: It is as a paper about DVB system conditional access
  • Why: DVB CA is problematic because it requires that the receiver does not answer. This leads to security problems. This paper is valuable as it provides a reference on how DVB work. There is very few documentation about the subject.
  • Who: H.S. Cruickshank, M.P. Howarth, S. Iyengar and Z. Sun from the Networks Research Group in the Centre for Communication Systems Research, part of the Department of Electronic Engineering at the University of Surrey
  • Where: The paper was publish in the 14th IST Mobile and Wireless Communications Summit in Germany
  • When: June 2005
  • How: The DVB system is depicted by a textual explanation along with nice diagrams.

Additional resources

the paper Local version

Dr. Michael Howarth page

« Older Entries
Newer Entries »