neverpanic.de

CVE-2015-0842, CVE-2015-0843 in yubiserver

| Comments

Back in March 2015, I reported a security issue in Yubiserver, a small specialized HTTP server to verify HOTP/OATH tokens generated by Yubico’s Yubikeys. I’m publishing the details for reference.

I was looking for a new Yubikey validation server and, given its small size, decided to code review any candidates due to their small size. While looking at yubiserve, I found security issues in the code.

Secure Erase on OS X El Capitan

| Comments

With the update to OS X El Capitan, Apple has rewritten Disk Utility. The pre-10.11 Disk Utility used to have an option to securely erase a disk – a feature I needed because I plan to throw a faulty disk away.

El Capitan Disk Utility erase dialog without security options button
Now, Apple still documents the option in KB article PH22241, but has implemented code that hides the “Security Options” button in certain situations. Unfortunately, they did not document which conditions need to be fulfilled for the button to be shown, which leads to the situation that I do not see it on any of my disks. My guess would be that the option is not available for encrypted disks, but since I do not have any unencrypted drives I cannot verify that assumption.

Why would you wipe an encrypted disk?

For an encrypted volume, wiping the header that contains the master encryption key should be enough to ensure that no data can be recovered. Conveniently, Apple does not provide an option to wipe the volume’s encryption header and documentation on Apple’s CoreStorage format it scarce, which means I don’t know where the header actually is. So a full wipe it is.

Luckily just because the GUI does not support the feature anymore does not mean that it cannot be done. The diskutil command line tool still has a secureErase option that supports overwriting entire volumes. Because I was doing this with CoreStorage volumes, I first had to delete that volume before secureErase would unmount the physical disk below:

:) clemens@cBookPro:~$ diskutil cs deleteVolume CD3D75E0-F317-42B6-B44F-FDCB1A9448CD
The Core Storage Logical Volume UUID is CD3D75E0-F317-42B6-B44F-FDCB1A9448CD
Started CoreStorage operation on disk7 cTM
Unmounting disk7
Removing Logical Volume from Logical Volume Group
Finished CoreStorage operation on disk7 cTM

Once the logical volume was gone, I was able to start the wipe with diskutil secureErase:

:) clemens@cBookPro:~$ diskutil secureErase
Usage:  diskutil secureErase [freespace] level MountPoint|DiskIdentifier|DeviceNode
Securely erases either a whole disk or a volume's freespace.
Level should be one of the following:
        0 - Single-pass zeros.
        1 - Single-pass random numbers.
        2 - US DoD 7-pass secure erase.
        3 - Gutmann algorithm 35-pass secure erase.
        4 - US DoE 3-pass secure erase.
Ownership of the affected disk is required.
Note: Level 2, 3, or 4 secure erases can take an extremely long time.
:( clemens@cBookPro:~$ diskutil secureErase 2 disk4
Started erase on disk4
Pass: 1
Pass: 2
Pass: 3
Pass: 4
[ - 0%..10%..20%..30%..40%..50%.......................... ] 52% 25:03:07

I did a little research that suggests that a single wipe is sufficient to prevent data recovery on modern disks, so the DoD 7-pass I used might seem like overdoing it, but since I’m throwing the disk out because it was causing write errors I am also using this as a last benchmark to see if it would trash the disk completely.

OnePlus One Review

| Comments

OnePlus logo on the OnePlus Oneʼs packaging

The One by OnePlus is a flagship phone designed and produced by the Chinese startup OnePlus founded in December 2013. Only a few months later, the company announced the phone in April 2014. The astonishing speed can be explained if you know that the company’s founder, Pete Lau, previously was Vice President at Oppo Electronics and is no newcomer to the smartphone business.

The phone’s specs are clearly targeted at the high-end market. For example, it features a 2.5 GHz quad-core CPU, 3 gigabytes of DDR3 RAM, a 1080p IPS display and a 3100 mAh battery. The official website has the details – there really is no point in repeating all of them here.

I swear, it’s that large

There obviously already is a myriad of reviews on the OnePlus One (for example on YouTube), so I’ll just skip ahead to the points that are relevant to me as computer scientist and the features that surprised me. My biggest concern when ordering the phone was its size. At 5.5 inch, the screen is huge, after all. I was pleasantly surprised to see the 15.3 x 7.6 cm phone fitting in my front pocket comfortably. It does get a little cumbersome at times while driving, but that’s entirely manageable and only manifests itself during long drives. On the contrary, it was interesting to see how quickly I adjusted to the available screen real estate. Even before I actually switched my SIM over to the new phone, I was asking myself why I bothered for so long with the vile 4.3 inch, 480x800 screen of my old HTC Desire HD.

Goodbye University, Hello Professional Life

| Comments

Part of my university diploma.

A period of my life is coming to an end. Yesterday’s mail made that all the more obvious to me, since it contained my university diploma. I have now officially graduated Friedrich-Alexander-University of Erlangen-Nuremberg with a Master’s degree in computer science. This is reason for celebration, especially since I managed to pass with distinction, but it is also an opportunity to look back. Since I will not stay at university or in Erlangen, graduation comes with a farewell.

I have enjoyed the last few years in Erlangen, especially at the System Software Group and its KESO Research Project where I wrote my Master’s thesis on “Compiler-Assisted Memory Management Using Escape Analysis in the KESO JVM”. However, in the last few months in Erlangen I’ve realized that it was time to move on and seek new challenges. And I have.

On September 1st I will take up a job as “software integrator Linux” at BMW Car IT in the city of Ulm. I’m hoping my experience with continuous integration from KESO, package management, and build systems from MacPorts may be helpful at my position. I’m really looking forward to working for BMW and moving to Ulm, and what I’ve seen so far has been fantastic! :-)

Off to pastures new!

What's New in MacPorts 2.3.0

| Comments

MacPorts 2.3.0 has been released. But what’s new for users, and why should they use the new features?

This release contains a lot of changes under the hood that users probably won’t notice. For example, MacPorts no longer uses the system-provided version of Tcl, but ships its own copy. That might seem like a step backward at the first glance, but simplifies compatibility with older systems such as Tiger or Leopard (hello, PPC users), allows us to clean up some of the cruft in the codebase and fix some long-standing issues like signal handling in future releases.

Another change most users won’t notice is the use of HTTP pipelining (I know, I know, what took us so long?), which should be beneficial especially when downloading a lot of binary packages from our mirrors. Also related to downloads, but very much noticeable are the new progress bars. Previously download progress information was only available when run in verbose mode, but 2.3.0 comes with a nice progress indicator for downloads taking longer than a few seconds. You’ll also see the same progress bar in rev-upgrade, which previously indicated its progress using a simple percentage number.

One of the changes I’ve been waiting for (and working on) is “trace mode”. Trace mode is a poor man’s sandbox initially developed for the darwinbuild project at Apple. It is based on library preloading, a technique known from Linux systems using the environment variable LD_PRELOAD. That makes it inherently insecure, but since security (i.e. protection against malicious attackers) has never been a goal for this sandbox, that’s not critical. Trace mode adjusts the environment of a build in MacPorts by hiding all files that shouldn’t be there in a vanilla installation of OS X and files in the MacPorts prefix that aren’t installed by a dependency of the current port. Trace mode is a great tool for both port authors and users: Missing dependencies are easily identified and files in /usr/local can no longer interfere with a MacPorts build with trace mode enabled. This last point is especially important since lots of third party installers and other package managers (looking at you, homebrew) install files in /usr/local. The next time a port fails to build for you, clean and re-try with port -t instead.

Other minor, but helpful new features include a check for the presence of the Xcode Command Line Tools and Xcode license agreement acceptance and a helpful new overview for the select feature at port select --summary.