Thomas Jaehnel

DKIM in amavisd-new and postfix

2010-07-19T19:00:00Z

As most of you know, email is an inherently insecure protocol. Basically, you're sending around text files with a certain format and you have to trust the servers that are forwarding the email, that they wont modify the content or lie about who they are.

One of the big issues here is, that anybody can claim to be sending email from bill.gates@microsoft.com and whoever receives the email has to believe it.

DKIM adds a certain level of protecting. What it does is, it gives the owner of the DNS record of a domain the possibility to provide a cryptographic public key to anyone who cares to validate the signature. The sending mailserver holds a copy of the corresponding private key and signs every outgoing message with that key. Every recipient can the check weather the signature is correct by checking the published public key.

A lot of the big players like gmail, etc. have added support for DKIM signatures in their infrastructure.

I have also implemented DKIM (along with SPF) on my mail server.

Following are the basic steps necessary to implement DKIM:

create a crypto key-pair
setup a separate path in your mailer for outgoing mail
configure mailer to sign outgoing messages
publish the public key through DNS

The best howto I came across is this

The most important part is to set postfix to tag mails as incoming or outgoing by using the

smtpd_sender_restrictions = 
    check_sender_access regexp:/etc/postfix/tag_as_originating.re
    ...
    check_sender_access regexp:/etc/postfix/tag_as_foreign.re

part in main.cf.

The rest of the setup happens in amavis by adding an additional policy in amavis:

$inet_socket_port = [10024,10026];  # listen on two ports
$enable_dkim_signing = 1;  # loads DKIM signing code
dkim_key('DOMAIN_NAME, 'dk1', '/path/to/keyfile');
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = {  # mail originating from our users
    originating => 1,  # indicates client is ours, allows signing
};

The only remaining thing to do is publish the public key. My domains are managed by united domains. To get this working you have to create a subdomain and set the TXT record for this subdomain called dk1._domainkey.homemadecode.de (the dk1 part has to be the same as the identifier provided in the amavisd config above).

.de DNS root server failure

2010-05-12T12:29:28Z

Currently the German DNS root servers have a problem. DENIC is apparently working on it. In the meantime homemadecode.de and its mail services are not available. I'm sorry for the inconvenience.

LDAP groups not showing up (immediately)

2010-04-12T08:28:17Z

Background: I use LDAP as a user storage for my unix machines holding all relevant user and group data in the directory. When I add a user to a group, only LDAP is changed.

Since I just stumbled across this issue and have been wondering what's wrong, here is a short reminder for next time:

Whenever you update groups in LDAP when using LDAP for users and groups you have to flush the nscd cache to see the new groups immediately. Use

nscd -i

to do this.

pushing routes via DHCP

2010-01-15T18:02:15Z

Since I came across this problem now several times in my home office network as well as at the office, I finally found a viable solution to this issue.

The Problem
When you have a network consisting of several subnets and routers at each of the boundaries looking something like this:

INET <-> router A <-> subnet1 <-> router B <-> subnet2

The issue here is, that clients in subnet1 ideally should know about both routers to reach all networks. By default they only receive one of them as a default gateway. Of course one could set a static route on each client by using some sort of logon script but a more elegant way is to use DHCP for this purpose.

Solution
After some research I finally figured out how to do this. You need to use a feature classless static route¹ which is of course documented in the corresponding RFC3442 (but hardly anywhere else). This option is supported by Windows 2k, XP, and upwards.

So to get dhcpd to serve this new option I did some further googling and came across this post with a solution for dhcpd3 by John Robinson:

# MS routes: adds extras to supplement routers option
option ms-classless-static-routes code 249 = array of integer 8;

# RFC3442 routes: overrides routers option
option rfc3442-classless-static-routes code 121 = array of integer 8;

option routers 172.22.0.1;
option ms-classless-static-routes 24, 172, 22, 99, 172, 22, 0, 1 ;
option rfc3442-classless-static-routes 24, 172, 22, 99, 172, 22, 
0, 1, 0, 172, 22, 0, 1 ;

The first two lines define the new commands to point to the corresponding option codes. These have to be in the global section. The rest of the lines can be specific to any of the other section if desired. The format for the information passed to the options is encoded in the following format:

If you want to supply a static route as follows: 192.168.1.0/24 (equivalent to netmask of 255.255.255.0) with a gateway of 192.168.1.1 you write the address as follows:

option ms-classless-static-routes 24, 192, 168, 1, 192, 168, 1, 1;

As also mentioned in the original post, it is required to supply the default gateway if using classless static routing. In the above example, this is done by the appended route

0, 1, 0, 172, 22, 0, 1 ;

equivalent to a default gateway of 172.22.0.1.

I hope this post will help some people running into the same kind of issues that I came across. Any thoughts welcome.

¹ The option code is 121, grep for that in the RFC for further information

Attacks on browser-based content sniffing

2009-11-09T19:00:00Z

While working on a project I came across the very interesting topic of attacks abusing MIME sniffing in browsers. Obviously this isn't really new but I just didn't have any practical use for it, so I never dove into the details until now. For future reference I decided to write a comprehensive blog post about it here.

MIME Sniffing is a technique implemented by IE >= 4.0 allowing the browser to dynamically guess the content type of downloaded files. Basically the browser analyzes the magic bytes of any downloaded file and decides whether to trust the server's transmitted content type or use its own guess. What IE does is, if there is a mismatch between the content type of the server and the one defined by the magic bytes, then it uses its own content type guess. The problem arises once a website allows users to upload content which is then published on the web server. If an attacker manipulates the content in a way to be accepted by the web app and rendered as HTML by the browser, it is possible to inject code in e.g. an image file and make the victim execute it by viewing said image. For more details read heise online on the topic here³

Quick test for web applications
To quickly assess whether an application is vulnerable to this type of attack, check if the following criteria are fulfilled:

The application allows uploads
The application does no post-processing on the uploaded content
The content is downloadable throught the application
The content is not checked for MIME type mismatches

Try uploading the following PNG file which pretends to be a JPG (pay close attention when downloading the file, some browsers such as FF might append a .PNG at the end, remove this) to the site in question. If a subsequent download of the file returns the exact same file with a content type of JPEG, the app is vulnerable. Opening the file in IE will render an alert box on the screen.

For this to work, you need to direct the browser to the file itself, having it loaded from an image tag inside an HTML page e.g. is not enough

Sidenote: IE 8 is no longer vulnerable to the image based attack².

The same attack also works in PDFs and other types of files. So if the app doesn't allow images but other content to be uploaded, it still needs to be evaluated if such attacks are possible.

How to protect your web app
There are several means of protecting you application from these type of attacks.

If dealing with images, use something like the Image Magick tools to resize or recompress the uploaded images prior to serving them. Any of these operations will remove the attack code⁵.

Microsoft also introduced several HTTP headers to disable content sniffing in IE 8²:

To force the browser to trust the servers content type, use the following additional HTTP header:

X-Content-Type-Options: nosniff

Additionally, it is also a good idea to use Wikipedia's approach as a 2nd line of defense. Use a separate (sub)domain to host your user-uploaded content. With this approach you ensure, that none of the scripts that might potentially be included in the content, are executed in the context of your web application and therefore don't have access to session cookies, etc.

Background

For further background on this type of attack I recommend the paper¹ by Barth et al of UCS Berkeley providing details of the inner workings of MIME sniffing.

Another interesting angle comes into play, once an attacker has control over the server itself. Jose Nazario over at arbor networks blog is describing a phishing attack also based on abusing the MIME sniffing⁴.

¹ Secure Content Snifﬁng for Web Browsers, or How to Stop Papers from Reviewing Themselves by Barth et al. of UCS Berkeley

² IE8 security, Part V IEBlog, Microsoft

³ Risky MIME sniffing in IE heise online

⁴ MIME sniffing and phishing arbor networks security blog

⁵ Watch out for new attack vectors based on buffer overflows in Image Magick, though.

Studie zu Web Application Firewalls veröffentlicht

2009-07-09T21:46:13Z

Basierend auf meiner Diplomarbeit veröffentlicht die OPTIMAbit GmbH heute eine Studie über Web Application Firewall:

München, 09. Juli 2009. Die OPTIMAbit GmbH, Beratungsunternehmen mit Sitz in München und führender Experte zum Thema Anwendungssicherheit, hat eine Studie zu Web Application Firewalls (WAFs) veröffentlicht. Komplett unabhängig werden mehrere Hersteller von WAFs sowie deren Lösungen betrachtet und vorgestellt. Ziel soll es sein, Wissenslücken zu schließen und interessierten Unternehmen theoretisches Wissen und praktische Einblicke anhand von Beispielen zu geben.

Weitere Informationen direkt bei OPTIMAbit

25C3 Day 1

2008-12-28T01:07:33Z

I am currently in Berlin attending the 25th Chaos Communication Congress or 25C3 for short, which is an annual event hosted by the Chaos Computer Club germany's non profit hacker organization.

In contrast to the two other conferences mentioned in this blog so far, the crowd is really different. It looks a lot more like your local universities LAN party but I really like the tight integration of political activism and IT Security. The NOC is doing a pretty good job in having a decent network connection via WLAN for something like 1500 hardcore users and disregarding a few hickups it actually works (see Swisscom Failure at LeWeb).

Some of the talks clearly lack struckture and a good speaker but generally it had been an interesting first day. If you want to follow the 2nd day here is a link to Livestream plus there's also a recording to download here - I haven't tested how well they work.

The keynote presentation by John Gilmore of EFF raised some interesting points but lacked structure and Mr Gilmore seemed a little unprepared at times not sure what to say next.

I did not see a point at all in Sandro's talk on The Trust Situation. It didn't present anything new to the audience at hand and the way it was presented was not focused enough to capture the attention of anyone not knowing the details of the issues discussed. A 20 min introduction to decision theory was just not neccessary.

Steve Murdoch's talk on how to hack PIN entry devices was quite good in illustrating the point that an attacker always goes for the weakest link in a chain first. While a lot of measures were taken by the payment card industry and the manufacturers of these devices, to protect the encryption keys for the uplink communication, they failed to keep attackers from eavesdropping on the communication between the smart card chip and the terminal and therefore allowing access to unencrypted PINs plus all the other banking details transmitted by the chip.

The most insightful talk today for me was a presentation by the iPhone Dev Team - the ones bringing you the pawnage tools - on the inner workings of the security measures on iPhones to protect the system from unauthorized tampering. The first part of the presentation was really good and to the point and I learned a lot here. The second part was a total disaster from a presentation point of few.

Jacob Applebaum presented the well-known cold-boot attacks in a very intelligent, well-rounded presentation called Advanced memory forensics: The Cold Boot Attacks. It was really entertaining and informative, although I had already read enough about the topic before. He also announced a much more interesting talk Making the theoretical possible on day 4, which I will sadly miss but am sure to watch as a video clip.

Le Web 08

2008-12-02T22:34:23Z

Even though I'm currently covered with work all the way up to my neck, I will be attending Le Web '08 conference in Paris next week. After listening to some of last years speakers I was convinced that this promises to be a very inspirational and exciting event.

I'm looking forward to meeting a lot of interesting people there and to embrace this opportunity to think about new ideas.

Anyone else going? Please leave a comment or ping me, so we can meet.

Below is a video about the conference program and the speakers.

[ This trip on dopplr ]

WPA crack

2008-11-08T11:46:49Z

In case someone has missed the news: There is a weakness discovered in the TKIP protocol rendering WPA protected WiFi networks vulnerable to individual packet decryption. Some details from the ars technica article:

With the Tews/Beck method, an attacker sniffs a packet, makes minor modifications to affect the checksum, and checks the results by sending the packet back to the access point. "It's not a key recovery attack," Tews said, "It just allows you to do the decryption of individual packets." This approach works only with short packets, but could allow ARP (Address Resolution Protocol) poisoning and possibly DNS (Domain Name Service) spoofing or poisoning.

To make a long story short, protect yourself by not using TKIP but switching to AES to encrypt keys.

On a side note: It seems that Apple's airport extreme uses TKIP in WPA/WPA2 mode and relies on AES in WPA2 only mode.

WJAX Session Web App Firewalls

2008-11-06T12:02:01Z

I have just finished a talk on Web Application Firewalls at this years WJAX conference in Munich.

Here's an abstract of the contents of the speech:

A number of open source and commercial Web Application Firewalls (WAF) promise "all around" protection, freeing developers from the burden of dealing with security, while increasing the overall security level. This session presents the results of a study, clarifies where it makes sense to deploy a WAF and how to use it. Further topics are performance evaluations, details about rulesets, automatic learning features as well as maintenance and what level of interaction with developers is required.

The audience was particularly interested in the practical aspects of the study and comparison between different product vendors and on how the tests were executed.

The study covers the following products:

BigIP by F5 Networks
NetScaler by Citrix
mod_security (open source)
hyperguard by art of defence
rWeb by deny all

OPTIMAbit will make the extended results of the study available to its customers by the end of the year.

For further information please contact me directly or refer to Bruce Sams of optima.
Thanks again to all vendors for supporting the study by supplying test machines and/or licenses.

Vulnerabilities in Confluence

2008-11-02T18:55:17Z

Working on a penetration test for a large insurance company in cooperation with OPTIMAbit I discovered several critical security issues in a professional WIKI product called Confluence that is sold by Atlassian to corporate customers.

The vendor offers an open ticket system to directly report security issues to development. Vendor response was very quick and a new release of the product fixing all reported vulnerabilities was issued within 1 month of reporting.

The reported vulnerabilities included several Cross Site Scripting and one critical privilege escalation issue. For further information please refer to Atlassian's security advisory.

I also want to thank Atlassian for giving proper credits for helping them solve these issues.

New professional blog

2008-11-02T17:51:29Z

I have just finished setting up movable type 4 to host my new professional blog. The design is currently just the default template due to a lack of time but will be updated in the near future.

MT4 offers some new nifty things like seesmic video comments and activity streams, which allow integration of web 2.0 profiles into this blog.

I will be experimenting with these features in the near future as well.

For now, all that matters is getting the content out.

The purpose of this website is to document news revolving around my professional life as an IT consultant and software engineer. I hope you will enjoy the upcoming posts.