[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [NTSEC] SKIPJACK / NT4.0 (SP3?) (fwd)
-----BEGIN PGP SIGNED MESSAGE-----
Since I've had so many people either ask what s/w was installed on this box,
or else claim that "J.A. must be on crack! :-)", here is the breakdown...
NT4.0; SP3; Every post SP3 hotfix through the third week of December; NT4.0
Server Resource Kit; I.E. 3.02 with Java VM pkg installed; PGP 5.0
Commercial; Adobe Photoshop 4.0 with a couple of special filter plugins;
Adobe Illustrator 4.something, no addons; Adobe Premier with no addons;
Micrographics Webtricity; Front Page 97 with assorted HotFixes; Outlook 97
with assorted HotFixes; TCL/TK; J++; Java 1.something with SDK; WordPerfect
Suite 7.something. Obviously, this is on a Web Authoring station, so there
is absolutely no reason for any of the above programs to be playing around
with Skipjack... Never the less... I brought up a testbed system over the
Xmas break, using the same install packages that I used to build the
workstation in question. No sign of ANY ciphers: Skipjack or anything else!
Which makes sense. The question now is just how in the h%@#& did it get here
in the first place? And why are my others ciphers explicitly disabled for
SSL? This is a really disturbing finding. I am more concerned that Skipjack
was *silently* installed than anything else: I have plans to completely
reinstall all of the software from scratch on this particular box, and then
enable full key ACL logging in an attempt to find out how it got there.
I am VERY concerned about this! The ONLY way I can conceive of this machine
having this configuration is if it was silently downloaded to the machine
during a W3 session. And it would NOT likely have been an SSL session: We do
absolutely NO on-line transactions here. If Skipjack is being silently, I
want to know by whom, and for what purpose. OK, maybe I'm just paranoid, or
smoking crack, but I spent several years in the late '80's working in COMSEC,
and the scenario which first comes to mind is not too far-fetched (at least
for me) to be believable...
It is most definitely an SSL 3 supported cipher but unless you have the
token or such,
then it is not going to be used for anything, and then only if you try to
connect
to a Skipjack (ie. fortezza) site. I doubt you have the code as it is
classified and available (at this time) only in hardware. Don't sweat it,
it looks like it's just a hook or .....
What environment/flavor of stuff are you running?
I can help you with this if you want to contact me off the list.
At 11:45 AM 12/26/97 -0500, Ray Arachelian wrote:
>Now this is interesting! :) (Either that or JA is smoking crack... - no
>idea on JA's reputation capital though...)
>
>=====================================Kaos=Keraunos=Kybernetos==============
>.+.^.+.| Ray Arachelian |Prying open my 3rd eye. So good to see |./|\.
>..\|/..|[email protected]|you once again. I thought you were |/\|/\
><--*-->| ------------------ |hiding, and you thought that I had run |\/|\/
>../|\..| "A toast to Odin, |away chasing the tail of dogma. I opened|.\|/.
>.+.v.+.|God of screwdrivers"|my eye and there we were.... |.....
>======================= http://www.sundernet.com ==========================
>
>---------- Forwarded message ----------
>Date: Wed, 24 Dec 1997 01:29:07 -0600
>From: "J.A. Terranson" <[email protected]>
>To: 'NT Security Listserv' <[email protected]>
>Subject: [NTSEC] SKIPJACK / NT4.0 (SP3?)
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>I was rooting around in the registry tonight, (looking to repair my own
>stupidity!),
>and guess what I saw? SKIPJACK is installed, and ENABLED! I have NOT
>(now would I EVER) installed it voluntarily, and Micro$loth only advertises
>the
>"standard" ciphers (which I also found).
>
>Is anyone else aware of this? Is it safe to delete the key (and code?
>Hopefully
>this is DLL driven: I'm still looking!).
>
>Also, anyone know what it was put there for? It's certainly not what I
would
>
>consider an SSL issue!
>
>J.A. Terranson
>[email protected]
>A small fading light in a vast and obscure universe...
>
>PROTECT YOUR RIGHT TO PRIVACY - ENCRYPT!
>PGP/DSS: 0x12896749 FP: 63F2 1777 BC38 AC1E 3359
> 0B0E C6C0 ED6B 1289 6749
>PGP/RSA: 0x9D85DF05 FP: 810C 25E9 7DD3 C157
> 3081 A202 DDFD 4245
>If Government wants us to behave, it should set a better example!
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP for Personal Privacy 5.0
>Charset: noconv
>
>iQEVAwUBNKC5wqAMF5Wdhd8FAQFsDQgAkietW1awMFDE9ZY5d9B+Zc0cGuGxlPC+
>XzVy6+RleDngUecSAf8MbZZlTDDyN69liKG2Of0n+pZnlJSbKZWZiG0cRN592bbL
>xCF/cwgNdJi1/HTA/mDZ7fpRT1phCMi/b2U3XXyV3QG2fv+Z8M5o4LjykYT+u4Lt
>aEkfedFZKjkURO+artvGFnISfVxAMwpW0TfdbxE2Izw8iSjX2w+4aT0ub+Ck3OA4
>X3Bek8ZPhbmsf9lIfBSe38ZPMZGrk7VwTPaMo7JiU5MM58OmCMaodKlwyxfsptKf
>khLnbWJbwHrlbW2yXL7nh7Ttnxv1WJ6BHaaJhxX/5EWSU4xAc/FjaQ==
>=jsvV
>-----END PGP SIGNATURE-----
>
>Attachment Converted: "F:\GDW\Mail\[NTSEC] SKIPJACK NT4.0 (SP3)"
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBNKRqWaAMF5Wdhd8FAQEoawf+PlZlxSUBhsO1Pj37arRPt0YDIiCX0e5K
UzKIOyIk82Q3s2py5LQmqUv8hrqIY2NxTcn2DaNYm4yS2UOgKDfgfJbswmWdRlYZ
UHOt+ROiUn5P7qJqMThKHxE2EnQKhhtyiRJaUYgilGbgKCAAs/YYtP5uu7XOfd3l
u9TNmZwz6GCUv3+QrGXBi3g5+KQkzNZ/4cJLn+LYV5dGBzbGAsnSaAjQ+Kai0Xs9
tNTLZjM2wWvUDU7BNUYu/mHyY+ltiURgaqUSQpz9VV3y6SOlyh/Oef2JMtZtYkVc
K8EkebhEQNQ4uECxChyGYsmiuDmnt8yCYeX3moCcu+szHebQ/YyPeA==
=KIsG
-----END PGP SIGNATURE-----