BlendIT BSD Cafe - Security News
tech.michaelaltfield.net
# 3TOFU: Verifying Unsigned Releases **By Michael Altfield** License: CC BY-SA 4.0 https://tech.michaelaltfield.net This article introduces the concept of \"3TOFU\" \-- a harm-reduction process when downloading software that cannot be verified cryptographically. | [](https://tech.michaelaltfield.net/2024/08/04/3tofu/) | |:--:| | Verifying Unsigned Releases with [3TOFU](https://tech.michaelaltfield.net/2024/08/04/3tofu/) | > ⚠ NOTE: This article is about harm reduction. > > It is dangerous to download and run binaries (or code) whose authenticity you cannot verify (using a cryptographic signature from a key stored offline). However, sometimes we cannot avoid it. If you\'re going to proceed with running untrusted code, then following the steps outlined in this guide may reduce your risk. # TOFU TOFU stands for [Trust On First Use](https://en.wikipedia.org/wiki/Trust_on_first_use). It\'s a ([often abused](https://security.stackexchange.com/a/238912/213165)) concept of downloading a person or org\'s signing key and just blindly trusting it (instead of [verifying it](https://en.wikipedia.org/wiki/Web_of_trust)). ## 3TOFU 3TOFU is a process where a user downloads something three times at three different locations. If-and-only-if all three downloads are identical, then you trust it. # Why 3TOFU? During the [Crypto Wars](https://en.wikipedia.org/wiki/Crypto_Wars) of the 1990s, it was illegal to export cryptography from the United States. In 1996, after intense public pressure and [legal challenges](https://en.wikipedia.org/wiki/Bernstein_v._United_States), the government officially permitted export with the 56-bit [DES cipher](https://en.wikipedia.org/wiki/Data_Encryption_Standard) \-- which was a known-[vulnerable](https://en.wikipedia.org/wiki/Data_Encryption_Standard#Chronology) cipher. | [](https://tech.michaelaltfield.net/2024/08/04/3tofu/) | |:--:| | The EFF\'s [Deep Crack](https://en.wikipedia.org/wiki/EFF_DES_cracker) proved DES to be insecure and pushed a switch to 3DES. | But there was a simple way to use insecure DES to make secure messages: **just use it three times**. 3DES (aka \"[Triple DES](https://en.wikipedia.org/wiki/Triple_DES)\") is the process encrypting a message using the insecure symmetric block cipher (DES) three times on each block, to produce an actually secure message (from known attacks at the time). 3TOFU (aka \"Triple TOFU\") is the process of downloading a payload using the insecure method (TOFU) three times, to obtain the payload that\'s magnitudes less likely to be maliciously altered. # 3TOFU Process To best mitigate targeted attacks, 3TOFU should be done: 1. On **three distinct days** 2. On **three distinct machines** (or VMs) 3. Exiting from **three distinct countries** 4. Exiting using **three distinct networks** For example, I\'ll usually execute - **TOFU #1/3** in TAILS (via **Tor**) - **TOFU #2/3** in a Debian VM (via **VPN**) - **TOFU #3/3** on my daily laptop (via **ISP**) The possibility of an attacker maliciously modifying something you download over your ISP\'s network are quite high, depending on which country you live-in. The possibility of an attacker maliciously modifying something you download onto a VM with a freshly installed OS over an encrypted VPN connection (routed internationally and exiting from another country) is much less likely, but still possible \-- especially for a [well-funded adversary](https://en.wikipedia.org/wiki/Advanced_persistent_threat). The possibility of an attacker maliciously modifying something you download onto a VM running a hardened OS (like [Whonix](https://www.whonix.org/) or [TAILS](https://tails.net/)) using a hardened browser (like [Tor Browser](https://www.torproject.org/download/)) over an anonymizing network (like Tor) is quite unlikely. **The possibility for someone to execute a network attack on all three downloads is very near-zero** \-- especially if the downloads were spread-out over days or weeks. ## 3TOFU bash Script I provide the following bash script as an example snippet that I run for each of the 3TOFUs. ``` REMOTE_FILES="https://tails.net/tails-signing.key" CURL="/usr/bin/curl" WGET="/usr/bin/wget --retry-on-host-error --retry-connrefused" PYTHON="/usr/bin/python3" # in tails, we must torify if [[ "`whoami`" == "amnesia" ]] ; then CURL="/usr/bin/torify ${CURL}" WGET="/usr/bin/torify ${WGET}" PYTHON="/usr/bin/torify ${PYTHON}" fi tmpDir=`mktemp -d` pushd "${tmpDir}" # first get some info about our internet connection ${CURL} -s https://ifconfig.co/country | head -n1 ${CURL} -s https://check.torproject.org | grep Congratulations | head -n1 # and today's date date -u +"%Y-%m-%d" # get the file for file in ${REMOTE_FILES}; do wget ${file} done # checksum date -u +"%Y-%m-%d" sha256sum * # gpg fingerprint gpg --with-fingerprint --with-subkey-fingerprint --keyid-format 0xlong * ``` Here\'s one example execution of the above script (on a debian DispVM, executed with a VPN). ``` /tmp/tmp.xT9HCeTY0y ~ Canada 2024-05-04 --2024-05-04 14:58:54-- https://tails.net/tails-signing.key Resolving tails.net (tails.net)... 204.13.164.63 Connecting to tails.net (tails.net)|204.13.164.63|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 1387192 (1.3M) [application/octet-stream] Saving to: ‘tails-signing.key’ tails-signing.key 100%[===================>] 1.32M 1.26MB/s in 1.1s 2024-05-04 14:58:56 (1.26 MB/s) - ‘tails-signing.key’ saved [1387192/1387192] 2024-05-04 8c641252767dc8815d3453e540142ea143498f8fbd76850066dc134445b3e532 tails-signing.key gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa4096/0xDBB802B258ACD84F 2015-01-18 [C] [expires: 2025-01-25] Key fingerprint = A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F uid Tails developers (offline long-term identity key) <tails@boum.org> uid Tails developers <tails@boum.org> sub rsa4096/0x3C83DCB52F699C56 2015-01-18 [S] [expired: 2018-01-11] sub rsa4096/0x98FEC6BC752A3DB6 2015-01-18 [S] [expired: 2018-01-11] sub rsa4096/0xAA9E014656987A65 2015-01-18 [S] [revoked: 2015-10-29] sub rsa4096/0xAF292B44A0EDAA41 2016-08-30 [S] [expired: 2018-01-11] sub rsa4096/0xD21DAD38AF281C0B 2017-08-28 [S] [expires: 2025-01-25] sub rsa4096/0x3020A7A9C2B72733 2017-08-28 [S] [revoked: 2020-05-29] sub ed25519/0x90B2B4BD7AED235F 2017-08-28 [S] [expires: 2025-01-25] sub rsa4096/0xA8B0F4E45B1B50E2 2018-08-30 [S] [revoked: 2021-10-14] sub rsa4096/0x7BFBD2B902EE13D0 2021-10-14 [S] [expires: 2025-01-25] sub rsa4096/0xE5DBA2E186D5BAFC 2023-10-03 [S] [expires: 2025-01-25] ``` The TOFU output above shows that the release signing key from the TAILS project is a 4096-bit RSA key with a full fingerprint of \"`A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F`\". The key file itself has a sha256 hash of \"`8c641252767dc8815d3453e540142ea143498f8fbd76850066dc134445b3e532`\". When doing a 3TOFU, save the output of each execution. After collecting output from all 3 executions (intentionally spread-out over 3 days or more), diff the output. If the output of all three TOFUs match, then the confidence of the file\'s authenticity is very high. # Why do 3TOFU? Unfortunately, many developers think that hosting their releases on a server with https is sufficient to protect their users from obtaining a maliciously-modified release. But https won\'t protect you if: 1. Your DNS or publishing infrastructure is compromised ([it happens](https://github.com/cncf/tag-security/tree/main/supply-chain-security/compromises)), or 2. An attacker has just one (subordinate) CA in the user\'s PKI root store ([it happens](https://security.stackexchange.com/questions/234052/where-can-i-find-a-list-of-all-government-agencies-with-cas-in-pki-root-stores)) Generally speaking, publishing infrastructure compromises are detected and resolved within days and MITM attacks using compromised CAs are targeted attacks (to avoid detection). Therefore, a 3TOFU verification should thwart these types of attacks. > ⚠ Note on hashes: Unfortunately, many well-meaning developers erroneously think that cryptographic hashes provide authenticity, but cryptographic hashes do not provide authenticity \-- they provide integrity. > > Integrity checks are useful to detect corrupted data on-download; it does not protect you from maliciously altered data unless those hashes are cryptographically signed with a key whose private key isn\'t stored on the publishing infrastructure. # Improvements There are some things you can do to further improve the confidence of the authenticity of a file you download from the internet. ## Distinct Domains If possible, download your payload from as many distinct domains as possible. An adversary may successfully compromise the publishing infrastructure of a software project, but it\'s far less likely for them to compromise the project website (eg \'`tails.net`\') *and* their forge (eg \'`github.com`\') *and* their mastodon instance (eg \'`mastodon.social`\'). ## Use TAILS | [](https://tech.michaelaltfield.net/2024/08/04/3tofu/) | |:--:| | [TAILS](https://tails.net/) is by far the best OS to use for security-critical situations. | If you are a high-risk target (investigative journalist, activist, or political dissident) then you should definitely use [TAILS](https://tails.net/) for one of your TOFUs. ## Signature Verification It\'s always better to verify the authenticity of a file using cryptographic signatures than with 3TOFU. Unfortunately, some companies like [Microsoft don\'t sign their releases](https://superuser.com/questions/1623134/how-to-cryptographically-verify-the-authenticity-and-integrity-of-microsoft-wind), so the only option to verify the authenticity of something like a Windows `.iso` is with 3TOFU. Still, whenever you encounter some software that is not signed using an offline key, please do us all a favor and [create a bug report](https://github.com/freedomofpress/dangerzone/issues/761) asking the [developer to sign](https://github.com/osTicket/osTicket/issues/5750) their releases with PGP (or minisign or signify or *something*). ## 4TOFU 3TOFU is easy because [Tor is free](https://www.torproject.org/download/) and most people have access to a VPN (corporate or [commercial](https://www.privacyguides.org/en/vpn/) or an [ssh socks proxy](/2015/05/31/tor-vpn-in-tails-to-bypass-tor-blocking/)). But, if you\'d like, you could also add [i2p](https://en.wikipedia.org/wiki/I2P) or some [other proxy network](https://en.wikipedia.org/wiki/Internet_censorship_circumvention#Software) into the mix (and do 4TOFU).
www.buskill.in
We're happy to announce that [BusKill is presenting at DEF CON 32](https://www.buskill.in/defcon32/). **What: Open Hardware Design for BusKill Cord When: 2024-08-10 12:00 - 13:45 Where: W303 – Third Floor – LVCC West Hall** | [](https://www.buskill.in/defcon32/) | |:--:| | [BusKill is presenting at DEF CON 32](https://www.buskill.in/defcon32/) | via [@Goldfishlaser@lemmy.ml](https://lemmy.ml/u/Goldfishlaser) # What is BusKill? BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer. | [](https://www.buskill.in/#demo) | |:--:| | *Watch the [BusKill Explainer Video](https://www.buskill.in/#demo) for more info [youtube.com/v/qPwyoD_cQR4](https://www.youtube.com/v/qPwyoD_cQR4)* | If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device. # What is DEF CON? DEF CON is a yearly hacker conference in Las Vegas, USA. | [](https://www.buskill.in/defcon32/) | |:--:| | *Watch the [DEF CON Documentary](https://www.youtube.com/watch?v=3ctQOmjQyYg) for more info [youtube.com/watch?v=3ctQOmjQyYg](https://www.youtube.com/watch?v=3ctQOmjQyYg)* | # What is BusKill presenting at DEF CON? I ([goldfishlaser](https://github.com/goldfishlaser)) will be presenting **Open Hardware Design for BusKill Cord** in a Demo Lab at DEF CON 32. **What: Open Hardware Design for BusKill Cord When: Sat Aug 10 12PM – 1:45PM Where: W303 – Third Floor – LVCC West Hall** Who: Melanie Allen ([goldfishlaser](https://github.com/goldfishlaser)) [More info](https://forum.defcon.org/node/249627) ## Talk Description BusKill is a Dead Man Switch triggered when a magnetic breakaway is tripped, severing a USB connection. I’ve written OpenSCAD code that creates a 3D printable file for plastic parts needed to create the magnetic breakaway. Should anyone need to adjust this design for variations of components, the code is parameterized allowing for easy customization. To assemble a BusKill Dead Man Switch cord you will need: 1. a usb-a extension cord, 2. a usb hard drive capable of being attached to a carabiner, 3. a carabiner, 4. the plastic pieces in this file, 5. a usb female port, 6. a usb male, 7. 4 magnets, 8. 4 pogo pins, 9. 4 pogo receptors, 10. wire, 11. 8 screws, 12. and BusKill software. | [](https://www.buskill.in/defcon32/) | |:--:| | Golden DIY BusKill Print | Full BOM, glossary, and assembly instructions are included in the [github repository](https://github.com/BusKill/usb-a-magnetic-breakaway). The room holds approx. 70 attendees seated. I’ll be delivering 3 x 30 min presentations – with some tailoring to what sort of audience I get each time. ## Meet Me @ DEF CON If you'd like to find me and chat, I'm also planning to attend: - ATL Meetup (DCG Atlanta Friday: 16:00 – 19:00 \| 236), - Hacker Kareoke (Friday and Sat 20:00-21:00 \| 222), - Goth Night (Friday: 21:00 – 02:00 \| 322-324), - QueerCon Mixer (Saturday: 16:00-18:00 \| Chillout 2), - EFF Trivia (Saturday: 17:30-21:30 \| 307-308), and - Jack Rysider’s Masquerade (Saturday: 21:00 – 01:00 \| 325-327) I hope to print many fun trinkets for my new friends, including some BusKill keychains. | [](https://www.buskill.in/defcon32/) | |:--:| | Come to my presentation @ DEF CON for some free BusKill swag | By attending DEF CON, I hope to make connections and find collaborators. I hope during the demo labs to find people who will bring fresh ideas to the project to make it more effective.
Kaspersky Ban: Is Kaspersky Spyware? by The PC Security Channel [https://www.youtube.com/watch?v=7XjH0EVVMeM](https://www.youtube.com/watch?v=7XjH0EVVMeM) alternative link: [https://jouwbuis.nl/watch?v=7XjH0EVVMeM](https://jouwbuis.nl/watch?v=7XjH0EVVMeM) [@security](https://blendit.bsd.cafe/c/security) [#security](https://mastodon.bsd.cafe/tags/security) [#antivirus](https://mastodon.bsd.cafe/tags/antivirus) [#malware](https://mastodon.bsd.cafe/tags/malware)
How you get Hacked: what attackers use today by The PC Security Channel [https://www.youtube.com/watch?v=STjqHxJoYKs](https://www.youtube.com/watch?v=STjqHxJoYKs) alternative link: [https://jouwbuis.nl/watch?v=STjqHxJoYKs](https://jouwbuis.nl/watch?v=STjqHxJoYKs) My comment: I don't think video presented something new for me. And at this point i need to release my rage towards "content creators" that teach You something and they use tools by company that paid for ad... In Polish youtube, i found great video about making "own VPN" - why i didn't liked video? because You didn't build "your own VPN from scratch" or something, but by using cloud\*hit solution ... Imagine learning anything from youtube. [\#security](https://mastodon.bsd.cafe/tags/security) [#learning](https://mastodon.bsd.cafe/tags/learning) [#youtube](https://mastodon.bsd.cafe/tags/youtube) [#thoughts](https://mastodon.bsd.cafe/tags/thoughts) [@security](https://blendit.bsd.cafe/c/security)
IT Security Weekend Catch Up – March 1, 2024 by badcyber [https://badcyber.com/it-security-weekend-catch-up-march-1-2024/](https://badcyber.com/it-security-weekend-catch-up-march-1-2024/) [@security](https://blendit.bsd.cafe/c/security) [#security](https://mastodon.bsd.cafe/tags/security)
ONCD Leaders Call for a Memory Safe Future [https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/video-technical-report-launch/](https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/video-technical-report-launch/) Link to technical report: [https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf](https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf) Additional reading: "NSA Releases Guidance on How to Protect Against Software Memory Safety Issues" [https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3215760/nsa-releases-guidance-on-how-to-protect-against-software-memory-safety-issues/](https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3215760/nsa-releases-guidance-on-how-to-protect-against-software-memory-safety-issues/) "The Case for Memory Safe Roadmaps" [https://www.cisa.gov/sites/default/files/2023-12/The-Case-for-Memory-Safe-Roadmaps-508c.pdf](https://www.cisa.gov/sites/default/files/2023-12/The-Case-for-Memory-Safe-Roadmaps-508c.pdf) [@security](https://blendit.bsd.cafe/c/security) [#security](https://mastodon.bsd.cafe/tags/security) [#programming](https://mastodon.bsd.cafe/tags/programming)
IT Security Weekend Catch Up – February 23, 2024 [https://badcyber.com/it-security-weekend-catch-up-february-23-2024/](https://badcyber.com/it-security-weekend-catch-up-february-23-2024/) [@security](https://blendit.bsd.cafe/c/security) [\#security](https://mastodon.bsd.cafe/tags/security)
US offers $15 million bounty for info on LockBit ransomware gang [https://www.bleepingcomputer.com/news/security/us-offers-15-million-bounty-for-info-on-lockbit-ransomware-gang/](https://www.bleepingcomputer.com/news/security/us-offers-15-million-bounty-for-info-on-lockbit-ransomware-gang/) [\#crime](https://mastodon.bsd.cafe/tags/crime) [#security](https://mastodon.bsd.cafe/tags/security) [@security](https://blendit.bsd.cafe/c/security)
Malware Statistics for 2024: Trends, Targets and Threat Actors by Gary Smith "Last year, 81% of organizations faced malware threats, phishing attacks, and password attacks." If that's true, please buy 2 x yubikey (one for backup), and start using password manager. It's effective against phishing. Learn ykman! [https://www.stationx.net/malware-statistics/](https://www.stationx.net/malware-statistics/) [@security](https://blendit.bsd.cafe/c/security) [#security](https://mastodon.bsd.cafe/tags/security) [#malware](https://mastodon.bsd.cafe/tags/malware)
IT Security Weekend Catch Up – February 17, 2024 by badcyber [https://badcyber.com/it-security-weekend-catch-up-february-17-2024/](https://badcyber.com/it-security-weekend-catch-up-february-17-2024/) [@security](https://blendit.bsd.cafe/c/security) [#security](https://mastodon.bsd.cafe/tags/security)
Backdoors that let cops decrypt messages violate human rights, EU court says One of comments about the title: "Contrary to what the headline says, the European Court of Human Rights in Strasbourg, France, is not an EU court. It is part of the Council of Europe, which is older than the EU and has more members, and is mainly concerned with human rights related issues. The EU has its own Court, the Court of Justice of the European Union (CJEU) in Luxembourg. Edit: just to add, the article gets all the nuances right and refers to the Council of Europe and even to possible endorsement by the CJEU, so the problem is only with the headline." [https://arstechnica.com/tech-policy/2024/02/human-rights-court-takes-stand-against-weakening-of-end-to-end-encryption/](https://arstechnica.com/tech-policy/2024/02/human-rights-court-takes-stand-against-weakening-of-end-to-end-encryption/) Another article + discussion [https://news.ycombinator.com/item?id=39369653](https://news.ycombinator.com/item?id=39369653) [@security](https://blendit.bsd.cafe/c/security) [#security](https://mastodon.bsd.cafe/tags/security) [#EU](https://mastodon.bsd.cafe/tags/EU) [#E2EE](https://mastodon.bsd.cafe/tags/E2EE)
Current 2024 Top 10 List of Scams and Frauds [https://www.consumerfraudreporting.org/current\_top\_10\_scam\_list.php](https://www.consumerfraudreporting.org/current_top_10_scam_list.php) [@security](https://blendit.bsd.cafe/c/security) [#scam](https://mastodon.bsd.cafe/tags/scam) [#security](https://mastodon.bsd.cafe/tags/security) [#social\_engineering](https://mastodon.bsd.cafe/tags/social_engineering) [\#socialengineering](https://mastodon.bsd.cafe/tags/socialengineering)
IT Security Weekend Catch Up – February 9, 2024 by badcyber [https://badcyber.com/it-security-weekend-catch-up-february-9-2024/](https://badcyber.com/it-security-weekend-catch-up-february-9-2024/) [@security](https://blendit.bsd.cafe/c/security)
Nearly 11 million SSH servers vulnerable to new Terrapin attacks [https://www.bleepingcomputer.com/news/security/nearly-11-million-ssh-servers-vulnerable-to-new-terrapin-attacks/](https://www.bleepingcomputer.com/news/security/nearly-11-million-ssh-servers-vulnerable-to-new-terrapin-attacks/) [@security](https://blendit.bsd.cafe/c/security) [\#Security](https://mastodon.bsd.cafe/tags/Security) [#Infosec](https://mastodon.bsd.cafe/tags/Infosec)
Samsung hit by new data breach impacting UK store customers [https://www.bleepingcomputer.com/news/security/samsung-hit-by-new-data-breach-impacting-uk-store-customers/](https://www.bleepingcomputer.com/news/security/samsung-hit-by-new-data-breach-impacting-uk-store-customers/) [@security](https://blendit.bsd.cafe/c/security) [\#Security](https://mastodon.bsd.cafe/tags/Security) [#Infosec](https://mastodon.bsd.cafe/tags/Infosec) [#DataBreach](https://mastodon.bsd.cafe/tags/DataBreach)
Our community is a gathering place for experts, beginners, and everyone passionate about digital security. Here, we delve into the latest trends and updates in cybersecurity, from emerging threats to innovative defense strategies. Join our engaging discussions, share your insights, and stay ahead in the ever-evolving world of cyber protection. Remember, mutual respect and politeness are key in our discussions. Dive in and be part of a community where safeguarding digital realms is not just a topic, but a shared commitment!
BlendIT BSD Cafe - Security News
!security@blendit.bsd.cafeWelcome to Security News, the dedicated hub for cybersecurity enthusiasts within the BSD Cafe! Our community is a gathering place for experts, beginners, and everyone passionate about digital security. Here, we delve into the latest trends and updates in cybersecurity, from emerging threats to innovative defense strategies. Join our engaging discussions, share your insights, and stay ahead in the ever-evolving world of cyber protection. Remember, mutual respect and politeness are key in our discussions.
Dive in and be part of a community where safeguarding digital realms is not just a topic, but a shared commitment!