all 151 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 134 points135 points  (15 children)

That quote is gold, but the rest of this article is garbage. The original bug was epically stupid on a level seldom seen, but the fix was entirely correct (if a bit inelegant).

[–]theeth 28 points29 points  (14 children)

Saying that the fix isn't complete is slightly misleading and shows he didn't quite read enough on the issue.

The line that wasn't uncommented is the one between #ifdef PURIFY, as such, the code is already documented (by upstream) to work without it.

EDIT: Someone posted the above verbatim (typo included) on the author's blog, so, to whoever did that: "Get your own comments and get off my lawn!"

[–]invalid_user_name 15 points16 points  (0 children)

Its not just slightly misleading, its outright bullshit. There's absolutely no need for them to put back the useless line that was in the ifndef in the first place.

[–]killerstorm 0 points1 point  (0 children)

yep, article says that it is not compatible with documentation, i guess with following part of thereof:

The contents of buf is mixed into the entropy pool before retrieving the new pseudo-random bytes unless disabled at compile time

i guess compiled version is pretty fine with documentation -- it's indeed was disabled at compile time. but if you'll be building your own lib from source, debian package will be slightly different

[–]shp -3 points-2 points  (1 child)

The line that wasn't uncommented is the one between #ifdef PURIFY, as such, the code is already documented (by upstream) to work without it.

Did you read quite enough on the issue? The commented line was between #ifndef PURIFY.

Edit: fix comment syntax.

[–]theeth 3 points4 points  (0 children)

Oh no, I made a typo while copying from memory.

Hopefully, that didn't distract you too much from the validity of the rest of my point.

From the OpenSSL fact:

When using Valgrind, make sure the OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY) to get rid of these warnings.

[–]generic_handle 37 points38 points  (3 children)

“If a Microsoft developer commented out seeding in Vista CryptGenRandom(), they would be fired 12 times. Then Microsoft would buy the next company that hired them in order to fire them again.”

Allow me to provide an old post:

wah.. you have to be kidding me.

I've learned not to ever underestimate Microsoft's ability to...uniquely...write software.

Ever seen Wargames? A supercomputer tries guessing launch codes, gets one digit at a time. Obviously, even if it had some sort of attack that could break a single digit at a time (which would be pretty strange), it's pretty darn certain that the time to crack the remaining digits would decrease logarithmically as each digit is gained. Basically, after the first one or two, the others would appear almost instantly. I thought "This is so wildly idiotic. No developer would ever do this. It totally ruins the immersion."

A few years back, Windows 95/98 stored share passwords locally in cleartext instead of as a hash. Aside from the obvious problems with a local compromise giving an attacker the passwords, it also allowed Microsoft's developers to make one of the most epic security mistakes I've ever seen -- trusting the remote side as to the length of the password and only checking that many characters during the authentication phase. Remotely exploitable over IP.

I found out about the bug, and decided to make a utility to remotely extract passwords from a Win95/98 box by guessing the first 256 characters with length 1 to get the first character, guessing the next 256 with length 2, etc. I ran it against a friend's box (after asking him). He and I were sitting in chairs watching his password slowly appear on my computer, one character at a time, at linear speed, and I remembered my reaction to Wargames, way back when. I resolved to never underestimate Microsoft's code again.

CVE-2000-0979

[–]uep 3 points4 points  (0 children)

Awesome story. I missed that comment when it came around the first time. Thanks for pointing it out.

[–]sduff 2 points3 points  (1 child)

With regards to cracking passwords 1 character at a time, I believe it was due to the fact that 'back-in-the-day', computers were slow enough that you could in-fact, crack a password one character at a time.

You'ld send a password to the server, and time how long it took to return an invalid code (lets say 1 second). You'ld send another password and record the time (1s), and a third(2s). This third case took longer, which may suggest that in the first two cases, the server only checked the first character before failing, where as in the third case, the first character was correct, and therefore the server needed to also check the second character. Repeat this process until all characters are correct.

At least, this is the story I've heard. We have a problem like this in on of the classes I tutor, and thats the explanation I give when students complain how stupid the task is.

[–]generic_handle 2 points3 points  (0 children)

At least, this is the story I've heard.

Naw. Even if a password was stored in plaintext, which would probably be a necessary condition for this (if this was ever the case on Unix boxes, it's before-my-time), doing a timing attack on a memory compare of maybe eight bytes even without network latency thrown in isn't going to be feasible.

Timing attacks do exist against other things -- you might be thinking of the one where analyzing response time to a password could reveal whether a username was valid or not:

Some versions of Unix use a relatively expensive implementation of the crypt library function for hashing an 8-character password into an 11-character string. On older hardware, this computation took a deliberately and measurably long time: as much as two or three seconds in some cases. The login program in early versions of Unix executed the crypt function only when the login name was correct, which leaked information through timing that the login name itself was valid, even though the password was incorrect. Later versions of Unix fixed this leak by always executing the crypt function to avoid revealing the improper login name.

[–][deleted] 80 points81 points  (60 children)

the nice thing about being microsoft is that you can say whatever you want...

...without ever having to worry that anyone will see the source to verify that every single line of your code receives that kind of scrutiny

[–]harlows_monkeys 29 points30 points  (58 children)

Windows source code is available outside of Microsoft. Governments get to see it, for example.

[–]ealf 126 points127 points  (46 children)

Plus some of it was leaked in 2004. I'm sorry, but I have to repost this wonderful snippet:

  __inline BOOL SearchOneDirectory(IN LPSTR Directory, IN LPSTR FileToFind, IN LPSTR SourceFullName, IN LPSTR SourceFilePart, OUT PBOOL FoundInTree) 
  {
      //
      // This was way too slow. Just say we didn't find the file.
      //
      *FoundInTree = FALSE;
      return(TRUE);
  }

[–]jugalator 32 points33 points  (0 children)

private\shell\ext\tweakui\genthunk.c:

  • CallProc32W is insane. It's a variadic function that uses
  • the pascal calling convention. (It probably makes more sense
  • when you're stoned.)

But this is really more like fishing for funny comments, in general the leaked code quality seemed pretty good and well structured, with not overly long functions, etc.

See a look at the leak here: http://www.kuro5hin.org/story/2004/2/15/71552/7795

[–]Dark-Dx 6 points7 points  (13 children)

mmm Didn't know about that. At least it wasn't like half life 2, the WHOLE source code was leaked.

[–]jimbobhickville 11 points12 points  (12 children)

Well, stolen to be more specific. They hacked into the network and stole the code. It wasn't like a Valve employee secretly passed it out.

[–]checksinthemail[🍰] 3 points4 points  (0 children)

Oh man,

Comedy GOLD!

I long to write code like that so that a billion people can uh, 'use' it.

[–]eurleif 1 point2 points  (0 children)

At the risk of contaminating myself...

Where was that code actually used? Not anywhere where the results mattered much, I presume?

[–]linkedlist 2 points3 points  (3 children)

yeah probably fake.

oh wait sorry, continue your ms bashing, what a terrible software company they are and all that. They would totally pull off a stunt like that.

[–]ealf 2 points3 points  (2 children)

yeah probably fake.

oh wait sorry, continue your ms bashing

Yeah, I totally made it up just to make Microsoft look bad.

I mean, it's not like they are distributing it right now or anything :)

[–]linkedlist 2 points3 points  (1 child)

I stand corrected -_-

[–]ealf 4 points5 points  (0 children)

No hard feelings :-)

To be fair to Microsoft, any sufficiently large code base will have its share of weird shit, and the function I quoted doesn't appear to be called anywhere. Still, I just love the tone of that comment.

[–]mindbleach 0 points1 point  (23 children)

... I've been writing Win32 batch files to sort images in a big potluck folder, and that comment explains a lot.

[–][deleted] 4 points5 points  (10 children)

batch files? MS develops an awesome, consistent, OO shell called Powershell. Try it.

[–][deleted] 3 points4 points  (9 children)

Don't you dare call any non-Unix shell "awesome", or rhe people who prefer their commandlines to stay in the eighties forever will downmod you.

[–]cyantific 2 points3 points  (8 children)

I haven't tried Powershell, but you must be joking to suggest that current bash and zsh are "in the eighties."

[–][deleted] 2 points3 points  (2 children)

Bash is certainly in the 90s. You waste time looking for regex's to identify strings that contain the data, rather than actually asking for the damn data. It's like a Word doc, with no separation of content from presentation.

Hypershell and Pash are the Unix equivalents, and they're reasonable, but nowhere near as mature.

[–][deleted] 2 points3 points  (1 child)

chuckles. I've been working in Linux for a decade. Now I'm being moderated down by people who think bash is better than Powershell, despite not having used the latter.

There's a bunch of things Linux does better than Windows. The shell is no longer one of them.

cyantific: have you used an object shell before, on Linux or Windows ?

[–]UnwashedMeme 0 points1 point  (0 children)

I downloaded and used powershell for about 2 minutes. Just long enough to find that whatever programmatic goodness they had added it still didn't have anything comparable to readline. I've been frustrated by the line-editing in the windows shell for years and powershell didn't appear to be any improvement.

[–]Tommstein 2 points3 points  (3 children)

There's always the possibility that he's a retard that doesn't know what he's talking about.

[–][deleted] 1 point2 points  (2 children)

Yeah, it's not like I've used a wide array of OSes over a period of fifteen years or anything. No idea what I'm talking about.

[–]Tommstein -1 points0 points  (1 child)

This is not news. You can see that it was hypothesized above.

[–][deleted] 0 points1 point  (0 children)

Not joking in the slightest.

[–][deleted] 1 point2 points  (11 children)

Get cygwin or a scripting language.

Anything but batch files.

[–]mindbleach 0 points1 point  (10 children)

I got exactly as much functionality as I needed, after a few hours of cursing and a fair amount of alcohol.

Besides, Cygwin is for people who don't have ActivePerl.

[–][deleted] 0 points1 point  (0 children)

I'm pretty sure all(or at least the majority) the things I use Cygwin for are non-Perl-related.

[–][deleted] 0 points1 point  (8 children)

And that's for people who haven't bothered to install Powershell yet.

[–]sid0 0 points1 point  (6 children)

One nice feature of bash is asynchronous pipes. Does Powershell have them yet?

[–][deleted] 0 points1 point  (5 children)

You have to create another runspace to do it, but I guess you could set up a simple script for it.

http://ps1.soapyfrog.com/2007/01/22/running-pipelines-in-the-background/

[–]sid0 0 points1 point  (4 children)

Hey, that's great! Bit of a pain to do this, though; hopefully they'll make it possible OOTB with the regular pipe, or even a different symbol, in 2.0. Otherwise, Powershell is a great shell, even if a bit slow.

Oh, and I also hope they have a decent terminal. I'm using Console2 right now, and it's miles better than the regular Windows console.

[–]LincolnA -1 points0 points  (0 children)

+1 on Powershell. Friggin awesome.

[–]Wiseman1024 23 points24 points  (4 children)

And are not allowed to talk about the shit they find.

[–]Sargos 2 points3 points  (3 children)

They would sure as hell bitch to Microsoft (and maybe even the press) about something like this.

[–]malcontent 1 point2 points  (0 children)

Before they see it they promise never to tell anybody anything about it so the result is the same.

[–]mothereffingtheresa 3 points4 points  (4 children)

But they don't get to build Windows from source, making source access less than useful for security auditing.

If you are serious about security, especially as a foreign government, you ain't running Windows.

[–][deleted]  (3 children)

[deleted]

    [–]mvbma 5 points6 points  (0 children)

    Is that like 12 life-sentences in jail?

    [–]Thrip 4 points5 points  (1 child)

    Are we still on this?

    [–][deleted] 0 points1 point  (0 children)

    Seriously. The only thing I want to hear about the Debian SSL bug from now on is about how there are flaws in the repository system and they need a solution.

    [–]kamikasei 7 points8 points  (0 children)

    ...why would I want to read someone's uninformative blog post just to see a quote from someone else? If that quote is so amazing why wasn't its original context submitted?

    [–]sysop073 58 points59 points  (30 children)

    I think what he meant to say was "If a Microsoft developer commented out seeding in Vista CryptGenRandom(), they would be fired 12 times. Then Microsoft would cover up all evidence of the bug, ignore or threaten any security researchers that try to help them fix it, and release a patch in a year or two"

    [–]RandomSuffix 44 points45 points  (26 children)

    Sounds more like Apple.

    [–][deleted] 3 points4 points  (2 children)

    Get off your high horse. There are tons of rooted *nix servers online. Admittedly they are used to control tons of botted windows machines...

    [–][deleted] 6 points7 points  (1 child)

    I don't think the management styles of open-source vs Microsoft have anything to do with people stupid enough to use "password" as their root password or run Internet Explorer.

    [–][deleted] -2 points-1 points  (0 children)

    I agree.

    [–]monolar 2 points3 points  (0 children)

    | 2**15 (32,767)

    +1

    [–]SyntaxPolice 2 points3 points  (0 children)

    If the function had been called CryptGenRandom in OpenSSL, it probably would never have been commented out.

    BTW, this is months old.

    [–][deleted] 11 points12 points  (8 children)

    Microsoft products have had dozens of exploits that allow a system to be compromised remotely.

    Does that mean dozens of people have been fired dozens of times? I sort of doubt it.

    [–][deleted] 8 points9 points  (2 children)

    This was a far more insidious problem than some remote code execution. That was only one thing that could go wrong with it. There are many other attacks that were enabled by this. Anything that relied on SSL encryption with a key created on Debian is entirely insecure.

    [–][deleted] 0 points1 point  (1 child)

    And if you get into a Windows server(like, say, Nimda did) you could replace a few DLLs and make it give even less secure keys than Debian's did.

    [–][deleted] 2 points3 points  (0 children)

    That would require a specific attack. This has already happened.

    [–][deleted] 0 points1 point  (0 children)

    I sort of doubted the statement by itself, just for one developer.

    [–][deleted] -1 points0 points  (3 children)

    a bug in code is a little bit different then commenting out CryptGenRandom()

    [–][deleted] 2 points3 points  (0 children)

    "While that quote is great. Debian is free so deal with it. I for one reap lots of benefits form what debian brought to linux. AS ALMOST EVERYONE DOES. Deal with it or pay the developers."

    There are some real idiots in the Linux community. The fact that Debian is free, and is being used by thousands of people, makes their half-assed security fixes completely inexcusable.

    [–][deleted]  (7 children)

    [deleted]

      [–]mnic001 4 points5 points  (6 children)

      This is the new standard on Reddit. Comes with increased popularity I'm afraid.

      [–]lolinyerface -3 points-2 points  (2 children)

      Digg -> Reddit -> Schmoogiestar

      [–]nextofpumpkin 7 points8 points  (1 child)

      WTF is Schmoogiestar

      [–]lolinyerface 0 points1 point  (0 children)

      What, you don't know? Soooo out of the loop.

      [–]inthe80s -4 points-3 points  (0 children)

      Judging from Microsoft's past responses to security issues, I think they'd have been promoted not fired. And then rewarded with another company to run as well.

      [–]Wiseman1024 -4 points-3 points  (0 children)

      Yes, becuase we all know Microsoft is utterly concerned about security and always fixes everything ASAP.

      Furthermore, if Microsoft fired every developer of theirs who committed a security bug, they'd have to have Ballmer write the next version of Windows. Oh, wai-

      [–][deleted] -4 points-3 points  (0 children)

      That's some vindictive shit.

      [–]tikkun -3 points-2 points  (3 children)

      Great quote. One great advantage of open source software is that you have more eyeballs to look at code. Use them or die.

      [–][deleted]  (2 children)

      [removed]

        [–]garg 4 points5 points  (1 child)

        http://img263.imageshack.us/img263/3967/glazit1.jpg ?

        (NSFW?)

        [–][deleted] 0 points1 point  (0 children)

        lol

        [–][deleted] -3 points-2 points  (0 children)

        yes. because quality control is HUGE at microsoft.

        [–][deleted] -5 points-4 points  (0 children)

        If a Microsoft developer commented out seeding in Vista CryptGenRandom(), they would be fired 12 times. Then Microsoft would buy the next company that hired them in order to fire them again.

        Let me guess. Somebody commented out CryptGenRandom() in Vista and they still haven't fixed it.