Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Insecurity in Finnish parlament (computers)
From: Markus Jansson <markus.jansson () hushmail com>
Date: Sun, 19 Dec 2004 03:19:38 +0200

Short version:
-------------

http://www.markusjansson.net/erecent.html#comments
"The laptop computers used by members of parlament and their assistants in here Finland have severe security holes. These laptop computers dont have firewalls, file encryption and wiping tools, automatic update is not turned on, operating system (WindowsXP) is on its default settings for most, computers only support 802.11b WLAN which is insecure, etc. etc. As a bonus, they use TeliaSonera GSM:s which are totally insecure because they use COMP-128-1 and A5/1 for security. I contacted them months ago but they havent bothered to answer me, nor to reporters I have contacted later. Oh dear..."



Long version:
-------------

1. The computers do not have firewall, not even ICF enabled. Users cannot even enable it themselfes, since they dont have administrative permissions on the computers. Any remote-exploit vulnerability or bad passphrase and BUM! The computers is hacked.

2. The computers are mainly on default settings. They are WindowsXP. Do I really need to say more about this issue and what happens from it?

3. The computers have support for Bluetooth and it is enabled by default. This leaves many attack vectors inplace that are pretty numerous for me to tell you. Also, they have firewire enabled, which means that as in iPod:s case, anyone with such device can walk to one of these laptops and download everything inside it. Ouch.

4. Laptops have WLAN, but it only supports the totally insecure 802.11b standard.

5. Computers do not have any kind of encryption programs. All files and folders are unencrypted. Even the EFS is turned off. There is no way to secure personal or sensitive documents in the computer.

6. There are no wiping tools in the computers to wipe off sensitive or personal files from them.

7. Computers do not have "Clear pagefile on shutdown" enabled, meaning that sensitive data can be recovered from unwashed swapfile later on.

8. Users do not have administrator permissions on computer so they could install neccessary security programs to them. Ofcourse, there is the plus side that this *should* limit the damage to the systems to...well..the user (= the member of parlament or their assistants). Ouch.

9. There are VPN connections in the computers, but it is unclear are they protected against man-in-the-middle-attacks or not. My educated guess is that they arent, meaning again...

10. Its unclear are the computers set on "automatic updates" or not. My educated guess is that they arent, meaning again (especially if you look at the point 1 again)...ouch.

11. Default browser is Internet Explorer, with default settings ofcourse. Now, I dont have to tell you how serious security risk this is, especially if you concider point 10...

12. MEP:s etc. use TeliaSonera GSM:s. The security that TeliaSonera uses is COMP-128-1 and A5/1, which are all totally insecure and can easily be broken with a laptop computer etc. meaning that their conversations can easily be eavesdropped. They should use COMP-128-3 and A5/3 to make it secure...

13. At TeliaSonera GSM networks, there is no protection against "false-basestation" techique, which easy bypass of crypto by simply turning it off from the "basestation". For example, Elisa uses COMP-128-3 and A5/3 and does not allow phones to turn off crypto even basestation orders them to do so.

I have contacted about this issue months ago to security personel in our parlament. They havent even bothered to answer me, not to mention that they would have fixed the computers security problems. So, here is it, maybe they'll listen now.



--
My computer security & privacy related homepage
http://www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email
before sending it to me to protect our privacy.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault