Tag: Security

Secure Your Assets

Anybody with more than two braincells to rub together and has even a modest knowledge of economic history knows that you can’t trust the State for your retirement. The government issued funny money is in a constant state of devaluation, which means every slip of its paper you save will be worth much less when you retire. Because of that, smart people find alternative ways to preserve their wealth for retirement. Some people invest a portion of their wealth in the hopes they can grow it faster than the rate of inflation while others prefer to rely on time proven precious metals.

If you look at historical trends the latter is a pretty solid choice if your goal is to preserve your purchasing power. However, if you’re going to opt for precious metals you need a secure method of storage, to spread out your assets, and probably a decent insurance policy because physical assets can be stolen:

ST. PAUL, Minn. – St. Paul Police are looking into an reported burglary that stripped a female resident of her entire life savings.

Police spokesman Steve Linders confirms that the alleged victim, a 57-year-old who lives on the 1600 block of Abell Street, had her valuables stashed in her bedroom because she does not trust banks. The thieves got away with 100 gold bars valued at more than $1,200 apiece, $60,000 cash and a diamond ring valued at $36,000.

I’ve seen quite a few comments making fun of the fact that her lack of trust in banks caused her to lose her life savings. But if your money is in a bank account its purchasing power is constantly being stolen in the form of inflation so acting high and mighty because you keep your government funny money in a bank is just as stupid as keeping all of your gold in one location and not properly securing it.

By the description of her storage method (stashing it in her bedroom) I’m left to assume she didn’t have her gold in a quality safe. If you’re going to have a lot of gold on hand you should invest in a decent safe that can be bolted to the ground (i.e. a decent gun safe). Bonus points can be had if you can also conceal the safe. But a quality safe offer two advantages. First, it greatly increases the time it takes for a burglar to get to your valuable assets. Burglaries are often smash and grab affairs where the burglars want to minimize the amount of time that they’re in a house. The more secure your assets are the less attractive they will be to a petty thief looking to get in and out. The second advantage a quality safe offers is fire protection. You don’t want to lose your retirement if your house burns down.

In addition to a quality safe you also want to spread your assets around. Keeping all of your eggs in one basket is not a wise idea. I would personally recommend against a safety deposit box at a bank because the State can and has seized them. And since the United States government has confiscated gold in the past it’s not unreasonable to think another gold confiscation might occur. You’re better off having trustworthy family members or close friends or have a second piece of property where you can install a quality safe and store some of your assets.

The third thing, which can be tricky if you’re concerned about another possible government gold confiscation, is having an insurance policy. Precious metals are valuable and valuable assets should be insured against loss. However, insuring your precious metals also means records of the metals existence will exist. If the government decided to do another gold confiscation they very well may require insurance companies to surrender information on customers who have insured precious metals. Then again, an insurance policy is a nice thing to have if burglars break into your home and get into your safe. It’s one of those risk-reward formulas that you have to figure out for yourself.

Storing your retirement savings in government funny money in a bank is not a good idea but if you’re going to do something else you need to be smart about. Simply buying gold isn’t a solid plan if you don’t have a way of securing that gold longterm.

All E-Mail Providers are Snitches But Some are Bigger Snitches Than Others

E-mail should be a dead standard this day and age. By default it offers no confidentiality or anonymity. Even when you use something like GPG to encrypt the contents of your e-mail the metadata, such as who you communicated with, remains unencrypted. But legacy products like to stick around past their welcome and almost all of us have to deal with e-mail on a daily basis.

This dependency on a legacy product has also been a boon for the State. The snoops working for the State such as the National Security Agency (NSA) and the Federal Bureau of Investigations (FBI) love e-mail because it’s easy to surveil. Not only are the messages unencrypted by default but many providers are more than happy to assist federal agencies in their quest to spy on the general population. It was recently revealed that Yahoo has been one of the e-mail providers in the State’s pocket:

Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

Stories like this make me happy that Yahoo has been suffering financially. Most technology companies have at least half heartedly pushed back when the State has demanded all-encompassing surveillance powers. But Yahoo was more than willing to roll up its sleeves and provide the State with everything it asked for. Fortunately, there was at least one decent person in Yahoo during this fiasco. Unfortunately, that person was powerless to stop Yahoo from going through with its dastardly deed:

According to two of the former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.

I’d say he was well rewarded for standing up for what he believed in. Facebook is raking in cash so he’s almost certainly being paid far better. And while Facebook is a major player in the State’s surveillance apparatus the company has at least shown a willingness to provide customers with secure means of communications by allowing WhatsApp, one of its acquisitions, to implement the Signal protocol and even implemented optional end-to-end encryption in its Messenger app.

This is the point where I’d recommend Yahoo’s users to abandon its e-mail service for a more reputable one. But I doubt anybody reading this is actually using Yahoo’s e-mail service. But if you are a statistical anomaly and still using it you should stop. Yahoo has zero interest in protecting your privacy.

Confidentiality Versus Anonymity

The Intercept has started a bit of a shit storm by pointing out that iMessage doesn’t encrypt metadata:

APPLE PROMISES THAT your iMessage conversations are safe and out of reach from anyone other than you and your friends. But according to a document obtained by The Intercept, your blue-bubbled texts do leave behind a log of which phone numbers you are poised to contact and shares this (and other potentially sensitive metadata) with law enforcement when compelled by court order.

Every time you type a number into your iPhone for a text conversation, the Messages app contacts Apple servers to determine whether to route a given message over the ubiquitous SMS system, represented in the app by those déclassé green text bubbles, or over Apple’s proprietary and more secure messaging network, represented by pleasant blue bubbles, according to the document. Apple records each query in which your phone calls home to see who’s in the iMessage system and who’s not.

Is this an affront to privacy? Is Apple showing bad faith in its promise to deliver a more security communication system? No and no. The issue at hand here is that Apple has promised confidentiality but hasn’t promised anonymity, which are two different things.

Confidentiality means that a communication isn’t accessible to unauthorized parties. In other words what was communicated is secret. Anonymity means that the parties communicating are secret. A confidential message isn’t necessarily anonymous and an anonymous message isn’t necessarily confidential.

iMessage and other secure communication applications such as WhatsApp and Signal use an identifier that are tied to your real-life persona, your phone number. Using phone numbers as identifiers allows these apps to easily scan your contacts list to see who does and doesn’t have the application. While they do keep what is being communicated secret they make no attempt to keep who is communicating secret.

Tor, on the other hand, attempts to provide anonymity but doesn’t necessarily provide confidentiality. With the exception of hidden services, every website you access through Tor goes through an exit node. Unless the site you’re accessing utilizes Transport Layer Security (TLS) the contents of the site are accessible to the exit node operator. On Tor the content being communicated isn’t necessarily confidential but the parties communicating are.

Applications such as Ricochet attempt (I use this qualifier because Ricochet is still experimental) to provide both confidentiality and anonymity. Not only are the communications themselves kept secret but the parties who are communicating is also kept secret. But since Ricochet users are anonymous be default the application can’t go through your contacts list and automatically inform you who does and doesn’t have the application.

There’s nothing sinister afoot here. Apple, WhatsApp, and Signal never claimed to deliver anonymity. Even if they didn’t use phone numbers as identifiers they still wouldn’t deliver anonymity since they make no attempt to conceal your IP address. Everybody that is freaking out about this is freaking out about the fact that Apple isn’t providing something it never claimed to provide.

There are no magic bullets. Before choosing the right tool for the job you need to develop a threat model. Unless you know what you are guarding against you can’t effectively guard against it. Confidentiality works well to protect against certain types of snoops. Law enforcers wanting to dig through the contents of messages to find evidence of illegal activities and advertisers wanting the same but to acquire information to better sell your products are threats where confidentiality is important but anonymity may not be required. Law enforcers wanting to create a social graph so it can target friends of specific individuals and censors wanting to learn who is putting out unapproved material are threats where anonymity is important but confidentiality may not be required. On the other hand, depending on your threat model, all of the above may be threats where confidentiality and anonymity are required.

Know your threats and know your tools. Make sure your tools address your threats. But don’t get upset because a tool doesn’t address your threat when it never claimed to do so.

The Signal Desktop App Now Works with iOS

The developers behind Signal, an application that allows you to send secure text messaging and make secure phone calls, released a Chrome app some time ago. The Chrome app allowed you to link your Android device with the app so you could use Signal on a desktop or laptop computer. iOS users were left out in the cold, which annoyed me because I spend more time on my laptop than on my phone (also, because I hate typing on my phone). Fortunately, Signal for iOS now supports linking with the Chrome app.

It’s simple to setup and works well. If you, like me, don’t use Chrome as your primary browser and don’t want to open it just to use Signal you can right-click on the Signal App in Chrome and create a shortcut. On macOS the shortcut will be created in your ~/Applications/Chrome Apps/ folder (I have no idea where it puts it on Windows or Linux). Once created you can drag the Signal shortcut to the dock.

Looks Can Be Deceiving

Saturday evening there was a multiple stabbing incident at the St. Cloud Center here in Minnesota. Although tragic there are some lessons that can be learned these kinds of situations and this incident is no different:

In a media briefing after midnight Sunday, St. Cloud police chief William Blair Anderson said an off-duty officer from another jurisdiction confronted and killed the suspect. He said the suspect — who was dressed in a private security uniform — reportedly asked at least one victim whether they were Muslim before assaulting them, and referred to Allah during the attacks.

Here lies our most important lesson. The attacker was dressed in a security uniform. This probably allowed him to get close to his victims without raising any red flags, which is important if you’re relying a knife. So the lesson here is that not everybody is exactly as they appear. Just because somebody is dressed like a cop or a security guard doesn’t mean they actually are one. Don’t let your guard down just because somebody is in a specific uniform.

One of my friends pointed out another lesson to be learned from this:

The mall remained on lockdown after the incident, but authorities expected those remaining inside to be released early Sunday. Photos and video of the mall taken hours after the incident showed groups of shoppers waiting to be released, including some huddled together near a food court entrance.

The officers trapped people inside the mall with the attacker. When the police arrived it wasn’t yet known if there were multiple attackers so the mall goers were potentially locked in a building with multiple people meaning to cause them harm. Being confined in an area with an unknown number of assailants is not a good place to be. If you hear that there’s an attacker in the building find the nearest fire exit and go through it. If you’re luck the police won’t see you leave. If you’re unlucky they’ll catch you but in that case you’ll likely be held in the back of a squad car, which is still a safer place than being confined in an area with and unknown number of potential assailants.

Keep your guard up when you’re out and about. Listen to your gut instinct. If that little voice in the back of your head is telling you something is wrong then you should listen to it. We’ve all been doing this human thing for our entire lives so we’re pretty good at subconsciously reading very subtle signs from one another. Anybody can put on any uniform they please but a uniform isn’t going to conceal all those subtle signs we use to judge one another’s intentions. If that voice is telling you the approaching security guard means you harm take heed and book it.

Be aware of all the potential exits. Fire exits are especially good in these kinds of situations because they usually trip a fire alarm. If it’s an audible alarm it will alert other people in the building to get out. If it’s a silent alarm it will still involve a response from the local authorities.

Finally, have a plan to defend yourself if escape isn’t an option. I recommend that people carry a firearm because they give you the best fighting chance. But even if you’re not willing or are unable to carry a firearm you should have some defensive response that you’ve trained thoroughly enough to be instinctual. Be it martial arts, mace, a baton, or even a knife. While you might not win a violent encounter even if you have a means of self-defense, you will certainly lose one if your response is to freeze up.

You Ought to Trust the Government with the Master Key

The Federal Bureau of Investigations (FBI) director, James Comey, has been waging a war against effective cryptography. Although he can’t beat math he’s hellbent on trying. To that end, he and his ilk have proposed schemes that would allow the government to break consumer cryptography. One of those schemes is call key escrow, which requires anything encrypted by a consumer device be decipherable with a master key held by the government. It’s a terrible scheme because any actor that obtains the government’s master key will also be able to decrypt anything encrypted on a consumer device. The government promises that such a key wouldn’t be compromised but history shows that there are leaks in every organziation:

A FBI electronics technician pleaded guilty on Monday to having illegally acted as an agent of China, admitting that he on several occasions passed sensitive information to a Chinese official.

Kun Shan Chun, also known as Joey Chun, was employed by the Federal Bureau of Investigation since 1997. He pleaded guilty in federal court in Manhattan to one count of having illegally acted as an agent of a foreign government.

Chun, who was arrested in March on a set of charges made public only on Monday, admitted in court that from 2011 to 2016 he acted at the direction of a Chinese official, to whom he passed the sensitive information.

If the FBI can’t even keep moles out of its organization how are we supposed to trust it to guard a master key that would likely be worth billions of dollars? Hell, the government couldn’t even keep information about the most destructive weapons on Earth from leaking to its opponents. Considering its history, especially where stories like this involving government agents being paid informants to other governments, there is no way to reasonably believe that a master key to all consumer encryption wouldn’t get leaked to unauthorized parties.

All Full-Disk Encryption isn’t Created Equal

For a while I’ve been guarded when recommending Android devices to friends. The only devices I’ve been willing to recommend are those like the Google Nexus line that receive regular security updates in a timely manner. However, after this little fiasco I don’t know if I’m willing to recommend any Android device anymore:

Privacy advocates take note: Android’s full-disk encryption just got dramatically easier to defeat on devices that use chips from semiconductor maker Qualcomm, thanks to new research that reveals several methods to extract crypto keys off of a locked handset. Those methods include publicly available attack code that works against an estimated 37 percent of enterprise users.

A blog post published Thursday revealed that in stark contrast to the iPhone’s iOS, Qualcomm-powered Android devices store the disk encryption keys in software. That leaves the keys vulnerable to a variety of attacks that can pull a key off a device. From there, the key can be loaded onto a server cluster, field-programmable gate array, or supercomputer that has been optimized for super-fast password cracking.

[…]

Beniamini’s research highlights several other previously overlooked disk-encryption weaknesses in Qualcomm-based Android devices. Since the key resides in software, it likely can be extracted using other vulnerabilities that have yet to be made public. Beyond hacks, Beniamini said the design makes it possible for phone manufacturers to assist law enforcement agencies in unlocking an encrypted device. Since the key is available to TrustZone, the hardware makers can simply create and sign a TrustZone image that extracts what are known as the keymaster keys. Those keys can then be flashed to the target device. (Beniamini’s post originally speculated QualComm also had the ability to create and sign such an image, but the Qualcomm spokeswoman disputed this claim and said only manufacturers have this capability.)

Apple designed its full-disk encryption on iOS very well. Each iOS device has a unique key referred to as the device’s UID that is mixed with whatever password you enter. In order to brute force the encryption key you need both the password and the device’s UID, which is difficult to extract. Qualcomm-based devices rely on a less secure scheme.

But this problem has two parts. The first part is the vulnerability itself. Full-disk encryption isn’t a novel idea. Scheme for properly implementing full-disk encryption have been around for a while now. Qualcomm not following those schemes puts into question the security of any of their devices. Now recommending a device involves both ensuring the handset manufacturers releases updates in a timely manner and isn’t using a Qualcomm chipset. The second part is the usual Android problem of security patch availability being hit or miss:

But researchers from two-factor authentication service Duo Security told Ars that an estimated 37 percent of all the Android phones that use the Duo app remain susceptible to the attack because they have yet to receive the patches. The lack of updates is the result of restrictions imposed by manufacturers or carriers that prevent end users from installing updates released by Google.

Apple was smart when it refused to allow the carriers to be involved in the firmware of iOS devices. Since Apple controls iOS with an iron fist it also prevents hardware manufacturers from interfering with the availability of iOS updates. Google wanted a more open platform, which is commendable. However, Google failed to maintain any real control over Android, which has left uses at the mercy of the handset manufacturers. Google would have been smart to restrict the availability of its proprietary applications to manufacturers who make their handsets to pull Android updates directly from Google.

How Not to Design Security

As is common after a violent tragedy, a great deal of electrons are being annoyed by people who are calling for prohibitions. Some want to prohibit firearms, ammunition, and body armor while others want to prohibit members of an entire religion from crossing the imaginary line that separates the United States from the rest of the world. All of this finger pointing is being done under the guise of security but the truth is that any security system that depends on an attacker acting in a certain way is doomed to fail.

Prohibitions don’t eliminate or even curtail the threat they’re aimed at. In fact the opposite is true. The iron law of prohibition, a term coined in regards to prohibitions on drugs, states that the potency of drugs increases as law enforcement efforts against drugs increases. It applies to every form of prohibition though. Prohibitions against firearms just encourages the development of more easily manufactured and concealable firearms just as the prohibition against religious beliefs encourages those beliefs to be practices in secrecy.

When you rely on a prohibition for security you’re really relying on your potential attackers to act in a specific way. In the case of firearm prohibitions you’re relying on your potential attackers to abide by the prohibition and not use firearms. In the case of prohibiting members of a specific religion from entering a country you’re relying on potential attacks to truthfully reveal what religion they are a member of.

But attackers have a goal and like any other human being they will utilize means to achieve their ends. If their ends can be best achieved with a firearm they will acquire or manufacture one. If their ends require body armor they will acquire or manufacture body armor. If their ends require gaining entry into a country they will either lie to get through customs legitimately or bypass customs entirely. You attackers will not act in the manner you desire. If they did, they wouldn’t be attacking you.

What prohibitions offer is a false sense of security. People often assume that prohibited items no longer have to be addressed in their security models. This leaves large gaping holes for attackers to exploit. Worse yet, prohibitions usually make addressing the prohibited items more difficult due to the iron law of prohibition.

Prohibitions not only provide no actual security they also come at a high cost. One of those costs is the harassment of innocent people. Firearm prohibitions, for example, give law enforcers an excuse to harass anybody who owns or is interested in acquiring a firearm. Prohibitions against members of a religion give law enforcers an excuse to harass anybody who is or could potentially be a member of that religion.

Another cost is a decrease in overall security. Firearm prohibitions make it more difficult for non-government agents to defend themselves. A people who suffer under a firearm prohibition find themselves returned to the state of nature where the strong are able to prey on the weak with impunity. When religious prohibitions are in place an adversarial relationship is created between members of that religion and the entity putting the prohibition in place. An adversarial relationship means you lose access to community enforcement. Members of a prohibited religion are less likely to come forth with information on a potentially dangerous member of their community. That can be a massive loss of critical information that your security system can utilize.

If you want to improve security you need to banish the idea of prohibitions from your mind. They will actually work against you and make your security model less effective.

Be Careful When Taking Your Computer In For Servicing

How many of you have taken your computer in to be repaired? How many of you erased all of your data before taking it in? I’m often amazed by the number of people who take their computer in for servicing without either replacing the hard drive or wiping the hard drive in the computer. Whenever I take any electronic device in for servicing I wipe all of the data off of it and only install an operating system with a default user account the repairer can use to log in with. When I get the device back I wipe it again and then restore my data from a backup.

Why am I so paranoid? Because you never know who might be a paid Federal Bureau of Investigations (FBI) snitch:

The doctor’s attorney says the FBI essentially used the employee to perform warrantless searches on electronics that passed through the massive maintenance facility outside Louisville, Ky., where technicians known as Geek Squad agents work on devices from across the country.

Since 2009, “the FBI was dealing with a paid agent inside the Geek Squad who was used for the specific purpose of searching clients’ computers for child pornography and other contraband or evidence of crimes,” defense attorney James Riddet claimed in a court filing last month.

Riddet represents Dr. Mark Albert Rettenmaier, a gynecological oncologist who practiced at Hoag Hospital until his indictment in November 2014 on two felony counts of possession of child pornography. Rettenmaier, who is free on bond, has taken a leave from seeing patients, Riddet said.

Because the case in this story involved child pornography I’m sure somebody will accuse me of trying to protect people who possess child pornography. But data is data when it comes to security. The methods you can use to protect your confidential communications, adult pornography, medical information, financial records, and any other data can also be used to protect illicit, dangerous, and downright distasteful data. Never let somebody make you feel guilty for helping good people protect themselves because the information you’re providing them can also be used by bad people.

Due to the number of laws on the books, the average working professional commits three felonies a day. In all likelihood some data on your device could be used to charge you with a crime. Since the FBI is using computer technicians as paid informants you should practice some healthy paranoia when handing your devices over to them. The technician who works on your computer could also have a side job of feeding the FBI evidence of crimes.

But those aren’t the only threats you have to worry about when taking your electronic devices in for servicing. I mentioned that I also wipe the device when I get it back from the service center. This is because the technician who worked on my device may have also installed malware on the system:

Harwell had been a Macintosh specialist with a Los Angeles-area home computer repair company called Rezitech. That’s how he allegedly had the opportunity to install the spy software, called Camcapture, on computers.

While working on repair assignments, the 20-year-old technician secretly set up a complex system that could notify him whenever it was ready to snap a shot using the computer’s webcam, according to Sergeant Andrew Goodrich, a spokesman with the Fullerton Police Department in California. “It would let his server know that the victim’s machine was on. The server would then notify his smartphone… and then the images were recorded on his home computer,” he said.

When your device is in the hands of an unknown third party there is no telling what they may do with it. But if the data isn’t there then they can’t snoop through it and if you wipe the device when you get it back any installed malware will be wiped as well.

Be careful when you’re handing your device over to a service center. Make sure the device has been wiped before it goes in and gets wiped when it comes back.