Technology – Page 9 – A Geek With Guns

Your Vote Matters

After the last election the Democrats were throwing a fit over supposed Russian interference with the presidential election (funny how politicians here get bent out of shape when somebody interferes with their elections). Implied in the accusation is that an extremely sophisticated enemy such as a state actor is necessary to interfere with a United States election. However, the security of many election machines and election-related sites is so bad that an 11-year-old can break into them:

An 11-year-old boy on Friday was able to hack into a replica of the Florida state election website and change voting results found there in under 10 minutes during the world’s largest yearly hacking convention, DEFCON 26, organizers of the event said.

Thousands of adult hackers attend the convention annually, while this year a group of children attempted to hack 13 imitation websites linked to voting in presidential battleground states.

The boy, who was identified by DEFCON officials as Emmett Brewer, accessed a replica of the Florida secretary of state’s website. He was one of about 50 children between the ages of 8 and 16 who were taking part in the so-called “DEFCON Voting Machine Hacking Village,” a portion of which allowed kids the chance to manipulate party names, candidate names and vote count totals.

Florida’s website isn’t an isolated incident. The entire infrastructure supporting elections here in the United States is a mess:

Even though most states have moved away from voting equipment that does not produce a paper trail, when experts talk about “voting systems,” that phrase encompasses the entire process of voting: how citizens register, how they find their polling places, how they check in, how they cast their ballots and, ultimately, how they find out who won.

Much of that process is digital.

“This is the problem we always have in computer security — basically nobody has ever built a secure computer. That’s the reality,” Schneier said. “I want to build a robust system that is secure despite the fact that computers have vulnerabilities, rather than pretend that they don’t because no one has found them yet. And people will find them — whether it’s nation-states or teenagers on a weekend.”

And before you think that you’re state is smart for not using voting machines, you should be aware that computers are involved in various steps of any modern voting process. Minnesota, for example, uses paper ballots but they’re fed into an electronic machine. Results from local ballot counts are transmitted electronically. Those results are then eventually transmitted electronically to media sources and from there to the masses.

If you go to cast your ballot today, know that there is no reason to believe that it will matter. There are far too many pieces of the voting infrastructure that are vulnerable to the machinations of 11-year-olds.

Making Surveillance Easy

We’re only a few days away from yet another “most important election in our lifetime.” Since the Republicans are in power, the Democrats and their sympathizers are pissed and when they’re pissed it’s not uncommon for them to protest (Remember the last time they were out of power? They actually protested the wars that the party in power started! Those were the days!). Nobody likes it when people protest again them so the party in power wants to keep tabs on the people who might take action against them. Fortunately for them, most protesters make this easy:

The United States government is accelerating efforts to monitor social media to preempt major anti-government protests in the US, according to scientific research, official government documents, and patent filings reviewed by Motherboard. The social media posts of American citizens who don’t like President Donald Trump are the focus of the latest US military-funded research. The research, funded by the US Army and co-authored by a researcher based at the West Point Military Academy, is part of a wider effort by the Trump administration to consolidate the US military’s role and influence on domestic intelligence.

The vast scale of this effort is reflected in a number of government social media surveillance patents granted this year, which relate to a spy program that the Trump administration outsourced to a private company last year. Experts interviewed by Motherboard say that the Pentagon’s new technology research may have played a role in amendments this April to the Joint Chiefs of Staff homeland defense doctrine, which widen the Pentagon’s role in providing intelligence for domestic “emergencies,” including an “insurrection.”

A couple of years ago a few friends and I had the opportunity to advise some protesters on avoiding government surveillance. They were using Facebook to organize and plan their protests. We had to explain to them that using Facebook for that purpose meant that every local law enforcement agency was likely receiving real-time updates on their plans. We made several recommendations, most of which involved moving planning from social media to more secure forms of communications (Signal, RetroShare, etc.). In the end they thanked us for our advice, decided that using anything but Facebook was too difficult (which made me suspect that there were undercover law enforcers amongst them), and kept handing law enforcement real-time information.

The moral of the story is that government agencies pour resources into social media surveillance because it works because most protesters are more concerned about convenience than operational security.

Security for Me, Not for Thee

Google has announced several security changes. However, it’s evident that those changes are for its security, not the security of its users:

According to Google’s Jonathan Skelker, the first of these protections that Google has rolled out today comes into effect even before users start typing their username and password.

In the coming future, Skelker says that Google won’t allow users to sign into accounts if they disabled JavaScript in their browser.

The reason is that Google uses JavaScript to run risk assessment checks on the users accessing the login page, and if JavaScript is disabled, this allows crooks to pass through those checks undetected.

Conveniently JavaScript is also used to run a great deal of Google’s tracking software.

Disabling JavaScript is a great way to improve your browser’s security. Most browser-based malware and a lot of surveillance capabilities rely on JavaScript. With that said, disabling JavaScript entirely also makes much of the web unusable because web developers love to use JavaScript for everything, even loading text. But many sites will provide at least a hobbled experience if you choose to disable JavaScript.

Mind you, I understand why Google would want to improve its security and why it would require JavaScript if it believed that doing so would improve its overall security. But it’s important to note what is meant by improving security here and what potential consequences it has for users.

Deafening the Bug

I know a lot of people who put a piece of tape over their computer’s webcam. While this is a sane countermeasure, I’m honestly less worried about my webcam than the microphone built into my laptop. Most laptops, unfortunately, lack a hardware disconnect for the microphone and placing a piece of tap over the microphone input often isn’t enough to prevent it from picking up sound in whatever room it’s located. Fortunately, Apple has been stepping up its security game and now offers a solution to the microphone problem:

Little was known about the chip until today. According to its newest published security guide, the chip comes with a hardware microphone disconnect feature that physically cuts the device’s microphone from the rest of the hardware whenever the lid is closed.

“This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed,” said the support guide.

The camera isn’t disconnected, however, because its “field of view is completely obstructed with the lid closed.”

While I have misgivings with Apple’s recent design and business decisions, I still give the company credit for pushing hardware security forward.

Implementing a hardware cutoff for the microphone doesn’t require something like Apple’s T2 chip. Any vendor could put a hardware disconnect switch on their computer that would accomplish the same thing. Almost none of them do though, even if they include hardware cutoffs for other peripherals (my ThinkPad, for example, has a build in cover for the webcam, which is quite nice). I hope Apple’s example encourages more vendors to implement some kind of microphone cutoff switch because being able to listen to conversations generally allows gathering more incriminating evidence that merely being able to look at whatever is in front of a laptop.

What Part of Free Didn’t You Understand?

Did you know that a majority of apps targeted at children contain ads:

(Reuters Health) – Those cute little apps your child plays with are most likely flooded with ads – some of which are totally age-inappropriate, researchers have found.

A stunning 95 percent of commonly downloaded apps that are marketed to or played by children age five and under contain at least one type of advertising, according to a new report in the Journal of Developmental & Behavioral Pediatrics. And that goes for the apps labeled as educational, too, researchers say.

That’s just terrible… oh:

The researchers scrutinized 135 of the most downloaded free and paid apps in the “age five and under” category in the Google Play app store. Among them were free apps with 5 to 10 million downloads and paid apps with 50,000 to 100,000 downloads.

Emphasis mine.

To once again quote The Moon is a Harsh Mistress, there ain’t no such thing as a free lunch (TANSTAAFL). If you can download an app without paying upfront, the developer is making money in some other way. Advertisements are the quick and easy go to. In app purchases are the more sophisticated method although more difficult to execute because you need to incentivize users to buy your in app purchases. When your target audience is children, in app purchases are even more difficult because parental controls often prevent children from making purchases directly.

Instead of performing a study with an obvious result such as determining how many free apps display ads (almost all of them), a better study would be to learn why people are so foolish as to believe that they can get something for free.

Jumping Ship

I’ve been running Apple computers for more than a decade now. While I really like macOS, anybody who knows me knows that I’ve been less than enthusiastic with the direction Apple has taken on the hardware front. My biggest gripe with Apple hardware is that it can no longer be serviced. My 2012 MacBook Pro is probably one of the easiest laptops that I’ve ever worked on. The entire back pops off and all of the frequently replaced parts are readily accessible. Part of the reason that I have been able to run that computer since 2012 is because I’ve been able to repair or upgrade components when necessary.

I usually run my laptops between four or five years. I’ve been running that MacBook Pro for six years. I was ready to upgrade last year but Apple had no laptops that appealed to me so I decided to wait a year to see if the situation would improve. When Apple announced its 2018 MacBook Pro line, it had everything I hated. All of the components, including the RAM and SSD, are soldered to the main board. Since the MacBook Pro line can no longer be upgraded, I’d have to order the hardware that I’d want to use for the next four or five years, which would cost about $3,2000. Worse yet, when something broke (all components will fail eventually), I’d have to pay Apple an exorbitant fee to fix it. And if that weren’t bad enough, the 2018 MacBook Pro still has that god awful slim keyboard. While Apple has attempted to improve the reliability of that keyboard by included a rubber membrane under the keys, typing on it is, at least in my opinion, a subpar experience.

I also have some concerns about Apple’s future plans. One of my biggest worries are the rumors of Apple transitioning its Macs to ARM processors. ARM processors are nice but I rely on virtualized x86 environments in my day to day work. If Apple transitioned to ARM processors, I wouldn’t be able to utilize my x86 virtual environments (virtualization turns into emulation when the guest and host architectures differ and emulation always involves a performance hit and usually a lot of glitches), which means I wouldn’t be able to do my work. I’m also a bit nervous about the rumors that Apple is planning to make app notarization mandatory in a future macOS release. Much of the software I rely on isn’t signed and probably never will be. Additionally, building and testing iOS software is a pain in the ass because even test builds need to be signed before they’ll work on an iOS device (anybody who has ran into code signing problems with Xcode will tell you that resolving those problems is often a huge pain in the ass) and I don’t want to bring that “experience” to my other development work. While I would never jump ship over rumors, when there are already reasons I want to jump ship, rumors act as additional low level incentives.

Since Apple didn’t have an upgrade that appealed to me and I’m not entirely comfortable with the rumors of the directions the company maybe going, I decided to look elsewhere. I’ve been running Linux in some capacity for longer than I’ve been running Apple computers. Part of my motivation for adopting macOS in the first place was because I wanted a UNIX system on my laptop (Linux on laptops back then was a dumpster fire). So when I decided to jump ship Linux became the obvious choice, which meant I was looking at laptops with solid Linux support. I also wanted a laptop that was serviceable. I found several solid options and narrowed it down to a Lenovo ThinkPad P52s because it was certified by both Red Hat and Ubuntu, sanely priced, and serviceable (in fact Lenovo publishes material that explains how to service it).

Every platform involves trade-offs. With the exception of Apple’s trackpad, every trackpad that I’ve used has been disappointing. The ThinkPad trackpad is no different in this regard. However, the ThinkPad line includes a TrackPoint, which I’ve always preferred as a mobile mouse solution to trackpads (I still miss Apple’s trackpad gestures though). There also isn’t a decent to do application on Linux (I use 2Do on both iOS and macOS and nothing on Linux is comparable) and setting up Linux isn’t anywhere near as streamlined as setting up a Mac (which involves almost no setup). With that said, I usually use an external trackball so the quality of the trackpad isn’t a big deal. My to do information syncs with my Nextcloud server so I can use its web interface when on my laptop (and continue to use 2Do on my iPhone). And since I chose a certified laptop, setting up Linux wasn’t too difficult (the hardest part was setting up nVidia’s craptastic Linux driver).

The upside to the transition, besides gaining serviceability, is first and foremost the cost. The ThinkPad P52s is a pretty cost effective laptop and I found a 20 percent off coupon code, which knocked the already reasonable price down further. Since neither the RAM nor the SSD in the P52s are soldered to the main board, I was able to save money by buying both separately and installing them when the computer arrived (which is exactly what I did with all of my Macs). In addition to the hardware being cheaper, I was also able to save money on virtualization software. I use virtualization software everyday and on macOS the only decent solution for me was VMWare Fusion (Parallels has better Windows support than Fusion but no serious Linux support, which I also require). Fedora, the Linux distribution I settled on (I run CentOS on my servers so I opted for the closest thing the included more cutting edge software), comes with libvirt installed. After spending a short while familiarizing myself with the differences between VMWare and libvirt, I can say that I’m satisfied with libvirt. It’s better in some regards, worse in others, and pretty much the same otherwise (as far as a user experience, underneath it’s far different).

I also gained a few things on the hardware side. The P52s has two USB-C and two USB-A (all USB 3) ports. My MacBook Pro only had two USB-A ports and the new MacBook Pros only have USB-C ports. All of my USB devices use USB-A so I’d need a bunch of dongles if I didn’t have USB-A ports (not a deal breaker but annoying nonetheless). In addition to being a very good mobile keyboard, the P52s keyboard also has a 10-digit keypad, which no Mac laptop currently has. Like USB-A ports, the lack of a 10 digit keypad isn’t a deal breaker in my world but its inclusion is always welcomed. If that weren’t enough, the keyboard also includes honest to god function keys instead of a TouchBar (as somebody who uses Vim a lot, the lack of a physical escape key is annoying).

My transition was relatively painless because I keep all of my data on my own servers. I didn’t have to spend hours trying to figure out how to pull data off of iCloud so I could use it on Linux. All I had to do was log into my Nextcloud instance and all of my calendar, contact, and to do information was synced to the laptop. The same was true of my e-mail. In anticipation for my move I also changed password managers from 1Password to a self-hosted instance of Bitwarden (1Password is overall a better experience but it lacks a native Linux app so I’d have been stuck with moving to a subscription plan to utilize a browser plugin that would deliver the same experience as Bitwarden). Keeping your data off of proprietary platforms makes moving between platforms easier. Likewise, keeping your data in open standards makes moving easier. I primarily rely on text files instead of word processor files (I used Markdown or LaTeX for most formatting) and most of my other data is stored in standardized formats (PNG or JPEG for images, ePub or PDF for documents, etc.).

Although I won’t give a final verdict until I’ve used this setup for a few months, my initial impressions of moving from macOS to Linux are positive. The transitions has been relatively painless and I’ve remained just as productive as I was on macOS.

Have Some Privileges Back, Plebs

When the federal government passed the Digital Millennium Copyright Act (DMCA) into law it handed manufacturers a fantastic tool to make repairing or servicing their products illegal. Since bypassing Digital Rights Management (DRM) schemes became illegal, tying hardware to software protected by DRM became a convenient way to criminalized repairing products. John Deere was quick to jump on this legal opportunity but certainly hasn’t been alone. Fortunately, after a great deal of begging, our overlords have decided to favor us by proposing to restore a pre-DMCA privilege:

The Librarian of Congress and US Copyright Office just proposed new rules that will give consumers and independent repair experts wide latitude to legally hack embedded software on their devices in order to repair or maintain them. This exemption to copyright law will apply to smartphones, tractors, cars, smart home appliances, and many other devices.

It almost makes you feel as though you can legally own the goods you pay for… almost.

What gets me about this story and all others like it are the people celebrating the decision as if we’re being granted a new legal privilege by the government rather than having a previously existing privilege returned to us by the very government that took it away. Had the DMCA never been passed into law, this decisions by the Librarian of Congress would never have been necessary.

Meet Voluntary Association

The big social media sites have been clamping down on, well, pretty much any content that doesn’t advocate for something left of center. In response to this people whose personal ideology lies to the right of the center have been fleeing to other platforms. Those who fall towards the fascist side of the political spectrum have been fleeing to Gab, a social media site that advertises itself as a free speech platform. But hard times have befallen Gab because most of the services it relies on have decided to disassociate with it:

Gab, a “free speech” alternative to Twitter that’s popular with the far right, has been shut down after losing service from a number of mainstream technology platforms, including PayPal, Joyent, Medium, and GoDaddy.

“Gab is under attack,” the company’s home page now reads. “We have been systematically no-platformed by App Stores, multiple hosting providers, and several payment processors.” Gab is working to get back online using new service providers.

Of course the language that “Gab is under attack” is hyperbole. Nobody is attacking Gab. Service providers who disagree with much of the speech that Gab hosts have decided to stop doing business with the social media site. Since Gab’s administrators have made themselves dependent on these service providers, they have found themselves in a rather awkward position.

I can’t say that I blame these service providers. If I administered a social media site, I wouldn’t let fascists use it to post their nonsense (I also wouldn’t let communists, Republicans, Democrats, or any other politically focused individuals use it) nor would I want to associate it with any service that did. However, if I was planning to setup a site to host, to put it politely, controversial content, I would ensure that I owned the infrastructure from top to bottom. The servers would be mine. I’d accept payment in cryptocurrencies so I wouldn’t be dependent on third-party payment processors. If it wasn’t the primary way to access the site, I’d at least publish a Tor Hidden Service address to protect against censorship from Internet service providers and domain registrars.

What gets me most about sites like Gab is that they advertise themselves as being willing to host controversial content but still make themselves dependent on third-parties that don’t want to associate with anybody who hosts such content. Setting up a website that is resistant to third-party censorship isn’t terribly difficult (and doesn’t require anywhere near the same level of care as hosting outright illegal content) but none of these sites bother to do it. It’s as if they want to be censored just so they have something to bitch about and can feed some kind of persecution complex.

Good News from the Arms Race

Security is a constant arms race. When people celebrate good security news, I caution them from getting too excited because bad news is almost certainly soon to follow. Likewise, when people are demoralized by bad security news, I tell them not to lose hope because good news is almost certainly soon to follow.

Earlier this year news about a new smartphone cracking device called GrayKey broke. The device was advertised as being able to bypass the full-disk encryption utilized by iOS. But now it appears that iOS 12 renders GrayKey mostly useless again:

Now, though, Apple has put up what may be an insurmountable wall. Multiple sources familiar with the GrayKey tech tell Forbes the device can no longer break the passcodes of any iPhone running iOS 12 or above. On those devices, GrayKey can only do what’s called a “partial extraction,” sources from the forensic community said. That means police using the tool can only draw out unencrypted files and some metadata, such as file sizes and folder structures.

Within a few months I expect the manufacturer of the GrayKey device to announce an update that gets around iOS’s new protections and within a few months of that announcement I expect Apple to announce an update to iOS that renders GrayKey mostly useless again. But for the time being it appears that law enforcers’ resources for acquiring data from a properly secured iOS device are limited.

Trade-offs

I frequently recommend Signal as a secure messaging platform because it strikes a good balance between security and usability. Unfortunately, as is always the case with security, the balance between security and usability involves trade-offs. One of the trade-offs made by Signal has recently become the subject of some controversy:

When Signal Desktop is installed, it will create an encrypted SQLite database called db.sqlite, which is used to store the user’s messages. The encryption key for this database is automatically generated by the program when it is installed without any interaction by the user.

As the encryption key will be required each time Signal Desktop opens the database, it will store it in plain text to a local file called %AppData%\Signal\config.json on PCs and on a Mac at ~/Library/Application Support/Signal/config.json.

When you open the config.json file, the decryption key is readily available to anyone who wants it.

How could the developers of Signal make such an amateurish mistake? I believe the answer lies in the alternative:

Encrypting a database is a good way to secure a user’s personal messages, but it breaks down when the key is readily accessible to anyone. According to Suchy, this problem could easily be fixed by requiring users to enter a password that would be used to generate an encryption key that is never stored locally.

In order to mitigate this issue the user would be required to do more work. If the user is required to do more work, they’ll likely abandon Signal. Since Signal provides very good transport security (the messages are secure during the trip from one user to another) abandoning it could result in the user opting for an easier to use tool that didn’t provide as effective or any transport security, which would make them less secure overall.

iOS and many modern Android devices have an advantage in that they often have dedicated hardware that encryption keys can be written to but not read from. Once a key is written to the hardware data can be sent to it to be either encrypted or decrypted with that key. Many desktops and laptops have similar functionality thanks to Trusted Platform Modules (TPM) but those tend to require user setup first whereas the smartphone option tends to be seamless to the user.

There is another mitigation option here, which is to utilize full-disk encryption to encrypt all of the contents on your hard drive. While full-disk encryption won’t prevent resident malware from accessing Signal’s database, it will prevent the database from being copied from the computer by a thief or law enforcers (assuming they seized the computer when it was off instead of when the operating system was booted up and thus the decryption key for the drive was resident in memory).