ICT security

Smart cards: a good solution in the wrong direction

Winfried Tilanus — Sat, 26 Feb 2011 23:20:00 GMT

While securing computer systems, quite often the usage of passwords is the weakest point of the security: it is hard to choose (and remember) a password that is not easy to guess. In all places where passwords are used, you can (at least theoretically) also use cryptographic keys. Cryptographic keys are, compared to passwords, much and much more secure: they are almost impossible to guess. They only have a big disadvantage: they are stored on a computer. If that computer falls in the wrong hands, the keys are compromised too. Of course, you can protect your cryptographic key with a password, but then we are back at the problem we started with.

Fortunately security engineers can pull one more trick out of their sleeves: smart cards. And I must say, I love them. By putting the cryptographic keys on a smart card, you can keep them separated from the computers you use them on. With more advanced smart cards the keys never have to leave the card: the card does the calculations needed to prove what needs to be proven and passes the results back to the computer. Such cards are also extremely hardened against attempts to read out the keys by examining the chip on it. And finally: these cards need a password to unlock, but after three failed passwords the card locks up. So an attacker only has three attempts to guess the password after that there is at least a big laboratory and a lot of experimenting needed to let the card reveal its secrets.

As I said, I love smart cards, I use them on a daily basis. I use them to unlock the encrypted data on my computer, I use them to log in on other computers and I use them to secure and authenticate my e-mail. But recently my faith in smart cards got some damage: while making the website thealiceandbobsuicide.org I realized smart cards add an other layer of abstraction to the picture. A password (if not sniffed or stolen by a key logger) indicates the right human is interacting in the system. With a smart card the right human interacts with the smart card and the smart card interacts with the other systems. Now we must not only trust in the computer, but also in the smart card. And so it becomes more and more impossible to verify what all these components are doing and whether they can be trusted. The technological advancedness of the smart cards are also their Achilles' heel: adding more technology results in less trust, not more.

So where to go from here? I don't know. But if we ever want to trust our computers, we need to make it more easy to audit them and not add more complexity to them.

Open brief aan Gerrit van de Kamp van de politievakbond ACP

Winfried Tilanus — Sat, 26 Feb 2011 09:56:00 GMT

Beste Politievakbond, beste Gerrit van de Kamp,

Met enige verbijstering heb ik kennis genomen van de uitspraken van Gerrit van de Kamp over het inbouwen van een achterdeur in encryptie systemen. Van de politievakbond had ik meer kennis van zaken en een kritischer houding verwacht.

Er zijn namelijk een aantal redenen waarom dit een uiterst slecht voorstel is:

Het zal niet helpen om de grote vissen te vangen:
Het verleden heeft aangetoond dat, ondanks wettelijke maatregelen, encryptie zonder achterdeur altijd beschikbaar zal blijven voor degenen die daar gebruik van willen maken. Kijk bijvoorbeeld maar naar de geschiedenis van de veel gebruikte encryptieprogramma's pgp / gnupg. De Amerikaanse overheid heeft lang de verspreiding en het gebruik er van proberen tegen te houden. Dat bleek niet alleen onmogelijk, het was zelfs de beste aanbeveling voor pgp: als de overheid er zo bang voor is, dan moet het wel goed zijn. Een crimineel die echt een zware misdaad begaat, zal liever een straf voor het gebruik van illegale encryptie riskeren dan de straf voor de begane misdaden.
Daarbij bestaat er ook iets als 'ontkenbare encryptie', dat is software die de versleutelde gegevens zo opslaat dat niet aan te tonen is dat er versleutelde gegevens aanwezig zijn, of dat er meer gegevens aanwezig zijn dan de gegevens waarvoor een sleutel is overhandigd. Er bestaan dus al systemen die het mogelijk maken deze maatregel te omzeilen zonder dat het aantoonbaar is. Een crimineel hoeft dan zelfs niet de straf op illegale encryptie te riskeren.
Het maakt legale toepassingen zo goed als onmogelijk:
Stel je eens voor: je rechercheert aan een groot, gevoelig onderzoek. Gelukkig heb je een laptop, zodat je, waar je ook bent, je de essentiële gegevens bij de hand hebt. Op die manier kan je ook makkelijk nieuwe notities toevoegen aan het dossier. Natuurlijk is die laptop voorzien van sterke encryptie, je wilt niet dat als de laptop in verkeerde handen valt, de gegevens ook in verkeerde handen vallen. Zou dit nog kunnen als de producent van de encryptie software ook toegang kan krijgen tot de gegevens? Want wie zegt dat daar geen lek zit? Of zelfs als dat in overheidshanden is, wie zegt er dan dat er daar geen lek zit? En over welke overheidsinstelling in welk land hebben we het dan eigenlijk? Het legitieme nut van de encryptie neemt snel af op deze manier.
En er is nog een manier waarop dit gevaarlijk is: de achterdeur hoeft maar een keer uit te lekken en alle systemen die er gebruik van maken komen in gevaar. Dat dat geen denkbeeldig risico is, bewijst wat er met veel ADSL-modems is gebeurd: de providers willen op afstand updates of aanpassingen kunnen doen aan zulke modems. Dat bespaart de klanten veel gedoe en maakt het makkelijker om de klant een goed werkende verbinding te bezorgen. Daartoe bouwen veel fabrikanten van ADSL-modems een achterdeur in in hun modem. Het is al meerdere keren gebeurd dat iemand in staat bleek die achterdeur te achterhalen (de technieken daarvoor zijn vrijelijk beschikbaar). Daarmee verkreeg die persoon in een keer toegang tot alle ADSL-modems van dat model. Een achterdeur creëert een gigantisch veiligheidsrisico en maakt de encryptie zo goed als onbruikbaar.
Het bedreigt de democratische grondslag van onze maatschappij:
In een democratie is het niet alleen belangrijk dat de overheid de burgers beschermt tegen kwaadwillende burgers, maar juist ook dat de overheid de eigen beperkingen kent en de burgers beschermt tegen machtsmisbruik door de overheid. Dat wordt niet alleen via de stembus gedaan, maar ook door de trias-politica (de scheiding van de wetgevende, opsporende en rechtsprekende macht) en via het waarborgen van burgerrechten. Die burgerrechten beschermen de burger tegen inbreuken van wie dan ook, maar vooral van de overheid, die immers het geweldsmonopolie heeft. Zaken als briefgeheim, beroepsgeheim en verschoningsrecht zijn essentiële maatregelen voor het waarborgen van een democratie. Een overheid die niet respecteert dat burgers een privé domein hebben en maatregel op maatregel stapelt die dat privé domein verkleint, bouwt langzaam de democratie af. De geschiedenis (meer en minder recent) leert dat dat voert tot machtsmisbruik en uiteindelijk revolutie. Ik zou het waarderen als ons dat bespaart blijft.
Het voorstel is vernietigend voor het imago van de politie:
In mijn professionele praktijk maak ik regelmatig analyses van de incidenten die plaats hebben gevonden en de maatregelen die nodig zijn om de risico's te verkleinen. De praktijk heeft mij geleerd dat het grootste risico niet van hackers afkomstig is, maar van overijverige opsporingsambtenaren die zonder de daarvoor voorgeschreven procedures te volgen proberen om met dreigementen gegevens op te vragen. Dat heeft vaker tot problemen gevoerd dan alle pogingen tot digitale inbraak bij elkaar. Ik waarschuw mijn klanten dan ook niet alleen voor hackers, maar juist ook voor de politie. Veel mensen die zich bezig houden met computerbeveiliging herkennen dit beeld: de grootste bedreiging komt van de opsporingsdiensten, terwijl die opsporingsdiensten juist zouden moeten bijdragen aan de beveiliging. In mijn praktijk kan ik inmiddels zeggen dat het middel erger is geworden dan de kwaal.
Zoals ik al had laten zien, getuigt het voorstel van weinig inzicht in de digitale praktijk. Dat vind ik zeer teleurstellend voor een vakbond van politie-medewerkers. Nog kwalijker is dat het voorstel vooral machteloosheid van de politie uitstraalt. Het zegt: "Wij hebben het klassieke rechercheren verleerd en vallen daarom nu terug op een gevaarlijke en ineffectieve maatregel." Ik ga er vanuit dat juist een politievakbond niet wil dat de politie het imago van incompetent en gevaarlijk uitstraalt.

met vriendelijke groet,

Winfried Tilanus

Calculating password strength

Winfried Tilanus — Wed, 12 Jan 2011 12:10:00 GMT

Introduction

To determine if a password is strong enough, two things need to be known:

the amount of randomness of the password
the amount of randomness that is needed

Randomness of the password:

Human text is just slightly random. When typing text in lower ascii characters the randomness of the text is estimated at 2-3 bits per character (see RFC 1750). The 26 lowercase ascii characters represent 4.7 bits each ( log(26)/log(2) = 4.7 ). So just because a human has choosen these characters, 40% to 60% of the randomness is lost.

This makes that the amount of randomness of a human chosen password can be estimated with:

b = log(c)/(log(2)*2)

where:
c is the size of the character set chosen from
and
b is the amount of random bits per character

Randomness needed:

RFC 1750 gives a nice example of calculating the randomness needed. It makes the following assumptions:

One guess of the password takes 6 seconds (for example because of a delay in the login system).
An attempt to brute-force the password will be detected within a month.
A chance of guessing the password of 1 in 1000 per attempt is acceptable.

This translates to 500,000 tries before the attack is detected. Taken the acceptable chance of 1 in 1000, the password needs to be randomly chosen out of 500,000,000 possibilities, which equivalents 29 bits of random data.

More generic the equation is:

b = log((d*86400)/(s*c))/log(2)

where:
b is the needed amount of bits
d is the amount of days before detecting an attack
s is the delay in seconds when reattempting to login
c is the acceptable chance of a successful attack (as fraction)

Some examples of this calculation:

Detection (Days)	Delay (sec)	Chance (1 in)	Randomness needed
1	60	1,000	21
7	10	1,000	26
7	30	10,000	28
31	5	1,000	29
7	60	1,000,000	34
14	10	100,000	34
21	20	1,000,000	37
31	1	1,000,000	42

Two scenario's seem realistic to me:

low-security system
A system like this is not very intensively monitored and you don't want to set a long delay in case of a wrong password. This results in a detection time of 31 days, a delay of 5 seconds and an acceptable chance of 1 in 1,000. The amount of randomness needed is 29 bits for such a system.
high-security system
A system like this is much more intensively monitored. Detection within 7 days is likely. At the same time it is acceptable to increase the login delay to 30 seconds or more in case of many failing attempts. At the same time the acceptable chance is much lower, 1 in 1,000,000. In these conditions the amount of randomness needed is 35 bits.

So how long should the password be?

Please make your calculation for yourself! Take a look at your local circumstances, acceptable risks etc. Choosing the length of a password is also seeking a balance between security and nagging your users. Having said that, I can answer this question for the two servers described above:

low-security server:

When using:	characters needed:
numeric only	18
lower only	13
upper only	13
symbols only	12
lower + numeric	12
upper + numeric	12
upper + lower	11
lower + symbols	10
upper + symbols	10
lower + upper + numeric	10
lower + upper + symbols	10
lower + upper + numeric + symbols	9

high-security server:

When using:	characters needed:
numeric only	22
lower only	15
upper only	15
symbols only	15
lower + numeric	14
upper + numeric	14
upper + lower	13
lower + symbols	12
upper + symbols	12
lower + upper + numeric	12
lower + upper + symbols	11
lower + upper + numeric + symbols	11

Dictionaries

This story is nice, but anybody who has ever played with a password cracker like john the ripper, knows that there are nice lists with passwords that are used very commonly. Using these dictionaries increases the chance of success dramatically. According to the calculations above, the password "August2008" has a randomness of approximately 32 bits. That is equivalent to a chance of 1 in 4,000,000,000 of guessing the password in one guess. When using a dictionary, a chance of 1 in 1000 would be more realistic. So when combinations that are likely to be part of a dictionary attack are part of the password, its randomness should be decreased. However, this is not hard science, just like composing the dictionaries themselves is a combination of statistics, experience and intuition. Thereby is it language dependent: commonly used names or the month of a year are different for each language.

Wrapping it up in a script

Note: the script described here is part of HelpIM

First of all we check the password against the blacklist of 'forbidden' combinations. Any part of the password that matches one of these regexes is discarded for the further calculation of the strength.

The amount of randomness of what is left of the passward can now be calculated by multiplying the length by a factor depending on the characters used. To calculate this factor we first need to know the size of the character set where the password is chosen from:

when using:	adds to character set size:
space	1
numeric	10
lower	26
upper	26
symbols	32

Now the amount of random bits per character can be calculated by the formula mentioned earlier:

b = log(c)/(log(2)*2)

The randomness of the password can now be calculated by multiplying the length of (what is left of) the password by randomness per bit.

This score is compared with a minimal amount of randomness for the site. On base of this a percentage and a color is calculated for a nice strength-bar.

Problems with this way of calculating:

This way of calculating is very dependant on the quality of the dictionaries used. Choose them with care!
Diacritical and other non-ascii characters are not accounted for, although these make the password much stronger (but are quite clumpsy to use in a password, unless you use a localized keyboard containing them).

SSL security and online psychosocial support – part 2, got SSL? you are not there yet!

Winfried Tilanus — Tue, 09 Nov 2010 04:15:00 GMT

In my previous post, I introduced Teus Hagens research on the security of SSL on sites in the Netherlands. Although it was quite shocking to discover that there are still major counseling sites that don't use SSL, the story isn't finished yet.

Even when a site has SSL, the configuration might allow insecure operations. In short several things might go wrong:

The certificate can carry a wrong name, can be expired or can be issued by an authority that is not recognized by the browser.
The configuration can allow old, broken, ciphers or it can allow too short key-lengths that allow brute forcing.
The configuration can allow old, broken, protocols.

Each of these can effectively render the SSL useless. So you would expect the admins of SSL-sites to carefully configure the SSL on their site. Unfortunately they don't. The research of Teus Hagen has shown that one third of all sites in the Netherlands has serious flaws in their SSL. In healthcare and online counseling it is even worse: of the 40 assessed sites, over half of all sites has serious flaws. Only 7 sites reach an acceptable lever of security, with only passing with an 'A'.

So, using SSL is not the whole story, it should be implemented in the right way. And unfortunately not many people are aware of this.

SSL security and online psychosocial support – part 1, no security at all!

Winfried Tilanus — Wed, 03 Nov 2010 06:41:00 GMT

In the upcoming NLUUG autumn conference on security and privacy, there will be a presentation of Teus Hagen on SSL security.

For people not very familiar with SSL a short introduction: SSL protects (or should protect, more on that in part 2) communication on the internet against eavesdropping. Basically all communications on the internet can be eavesdropped. This problem becomes a lot more urgent when using open wireless access-points or badly secured access-points. Also people with access to network equipment in the same building can easily eavesdrop the traffic. Think about your boss, your system-administrator or anybody with a bit technical skills in your home. The (correct) usage of SSL effectively eliminates the possibility to eavesdrop.

For psychosocial support sites confidentiality is very important. You don't want your boss to know about your alcohol problem. And believe me, you don't want your daddy to read over your shoulder when you chat with a counselor about him abusing you. So SSL is what you want for psychosocial support sites.

Teus Hagen wanted to see if SSL is deployed correctly in practice. If not so, the security of SSL can vastly decrease. For his paper he researches several kind of sites, including sites for psychosocial support. And because I work a lot with security in psychosocial support, I went of to compose a list of sites in the Netherlands he should test. Well: the results where shocking: More then a quarter of the sites that I thought Teus should test, didn't use SSL. No security for him to test, because there is no security at all on those sites!

I will mention some noticeable sites without SSL:

http://shginfo.nl/ This is the site of the most important organization against domestic violence in the Netherlands. In many ways they set the best-practice. They thought quite well on how they can avoid that it becomes obvious to others when somebody visited the site. But they don't use SSL.
http://www.113online.nl/ A major initiative for suicide prevention, including online counseling. SSL is available, but by default it is off.
http://www.korrelatie.nl/ general first line aid, also online, one of the major players in the Netherlands. No SSL.
http://www.kindertelefoon.nl/ the Dutch child helpline. They also offer chat and forum. No SSL.
http://www.minderdrinken.nl/ online treatment for alcohol addiction. No SSL.
http://optijderbij.nl/ Psychological/Psychiatric institution. They do a big part of the intake online, including a lot of diagnostics. All without SSL.

What struck me, when looking at the sites, was the pattern in it, or to be precise: the lack of it. Many sites were only partially protected with SSL. There were for example several sites that offered a SSL protected chat, but that had an e-mail form or a forum that wasn't protected at all. I also encountered several large organizations that operated multiple support sites. They had some of their sites protected with SSL and others not. Overall, it seems to be quite arbitrary what is protected and what not. Looks like a lack of policy. And a lack of regulation...

Skimming of 'secure' payment cards has become reality

Winfried Tilanus — Tue, 04 May 2010 10:45:00 GMT

The Dutch news agency 'ANP' reported that on the April the 27th three suspects of card-fraud had their first hearing in court. Several media publicized the news (in Dutch). The suspects are part of an international operating group of criminals and the investigations spread over several European countries.

One detail of the news caught my attention: the skimming was done by replacing the card-readers used for two-factor authentication at internet banking. The catch: these readers can't read the magnetic strip of the card at all, they only talk to the chip on the card. And exactly this chip is introduced to make skimming impossible. So I decided to dig a bit deeper in this case.

Lets start with a bit background: originally the European payment cards all had only only a magnetic strip, just like the cards in the USA today. To be able to offer extra services, the payment companies and banks decided to introduce chips on their cards. Last years, to stop the fast rise of skimming, payment cards the European payment companies and banks have decided to speed-up the introduction of the chips, because the chip should provide better protection against skimming.

An other use of the chip on the banking cards is two-factor authentication for internet banking. The two-factor authentication for internet banking is done by placing the card a special reader. This reader has two modes of operating: identifying and signing. For identifying, the PIN entered on the keypad of the reader is passed to the card. If the PIN is valid the card returns an one-time-password to the reader, that displays it on its screen. Signing is done quite similar except that after entering the PIN you also need to enter one or more numbers given by your bank. One of them can be the amount of the transaction. This way, even when the computer you are banking from is compromised, you can notice it when you do your on-line banking.

To understand what the criminals did, a final piece of background information is needed: many banks in the Netherlands have in their offices terminals where customers can log in to their internet banking account. This is a service for customers who can not or do not want to do their internet banking at home. Beside each terminal there is a card-reader to do the authentication.

So what did the criminals do? They simply switched the card-readers in the bank-office for compromised readers. After some time they returned to read out the data collected from the chips and the PINs entered in the reader. That data was used to steal money from the customers accounts. So far the facts that have been confirmed by both the prosecutor and the ABN-Amro bank.

The impact of this theft for the security of internet banking and the use of the chip is quite dramatic:

There are such things as 'compromised readers' and they are used by criminals. Because the reader is an essential step in creating safety while internet banking, you should guard your reader like you would guard your payment card.
You can't trust the facilities in offices of your bank any more. Doing your internet banking in the office of your bank is just as insecure, or even maybe more insecure, than doing it in an internet cafe.
And last but not least, the chip cards, widely presented as solution for skimming, apparently is not that resilient against skimming after all. It can be skimmed about as easy as the old magnetic strip.

That last point needs some more investigation: how is it possible that a chip that is designed to cryptographically guard its secrets, reveals its secrets so easily? I asked the ABN-Amro bank, the one who's cards were skimmed, for details on this incident but they refused to give any comments on this incident except that 'the e.dentifier' (the name they gave their card-reader) is still safe – a statement proven to be false by this incident. So I have to make an educated guess. One possible answer comes from the the security research group of the computer laboratory at the university of Cambridge (UK). Their weblog lightbluetouchpaper.org contains a wealth of information on the security of payment cards. This posting and this paper (pdf) seems to deal with exactly this attack: They describe a possibility to skim the type of chip that is used by the ABN-Amro bank: EMV for payments and EMV-CAP for internet banking (see note 1). Before all the cryptography kicks in, the card sends some identification numbers. If the identification number send by the chip is the same as the one used on the magnetic strip, then that number can be used to counterfeit the magnetic strip. Such a copied card can be used in any ATM that doesn't support the chip, for example any ATM in the USA. On many newer cards these two numbers are different, but it is unknown how many cards are in use where these numbers are the same. And if they are the same, skimming the card is easy.

So what really happened is open to speculation. But there are three ways the criminals could get to the money:

By using the magnetic strip. In this case the chip revealed enough information to counterfeit the magnetic strip. To make this possible, the ABM-Amro has used the same identification number for both the chip and the magnetic strip.
By using internet banking. In this case the chip revealed enough information to reproduce the challenge and response for the internet banking. That would mean the EMV-CAP protocol used by the chip for internet banking is big time broken.
By using the chip. In this case the criminals managed to counterfeit an EMV-chip. That would mean that the whole EMV-protocol is even bigger time broken.

I go for the first one. That one is the most probable because this weakness is documented and it is known more banks have made the same error. It is 'just a little' screw-up by ABN-Amro.

But what really annoys me in the whole case, is lack of information from ABN-Amro (and other banks in similar cases). As customer, I want to be able to asses the risks connected to modern payment systems. I want to know when my card is extra vulnerable, I want to know what situations to avoid. I asked them, beside a lot of other questions, to confirm my suspicion and I asked them what cards are vulnerable, but they refused to give any comments. I had to find out from the newspaper that this all took place months ago and it is unknown if there are more cases of skimming the chip. Banking is all about trust, but there is little to trust like this.

note 1
ABN-Amro made the transition from a card reader produced by the Belgic firm Vasco to a new card reader, produced by the Swedish firm Todos. I couldn't get any confirmation yet which card reader, the old one from Vasco or the new one from Todos was compromised. In this press release (which tries to counter the paper 'Optimized to Fail' but doesn't address the problem I describe) Todos reveals the new card reader uses the EMV-CAP protocol. It is almost certain the old reader by Vasco uses the same protocol, the ABN-Amro cards can be used for example also in the reader of the Rabobank. Also note that the ABN-Amro originally didn't use the signing-function to authorize transactions, but the one-time-password function. This was against the guidelines of Vasco and opened the road for the 'banking in silence' trojan. See this blog from me in (in Dutch).

History
4 May 2010: original release
5 May 2010: added the confirmation of the use of EMV-CAP and the note about the different versions of the card reader

The ethics of "I have no secrets"

Winfried Tilanus — Sun, 13 Dec 2009 11:49:00 GMT

Ever since I started working on my presentation at HAR2009, I kept thinking about why people put (very) private things on the internet, visible for everybody. Because of my starting point in my presentation, privacy is a function of the identity creation process and that process is always bound to a relation, I came up with the answer that people put the information about themselves online with a relationship in mind. Their exhibitionistic behaviour is caused by not overseeing what other relations might be based on that information.

Recently I came across several other views on that. They all had in common that they stated that the modern youth has an attitude of sharing. You share everything and take action when you notice the information is misused. If you still keep running into problems because of the information you shared, then you couldn't oversee what could be done with the information about you.

Thinking it over, I think these two views really are the same: in both cases we can't oversee where the information about us is going and what will be done with it. The information about us, travels faster then our ability to comprehend what can and will be done with it. Still we want to share, because the benefits of it have been proven to be bigger than the damages we experience.

And indeed, we do live in a time where the "I have no secrets"-attitude has brought us big advantages. It is a new paradigm on the value of information. Was the old paradigm that information needed to be secret and protected to be valuable, the new paradigm says information becomes valuable when it is shared and increased. In the old paradigm the ethics were based on the ownership of information. In the new paradigm of sharing information, that kind of ethics are obsoleted: the information is out there and there is hardly any owner any more, even when it comes to information about persons. So where should we base our ethics of handling information in the new paradigm on? I believe it should be the responsible use of information: acknowledge the power that comes with the information and make sure that that power is balanced. Every unbalance of power is a potential abuse. And don't put yourself in a position where abuse is a far too tempting option.

Wat neemt de inbreker eigenlijk mee?

Winfried Tilanus — Sun, 13 Dec 2009 09:34:00 GMT

Een recente discussie over disk encryptie deed me terugdenken aan wat ons een jaar of twee geleden is overkomen:

We zaten in de auto terug van een weekje weg toen de politie belde: er was ingebroken in ons huis. Oplettende buren hadden onraad geroken en de politie gewaarschuwd. Het huis was een grote puinbak, we zijn nog twee weken weken bezig geweest met opruimen. Dat waren ook twee weken van boosheid: "wat ben jij een *** om voor een grijpstuiver van ons huis zo een troep te komen maken". Uiteindelijk viel de schade mee. Er was een oude digitale camera, een computermonitor, een palmtop, wat elektrisch gereedschap, oorbellen en een laptop gestolen. Omdat we netjes verzekerd zijn, kregen we alles vergoed. Maar vooral: de laptop was voorzien disk encryptie. Met disk encryptie wordt er een kluis van je harde schrijf gemaakt. Je moet die kluis eerst met een wachtwoord openen, voordat er verder van de schrijf gelezen kan worden. Dat scheelde een boel zorgen: ik wist dat de inbreker of de heler zonder het password niets van wat op de computer stond kon lezen.

Tot mijn grote opluchting had de inbreker mijn desktopcomputer laten staan. Die was niet voorzien disk encryptie. Als mijn desktopcomputer meegenomen was, had ik de schade niet kunnen overzien. Persoonlijke mailtjes, privé foto's, alles over mijn financiën, bestanden van mijn werk, gegevens over mijn bankpassen, wachtwoorden... ik zou niet eens kunnen opnoemen wat er allemaal op stond. Welke wachtwoorden zou ik moeten veranderen? Welke pasjes zouden er geblokkeerd moeten worden? Welke foto's zouden er opduiken op het internet? Ik zou een heleboel mensen moeten waarschuwen, van zowel mijn werk als privé. En ik zou veel langer dan die twee weken bezig zijn geweest om de schade te herstellen.

Wat een opluchting kan disk encryptie toch zijn, ik wil niet meer zonder....

Update 21 jan 2010: zie ook: https://www.bof.nl/2009/12/17/tip-bescherm-je-gegevens-met-encryptiesoftware/

Cloud security

Winfried Tilanus — Thu, 26 Nov 2009 12:46:00 GMT

Scott McIntyre, the security officer of XS4ALL, had in his presentation at HAR2009 some hilarious words on cloud security:

Manager: Where is the data?

Sysadmin: In the cloud

Manager: But WHERE is the data?

Sysadmin: In the cloud

Manager: Just tel me, WHERE is that?

Sysadmin: It is in the cloud

Last week ENISA published a report on cloud security. The report makes clear why Scot McIntyres objection is still going strong: a security policy requires clarity over what data is stored where, what protections and controls are in place and how the data is disposed at the end of its lifetime. Many vendors of cloud-services don't tell much about these issues. And if you are working in an environment that requires certifications, then you are totally left alone: these certifications usually aren't applicable to SaaS or cloud computing. Let alone that there are any cloud computing vendors out there that are certified.

But there is hope: the report is co-written by a lot of these vendors. So they acknowledge the problem and they are even asking for certifications for cloud computing. Great! At the next Hxx conference in 4 years, the conversation Scott made up can continue:

Sysadmin: I finally know where the data is and how it is protected!

Manager: Thanks, but get the data out of the cloud. We have something better by now.

Security experts caught with the pants down...

Winfried Tilanus — Thu, 26 Nov 2009 12:11:00 GMT

At this years SecTor conference a security firm accommodated a 'wall of shame', a site were the details of attendees that didn't connect securely to the outside world, were published. Although this was announced on forehand (and has been done before on other conferences), it caused quite an outrage. See Andrew Hays blog for more details.

The complainers gave several arguments why this was wrong:

It was illegal.
The conference tries to interest more executives to the field, this scares them of.
The network suggested the attendees could protect themselves, but were 'lured' into it, there was a false sense of privacy.
The wall of shame was accomodated by a private firm, the conference organisers should not trust a third party with something like this.

Well I think these arguments are a bunch of crap and the bottom line is: a lot of security experts were caught with their pants down and are unable to deal with it.

Let me explain that a bit:

Bad guys don't care if something is illegal or not. Laws can't replace security.
This was a perfect showcase why network security is so important and I can't imagine a better way to educate executives.
Security experts should not be fooled by a false sense of security, they should know what is really secure and what isn't.
And once your data has been breached, you should be happy you were told it was breached: usually you have to find out the hard way. Who breached it doesn't change the fact that your data was breached at least once.

Anyway: anybody who connects while on the road, should have the security measures against exactly this attack already in place.

The reaction of the complaining security experts is very disappointing. There are only two sensible reactions to something like this: lick your wounds and make sure it never happens again or say the risk isn't big enough to mitigate it. Security experts should know better then start crying over the injustice done.

The real problem is that conferences like these are crowded with vendors of magical boxes that should mitigate exactly this problem and a lot of the visitors make their living out of implementing network security. And now they are caught with their pants down: they aren't protected themselves! So either the products they sell don't mitigate the problem they are supposed to mitigate, or their products are so user unfriendly that they don't use it themselves or they make their business out of mitigating a risk they don't really regard a risk themselves. Either way, this incident is showing there is something fundamentally flawed with the security that is sold on conferences like these. And more severe: these "security experts" aren't up to admitting it.

(old post written on 2009-10-21 for another forum)