How will Skype impact your business?
In TECHLife Post column today, I talk about how Skype is testing a SIP integration for businesses. This will allow Skype clients to make and receive calls directly from a VoIP-capable PBX.
How will this impact your business?
Sterilizing your laptop for travel
I received an interesting email from a reader. To paraphrase, the question is how one can go about removing all personal information from a laptop prior to crossing the border so that, in the event the computer is searched, one’s email, contact lists, documents, browsing history, etc., remain private.
It’s an interesting question partially because of the technical issues it raises, and partially because, if I had received the same email a few years ago, I might have assumed that the person who wrote it was up to no good and just deleted it. But, today, customs officials in many countries including Canada and the United States have asserted the right to search computer hard drives, including making copies. They apparently don’t even require any probable cause to do so and that makes a lot of people uncomfortable.
Personally, I think these searches are silly. Terrorists already know how to protect their information and anyone caught at the border with child pornography on their hard drive deserves to be arrested and tossed in jail. These searches are security theatre — they give the appearance of doing something while they utterly fail to accomplish their stated goals.
The problem is that these searches can expose our private correspondence, banking information, passwords, sensitive business documents and information with legal privilege to Government agents and it is not clear what they will be doing with it. As a security consultant, you can bet that I’ve read Web pages on topics such as ‘improvised explosives’. I can’t possibly understand how to protect against things I don’t know about. But what will a young, overly-enthusiastic border guard think upon finding it in my browser history? Will he or she consider it within context? Or will I and every person in my contact list be investigated as a potential terrorist?
Some will undoubtedly feel that I shouldn’t write this article. But consider this: Before you drive your vehicle across the border, you have the opportunity to clean it out. You can vacuum the stale fries from between the back seat, remove the half-empty bottle of Jack Daniels from your cooler and ensure that you didn’t accidentally leave a box of shotgun ammo in the trunk on your last hunting trip. You can also empty your briefcase and leave those solicitor-client privileged files at home along with the unfiled patent application for your latest invention. But what about your computer?
The obvious solution is to leave your computer at home, too. But, if you need it to do your job or you’d like to use it to keep in touch with friends and family while you’re on the road, that may not be a viable option.
You could have a second computer that you only use for travel. But that confidential email you read using your Web browser might be cached on the hard drive. And it could stay there for a while.
Hard drive encryption is another option. Full Disk Encryption (FDE) products will encrypt every bit on your hard drive and render it inaccessible without your passphrase. I generally recommend using one of these products because it protects your information if your laptop is stolen. The problem is what to do when border agents demand your passphrase. While some may be prepared to politely decline, many people fear repercussions.
The technical problem you face is that even if you delete everything you don’t need, the files are not actually gone. Anyone with forensic software — and that, presumably, includes the border folks — can recover them. They can recover old email, Web pages you have visited and a long list of other things.
Software exists to clean up your hard drive and overwrite the disk space where files used to be, and that can certainly help. The best known is Evidence Eliminator from Robin Hood Software Ltd. in the UK. I tested a version a few years back and, while it certainly overwrote free space and prevented files from being recovered, it also ironically left a lot of evidence that it had been used. In other words, it will be painfully obvious to anyone with basic forensic training that you used a program called ‘Evidence Eliminator’. And it’s difficult to know how they will react to that.
Another option is to completely overwrite your hard drive using DBAN (a freely downloadable boot CD) and then reinstall the operating system. Frequent travelers could make this process less painful by purchasing a Netbook with a small hard drive, installing all needed applications and then using Norton Ghost to make a copy of the entire system. Next trip, run DBAN and re-image the laptop using Ghost. If sensitive documents are generated while on the road they can be uploaded to a secure server and the system wiped using DBAN prior to the return trip. Alternatively, some organizations provide remote desktop capabilities. This may prove to be an excellent solution for international travelers because all documents and other information remains on the user’s desktop or a corporate server and the notebook computer is used only as a remote terminal.
Finally, one could remove the computer’s hard drive altogether and boot from a ‘live CD’. For example, Knoppix can be downloaded and burned to a CD or DVD and it includes a bootable Linux distribution and applications like OpenOffice. While having no local storage may be inconvenient, if you just need Web access when you are on the road this approach guarantees that no information will remain once you turn off the computer’s power. Every time you boot the computer you have a fresh environment. Low cost USB flash drives can be used for temporary document storage and overwritten or physically destroyed when they are no longer required. Some “live” distributions can also be booted from a USB drive. But you may have to explain your unusual system at the border.
In summary, it’s your computer and there are ways for you to take charge of what information is stored on it. It’s up to you. Choose wisely.
Adobe vulnerability — In perspective
I use a lot of Adobe products. Lightroom, Photoshop, Premiere and Acrobat to name some. So, when blogs started buzzing about an Acrobat vulnerability, they grabbed my attention. And, when my distinguished colleague Larry Seltzer at eWeek.com wrote that “It May Be Time to Abandon Adobe”, I began to wonder if the sky was falling.
Adobe deserves a Colbert-style wag of the finger and I can understand why Seltzer is frustrated by the delay in obtaining a patch. But his suggestion that companies consider dumping Adobe in favour of other third-party pdf readers — that he himself admits also have a track record of security issues — just doesn’t make sense.
Let’s take a look at what happened.
In February, a vulnerability in several versions of Acrobat was discovered. In summary, it is possible to manipulate a pdf document so that your system becomes infected when you open it or under certain circumstances, when your computer indexes it (more on that later).
Things appear to have been quiet until Feb 19th, when various security researchers and vulnerability databases picked it up. Adobe released an advisory the same day and updated it on Feb 24th. The advisory stated that a patch will be available on March 11th. They worked with antivirus vendors to protect customers, released a patch and have information on their blog.
Yes, Adobe had a security defect in their code and took a few weeks to release a patch. Yes they need to be more careful and respond faster. But that’s only part of the story.
Aside from the overly sensationalistic and unbalanced journalism, much of the buzz had to do with the fact that, as Stevens points out in his blog post, infection can occur, “…on a Windows XP SP2 machine with Windows Indexing Services started and Adobe Acrobat Reader 9.0 installed…And the bug happens in a process running with Local System rights!” Nasty indeed, but that is only partially Adobe’s fault.
No process interacting with user data, including an indexing service, should be running with system privileges. It’s the type of stupidity that should cause first year computer science students — and experienced IT writers — to point their finger and laugh. No process indexing a user’s files should have the right to change operating system files. Ideally, the process also should not be able to write to any of the files it is indexing. It doesn’t need those privileges to do the job and it shouldn’t have them. It’s called the Principle of Least Privilege. If the operating system was properly designed, the impact of this code defect would have been significantly decreased.
If we really want to see fewer security vulnerabilities, we need to start better architecting software and operating systems and building-in security, rather than considering it as an afterthought. We need to design systems to tolerate code mistakes without breaching security. It can be done but software developers won’t do it until the market demands it.
Or, I guess you could just take Seltzer’s advice. Dump Adobe, and move to Foxit. That product hasn’t had a security vulnerability announced in two days. And look, it’s the same issue as Adobe. Or take Seltzer’s advice and try Sumatra PDF, an open source solution that has about 200 open defects, some of which are from 2007.
Adobe may not be perfect and the company could have reacted faster. But put away the pitch forks. Or, at least, aim them in the right direction.
Security Apathy
My column in today’s TECHLife Post is largely about how consumer apathy results in poor security. The question is, what do you think?
Lightning in Google’s Cloud
The Net has been thundering over the last few days about a security issue at Google, and some users have reported receiving the following email:
Dear Google Docs user,
We wanted to let you know about a recent issue with your Google Docs account. We’ve identified and fixed a bug which may have caused you to share some of your documents without your knowledge. This inadvertent sharing was limited to people with whom you, or a collaborator with sharing rights, had previously shared a document. The issue only occurred if you, or a collaborator with sharing rights, selected multiple documents and presentations from the documents list and changed the sharing permissions. This issue affected documents and presentations but not spreadsheets.
To help remedy this issue, we have used an automated process to remove collaborators and viewers from the documents that we identified as being affected. Since the impacted documents are now accessible only to you, you will need to re-share the documents manually. For your reference, we’ve listed below the documents identified as being affected.
We apologize for the inconvenience that this issue may have caused. We want to assure you that we are treating this issue with the highest priority.
The Google Docs Team
A lot of people are understandably critical of Google. But the reality is that systems built like this are doomed to suffer security breaches for three reasons:
- There is often little ‘engineering’ in ‘software engineering’. People who design most of the world’s software are ‘software artists’ or ‘software developers’ and apply few, if any, engineering principles to the task.
- Users of these services don’t demand — and often don’t desire — a high level of security.
- The applications rely on a single layer of security.
But the purpose of this article is not to bash Google or software developers. I’ve written software and I’ll be the first to admit that some of it was hacked together as fast as possible for the same reason lots of software is. The vendors provide exactly what the market is asking for. The real problem is us.
When it comes to computers, software and the Internet, we consumers are singing the famous Queen song, I want it all and I want it now. We want instant access to information from any computer. We want sharing it to be very easy. We want it virtually for free and it is never fast enough. And we seldom consider security until something goes wrong.
For some information, security really doesn’t matter. Most of my personal email falls into that category. Sure, I’d prefer that others don’t read it, but reality is that the impact on me if they did would be really small. I use Google Apps for two non-profits I’m involved with. It’s free, reasonably reliable, and it’s not any less secure than using ISP email accounts. But, for other information, the security provided by Google Docs and other, similar services is woefully inadequate.
The problem is that security seldom is free and easy. As long as we insist on being able to walk up to any computer, enter a username and password, and access our data, we will continue to see security breaches escalate. Passwords are a very poor authentication mechanism and using them as the only line of security invites disaster. But we continue to use them because they’re cheap and easy.
PayPal gets it, mostly because, in the financial world, poor authentication directly results in monetary loss. If you’ve been following PayPal, you already know that they’re offering customers the ability to use their mobile phone or a (US)$5 authentication token to protect their account. My guess is that PayPal has begun this as a voluntary measure in order to test it out and gain acceptance, and that they will make it mandatory at some point in the future, as well they should.
Some markets are different. Medical, aeronotical, defence and financial software used by banks are noted exceptions. Some security software is also very well designed. But it’s because in those markets very bad things can happen when the software fails, so customers demand better solutions and are willing to pay for them.
The technology required to make file sharing like Google Docs highly secure has existed for more than a decade. If we cared about security, our browsers would have the ability to encrypt and decrypt files built right in and we’d carry certificates and keys around on a smartcard or USB device. When we wanted our documents, we’d plug in the card or device, use a certificate to authenticate to Google Docs and download the document. Then it would be automatically decrypted. If we cared, we’d use a product like the USB devices from MXI Security that can validate the user’s fingerprint right on the device before giving access. If we cared, we’d demand that Google and other software-as-a-service (SaS) providers apply sound engineering practices so that software bugs don’t result in security breaches. And, if we really cared, we’d be willing to pay at least a bit more to get it.
But, for the most part, we don’t care. And, until we do, these security breaches will continue.
Keep in Touch
Kudos
Recent Comments