General Musing

blaze your trail

Posts Tagged ‘risk

On Failing Gracefully #security #risk

with one comment

Failing gracefully is one of the most important things, whether it is your responsibility or not ultimately customers believe it is your responsibility to perform in extraordinarily difficult situations. Some companies forget this and force their view and ideas of the world on their customers, that’s one of the quickest ways to turn customers into ex-customers.

I was inspired when I was at a customer site checking my Google Reader and selected Little Gamers, which is considered profanity according to the content filter, and received the message below. I could see the item in Google Reader when I used https rather than http to access Google Reader, although the cartoon was obviously blocked due to the content filter.

This is a fine example of failing gracefully.

Image source: Jason Coleman

Written by Daniël W. Crompton (webhat)

February 15, 2011 at 9:25 am

Posted in business, risk, security

Tagged with , , ,

Proof of Concept: RAM Disk for your own Protection #police #law #government

with one comment

Museum Boerhaave – 1930 Wiess electromagnet

In continuation of my article: Data Erasing for your own Protection I got into a discussion about other ways to protect you data from law enforcement.

I was told by a former law enforcement member that after the crime scene has been secured that the the computer tech checks the computer is functional and then has the equivalent of a mover ship the computer, like a box, to the computer lab. The issue with this being that a mercury switch and power source could be used to zap the computer with the needed Gauss to erase/destroy the hard disk.

Another method would be to use a RAM Disk, whether this is a physical[1] or virtual RAM Disk. The first has the advantage that in the case of a brownout the data is saved for X hours, although this could be a disadvantage too, another disadvantage is that you may have a memory limit which is imposed by the hardware. The advantage over the physical RAM disk is that a higher amount of memory can be allocated, although you don’t get the protection from brownouts.

Important to also remember is that there is also a data remanence with data in RAM[2], which also should to be mitigated. This may be possible by passing an electric charge over the memory to erase them, although I have yet to find relevant references.

A third method may be by raising the temperature of the hard disk to above the Curie Point[3], which with effect the magnetics of the disk. I will need to investigate this more too.

Embedding part of the computer in epoxy still applies to all the above.

  1. Gigabyte I-RAM DDR PCI Virtual RAM Disk Drive SATA W/ Backup Battery – backup power lasts ~16 hours and it supports 4Gb RAM.
  2. Data remanence: Data in RAM
  3. Curie Point

Image source: Michiel2005

Written by Daniël W. Crompton (webhat)

January 23, 2011 at 8:51 am

Proof of Concept: Data Erasing for your own Protection #police #law #government

with 6 comments

Museum Boerhaave – 1930 Wiess electromagnet

I’ll describe the problem I think that you have: You have data stored on computers which you don’t want the police or the governments to have, something that cryptography can not protect, as XKCD so eloquently puts in the cartoon below. You are not the only one: internet companies; financial institutions; churches; organizations working for freedom; lawyers; criminals and innocent individuals all need to protect themselves.

It’s possible to use something like Darik’s Boot and Nuke (DBAN) which is a self-contained boot disk that securely wipes the hard disks of most computers, however this takes time sometimes a number of hours and requires human interaction. Time that may not be available if the long arm of the law comes down on you like a ton of bricks. And it can even be the case that the power is shut off before the computer is secured, the police do this to keep the data on the computer secured for the investigation. So I thought about what would be needed to magnetically erase the hard disk.

Firstly I read that a hard disk should be degaussed, which is what decreasing or eliminating an unwanted magnetic field is called, with a electromagnet and not with a rare-earth magnet.

Secondly I read that degaussing can cause permanent irreversible damage to hard drives which means they are not reusable. Unlike tapes the mechanism to read the magnetic track is part of the device and is also magnetic. So don’t expect to be able to use the disk after you have tested the electromagnet.[1]

Security

Thirdly the magnetic induction (also referred to as magnetic flux density or saturation flux density) needed to correctly erase some hard disk can be from 6000 – 7000 gauss (0.6 – 0.7 tesla), an NSA approved degausser puts out 22000 gauss (2.2 telsa). From some sources[2] I learned that mostly the core of electromagnets is made from a magnetic material – power ferrite – which has a magnetic flux density of under 4000 gauss, this wouldn’t be enough. A different material would be needed for the core of the electromagnet. I discovered that MPP (molypermalloy powder) material has a magnetic flux density of 7000 gauss, which is what is needed for this PoC. Iron powder and high-flux can yield 10000 and 15000 gauss respectively.

Fourth you need thick copper wire wound round the core, this is called a solenoid. This creates the B-field which is the magnetic field which will erase the hard disk, using a gauss or EMF meter it is possible to measure the magnetic flux density in gauss or telsa produced by your electromagnet and experiment with getting the level to 6000-7000 gauss.

Fifthly you need an Uninterruptible Power Supply (UPS), this will ensure that when the power is switched off that the electromagnet is powered up to erase the hard disk.

Lastly you need to install your electromagnet round your hard disk, hook up the UPS and fill the computer with epoxy so it cannot be taken apart by the police. Let’s just hope you don’t have a brownout. 😉

Sadly this method will not work for solid state disks, although you can possibly attach squibs using a similar setup. That may be something for a future article.

  1. Degaussing : Irreversible damage to some media types
  2. I am creating an electromagnet for my school’s science fair project. Does the shape of the iron core make a difference? […]

Image source: Michiel2005

Written by Daniël W. Crompton (webhat)

January 19, 2011 at 12:43 pm

Proof of Concept: Simple Authenticated Internet Access

leave a comment »

Sitting in the train at Amsterdam’s “Centraal Station” I was considering what the simplest method would be to provide public authenticated internet access – such as the one I was using in the train – with a payment/self-service to track the users. I’m not saying that this is possible to do with low end systems such as your provider gives away as part of the DSL subscription.

I’m into quick paper prototypes, so there could be an even simpler way in practice, and I think I mostly covered it in the diagram.

Simple Authenticated Internet Access Diagram

  1. Firstly the client must be able to connect, which is symbolized by this arrow. I don’t want the user to be redirected to the internet immediately so I have the “proxy” redirect the user, this could be based on the MAC address that the user’s computer broadcasts to the Access Point, IP allocated in the DHCP lease, or both. The risk here is that the IP and MAC can both be spoofed. In a system for which payment is needed the risk is theft of the connection from the real customer or a DoS due to the IP address collision. The choice here is to accept and budget for it, making all the honest customers pay for the crimes perpetrated against them, or reduce this by using the Access Manager (AM) to ensure that the current user is the user who authenticated by using some browser magic.
  2. The user goes to the Self Service and either creates and pays for an account, or requests some type of (limited/trial) access. There is a risk here that identity theft can take place, as the network is not secured with a password, and this risk can be reduced by using SSL to encrypt the session.
  3. The user then uses the created data to authenticate, again this risk can be reduced by using a SSL connection.
  4. After authentication the user session is passed on to the AM.
  5. The AM checks the access rights for the user/session and passes this data on to the Self Service so the user can see the current status of the account.
  6. The “proxy” is also updated at the same time as the Self Service, this to ensure that the user can make use of the service that has been acquired.
  7. The user starts to use the service which has been acquired. To avoid the theft of the user’s information due to an insecure wifi network the choice can be made to tunnel the connection to the internet over SSL, the issue is naturally that each page or item will get a SSL security warning. And this may give issues with sites which do use SSL. The simplest strategy is to warn the customers of the risk during the Self Service in a EULA that they will never read, although the nicest way would be to warn them in a more prominent way – still the treatment of this risk is to not become involved in any resolution.

Any comments?

Image source: purpleslog

Written by Daniël W. Crompton (webhat)

January 3, 2011 at 8:30 am

A catalog of this year’s risky articles #2010

leave a comment »

Programming Hands

Risk is something which can be difficult to evaluate for the average person, there is a lot of work which goes in to learning not to do the two things that people usually do when they are confronted with risk:

  1. Ignore
  2. Overreact

It looks like every man and his dog needs to have a Facebook page, even banks…

It has been almost 1.5 weeks since Google’s FeedBurner removed the Frie…

Some days ago I tweeted to Prosper, a personal loan marketplace, whether they…

I don’t really think most people get “it” when it comes to …

Just noticed that Google Translate translates the name of the Dutch social ne…

I find a 400 plus page manual of office policies and job descriptions for eac…

In the last two days I’ve not been posting so much, and focussing on up…

I started playing with Google Scribe and wanted to see if patterns emerged so…

I have my Google account set up with English as the preferred language, my br…

For the last 2 years LinkedIn has been running a bad poor IT management depar…

When I just started I too had trouble with getting all the items I required t…

On August 11th 2007 I exceeded my GMail quota, I blogged about it here. At th…

Brian Szymanski send a reply to me concerning another bank implementing SMS b…

I don’t understand why url expansion after url shortening is such an is…

I just read an article Web Coupons Know Lots About You, and They Tell in the …

This morning/night China’s networks were sending rerouting messages to …

The lack of trained and experienced computer security people working in small…

Last week I saw an episode of a popular Dutch Ombudsman program Kassa, they r…

After seeing a program about a lifecoach trying to find the time to get his p…

Image source Radio Nederland Wereldomroep

This year’s articles about programming #2010

leave a comment »

Programming Hands

In 2010 I was less focussed on programming articles on the blog than previous years, still I have managed to create some interesting articles with code in 2010. This is an overview of the activity:

Having some fun today with QR codes, JavaScript and the Google Analytics URL …

The only questions that are asked in the Daily Scrum, aka Stand-Up, are: What…

UPDATE: GMail has introduced my number 3. YEAH! (Gmail introduces Priority In…

I like YouTube, and often subscribe to new channels and unsubscribe after a w…

Since I started working for my company I’ve been exposed to PCI DSS (Pa…

I don’t understand why url expansion after url shortening is such an is…

VeriSign – Personal Identity Portal is a OpenID provider with multiple …

Image source D’Arcy Norman

More SMS banking by M&T #sms #bank #risk

with 2 comments

Brian Szymanski send a reply to me concerning another bank implementing SMS banking: M&T. Their demo, which you can find here, shows that currently you can only do balance inquiries, but it is a slippery road to implementing more features.

As I have stated numerous times before, SMS is not a secure method, even discounting the ability to snoop SMS. The sender number embedded in a sms is a 7-bit/11-byte length field containing a trailing F, specifications say this should be decimal semi-octets. What it doesn’t say, but is reasonably well known is that this is to all intents an alpha-numeric field which is set by the sender. This mean using this field you can spoof the sender, and using blind spoofing you may be able to fool the bank into performing a transaction. And if you are like many people you will not type the phone number when you reply you will reply to the message, so there is a possibility to blind spoof the user into performing a transaction or sending you transaction data. Which leaves the possibility of data leakage. Add that to the fact I can get the messages out of the air, and can either decrypt them or make rainbow tables[1]. There are so many attack vectors in SMS banking that I believe it’s not secure.

From GSM service security:

GSM uses several cryptographic algorithms for security. The A5/1 and A5/2 stream ciphers are used for ensuring over-the-air voice privacy. A5/1 was developed first and is a stronger algorithm used within Europe and the United States; A5/2 is weaker and used in other countries. Serious weaknesses have been found in both algorithms: it is possible to break A5/2 in real-time with a ciphertext-only attack, and in February 2008, Pico Computing, Inc revealed its ability and plans to commercialize FPGAs that allow A5/1 to be broken with a rainbow table attack. The system supports multiple algorithms so operators may replace that cipher with a stronger one.

If they stick to balance inquiries then it can be an acceptable risk, I even do balance inquiries using MSN with my bank, and this only slightly better security wise.

  1. Research May Hasten Death of Mobile Privacy Standard

Written by Daniël W. Crompton (webhat)

April 22, 2010 at 12:33 pm

Posted in business, finance, risk

Tagged with , , ,

%d bloggers like this: