security

Brandeis on openness in business, society, & government

From Bruce Schneier’s “Brandeis Quote on Openness“:

Louis D. Brandeis, Other People’s Money and How the Bankers Use It 92 (1914): “Publicity is justly commended as a remedy for social and industrial diseases. Sunlight is said to be the best of disinfectants; electric light the most efficient policeman.”

[Note: Also in Harper’s Weekly, Dec 20 1913]

Brandeis on openness in business, society, & government Read More »

How to fake an anthrax scare

From Bruce Schneier’s “White Powder Anthrax Hoaxes“:

Earlier this month, there was an anthrax scare at the Indonesian embassy in Australia. Someone sent them some white powder in an envelope, which was scary enough. Then it tested positive for bacillus. The building was decontaminated, and the staff was quarantined for twelve hours. By then, tests came back negative for anthrax.

A lot of thought went into this false alarm. The attackers obviously knew that their white powder would be quickly tested for the presence of a bacterium of the bacillus family (of which anthrax is a member), but that the bacillus would have to be cultured for a couple of days before a more exact identification could be made. So even without any anthrax, they managed to cause two days of terror.

… In an interesting side note, the media have revealed for the first time that 360 “white powder” incidents have taken place since 11 September 2001. This news had been suppressed by the government, which had issued D notices to the media for all such incidents. So there has been one such incident approximately every four days — an astonishing number, given Australia’s otherwise low crime rate.

How to fake an anthrax scare Read More »

Zombies from China attack Internet

From Computerworld‘s “Army of zombies invades China“:

China’s rapid Internet growth has brought with it a somewhat disturbing side effect: multiplying zombies up to no good.

Zombies, or Internet-connected computers infected by worms or viruses and under the control of a hacker, are used to launch denial-of-service (DoS) attacks, or send spam or phishing e-mails. An average of 157,000 new zombies are identified each day, and 20% of these are in China, security company CipherTrust Inc. reported this week.

… “Criminals look for a weaker link, so places like China, or anywhere behind the U.S. in terms of computer literacy, are a good target,” Stanley said.

China’s fast-growing Internet population is also an attraction, he said. As of January, there were 94 million Internet users in the China, up 18% from the year before, according to the China Internet Network Information Center (CNNIC).

Zombies from China attack Internet Read More »

Global secrets are poor security

From Bruce Schneier’s “The Keys to the Sydney Subway“:

Global secrets are generally considered poor security. The problems are twofold. One, you cannot apply any granularity to the security system; someone either knows the secret or does not. And two, global secrets are brittle. They fail badly; if the secret gets out, then the bad guys have a pretty powerful secret.

This is the situation right now in Sydney, where someone stole the master key that gives access to every train in the metropolitan area, and also starts them. …

Another problem with global secrets is that it’s expensive to recover from a security failure. …

A final problem with global secrets is that it’s simply too easy to lose control of them.

Global secrets are poor security Read More »

Interesting way to acquire someone’s signature

From Simson Garfinkel’s “Absolute Identification“, chapter 3 of Database Nation:

Already, the United Parcel Service, the nation’s largest package delivery service, is also the nation’s leader in biometric piracy. For most packages, UPS requires that a signature be written to serve as proof of delivery. In 1987, UPS started scanning the pen-and-ink signatures recorded for each package delivery. These images were stored in a database and faxed to any person who called UPS’s 800 number and asked for a ‘proof of delivery’ receipt. In 1990, UPS improved its piracy technology by equipping its drivers with portable electronic computers called DIADs (Delivery Information Acquisition Devices). Each computer has a built-in bar code reader and a signature pad. When a delivery is made, the UPS driver scans the bar code on each package and then has the person receiving the delivery sign for the package. The bar code number and the handwritten signature are recorded inside the DIAD, and ultimately uploaded to the company’s databanks.

The push to make signatures available in electronic form came from UPS customers, Pat Steffen, a spokesperson for UPS, told me when I called the company to complain about the practices. Signatures are considered proof of delivery. Digitizing that proof allows UPS to manipulate it like any other digital data. The faxed proof-of-delivery certificates are sent automatically from UPS computers, she explained. It’s also possible for UPS customers to download tracking software and view the signatures directly on their personal computers.

Ironically, by making a person’s written signature widely available, UPS is helping to dilute the written signature’s very value. Once the signature is digitized, it’s easy to manipulate it further with a computer–for example, you can paste it at the bottom of a contract. UPS’s system is particularly vulnerable: any package can be tracked as long as you know the package’s airbill, and UPS issues its preprinted airbills in sequential order–for example, ‘0930 8164 904,’ ‘0930 8164 913,’ and ‘0930 8164 922.’ An attacker can easily learn a company’s UPS airbill, use that airbill to obtain a comprehensive list of every delivery recipient–and then make a copy of every recipient’s signature.

UPS understands the vulnerability, but it can’t address the problem very well. A note on the company’s web site says:

UPS authorizes you to use UPS tracking systems solely to track shipments tendered by or for you to UPS for delivery and for no other purpose. Any other use of UPS tracking systems and information is strictly prohibited.

But, realistically speaking, UPS can do little to prevent this kind of attack. ‘If someone wants to go out of their way to get package numbers, it can be done. If someone wants to go out of their way to do anything, I suppose that’s possible. It is not an easy thing to do,’ said Steffen. Guessing would be harder, of course, if UPS used longer airbill numbers and didn’t issue them in a predictable sequence.

Interesting way to acquire someone’s signature Read More »

Better technical security increases personal risks

From The New York Times‘ “They Stole $92 Million, but Now What?“:

Just one week ago, Colin Dixon, the manager of a depot where bank notes are stored, was driving home on a quiet Tuesday evening when what he thought was a police car with flashing blue lights pulled him over.

It was the beginning, as it turned out, of Britain’s biggest ever cash caper. Seven days later, a staggering $92 million — around twice the previous record in a country that seems to specialize in mind-boggling robberies — seems simply to have disappeared.

The men who ordered Mr. Dixon, 51, to pull over were not police officers but hoodlums who bundled him into their Volvo and handcuffed him. According to police accounts, he was told that his wife, Lynn, 45, and son Craig, 8, would be shot if he did not cooperate.

Less than two hours later, more bogus police officers called at Mr. Dixon’s home in Herne Bay and told his wife that he had been in an accident. She and her son believed their story and walked into captivity. The family was reunited at a farmhouse, then driven to the depot at Tonbridge, in the county of Kent southeast of London, according to police accounts. Then their ordeal really began. …

The haul was enormous even by the standards of a land that likes to express its criminal landmarks through thefts of industrial proportions — more than twice the $45 million taken in a caper at Northern Bank in Belfast, Northern Ireland, in December 2004, at that time the biggest cash robbery on record. The Irish Republican Army was blamed for that robbery.

But one similarity between the robberies has raised worrisome questions about the way money is protected.

In both cases, employees and families were taken hostage, forcing managers to help the thieves. And so the most vulnerable point in guarding the cash has become the people who know the codes and procedures to bypass sophisticated security systems.

Such tactics “are part and parcel of the shift towards the technologized management of money,” said Tim Newburn, a professor of criminology at the London School of Economics.

According to the BBC, such abductions are known as tiger kidnappings, because the victims are stalked before they are seized. “Tiger kidnapping requires a detailed knowledge of staff — their journeys, their responsibilities and their families — which often comes with the help of a current or former employee.”

In other words, an inside job.

Better technical security increases personal risks Read More »

Why people don’t use firewalls

From the Windows OneCare Team Blog’s “Windows OneCare Firewall – Keepin’ it Green, Part I“:

Through a combination of surveys, emails and customer communication, we maintain a close watch on the “health” status indicators, such as, percent of users with anti-virus out of date, or the ratio of customers that are regularly backing up files.

… Recently, we have noticed a slight increase in the number of people turning off their firewall, with a corresponding decrease in the number of green machines.

Based on our investigation, there are four primary reasons people are turning off their firewall.

1. Do not think a software firewall is necessary
2. Do not like the (sometimes incessant) pop-up dialogs
3. An application failed to install with firewall turned on
4. An application fails to work with firewall turned on

Why people don’t use firewalls Read More »

MTBU: Maximum Time to Belly Up

From The Register’s “How ATM fraud nearly brought down British banking“:

And there wasn’t time for the banks to fix the problem if anyone went public with it. Their MTBU was too short. MTBU? That’s “Maximum Time to Belly Up”, as coined by the majestic Donn Parker of Stanford Research Institute. He found that businesses that relied on computers for the control of their cash flow fell into catastrophic collapse if those computers were unavailable or unusable for a period of time. How long? By the late 1980s it had fallen from a month to a few days. That’s not a good thing; it meant that a collapse of the computers that any UK clearing bank relied on would destroy it in less than a week.

MTBU: Maximum Time to Belly Up Read More »

Risk management

From Glenn Fleishman’s post to the Interesting People mailing list:

I heard the strangely frank head of TSA on NPR this morning–perhaps he forgot he was speaking to the public?–talk quite honestly about what I would describe as “yield management for risk.”

Basically:

* The pilots are now protected, so the plane won’t be weaponized even if many passengers were to die on board.
* Passengers will overwhelm someone armed with relatively minor weapons, even if some passengers die. That’s acceptable risk.
* A lot of stuff on planes can be used as weapons already (he didn’t elaborate).
* The evaluated risk of smaller knives is low in their testing — meaning whatever air marshalls wear for protection will resist punctures from smaller knives.

He said the focus is now on explosive detection.

Risk management Read More »

How to know if you should worry

From Bruce Schneier’s “Should Terrorism be Reported in the News?” in Crypto-Gram (15 May 2005):

One of the things I routinely tell people is that if it’s in the news, don’t worry about it. By definition, “news” means that it hardly ever happens. If a risk is in the news, then it’s probably not worth worrying about. When something is no longer reported — automobile deaths, domestic violence — when it’s so common that it’s not news, then you should start worrying.

How to know if you should worry Read More »

Shoehorning drivers licenses

From Bruce Schneier’s “REAL ID” in Crypto-Gram (15 May 2005):

REAL ID also prohibits states from issuing driver’s licenses to illegal aliens. This makes no sense, and will only result in these illegal aliens driving without licenses — which isn’t going to help anyone’s security. (This is an interesting insecurity, and is a direct result of trying to take a document that is a specific permission to drive an automobile, and turning it into a general identification device.)

Shoehorning drivers licenses Read More »

Confidential, Secret, Top Secret … and SSI

From Bruce Schneier’s “Sensitive Security Information (SSI)” in Crypto-Gram (15 March 2005):

For decades, the U.S. government has had systems in place for dealing with military secrets. Information is classified as either Confidential, Secret, Top Secret, or one of many “compartments” of information above Top Secret. Procedures for dealing with classified information were rigid: classified topics could not be discussed on unencrypted phone lines, classified information could not be processed on insecure computers, classified documents had to be stored in locked safes, and so on. The procedures were extreme because the assumed adversary was highly motivated, well-funded, and technically adept: the Soviet Union. …

In 1993, the U.S. government created a new classification of information — Sensitive Security Information. The information under this category, as defined by a D.C. court, was limited to information related to the safety of air passengers. This was greatly expanded in 2002, when Congress deleted two words, “air” and “passengers,” and changed “safety” to “security.” Currently, there’s a lot of information covered under this umbrella. …

The rules for SSI information are much more relaxed than the rules for traditional classified information. Before someone can have access to classified information, he must get a government clearance. Before someone can have access to SSI, he simply must sign an NDA. If someone discloses classified information, he faces criminal penalties. If someone discloses SSI, he faces civil penalties.

SSI can be sent unencrypted in e-mail; a simple password-protected attachment is enough. A person can take SSI home with him, read it on an airplane, and talk about it in public places. People entrusted with SSI information shouldn’t disclose it to those unauthorized to know it, but it’s really up to the individual to make sure that doesn’t happen. It’s really more like confidential corporate information than government military secrets. …

The U.S. government really had no choice but to establish this classification level, given the kind of information they needed to work with. For example, the terrorist “watch” list is SSI. If the list falls into the wrong hands, it would be bad for national security. But think about the number of people who need access to the list. Every airline needs a copy, so they can determine if any of their passengers are on the list. That’s not just domestic airlines, but foreign airlines as well — including foreign airlines that may not agree with American foreign policy. Police departments, both within this country and abroad, need access to the list.

Confidential, Secret, Top Secret … and SSI Read More »

Cybercrime more profitable than drug trafficing

From Reuters’ “Cybercrime yields more cash than drugs: expert“:

Global cybercrime generated a higher turnover than drug trafficking in 2004 and is set to grow even further with the wider use of technology in developing countries, a top expert said on Monday.

No country is immune from cybercrime, which includes corporate espionage, child pornography, stock manipulation, extortion and piracy, said Valerie McNiven, who advises the U.S. Treasury on cybercrime.

“Last year was the first year that proceeds from cybercrime were greater than proceeds from the sale of illegal drugs, and that was, I believe, over $105 billion,” McNiven told Reuters.

“Cybercrime is moving at such a high speed that law enforcement cannot catch up with it.”

For example, Web sites used by fraudsters for “phishing” — the practice of tricking computer users into revealing their bank details and other personal data — only stayed on the Internet for a maximum of 48 hours, she said. …

Developing countries which lack the virtual financial systems available elsewhere are easier prey for cybercrime perpetrators, who are often idle youths looking for quick gain.

“When you have identity thefts or corruption and manipulation of information there (developing countries), it becomes almost more important because … their systems start getting compromised from the get-go,” she said.

Cybercrime more profitable than drug trafficing Read More »

A brief history of backdoors

From Network Magazine:

Ken Thompson, a designer of the Unix OS, explained his magic password, a password that once allowed him to log in as any user on any Unix system, during his award acceptance speech at the Association for Computing Machinery (ACM) meeting in 1984. Thompson had included a backdoor in the password checking function that gets included in the login program. The backdoor would get installed in new versions of the Unix system because the compiler had Trojan Horse code that propagated the backdoor code to new versions of the compiler. Thompson’s magic password is the best known, and most complex in distribution, backdoor code.

A brief history of backdoors Read More »

The mystery of the Voynich mss

From John Baez:

A page from the Voynich mssThe Voynich manuscript is by far the most mysterious of all texts. It is seven by ten inches in size, and about 200 pages long. It is made of soft, light-brown vellum. It is written in a flowing cursive script in alphabet that has never been seen elsewhere. Nobody knows what it means. During World War II some of the top military code-breakers in America tried to decipher it, but failed. A professor at the University of Pennsylvania seems to have gone insane trying to figure it out. Though the manuscript was found in Italy, statistical analyses show the text is completely different in character from any European language.

The mystery of the Voynich mss Read More »

Greetings from beyond

From PCWorld.com:

Imagine receiving a new e-mail from an old friend that begins, ‘By the time you read this, I will have passed on.’

It could happen, as a result of a new Internet service called TimelessMail.com . Through this new service (which costs $12 to $24 annually), subscribers create and store e-mail messages containing their final adieu to friends and family. After a subscriber has bought the farm, his or her messages are forwarded to the intended recipients following a verification of Social Security Administration death records. …

Greetings from beyond Read More »

DRM ratchets up, but never quite works

From Edward Felten’s "DRM and the Regulatory Ratchet":

Regular readers know that one of my running themes is the harm caused when policy makers don’t engage with technical realities. One of the most striking examples of this has to do with DRM (or copy-restriction) technologies. Independent technical experts agree almost universally that DRM is utterly unable to prevent the leakage of copyrighted material onto file sharing networks. And yet many policy-makers act as if DRM is the solution to the file-sharing problem.

The result is a kind of regulatory ratchet effect. When DRM seems not to be working, perhaps it can be rescued by imposing a few regulations on technology (think: DMCA). When somehow, despite the new regulations, DRM still isn’t working, perhaps what is needed is a few more regulations to backstop it further (think: broadcast flag). When even these expanded regulations prove insufficient, the answer is yet another layer of regulations (think: consensus watermark). The level of regulation ratchets up higher and higher – but DRM still doesn’t work.

The advocates of regulation argue at each point that just one more level of regulation will solve the problem. In a rational world, the fact that they were wrong last time would be reason to doubt them this time. But if you simply take on faith that DRM can prevent infringement, the failure of each step becomes, perversely, evidence that the next step is needed. And so the ratchet clicks along, restricting technical progress more and more, while copyright infringement goes on unabated.

DRM ratchets up, but never quite works Read More »

Feral cities of the future

From Richard J. Norton’s “Feral cities – The New Strategic Environment” (Naval War College Review: Autumn, 2003):

Imagine a great metropolis covering hundreds of square miles. Once a vital component in a national economy, this sprawling urban environment is now a vast collection of blighted buildings, an immense petri dish of both ancient and new diseases, a territory where the rule of law has long been replaced by near anarchy in which the only security available is that which is attained through brute power. Such cities have been routinely imagined in apocalyptic movies and in certain science-fiction genres, where they are often portrayed as gigantic versions of T. S. Eliot’s Rat’s Alley. Yet this city would still be globally connected. It would possess at least a modicum of commercial linkages, and some of its inhabitants would have access to the world’s most modern communication and computing technologies. It would, in effect, be a feral city.

The putative “feral city” is (or would be) a metropolis with a population of more than a million people in a state the government of which has lost the ability to maintain the rule of law within the city’s boundaries yet remains a functioning actor in the greater international system.

In a feral city social services are all but nonexistent, and the vast majority of the city’s occupants have no access to even the most basic health or security assistance. There is no social safety net. Human security is for the most part a matter of individual initiative. Yet a feral city does not descend into complete, random chaos. Some elements, be they criminals, armed resistance groups, clans, tribes, or neighborhood associations, exert various degrees of control over portions of the city. Intercity, city-state, and even international commercial transactions occur, but corruption, avarice, and violence are their hallmarks. A feral city experiences massive levels of disease and creates enough pollution to qualify as an international environmental disaster zone. Most feral cities would suffer from massive urban hypertrophy, covering vast expanses of land. The city’s structures range from once-great buildings symbolic of state power to the meanest shantytowns and slums. Yet even under these conditions, these cities continue to grow, and the majority of occupants do not voluntarily leave.

Feral cities would exert an almost magnetic influence on terrorist organizations. Such megalopolises will provide exceptionally safe havens for armed resistance groups, especially those having cultural affinity with at least one sizable segment of the city’s population. The efficacy and portability of the most modern computing and communication systems allow the activities of a worldwide terrorist, criminal, or predatory and corrupt commercial network to be coordinated and directed with equipment easily obtained on the open market and packed into a minivan. The vast size of a feral city, with its buildings, other structures, and subterranean spaces, would offer nearly perfect protection from overhead sensors, whether satellites or unmanned aerial vehicles. The city’s population represents for such entities a ready source of recruits and a built-in intelligence network. Collecting human intelligence against them in this environment is likely to be a daunting task. Should the city contain airport or seaport facilities, such an organization would be able to import and export a variety of items. The feral city environment will actually make it easier for an armed resistance group that does not already have connections with criminal organizations to make them. The linkage between such groups, once thought to be rather unlikely, is now so commonplace as to elicit no comment.

Feral cities of the future Read More »

Self-sacrifice in plague time

From The Plague in Britain, on The Science Show:

Outside London, the disease spread wherever the plague flea travelled, and it is thought to have reached the village of Eyam in Derbyshire that September of 1665 in a box of tailor’s samples and old clothing sent to Edward Cooper, a village trader. … by mid-summer 1666 over seventy of the village’s 360 inhabitants had succumbed.

It was [Rev. William] Mompesson, a married man with two children, who took the step that made Eyam famous – he urged his congregation to follow Jesus’s words in the Gospel of St John: ‘Greater love hath no man that this, that a man lay down his life for his friends’. Rather than fleeing the village and spreading the infection around the Peak District, argued the young rector, the community should stick together and help their fellow-men. This, clearly, was to risk their own lives in an act of extraordinary self-sacrifice. The congregation agreed, and for more than a year Eyam became effectively a huge plague house, shut off from the world. Their neighbours, meanwhile, who included the Earl of Devonshire at nearby Chatsworth House, responded to their gesture by leaving food and other provisions at the outskirts of the village. Derbyshire was spared further plague, and Eyam paid the price, losing more than 260 inhabitants, some three-quarters of the population. Among the last to die was Mompesson’s wife Catherine, who had gone from house to house during the outbreak, ministering to the sick.

Self-sacrifice in plague time Read More »