Category: Security

Security is immunity from the will of others.

GMail security hole

Path to Marston

As people who read techie news pages like Engadget and Slashdot already know, a somewhat serious security flaw in GMail has recently been uncovered. Specifically, when you are logged into GMail in one browser window or tab, any other site you visit can grab your entire contact list. Whether that is a serious leak or not is a matter of perspective. Certainly, it exposes all of your friends of even more spam than they already receive.

Read the following carefully before you click anything. If you want to see the script that grabs contact lists at work, follow this link. Engadget says it’s “non-malicious,” but the risk is yours. The bug arises from the way in which GMail stores your contacts as a JavaScript file that can be requested by other websites. Google claims they have fixed the bug but, as the link above will prove, they have not.

Plausible attacks

A site that wanted to be really sneaky could exploit this information in many ways. At the very least, it could be used to very easily identify many of the people who are visiting. Knowing someone’s contact list might help in the launching of phishing attacks. It could, for example, make it easier to work out what company someone works for. You could then find out who does their information technology and send spoofed emails that seem to come from the IT department, asking for passwords or other sensitive information.

If it is a site that contains content that many people would not want others to know that they view, it could grab the email addresses for people with the same last name as you and threaten to send them information on your surfing history. A less complicated ploy would be to use emails that seem to come from people who you know to get through spam filters. Because of email spoofing, it is very easy to make messages seem to be coming from someone else.

Implications

As someone with 1037 MB of data in my main GMail account – including 14,410 emails and more than 1500 instant message conversations – I am naturally very concerned about GMail security. There is tons of stuff in there that I would be profoundly opposed to seeing on a public search engine, as has already happened in at least one case with private GMail data.

Contrary to their own assertions, Google had analysed and indexed all e-mails processed through their mail service. Due to a mistake made by an administrator, a database of the highly secret project was mirrored onto the external index servers, and as a result, the private mails of thousands of GMail users could be accessed via the search front-end for at least one hour.

Source

Clearly, it would be preferable if GMail started using durable encryption on their archived messages. This would both protect the messages from hostile outsiders and keep Google from doing anything undesirable with them. Even a passphrase based symmetric-key encryption system (perhaps based on AES) would be an improvement. I bet all the students at Arizona State University, which had turned to GMail to provide all their email services would feel likewise, if they knew.

[Update: 8:30pm] This article by Brad Templeton, the Chairman of the Electronic Frontier Foundation, makes some good general points about GMail and privacy.

[Update: 11:00pm] According to Engadget, this hole has been fixed. It’s good that it was dealt with so quickly, but there are still reasons to be concerned about GMail security in general.

[Update: 2 January 2007] The mainstream media has caught up with the story. CBC News: Teen exposes Google security flaw.

[Update: 18 July 2008] GMail just added a very useful ‘Activity on this account’ feature. It tells you (a) whether any other computers are logged into account and (b) when and where the last five logins took place from. This is excellent.

Back in the UK

Istanbul cats

Back in the comparative warmth of Oxford, I am enjoying how it feels to be on a computer with a properly calibrated screen and a keyboard familiar enough to require no peeking. It is gratifying to see how much better my photos look when properly displayed.

Since this is my father’s last night in England, I am not going to spend the three hours or so that it will take to sort through my photos from Turkey, just now. You can expect my previous entries to start getting illustrated as of tomorrow, as well as additional batches on Facebook and Photo.net.

PS. Both my iPod Shuffle and my USB flash drive picked up a few viruses over the course of visiting hostel and internet cafe computers. Thankfully, they are all viruses that only affect Windows machines. Travelers with laptops (or computers running Windows back home) beware. I do feel bad about spreading viruses between all those machines; no wonder they were so slow.

Fraud via disappearing ink

A particularly cunning sort of fraud is occurring in the UK right now: someone comes to your door and convinces you to donate to worthy charity X. You agree, and bring out your chequebook. The fraudster hands you their pen, to fill out the cheque. The ink of of a vanishing sort and, after the transaction, the fraudster traces your signature from the groove in the paper, (generally) re-writes the original amount for the cheque, then puts their own name as the payee. Since most people only check amounts (and banks check nothing at all, unless the customer asserts that fraud has taken place) the fraudster makes off with however many charitable donations.

My personal inclination is to see this as one more among many reasons why cheques are no longer a decent form of payment.

Camera phones and police brutality

One very considerable advantage of the greater dissemination of video phones is increased ability to effectively document police brutality and other abuses of power. A recent example example involves UCLA police officers gratuitously using tazers on students in a library. While that situation cannot be entirely understood from the YouTube video, it supports testimony given elsewhere that the use of force was excessive and inappropriate. Hopefully, these tazer-happy UCLA police officers will end up in jail. At least one other incident filmed with a camera phone and uploaded to YouTube is being investigated by the FBI. That incident is also discussed in this editorial.

As I have said again and again here: protection of the individual from unreasonable or arbitrary power – in the hands of government and its agents – is a crucial part of the individual security of all citizens in democratic states. In a world where normal activities increasingly take place within sight of CCTV cameras, it’s nice to see that recording technology can also work for the protection of individuals or – at least – improve the odds of things being set to rights after abuse takes place.

Just don’t expect for it to be impossible for people to determine whose camera was used to shoot the video. Apparently, output from digital cameras can be linked to the specific unit that produced it.

American midterm elections today

Those looking for more polling data than they will know what to do with, for today’s midterm elections in the United States, should have a look at Pollster.com. For first year M.Phil students nervous about the quantitative methods test, it might be worthwhile reading as well.

I will definitely be watching the news closely between now and whenever the House and Senate races are settled. Hopefully, none of the quite justified concerns about problems with electronic voting machines will manifest themselves. Unfortunately, the vulnerabilities exposed by the Princeton study and others could be exploited in ways that could never be detected by electoral officials. Anyone who thinks that electronic votingi s secure, with paper ballots and automatic auditing of part of the vote, should watch this short video produced by the Princeton team.

No matter which way this election goes, fixing the mechanics of the electoral system should be a huge priority before the 2008 elections. Relevant previous posts:

Also well worth a look:

Revitalized

Bike beside St. Antony's College, Oxford

Essentially back to back this evening, I had two of the best lectures since arriving in Oxford. It was a well-timed reminder of why it is so valuable to be here, and the kind of knowledge and people one can be exposed to in this environment.

The first speaker was Hilary Benn, appearing as part of the Global Economic Governance series. He is the Secretary of State for International Development in the current British Government. His speech took in everything from institutional reform at the World Bank to what should be done in Darfur. While he may have oversimplified a great deal at times, it was nonetheless refreshing to hear a government official saying some very sensible and progressive things about the role Britain should play in the world. During the question session, I asked him about his department’s policy position on West African fisheries. He advised me to write him a letter, and promised a detailed response. Thanks to an aid, I have the real email address of a British cabinet member in my pocket. I will come up with a cover letter that addresses the major points, then include a copy of the article in print in case he (or a staffer) wants more detail.

The second speaker, through the Strategic Studies Group, was Rear Admiral C.J. Parry. I spoke with him during dinner about his aviation experience (he actually flew a V-22 Osprey). His talk, in the capacity of Director General of Development, Concepts and Doctrine for the Ministry of Defence at Shrivenham, was a look forward into major strategic threats in the next thirty years or so. That said, it was a candid and engaging presentation that has sparked a lot of thought and debate – exactly what the mandate of OUSSG is to provide.

§

Sorry if this is all a bit breathless, but I suddenly feel as though I have a lot to do – and not just in terms of the thesis work I have been dreading.

PS. Both Kai and Alex are back, which adds to my sense of rejuvination. Likewise, the opportunity that has been afforded to see the friendly trio of Bryony, Claire, and Emily was most welcome. Indeed, seeing all members of the program has felt a bit like suddenly being surrounded by friends in Vancouver. Things with my new college advisor – Robert Shilliam – are also going well.

PPS. I have my first free Wadham high table dinner booked for tomorrow, as part of the Senior Scholarship.

Protecting your computer

Beaumont Street, Oxford

At least once or twice a month, someone who I know endures a computational disaster. This could be anything from a glass of wine spilled on a laptop to some kind of complex SQL database problem. In the spirit of Bruce Schneier, I thought I would offer some simple suggestions that anyone should be able to employ.

The most important thing is simply this: if it is important, back it up. Burn it to a CD, put it on a flash memory stick, email it to yourself or to a friend. The last thing you want is to have your laptop hard drive fail when it contains the only copy of the project you’ve spent the last month working on.

Now, for a quick list of tips. These are geared towards university students, not those with access to sensitive information or large amounts of money:

  1. Do not trust anything you see online. If you get an email from ‘PayPal’ or your bank, assume it is from someone trying to defraud you. It probably is. Likewise, just because a website looks reputable, do not give it any sensitive information. This includes passwords you use for things like your bank.
  2. Never address email messages to dozens of friends. Lots of viruses search through your computer for email addresses to sell to spammers or use for attacks. If anyone in that fifty person party invitation gets a virus, it could cause problems for all the rest. If you want to send emails to many people, use the Blind Carbon Copy (BCC) feature that exists in almost all email programs and web based email systems.
  3. If you run Windows, you must run a virus scanner. All the time. Without exception. If you run a Mac, run one in order to be sure you don’t pass along viruses to your friends. Both Oxford and UBC offer free copies of Sophos Antivirus. Install it and keep it updated.
  4. Run a spyware and adware scanner like AdAware often. If you are not doing advanced things with your computer, be proactive and use something like Spyware Blaster. (Note, some of the patches it installs can cause problems in rare circumstances.)
  5. No matter what operating system you run, make sure to apply security updates as soon as they come out. An unpatched Windows XP home machine is basically a sitting duck as soon as it is connected to the internet. See this BBC article.
  6. Only install software you really need. Lots of free software is riddled with spyware and adware that may not be removed when you uninstall it. Especially bad for this are some file-sharing programs. If you do any kind of file sharing, the importance of having a virus scanner becomes imperative.
  7. Never use secret questions. If you are forced to, fill the box with a long string of random letters and numbers. If you cannot remember your passwords, write them down and guard them like hundred dollar bills.
  8. For your web browser, use Firefox. Safari is fine, but you should never use Internet Explorer. If a website forces you to (especially something like a bank), complain.
  9. If there is something you really want to keep secret, either keep it on a device not connected to any network or encrypt it strongly. A user-friendly option for the latter is PGP. Whether it is some kind of classified research source or a photo of yourself you never want to see on the cover of the Daily Mail (once you are Prime Minister), it is best to encrypt it.
  10. Avoid buying compact discs that include Digital Rights Management (DRM). Many of the systems that are used to prevent copying can be easily hijacked by those with malicious ends. See one of my earlier posts on this.
  11. If you have a laptop, especially in Oxford or another high theft area, insure it. They can be stolen in a minute, either by breaking a window, picking a lock, or distracting you in a coffee shop. Aren’t you glad you made a backup of everything crucial before that happened?
  12. If your internet connection is on all the time (broadband), turn your computer off when you aren’t using it.

Basically, there are three big kinds of risks out there. The first is data loss. This should be prevented through frequent backups and being vigilant against viruses. The second is data theft. Anyone determined can break into your computer and steal anything on there: whether it is a Mac or a PC. That is true for everything from your local police force to a clever fourteen year old. Some of the suggestions above help limit that risk, especially the ones about security updates and turning off your computer when it is not in use. The third risk is physical loss or destruction of hardware. That is where caution and insurance play their part.

If everyone followed more or less this set of protocols, I would get fewer panicked emails about hard drives clicking and computers booting to the infamous Blue Screen of Death.

[Update: 6 January 2007] The recent GMail bug has had me thinking about GMail security. Here are a few questions people using GMail might want to ask themselves:

  1. If I search for “credit card” while logged in, do any emails come up that contain a valid credit card belonging to me or to someone else? I only ask because that is just about the first thing that someone malicious who gets into your account will look for. “Account number” and similar queries are also worth thinking about.
  2. Can someone who gets the password to my Facebook account, or some other account on a trivial site, use it to get into my GMail account?
  3. Have I changed the password to my GMail account in the last few weeks or months?

If the answer to any of those is ‘yes,’ I would recommend taking some precautionary action.

More split nuclei

On 16 July 1945, the United States did it. The Soviets followed suit on 29 August 1949, followed by the UK on 3 October 1952. The French followed on 13 February 1960, followed by China on 16 October 1964. On 18 May 1974, India joined the club, with Pakistan doing so on 28 May 1998. Israel and/or South Africa may have tested on 22 September 1979, in an incident detected by an American satellite.

As of 9 October 2006, North Korea seems to have tested a nuclear bomb. It makes you wonder how many more states will do so in the next fifty years, as well as what the security character of the Southeast Asian area, in particular, will be by then.

That said, while they seem to have scientists and engineers capable of making nuclear weapons, the North Koreans don’t seem to have staff capable of producing a particularly cogent English press release:

The nuclear test was conducted with indigenous wisdom and technology 100 percent. It marks a historic event as it greatly encouraged and pleased the KPA and people that have wished to have powerful self-reliant defense capability.

Since this test was pretty clearly meant for American audiences, you might have expected them to pay more attention to their wording. I suppose multi-kiloton underground blasts speak louder than press releases.

Despite such nationalist rhetoric, the test seems more likely to endanger the average North Korean than help them. In the short term, there is the danger that someone will try to strike their nuclear capability before they develop credible delivery systems. Also, as The Economist identifies: “[T]he immediate threats from North Korea’s new capability come from radioactive leaks into the atmosphere and North Korea’s groundwater.” Finally, the test risks sparking a nuclear arms race in Asia that threatens the security of the whole region, at least.

[Update: 1:30pm] Based on my server logs, lots of people have been looking for these photos of test sites in Nevada during the last few days. Google still hasn’t figured out that this site has moved to WordPress. In any case, the photos show one of the ugly legacies of testing and reinforce the point that, while world should be moving towards nuclear disarmament, the converse seems to be taking place.

On electronic voting

There is some controversy in The Netherlands right now about electronic voting. A group has gotten hold of a voting machine, discovered that the physical and software security therein is very weak, and otherwise established the possibility that determined individuals could significantly impact election results through electronic tinkering.

The advantages of electronic voting are fairly numerous. Firstly, it could be made to happen more quickly. This may advantage the media more than anyone else, but it may as well be listed. Secondly, electronic devices could be made easier to use for people with physical disabilities and the like. Another advantage the system should have is increasing standardization between voting districts. Skullduggery involving dated or problematic machines in districts likely to vote in a certain way has been noted in a number of recent elections. Also, having an electronic record in addition to a paper one could allow for cross-verification in disputed districts. In cases where the results very starkly do not match, it should be possible to repeat the vote, with greater scrutiny.

The answer to the whole issue is exceptionally simple:

  1. You are presented with a screen where you select from among clearly labeled candidates, with an option to write in a name if that is part of your electoral system.
  2. The vote is then registered electronically, by whatever means, and a piece of paper is printed with the person’s choice of candidate, ideally in large bold letters.
  3. For an election involving multiple choices, each is likewise spelled out clearly. For instance, “I vote NO on Proposition X (flags for orphans).”
  4. The voter then checks the slip to make sure it is correct, before dropping it in a ballot box.
  5. These are treated in the standard fashion: locked, tracked, and observed before counting.
  6. The votes are tallied electronically, with a decent proportion (say, 20%) automatically verified by hand.
  7. If there is any serious discrepancy between the paper and electronic votes, all the paper ballots should be counted. Likewise, if there is a court ordered recount on the basis of other allegations of electoral irregularity.

Electronic systems have vulnerabilities including hacked polling stations; transmission interception and modification; as well as server side attacks where the data is being amalgamated. Paper systems have vulnerabilities relating to physical tampering. Maintaining both systems, as independently as possible, helps to mitigate the risks of each separately and improve the credibility of the process. It is like having both your bank and your credit card company keep separate records of your transactions. If they do not match, you have a good leg to stand on when alleging some kind of wrongdoing.

This system could use relatively simple electronic machines, and may therefore actually cost less in the long run than all paper balloting. Critically, it would maintain an unambiguous paper trail for the verification of people’s voting intentions. Companies that deny the importance of such a trail are either not thinking seriously about the integrity of the voting process or have self interested reasons for holding such a position.

[Update: 14 October 2006] The Economist has a leader on electronic voting machines and the US midterm elections. They assert, in part:

The solutions are not hard to find: a wholesale switch to paper ballots and optical scanners; more training for election officials; and open access to machine software. But it is too late for any of that this time—and that is a scandal.

Quite right.