Phillip Hallam-Baker's Web Security Blog

Security costs real time and money. What I often find hard to explain to programers is that what they might imagine to be a trivial effort can quickly mount up.

Take for example, the fact that my effort to install Ubuntu to drive my CNC lathe had me drilling into the case of a server with a drill this morning.

Why does it take an electric drill to install ubuntu? Well it shouldn't but it does require a DVD drive as opposed to a CDRom drive as claimed. And I don't have a DVD drive on the ancient machine in question, only CDRom. And the BIOS would not boot from a USB DVD drive. So I have to take the DVD drive out of another aged server, only the key to the case has been lost, hence the drill. And I could not do that last night when the kids were in bed, I had to wait till first thing this morning.

And the need for a DVD drive in turn is caused by the fact that the ubuntu distribution is now 700Mb and the design capacity of a CDRom is 650Mb. So after several hours of 'persuasion' to get the ISO to burn on a CD I found that the drivers on the machine won't boot from a CDRom of more than 650Mb, it just hangs.

And these are the real problems of computer administration. None of these steps is difficult, and the problems will all be forgotten after success is achieved. But each little problem soaks up a few minutes or a few hours of time

Posted by Phillip Hallam-Baker at 8:28 AM | Permalink | Comments (0)

So what is edge caching? Edge caching is simply provision for a network content cache at the point where a local ISP network joins the Internet at large. It is not a new idea, pretty much every Web browser in use today supports HTTP proxy caching. the difference is scale. A HTTP proxy cache does not typically keep copies of video resources.

In recent years edge caching has been rather less fashionable than Napster style 'peer-2-peer'. P2P bypasses the need for the ISP to invest in cache infrastructure by conscripting end user machines as caches. This is good for the P2P provider but very bad for the ISP as the content will now travel over the most constrained part of the ISP's network multiple times.

The value of edge cachine is already known to companies like Akamai of course. But Akamai is a proprietary scheme. Google recently began work to build out a similar scheme and there will be many more as Internet video on demand becomes an increasingly bigger market.

So pity the poor ISP who is expected to provide space and power for all these boxes in their endpoints. If any economics student is looking for a thesis topic, try predicting which parties will benefit from this particular arrangment during the introductory phase and then again some years later once consumers have reliable ways of measuring network performance being delivered.

My rough model suggests that under the proprieatry cache model each party benefits at exactly the wrong time. In the short term, some ISPs may gain a modest revenue stream but in the longer term content is king.

Rather than waiting passively for the content distribution companies to come along with their boxes, a better strategy for the ISPs would be to develop a model that puts the edge cache under their control, allowing the ISP to determine the choice of hardware/software platform and which content content is cached.

The design of a network protocol for such a scheme may be left as an exercise for the (graduate) student. A discovery mechanism will be required (hint, SRV records in the reverse DNS) and some means of breaking content up into manageable chunks. And in the case of really popular content there will be a need for load balancing amongst local servers.

The rather more interesting issue is the security considerations that arise. Who gets to store content? Who gets to retreive it? When is content deleted? How are questions of copyright ownership decided?

Posted by Phillip Hallam-Baker at 6:45 AM | Permalink | Comments (0)

While most of the United States was watching the Pittsburgh Steelers win the superbowl with a last minute touchdown, Comcast viewers in Arizona had their football interrupted by a pornographic video.

While the cause of the disruption is not yet known, it stretches credibility to believe that this was operator error. Most likely it will turn out to be an act of vandalism by a disgruntled employee or an external attacker. In either case, we need to know quickly as casual attacks by vandals tend to be followed by professional attacks for profit.

At a minimum the attacker has demonstrated the ability to map one cable channel onto another. But imagine that the attacker had the ability to inject arbitrary content into the New York city cable feed for Bloomberg or CNBC. It really isn't very difficult to see how a profitable stock manipulation fraud can be set up.

The big problem with electronic media is establishing authenticity. As we come to rely on electronic information sources, the risk of being fed spurious data increases. Unless we take the problem seriously soon, others will force us to take it seriously.

Posted by Phillip Hallam-Baker at 5:21 AM | Permalink | Comments (0)

Last week I attended the GENI workshop at UC Davis. GENI is an ambitious project to build a testbed for next generation network technologies such as new router algorithms.

One reason I am interested is that the GENI testbed would provide an environment that could allow meaningful experiments into security usability. Putting a user in a lab for an hour or so is a great way of working out if they are likely to buy a product or install it correctly. Lab experiments are a lousy way of predicting how a user might react to an unexpected attack in six months time when their own money is at stake.

As with most such projects, the objectives are considerably more ambitious than the funds on offer. This leads me to suggest a way to simplify the project: drop the plans to investigate new routing algorithms.

There are two reasons why routing is not an interesting or important field of study for publicly funded research. The first is that makers of routing hardware are already keenly interested in the problem, the second is that nobody is going to be interested in deploying a radical new routing scheme requiring a completely new suite of systems when Moore's law continues to deliver a 100% increase in gates every 18 months.

But the bigest reason to be suspicious of researching new routing techniques is that we already know an efficiency improvement that is orders of magnitude greater than anything a change to the core router transport makes possible, the problem is that we don't yet know how to deploy it.

As you probably guessed from the title, that efficiency improvement is edge caching. The best way to improve the efficiency of a network is not to send the data at all, or to send it only once. More on that in part II

Posted by Phillip Hallam-Baker at 6:30 AM | Permalink | Comments (0)

If I was an executive of a US bank looking to corner the market in corporate credit cards, I would be telling my management that they had to adopt Chip and PIN immediately or expect to lose the business of corporate international travelers.

You cannot use a US issued credit card in the typical UK store any more. If its not Chip and PIN it simply does not exist as far as they are concerned. Whatever the Visa and Mastercard exchange rules might say on accepting all current cards is irrelevant as far as the underpaid sales assistant is concerned. No chip, no pin means no service.

And the situation is only going to get worse. Chip and PIN does have some security issues, but those reported to date are all due to the need for interoperation with legacy magnetic stripe systems. US banks can complain about their cards not being honored in Europe as per the merchant card agreement, but the European banks are unlikely to be very interested. Chip and PIN has all but eliminated card present fraud.

Posted by Phillip Hallam-Baker at 12:02 PM | Permalink | Comments (0)

The paradox of security is that it is almost always possible to solve any single security problem with a simple and effective solution.

Having problems with spam? Shut down the mail server, or only accept mail from people you already know. Having problems with people posting copyright material on the Web? Allow anyone to shut down any Web site they choose instantly with a phone call.

Worried about the risk of being hoaxed with a prank call? Well hang up on the President elect when he calls you to congratulate you on your election victory.

Security is really easy when you are only concerned about one side of the problem. And that us why so many 'obvious solutions' that are proposed by interest groups are unworkable. The proposers only take time to understand one side of the problem, usually their side of the problem. Then they try to push their solution through by attempting to minimize the significance of the objections of the other side, rather than trying to address them.

The fact that the President may not be able to call a Member of Congress and speak to them for fear of a hoax should be considered a national security concern. As should the risk that a hoax might be perpetrated for malicious purpose.

And it is not just members of Congress. The email lists used during the campaign are still active (Kerry's list from 2004 is also still active). They reach millions of activists. What if someone was to work out a way of engaging those for malicious purposes?

The email problem could be solved today, every communication from a major political campaign should be signed, whether the recipient is a member of Congress or a member of the public. That is what DKIM is designed to permit.

But signing is only one half of the problem, how is the user made aware that the communication is genuine? Here I think we should take a cue from Hollywood. Think of any movie scene in which the President of the United States appears in a video-conference. does the President just appear on the line? No, because even though the President of the United States is going to be recognized on sight, that is not the protocol. What you invariably see in a scene of that type is first an establishment shot for the seal of the President of the United States. Then the President appears.

That is what we should have for Internet communications, and it is something that we could do very quickly for email and extend to other modes of communication in a short period of time.

Posted by Phillip Hallam-Baker at 5:24 AM | Permalink | Comments (0)

The Internet is a big place, it has a billion users and not all of them are honest and some have evil intent. Adults have a difficult enough time keeping safe on the Internet. Now we have children using computers at earlier and earlier ages, how do we control that risk?

As always we have the folk whose answer is 'don't let the kids near it'. Which is often merely a way of evading the problem. One supposedly serious report from a supposedly serious learned medical body tells us that there is no proof that computers do not do harm so the 'safe' option is for parents to ideally stop their children using computers or to seriously limit their use. I found this advice offensive, as anyone with a scientific training shoud. Ignorance is never a sound basis for offering advice to others.

I taught myself to use a computer at 11. I have seen a child teach himself to read using a computer at three. There is no substitute for the human teacher, but it might also be the case that there is no substitute for the computer as well. No human teacher can compete with the patience of the machine.

So how do we start being serious about online child safety.

It occurs to me that one starting point for a serious consideration of online child safety would be to ask computer security specialists what they do. They have (or should) have a much better idea of the potential risks, and they are trained to evaluate potential solutions.

So if you have views on this I would appreciate you sharing them with me by email at hallam@dotcrimemanifesto.com. In particular I am interested in knowing:

• What are the ages of your children?
• Which child online safety issues have you considered?
• What security controls have you employed?
• Are there security measures that someone advised you to use that you consider to be misguided?

You can also comment in this thread by for obvious reasons it is probably not a good idea to mention your own children if you do so.

Posted by Phillip Hallam-Baker at 1:21 PM | Permalink | Comments (0)

Some time ago I posted on the Iranian missiles photoshop hoax (Drowning in disinformation

Well now it appears that one of the sources that pushed the hoax story in the media has itself been involved in a complex hoax of its own. Martin Eisenstdat, purportedly the 'McCain Camp Adviser' who revealled that Sarah Palin did not know Africa was a continent turns out to be a hoax.

So now we have at least two levels of hoax, possibly more. All of which reinforces my original argument that we need to establish more trustworthy sources of information in the Web.

Is the New York Times a trusted source of information? Well this week a fake copy was printed. And what was perhaps more surprising was the fact that a large number of journalists seem to have reported the groups claim to have printed 1.2 million copies without questioning the improbability of financing, let alone perpetrating a hoax on such a scale.

Is nytimes.com a trustworthy source of information? Well not http://nytimes.com/, that is for sure. Not without SSL security at the very least.

Posted by Phillip Hallam-Baker at 8:04 AM | Permalink | Comments (0)

THUS is a part of Cable and Wireless that operates in the UK. It is also a victim of phishing, or at the least brand impersonation.

The scam in this case appears to be an advance fee fraud. People are told that they have a job, they just need to pay for the visa application. The mails are of course sent out by crooks, this is a scam.

There have been similar scams involving lotteries, but these tended to involve the larger companies that could conceivably have a PR budget to do such stuff. this is a scam that can affect pretty much any company larger than a corner shop.

Posted by Phillip Hallam-Baker at 7:37 AM | Permalink | Comments (0)

Now that the 2008 US election is over, the Newsweek reports from reporters embedded in the campaign are coming out.

The top cyber-security news is that the Obama campaign was successfully penetrated by some form of Trojan and files uploaded from the machine.

While the source of this particular attack is unknown, and will probably remain so, the potential has been demonstrated. What might well have been an opportunistic attack in 2008 will almost certainly be followed by well planned and executed plans in the 2012 campaigns.

Even though the machines in question would not have stored classified information, the potential for manipulating policy through an IT compromise of a campaign is in some ways more significant than an IT compromise at (say) the state department.

The risk is not so much that a foreign power might change the outcome of the election than that they might influence the policy platform that the campaign runs on. Once an administration is formed, the apparatus of policy formation is slow and cumbersome, it takes a great deal to blow it off course. But during a campaign, the smallest of gusts can capsize a vessel with the right timing. Even though campaign promises are not the same thing as policy, there is a definite connection.

The bottom line is that security of campaign communications matters at least as much as security of administration communications. And this is only one example of the fact that in the Internet age, national security rests on the whole information infrastructure and not just the tiny fraction that is run by the government.

Posted by Phillip Hallam-Baker at 4:16 PM | Permalink | Comments (0)