Gilles Gravier's Weblog

Gilles Gravier's rants about things in general... security, open source, privacy, java, music... in particular.


Main | Next page »
Friday Oct 23, 2009

Evil maids attacking? Nothing new. Really!

So, I've been reading Bruce Schneier's blog on the Evil Maid Attack. He's falling to one of the behaviors he usually criticizes. Just a new holywood industry plot for something not really new, not really changing the world.

The thing is... The assumption is that thee attacker has access to your laptop. Which has always been an issue. Inserting a keylogger into your hardware (keyboard cable on a desktop, or a bit more subtle on a laptop, but nothing beyond the capabilities of your typical spooks) and you get the same access to all keystrokes, including those for the passwords to the encrypted disks, firefox datastores, and pretty much anything else.

So appart from having a fancy name... nothing new.

It's like Java... If you let an attacker change your bytecode loader / verifyer... yeah, they break your system. But then again... it's not really running java anymore at this point.

Same here... if you let an attacker change the behavior of your machine (hardware or software) then you're not really running your machine anymore at this point either.

Sure, multi-factor authentication is the solution. But "Evil Maid Attack" is just a fancy name for something not really new.

Posted at 06:37PM Oct 23, 2009 by gravax in Security  |  Comments[0]

Monday Jun 08, 2009

Microsoft's unremovable add-on to Firefox

See, this is why I think we should all be extremely careful when it comes to using Microsoft software.

Recently, one of the Windows updates resulted in an add-on being, well, added, to Firefox. This happened with the Microsoft .NET Framework 3.5 Service Pack 1 update, pushed through the Windows Update service to all recent editions of Windows in February 2009.

First, I'm really upset that this didn't ask my permission to add the Firefox add-on. That alone is enough to break whatever confidence I had left in that company's way of dealing with user's property.

Second, when I realized what was going on, and that there was a significant security risk to that add-on, I decided to remove it. Unfortunately, Microsoft decided that I'm not supposed to remove that add-on. Maybe they think they know better than me. As a result, the add-on's uninstall button is greyed out. The only way I found to remove it was to follow the instructions on Annoyances.org.

Just to make sure this is really clear, I'll repeat those instructions here :

  1. Open Registry Editor (type regedit in the Start menu Search box in Vista/Windows 7, or in XP's Run window).
  2. Expand the branches to the following key:
    • On 32-bit systems: HKEY_LOCAL_MACHINE \ SOFTWARE \ Mozilla \ Firefox \ Extensions
    • On x64 systems: HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ Mozilla \ Firefox \ Extensions
  3. Delete the value named {20a82645-c095-46ed-80e3-08825760534b} from the right pane.
  4. Close the Registry Editor when you're done.
  5. Open a new Firefox window, and in the address bar, type about:config and press Enter.
  6. Type microsoftdotnet in the Filter field to quickly find the general.useragent.extra.microsoftdotnet setting.
  7. Right-click general.useragent.extra.microsoftdotnet and select Reset.
  8. Quit Firefox (or else step 10 won't work)
  9. Open Windows Explorer, and navigate to %SYSTEMDRIVE%\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation.
  10. Delete the DotNetAssistantExtension folder entirely.
  11. Restart Firefox
  12. Open the Add-ons window in Firefox to confirm that the Microsoft .NET Framework Assistant extension has been removed.

Now repeat after me : "I don't trust Microsoft to want the best for my PC... ever. I am convinced that many more times in the future, they will resort to this kind of behavior and install code that poses a risk to my machine without asking me and making very sure I can't remove it easily".

If you have to use Microsoft software for specific tasks (I have to), be extremely careful with what they install on your machine without telling you.

If you want to be able to trust your machine, use an open source operating system such as OpenSolaris or one of the Linux variants (I like Ubuntu). But don't even start thinking you can trust Microsoft with your machine. They just proved to the world it's a trust incorrectly placed.

And while you're at it, ditch MS Office... go for OpenOffice.org. You're better off from a security perspective... and already all set to send and work with documents that all major governments are starting to define as their standard format.



Posted at 09:16PM Jun 08, 2009 by gravax in Security  |  Comments[0]

Monday Feb 23, 2009

appGATE Free Edition is out!

Finally it's there! appGATE has just released their new Free Edition of their Security Server. The general idea is that you can download a virtualized version of it, run it in VMware (hopefully soon VirtualBox). You just need to go to appGATE's web site, apply for a free license, download the image, and off you go.

While this isn't open source... it's using a similar business model. You get the basic for free... you can then decide if you want / need (paying) support. Of course there is a limitation in terms of number of users... but, should you need more, you probably will want a fully scalable appliance version of the product, in which case you'll be happy to purchase it pre-bundled and configured for you. That's added value that you'll appreciate.

appGATE is doing the right thing. In these times of economical difficulties, they are making their product available for free to small enterprises as well as anybody who wants to do a small pilot... and that will let people discover the benefits of remotely accessing corporate data and applications.

You know what's even nicer about all this? It's based on OpenSolaris, our very own open source operating system. And, I think, the worlds most secure general purpose operating system. You can, of course, if you want something a bit less bleeding edge, and you need the certification, get the appliance on Solaris 10 which has undergone IT-SEC EAL4+ certification. And since the actual appGATE security server is EAL2+ certified, you get pretty much state of the art security, with certifications to prove it.

Way to go!

Posted at 12:09PM Feb 23, 2009 by gravax in Security  |  Comments[1]

Sunday Feb 01, 2009

Jet lag and appGATE

I arrived yesterday in the SF Bay Area for a week of meetings and this is the first night. Jet lag just hit at its strongest and weirdest as I woke up at 2:15 this morning fresh out of a dream that (since I woke up during it) I remember in every vivid (and strange) detail.

So in my dream, I was with a friend who is the IT director from the Grande Chartreuse monastry in France, a beautiful place near Grenoble where they make one of my all (adult) time favorite drinks : La Chartreuse. Now this is strange as I have no friend who works in, or for, a monastry... But if I had, it would probably be one working right there.

So what was I doing in my dream, well, we were home, and he was asking me (thus adhering to the oh-so-common tradition around me : "Hey, Gilles, you work in computer security, can you give me some ideas about what I'm trying to do?";) how to enable the monks in the monastry who are travelling around the globe (I don't even know if the Carthusian monks actually do so) could securely access their internal network.

And so, in my dream, I had brough him up to my work room and was explaining, using drawings on the big whiteboard, how appGATE Security Server enables roaming users to identify themselves, have their role and its current implications in term of access to applications and data checked by Sun's Identity Management suite so that the system knows that, while they are travelling, they are currently in service, so have access to all their applications (albeit in a potentially limited fashion do the the remote location or constrained device), or maybe that they are travelling and not in service, so only have access to a subset of features (like, just e-mail). I was showing how only one port needs to be open on the appGATE security server (usually port 22 for SSH), and that there is never direct contact from the outside of the network to the inside, but rather that the security server offers a relay to a view on what specific tasks and resources are allowed given the user's current context.

I had also told him that this was secure enough to be used by defense, government, banks and other very sensitive customers worldwide and that this was a very cool company as their stuff was running on Sun hardware, and about how the roaming features allowed the underlying network variations to be abstracted from the applications by the appGATE client on the device.

And then I woke up. 2:15 AM, in my usual hotel in Newark... So here I am writing about this. Yes, there would have been many more things to say about the Sun / appGATE partnership, about how appGATE's solutions perfectly complement Sun's own Secure Global Desktop offering when roaming is key and how appGATE is packaged through Sun's CRS service in the form of easy to order, and use, appliances... but it was just a dream, so limited in time and scope.

And talking about time... it's about time I got back to bed and tried to get back on track to California time. This week will be a long week, and unfortunately, I don't know if, or where, I'll be able to sip a glass of delicious Chartreuse. One more thing to look forward to when I get back home to my lovely family.

Posted at 12:01PM Feb 01, 2009 by gravax in Security  |  Comments[0]

Wednesday Dec 10, 2008

Remotely connecting to a Solaris machine... with security, minimal fuss and stuff!

I figured (OK... it was suggested to me by Karim Berrah who runs the CHOSUG Wiki) that others might be interested in knowing how I remotely connect to my favorite OpenSolaris machines.


It's actually very simple... all the tools are there for you!


The basic protocol that we will be using is called VNC. OpenSolaris comes with 2 different VNC servers.


The first one is the traditional "vncserver" process, which you can start manually, specifying resolution "-geometry XxY" and a number of virtual display to use ":X". E.g. "vncserver -geometry 1024x768 :2". The first time you use vncserver it will ask you to specify a password to protect the conenction to your system. (You can change it later with "vncpasswd".) If you don't do anything special, the session starts with twm as the window manager. You can edit the .vnc/xstartup file and change the "twm &" line to start some other window manager if you want. But twm is very lightweight. You can kill the vnc server by using "vncserver -kill :X" where X is the same you used to start the server. You can run multiple vncservers...


The second means comes bundled with GNOME, and is done using vino, which is the GNOME vnc server. It is embedded with GNOME and starts when you start your session.  You first configure and enable it with the command vino-preferences (or through the menus System->Preferences->Desktop Sharing). Allow users to view and control your desktop... and very important, set a password! Current build of OpenSolaris has an "Advanced" tab there that offers additional options. Have a look. Note that since vino is sharing your GNOME display it is automatically set to number :0.


To connect to your machine from remote, there are 2 ways. The "fat" way by using the native VNC client "vncviewer :X" where X is the number you defined when starting vncserver or, for vino, :0.



You will be prompted for the password you specified.


Vino is interesting as, since it's integrated with GNOME, it offers full DBus integration... but has the drawback of being fixed to :0 ... and requiring the GNOME session to be started on the machine by loging in... where vncserver can be remotely started from a shell and doesn't require the user to be logged in, but doesn't offer that full GNOME integration.


VNC traditionally uses 2 ports to work.


One is the normal VNC protocol port and is 5900+X (where X is the number you chose when launching vncserver)... so 5900 for vino and (in my example when I used :2) 5902. This needs to be tunneled if you are going to go through a NAT router.


The second port is 5800+X (same rules for X)... and that's the Java client for VNC. This is the light way of accessing it. If your server is, say, :0 (case of vino) just open a browser to http://yourhost:5800/ and it will start a Java vncviewer directly to port 5900. VINO comes with the Java client by default. vncserver doesn't (you have to manually add -httpd to the vncserver command - i.e. vncserver -httpd -geometry 800x600 :2). This Java solution is nice as it doesn't require a local vncviewer client... can be run from any modern browser with a Java VM installed.


Here is an added bit of magic... I don't like to run vnc over a cleartext network connection. VINO supports encryption, but not all clients. So what I do is that I don't open 5800+X and 5900+X on my NAT router. Instead I open port 22 and SSH to my server, and there, through SSH I tunnel ports 5800+X and 5900+X. And from my client machine I "vncviewer localhost:5900+X". This is now tunneled through SSH from my client machine to the actual server.


My favorite application to do this SSH magic is AppGate's MindTerm. It's a free (for personal and small business) Java SSH client. It's a jar file that can be run as an application or hosted as a Java applet (I have the application on my OpenSolaris laptop, but the applet served from the web server on my home network so that it's always available to me wherever I am comming from). When you launch it, you specify which machine you want to connect to. You do the login... and then Tunnels->Setup and select "Add". Since I have vino on my local laptop, I can't use local port 5900... so I forward 5901 to the remote "localhost" 5900 (since the remote server is also running vino on :0). This is done by selecting


- Type : local

- Bind address : localhost

- Bind port : 5901

- Dest address : localhost

- Dest port : 5900


And then clicking OK. Voila. You can then run "vncviewer :1" from a terminal and it will connect to vino (:0) on the remote machine, tunneled through SSH.


Have fun!



Gilles.

Posted at 11:38AM Dec 10, 2008 by gravax in Security  |  Comments[0]

Tuesday Jun 17, 2008

Why high definition DVDs are good for privacy and security...

So here's the situation... nowadays, when crossing border control, and in particular when entering the US of A, you may be asked to turn over your laptop, and other electronic devices to border control who, fearful of terrorists crossing their border, will want to search your corporate data for any kind of document that my prove you are on your way to planning something nasty.

Bruce Schneier has commented many times on how you should prepare your laptops, cell phones, and other devices so that when seized, nothing bad happens.

There is one additional option that he doesn't mention (yet), but that I think will become more and more feasible given where the media industry is taking us.

Take a movie. Yes, one that you rightfully own, of course. Convert it into a Divx (you bought the movie, you should be able to view it on the player of your choice). Actually, my friend Darren Moffat suggests even better, take a personal home movie that you made with your own camcorder, so that there are no issues whatsoever about fair use or alternate formats... you made the movie, it's yourse to do what you want with it. If it's a normal movie, you get an 800MB file... that's small... but if you take an average HD-DVD (R.I.P.) or BluRay movie, then you get a multi gigabyte file. That's much better...

What can one do with a multi-GB file of seemingly random bytes. Well, you can tweak lower order bits to hide data inside it. That's called steganography. And with multi gigabytes of storage to start with, you can store a whole lot of useful information.

Suddenly, that 32 GB SDHC card you just bought can be used to watch a movie on the plane all while carrying your sentitive personal or corporate data. And all in perfect deniability. "Mr Officer, this is just a Divx which I've been watching on the plane during the flight where they had very boring movies scheduled. Here let me show you that movie." and you go on to play it in your favorite (open source) media player to prove your case.

I love technology!

Posted at 10:59AM Jun 17, 2008 by gravax in Security  |  Comments[0]

Thursday Jun 21, 2007

Fun ways to freak off airport security

 

 

Fun way #1 : pack one or more harmonicas in your hand luggage.

 

It seems that it looks like gun chargers with the 10 little metal slots (yes, I (try to) play blues harp).

Optional bonus way : add a mini photo tripod in same bag. Guaranties bag examination, if you want my opinion. :)

 

Oh well... another day, another plane. 

Posted at 01:16PM Jun 21, 2007 by gravax in Security  |  Comments[0]

Friday Mar 16, 2007

ZERO-DAY vulnerabilities?


OK... so I keep hearing about zero-day vulnerabilities... I think journalists sometimes need to get a clue.

 

ZERO-DAY vulnerability is a term that doesn't make sense.

Think about it.

 The real term they are looking for is zero-day ATTACK or zero-day EXPLOIT. These terms refer to an attack (or attack code) that appears on the net on the same day (or before) a vulnerability is made known, or disclosed in some other way. In this context, the attack or exploit is truely on day zero of the vulnerability being known... since, in most of the cases of this happening, it is when the attack / exploit becomes public that the vulnerability becomes known.

Often, actually, this is because the vendor affected by the vulnerability didn't want it publicized (for fear of loss of reputation) so the users actually end up not being protected on the day the attack is out in the wild. This is ridiculous, of course, but some companies still believe that. Mostly, these are companies developing software in closed-source mode, rather than open source.

 

It could also be because an attacker found a flaw and decides to exploit it as soon as possible before it gets known or fixed... but in the open source world, this is almost never possible given that good guys find the flaws at about the same speed as the bad guys... and immediately report them to the vendors (see my previous (in French) entry on telnet hole in Solaris that was fixed extremely fast thanks to this being disclosed to us so quickly).

 

So... back to zero-day vulnerabilities. It's simple... vulnerabilities are found on the day they are found. So they are either all zero-day... or it really doesn't make sence to call them zero-day... but it should be the same for all vulnerabilities.

 

Unfortunately, journalists without a clue think that it sounds more impressive (more hacker-style?) to call something "zero-day"... than not... and it sounds/looks so good when put just in front of the word "vulnerability" that they can't just resist.

 

Tomorrow we'll have zero-day operating systems... zero-day software (available the day it is made available?)... zero-day news (oh... wait... that's already usually the case, thanks to companies like Reuters who do a fantastic job of bringing in the news in as close to real time as possible)...

 

All right... so. Takeaway from today's rant : only call zero-day things for which it makes actual sense. zero-day attacks : yes. zero-day exploit : yes, zero-day vulnerability : just say NO!

Posted at 05:03AM Mar 16, 2007 by gravax in Security  |  Comments[0]

Tuesday Feb 13, 2007

Un bug majeur de Solaris 10 - découvert grace à la communauté OpenSolaris.org

Alors voilà... depuis le temps qu'on le dit, enfin une démonstration flagrante de l'intérêt que représente le logiciel libre en matière de sécurité. Ce week-end, une faille très sérieuse de sécurité a été découverte concernant Solaris 10.

En fait, une simple commande permet de se connecter en tant que n'importe quel utilisateur sur un système Solaris 10 (ou Solaris Express) sans avoir à entrer de mot de passe. Le bug se situe dans la façon dont in.telnetd gère le passage de certains paramètres.

 Ce qui est interéssant, ici, à part la facilité avec laquelle on peut donc devenir root sur une machine Solaris, est que :

  1. Si on a installé une version récente de Solaris avec le mode "Secure By Default", telnet est désactivé et on n'est pas sujet au bug.
  2. Si on utilise des rôles pour administrer la machine, il ne se passe pas grand chose si un intrus se connecte en tant qu'un utilisateur normal (y compris root), car il reste, ensuite, à utiliser les mécanismes normaux pour prendre l'un des rôles administratifs afin de pouvoir faire quoi que ce soit.
  3. Comme je le disais plus haut, c'est grâce à la communauté OpenSolaris que le bug nous a été signalé très rapidement et qu'en quelques heures, nos équipes ont alors pu déveloper des patches temporaires et correctifs permettant de contourner le bug, et de le corriger.

Certes, on aura encore des bugs, et certains, même, concernant la sécurité, mais grâce à la communauté OpenSolaris, nous pouvons les découvrir rapidement, et les corriger à temps, idéalement, avant qu'ils puissent être exploités par les criminels.

Posted at 08:03PM Feb 13, 2007 by gravax in Security  |  Comments[0]

Monday Nov 27, 2006

Direct blogging from a cell phone - a security issue?

So I got my new Sony Ericsson W850i and I decided to take a picture with it... no much fuss there. Given that it's a cell phone, and not a real camera, I wasn't looking as much for quality as I was looking to see what I can actually do with a cell phone.

 

Well... Now I know. After taking my picture, I have a "More" menu that appears... and one of the entries is "Blog this". I wondered how easy it could be so I tried it. I was prompted to enter a title... and a body for the blog... then I press "Send"... After a few moments of processing, the result was this :  http://ggravier.blogspot.com/2006/11/mobile-bloging-security-issues.html

 

Interestingly enough, I can now walk into an area... take a picture, and in a few seconds, this picture is sent out and posted properly to a web log. I'm sure this will drive bonkers corporate security people. No luck now if, after seeing me take a picture, they try to take away the memory card in my phone. The picture is not only already sent out... but published. If you have an RSS reader linked to my blog... you are actively reminded that the picture is there.

 

Some businesses already were preventing use of digital cameras... and in some cases cell phones, but it's now really becoming an interesting issue to manage!

 

 The world we live in is really turning into something fun.

 

Gilles.

Posted at 02:33PM Nov 27, 2006 by gravax in Security  |  Comments[0]

Wednesday Nov 08, 2006

New airline security measures. Measure your fluids...

Starting this week, traveling by plane has been made much more painful.
Now you have to make sure you don't carry with you liquids in too big
quantities, and the liquids that you carry need to be properly visible.

Does this bring any kind of additional security? I'm not sure.

Large liquid containers now need to be checked in. OK... fine. It's away and can't be acted upon to do something bad.

Small liquid containers of less than 100ml can be taken on board, but need to be in sealed transparent plastic bags.

What's
the rationale behind this? If the bag is sealed, it becomes very
difficult to examine what is inside the bottle. Could one small bottle
contain nitric acid, and another contain glycerin? Maybe 200ml of
nitroglycerin won't do much to a plane (though I'm sure that, next to a
fragilized area such as a door frame or a window, it would do
interesting things), I'm certain that with 2 bottles of 100ml of
adequate products one can easily make a binary neurotoxin that would
quickly kill everybody on board a plane and result in the plane
crashing in the ocean just as well as if there was a bomb on board.

All
these measures are to make a show. They are in place to tell passengers
"see how painful it is to travel? it's because we have put in place
extremely strong security measures." They are in place to tell
potential terrorists "see, you have no chance of getting through our
security measures." But in effect, they haven't increased our security
against dedicated attempts at generating terror. They are just slowing
down our business and costing money. Money for passengers who are
wasting time (time=money in today's society), and money for airlines
and airport coerced into putting these security measures in place.
Governments (follow my gaze westward) revel in security considerations
to justify political agendas.

Net result, from a security perspective? NIL.

We need to solve problems... not address movie scenario threats.

Posted at 05:30PM Nov 08, 2006 by gravax in Security  |  Comments[0]

Wednesday Sep 27, 2006

Google Archive Vos Conversations - Google Archives Your Conversations


(In English below)
Bon... vous utilisez les services de Google. Super. Moi aussi. Vous utilisez meme Google Talk. Encore mieux. Un produit basé sur des standards (le protocole Jabber de messagerie instantanée)... Mais saviez-vous que Google archive toutes vos converstations avec Google Talk? Si dans votre page Google Mail, vous cliquez sur un de vos contacts, vous avez la possibilité de voir les "conversations récentes"...

La question qui se pose est, bien évidement : "Mais qui a accès à ces archives?" En temps normal, uniquement vous, bien sur... mais, et en cas de pression? Pression légale? Pression financière (corruption ou autre)? La perspective, en matière de respect de vie privée, est effrayante!

Heureusement, certains outils de messagerie instantanée comme GAIM (Windows, Linux, et a peu près tous les dialectes d'Unix), Trillian (Windows seulement) ou Adium (MacOS) supportent le chiffrement de vos échanges en messagerie instantanée. Avec GAIM, il faut un plug-in qui s'appelle OTR... avec Adium c'est automatiquement inclus. Et ces deux produits sont compatibles... on peut se parler confidentiellement de GAIM à Adium et vice-versa. Ces outils supportent tous les protocoles de messagerie instantanée du moment (IRC, MSN, AIM, Yahoo, ICQ, Jabber, Gadu-Gadu...). Je vous invite très ardemment à les essayer et à gagner en confidentialité dans vos échanges avec vos ami(e)s, amant(e)s, collègues, partenaires d'affaires!


(En Français ci-dessus, mais ça, vous le saviez déjà)
So... you use Google's services. Great. So do I. You even use Google Talk. Even better. A product based on standards (the Jabber instant messenging protocol)... But did you know that Google archives all of your Google Talk conversations? If you go to your Google Mail homepage and click on one of your contacts, you have the option to view "recent conversations"...

The question that arises is, of course: "So who has access to these archives?" Normally, of course, only yourself... but, what happens in case of pressures? Legal threats? Financial pressure (corruption or other)? This is a frightening thought for pricacy!

Fortunately, some instant messenging tools like GAIM (Windows, Linux, and just about any Unix dialect), Trillian (Windows only) or Adium (MacOS) enable encryption of instant messenging conversations. With GAIM, you need a plug-in called OTR... with Adium, it is built-in. And these two products are interoperable... you can chat confidentially between GAIM and Adium clients. These tools support all of the current instant messenging protocols (IRC, MSN, AIM, Yahoo, ICQ, Jabber, Gadu-Gadu...). I strongly encourage you to try them and gain in privacy in your conversations with friends, lovers, collegues, or business partners!

Posted at 03:11PM Sep 27, 2006 by gravax in Security  |  Comments[2]

Are we going towards a world where antivirus software will become too slow?


In Symantec's 10th Internet Security Threats Report, it is noted that in 2006, over 6700 new Windows viruses were identified. The number here may seem innocent in itself, but think about this... we've had viruses since I've been hearing of personal computers (there were already viruses on Commodore Amigas and Apple IIs in the eighties - granted they didn't propagate by themselves and you had to share them by giving an infected floppy to a friend). But the progression rate is accelerating. Every year sees even more new viruses than the previous.

What will the impact of this be on your every day activity if you use an operating system that is a heavy target for viruses?

In the comming years, your computer will, for every sensitive file accessed (executables, dynamic libraries, shared object code in general) need to scan that file for multiple tens of thousands of different virus signatures. Even with strong optimisation of scanning code and disk access, this heavy activity won't be without effect on the reaction time of the computer. Even today, if you want to play it unsafe for a few minutes and turn off your antivirus, you will notice your machine is significantly faster in running various activities.

What can we do about it?

Maybe the first thing to do is, and should be, to consider deploying operating systems that are not as sensitive to viruses and other malicious code. Consider operating systems that have proper user permissions, that don't encourrage the actual user to log in as administrator for day to day activities. Make sure that your operating system of choice is designed so that user-triggered programms can't modify system parameters or files. Pick an operating system for which the only possibility for malicious code to run efficiently is to exploit an implementation bug, rather than a normally planned feature.

This is sometimes more feasible on the server side, than on the desktop side. But it will already help a lot if your server infrastructure can perform at full speed while being almost completely insensitive to the usual malicious code out there.

If you can't change your desktop, then you will be stuck with degraded performance as antivirus software around the world struggles to scan for more and more vulnerabilities. You can partially mitigate this by first protecting your machines from external aggressions (by deploying host based firewalls), which will limit the number of worm infections, but will not necessarily protect your machine from infected documents and client-side attacks. Then you need to educate your users seriously about the risks of infection of their machine from third party content. It's mostly a lost battle, as history has shown.

It seems that the price to pay for using insecure platforms will be of not being able to fully use the computing power of our machines, in addition to the risks of infection by malicious code.

Posted at 11:41AM Sep 27, 2006 by gravax in Security  |  Comments[0]

Wednesday Dec 14, 2005

UltraSPARC T1 - Cool threads? Cool crypto!



Now that you've read all about how the new UltraSPARC T1 processor is great for saving energy, operating at lower temperatures, all while delivering impressive performance, there is something more for those of us who need to do cryptography as part of our daily jobs.

The UltraSPARC T1 processor includes a Modular Arithmetic Unit (also known as : MAU). Actually, there is one MAU per core, and the UltraSPARC T1 contains 8 cores (at 4 threads per core). The MAU handles some of the compute intensive operations that are used by some of the more popular cryptographic functions like RSA (this is a public key encryption algorithm used, most often, to encrypt things like session keys which will then be used for encrypting the actual traffic with a symetric algorithm like AES, IDEA, or GOST), DSA (this is an algorithm used for digital signatures), and DH (the Diffie-Hellman key exchange used when initating key exchanges in establishing encrypted links like SSL that enable secure access to web sites).

Of course, this is not really interesting if you have to change everything around it to benefit from this. Fortunately, Solaris has done things extremely well in this area (as it has, just about everywhere else). On top of UltraSPARC T1 processors comes, on Solaris, a library called NCP (for Niagara Cryptographic Provider - Niagara being the internal code name for the UltraSPARC T1 processor at the time it was created). This library is then seen and used transparently by the Solaris Cryptographic Framework.

And the magic, here, is that automatically, all applications that use the Solaris Cryptographic Framework immediately benefit from the NCP, which uses the MAU... which gives significant performance increases in cryptographic functions. Examples? Java. Use Java 1.5 on Solaris on a machine with an UltraSPARC T1 processor (such as our new T1000 and T2000 machines) and automatically your Java application does hardware accelerated cryptography. Use any application that involves the OpenSSL library of Solaris (or the PKCS#11 engine it provides) and same thing... your web server, your application server, your SSH server, your portal server... all go much faster, or with much less load on the CPU. Imagine doing around 600 RSA operations per second with just around 5% of CPU use. It's a reality with the UltraSPARC T1.

Say you are running a portal for a telco. You are getting thousands of hits per second. You want to put a security reverse proxy in front of the server farm. The reverse proxy needs to control the security of all the connections, and you want it to act as an SSL end point as well. This is an ideal situation for a T1000 or T200 server which will feel right at home.

Why does it matter? Because in today's world, we all want to run more secure applications, we want them to scale to thousands or hundreds of thousands or millions of users, and we want all that to be cost and energy efficient. And with an UltraSPARC T1 system from Sun, this is done almost entirely automatically for you.


Posted at 03:55PM Dec 14, 2005 by gravax in Security  | 

Friday Oct 28, 2005

Surveillance is good? What happens when things go wrong?




These days, we are told, and there is certainly some validity to this, that more surveillance means more security.

This is all fine, when we live in a country where we trust the government, or when we work in a company where we trust the management. But my sister, Dr. Magali Gravier, Political Scientist, at the University of Salzburg is quick to point out that there have been many previously recorded cases where things have turned sour, where governments have stopped being the all benevolent entity that most of us can enjoy and trust in our modern world, or when corporate management suddenly decides to change the rules.

We are asked to provide more and more information that gets stored, correlated, centralized, and finally, accessible (albeit with strict controls) by the authorities, all of this, of course, to enable our governments to better catch criminals "you don't have to worry if you only do legitimate things". Take a look at what happened between 1939 and 1945. Before that time, the German people could (like most of us do) blindly trust their governments. Then, in a few weeks or months, before anybody new it, they were under a totalitarian regime. Imagine the destruction, had the German government of that time previously decided to store centrally information on citizen's ethnic origins, or religion. Imagine how much faster, and how much thorrowly they could have accomplished their crimes.

What protects us, today, from something bad happening? Ah, yes, we live in democracies. But is that really enough? Coups-d'Etat happen every year, in countries that might have seem to be peaceful just before. And then there are slow drifts that the people don't necessarily catch at first... and only realize when it's too late, when they have lost their liberties.

Considering the risks involved in relinquishing some liberties, is it worth it losing a bit of liberty in order to, maybe, gain some security? Are we certain that the incremental security gain is really there? Remember that the more you constrain liberties, the more you move away from democracy and liberty, and thus the more you give victory to terrorists. The balance is very delicate.

Does it make sense, for example, for me to write down in 2 separate documents, before flying to the USA, the complete coordinates of the hotel I will stay in... when I can, the moment I arrive at my first hotel, cancel my reservation there and book another hotel to which I pay cash.

Does it make sense, also, to prevent me from carrying a nail clip inside a plane, when I am allowed to walk in the same plane with a nice glass bottle of perfume that will fragment into very sharp and cutting shards the moment I strike something hard like an seat armrest with it?

Think about it. What are we really trying to accomplish? Who's game are we playing? Who wins, in the end?

Posted at 03:36PM Oct 28, 2005 by gravax in Security  |  Comments[0]

Today's Page Hits: 56