With some alarm systems having two-way remotes, it would be nice if more car makers just went with a cryptographically sound setup. It isn't that hard -- pairing could be done via some type of NFC communication, and the communication could be three way -- remote sends a request for a challenge ID, car sends a nonce, remote sends the command the user wants and the nonce, both signed with the remote's key. Of course the downside of this method is having to have a remote with the CPU power to deal with RSA, especially larger keys, because the compute power to sign/decode goes up by the cube of the keylength (which means a 2048 bit key takes eight times as long to do stuff than a 1024 bit key.)
Lets say someone makes a standardized "cube" that would set off tamper alarms should the case be entered without a code inputted, it disarmed from remote, or similar. This has been done with some HP and Compaq boxes which used solenoid locking and chassis intrusion sensors.
Someone will figure out with a fiber optic endoscope where the sensors are, and eventually find a way to bypass them. Once this is done, it is a relatively trivial matter of forensic work of dumping the RAM to pull out the encryption keys, disable the GPS alarm, then stealing the enclosure and decrypting the contents.
Nothing beats physical security, defense in depth, and layered security. This isn't revolutionary stuff -- in the 1970s, IBM made handbooks on how to make sure the mainframes were put in theft resistant buildings with design of the locks and rooms to deter physical access layer by layer. Someone comes in with a sawed off 12 gauge? That is what man traps, holdup alarms and duress codes were designed for. Someone bribes another employee? That is what audit logs and separation of duties are for.
Agreed. It has moving parts (turbines), and needs some architecture on a vast scale, but if done right, we (meaning scientists) may learn some technological abilities from this to make it useful in other areas.
I wonder how this compares by price compared to just taking the same amount of area and laying down photovoltac cells either actively tracking the sun, or just passively facing south. Passive tracking gets less sunlight, but doesn't require the presence of moving parts.
A better analogy is to compare a Craftsman tool made 15-20 years ago to one made now. Even if the recently made one has the lifetime warranty, it just is not as well made as the older one. Pretty much most new hand tools are made to be "just good enough", unless you spend the cash for MAC or Snap-On.
Another example is an old FM radio for instance that was made in the 60s. The back has the complete circuit schematic on it, even though transistors were the mainstay back then. The materials, fit, finish, and craftsmanship was just outstanding.
Even recently, a friend of mine picked up an old AT tower case. It was on wheels (pretty much a two man lift), had space for plenty of fans, and it actually had serious locks on it. Not the little padlock loops, or the mini Ace locks either -- the case actually had multiple Medeco keyswitches and cam locks. One keyswitch allowed/disabled the reset button. Another would lock the case. Still another would lock the keyboard/mouse if the motherboard supported it. Finally key #4 would lock the panel that protects the floppy/CD-ROM drives. The case had not just a flimsy loop, but a fairly thick steel piece to attach a padlock and security chain.
You find that even though something made in the 60s and 70s is likely obsolete, it usually has a better fit and finish than something made these days.
Wireless is also not limited. There are only a few bands out there, and they have been auctioned off. Having another wireless firm start up would be an impossibility as of now.
With the way things are now, the only way an ISP could make it in any way, would be to either lay fiber and use line of site communications, or via IP over power lines.
If we pull the cloud buzzword out of the picture and consider this a remote storage/collaberation option, it can be decently secure, if controls are put in place doing encryption on multiple levels.
On the workgroup level, PGP NetShare can do a decent job, especially if the PGP keys are stored on cryptographic hardware tokens.
On the enterprise level, there are various IRM/encryption systems which can help, be it LockLizard or others. There is even one built into Windows/Office that is fairly usable.
The key (pardon the pun) is how this gets implemented. Done right, a compromise of the external disks may net a bunch of unreadable files. Done wrong, and the UK might as well just seed their snapshots to demonoid's tracker.
I have heard of hacks for other sites that use two step authentication that install themselves as browser add-ons and slurp the cookie typed in. Then the blackhat is able to add or remove the second factor authentication, change the password and the account is theirs.
The first line of defense is making sure your endpoint is secure. Compromise that and the game is up, regardless of what authentication one has.
Your computer might. Almost all business line Dells and HPs have a provision for keeping a LoJack for Laptops agent in a part of the ROM where even a BIOS flash can't get rid of it. You can turn it on, install LoJack, and go from there. Additionally, you can have the private files or the whole machine erased from remote.
Of course you give up privacy in return for this ability so be aware of that.
Personally, I prefer to pack my own parachute, and use disk encryption so a hardware theft is just only a hardware theft and not a theft of data as well. If using Windows, BitLocker is probably the easiest to implement, and arguably the most secure if used with a hardware TPM. Otherwise, TrueCrypt is excellent.
I agree -- tape drives are perfect for backups. Like someone mentioned, tar volumes from the 1970s are readable on tapes today.
Tapes are an ideal backup medium, provided you use more than one tape for archiving, and periodically go through and recopy files to new media every couple years or so. Newer tape drives offer WORM capability, so data can only be destroyed, not tampered with.
However, why I mention tapes secondary is that they are so expensive for meaningful capacity. Yes, you can buy tapes with less capacity cheaper, but there is a point where you are better off with multiple hard disks than trying to copy an archive onto 50-100 tapes. Same with optical media.
Take a LTO-5 drive, which is par for the course, and has enough storage capacity to be useful. It costs about $2500.00. However, it needs a SAS card, and it also needs I/O. Similar to old CD-Rs, a tape that doesn't get enough data streaming to it starts shoe-shining, which jumps the chance of errors and adds considerable wear to the heads and the tape. So, the machine that tape drives need to be attached to either has to be fairly high end, or a dedicated machine just for moving stuff to tape with no other functions.
If you can afford tape, it can be argued as the best backup media out there. However, most people can't, so external HDDs (laptop drives are better as they do not require power supplies) are the second best choice. They are nowhere near perfect, but for those who can't afford a new tape drive, are pretty much the only game in town for large files.
Just make sure your encryption program is available, perhaps as freeware, or use a utility that is widespread and easily gotten. I've seen fancy encryption programs for drives that would be useless if there ever was a restore needed just because the license keys likely wouldn't work.
For encryption, I'd go with LUKS, or TrueCrypt on a disk level. For file encryption, gpg is solid, perhaps tar, bzip2, and gpg, although you might need a utility for error detection/correction to repair any data lost due to bad sectors.
The hardware is one piece of the puzzle. Having the right software to pull data off is the other. This is what is nice about hard disks -- assuming a common filesystem, a hard disk that has USB access today likely will be readable by most machines 10 or 20 years from now either directly, or via an adapter. Tape can be universal, but oftentimes a tape archive may not be readable because it was created in some wierd format (like the DOS backup programs that backed up to QIC drives in the '90s, all incompatible with each other.)
BD-R disks are an idea, and relatively inexpensive, but your best bang per buck would be large removable disks in the 2-3 TB range. The reason I state "disks" plural is for obvious reasons.
I would also use a program like WinRAR with a recovery record, or one of the PAR utilities used for USENET to store your files in. This way, you can tell if there was file corruption, and have a good chance of recovering from it.
For serious stuff where money is less of an issue, I'd consider a LTO-5 tape drive and multiple tapes. Tapes tend to last longer than HDDs because they have very few moving parts.
Don't forget to see about copying your archives to new media every couple years. It isn't uncommon to be able to pop a 10+ year old tape or HDD in and pull off the contents... but it isn't uncommon either to find the HDD clicking, or the tape full of hard errors.
I will be a devil's advocate here, even though I use e-books all the time (mainly because it is a lot easier to carry a Kindle with an IBM Redbook and the O'Reilly UNIX admin books on it than to have the physical volumes.)
We are giving a lot of power to the people who sell the eBook readers. It might be that in the future that the next Catcher in the Rye may not be subject to book burnings and bannings -- it may just silently vanish due to a kill command issued to our readers.
eBooks are still in the infancy, but so are the DRM setups. It is only a matter of time before the threat of losing access to purchased material by an account banning cows the masses into accepting any DRM scheme copied to a device.
Jailbreaking doesn't make sense in the Android realm. It is akin to calling lockpicking something like safecracking. Similar, but what is needed to get a safe open has little to do with getting tumblers to line up.
There are also degrees of getting a phone functional in the Android realm that are not present in the iOS ecosystem. With iOS, you have the usual locked down state, a tethered JB, and an untethered JB. You also have if the phone is locked or unlocked.
With Android, you have a lot more granularity. You can get root that is read-only or vanishes on a reboot (which is useful for Titanium Backup), you can have a device with a completely custom ROM and completely unlocked, and various degrees in between (such as having a ROM that kexecs over an existing stock ROM due to signed kernels, a common way to deal with Motorola devices.)
True, but the traffic has to come from somewhere outgoing, and pretty much the ISP will be in hot water unless they have some address to cough up, be it a node previous in the chain, or an actual person. Same problem happens with TOR exit nodes, which is why there are so relatively few of them.
Even if they went along with this "service", all it takes is one of the Four Horsemen of the Infoclypse (as Tim May put it) to rear their ugly heads through the connection, and the ISP will either stop running the station, or make sure they have thorough logging.
Seconded on that. I'm sure there will be an untethered JB for 4.3.4 because the core exploit is in hardware. But, it can't hurt to keep that around just in case.
The SHSH party ends once iOS 5.x comes out though... unless you want to downgrade to 4.x, you either are at the latest iOS 5.x version or nothing. Blecch.
The reason online services have not bothered is because until now, it really didn't matter. Having security is expensive, and the PHBs believe anything security related has no ROI, so it doesn't get done.
Now that attackers have snarfed password databases and made them public, online services are starting to actually bother with some security such as using salts and hashing passwords, enforcing basic password measures, and adding anti-brute force attack provisions, such as locking out IPs, tarpitting (where the replies get slower and slower, or they remain the same speed, except any passwords guessed get completely ignored), or locking out the account.
The ironic thing... online services are just discovering this... this functionality has been in AIX, Solaris, and various Linux distros since the early 1990s.
Seems like we are reinventing the wheel. Now all we need are websites to have a standard form of two-factor authentication, with multiple devices on the list (so if one loses their phone, they can use a SecurID card to still get in, or even a printed TAN list as a last resort, similar to how Google's authentication does it.)
This is something that public access UNIX systems and universities with a ton of students learned ages ago, when all it took was a guy running Crack on/etc/passwd (before passwords were shadowed.)
Most operating systems have a small dictionary they check against so people using "12345" for something other than their luggage will be stopped immediately.
History just repeats itself... websites are now learning what operating system makers learned in the early 1990s -- keep the passwords well encrypted, and disallow obvious dictionary entries, so a brute force operation may take seconds to find a password rather than microseconds.
I would actually be astounded if they actually honored it. However, because there are no laws (unlike the do not call list), the cookies, LSOs, and "ever-cookie" stuff still persists.
This makes me glad for not just AdBlock, and BetterPrivacy, but for sandboxie so anything that gets missed will get completely deleted once the browsing session is done.
What I'd like to have is something simpler, and this was suggested by another/. person:
Go to a site. Type in your username. It will have a string of random character (or perhaps a timestamp + some random characters) that is copy/pastable. Copy this text. Sign it with your PGP/gpg private key. Paste the result back, and log in.
The advantage of this is that PGP/gpg is pretty much platform agnostic, the keys can be stored in secure locations such as smart cards, or TPMs, PGP has proven itself and stood the test of time, and one's private key remains theirs, generated by the mechanism they so chose. For example, if I wanted a key that was generated on a smart card and would never leave that physical enclosure, I can do so. I even can have an offline computer to do the signature validations, although it is a PITA to type that in though.
This should be done over SSL, as an attacker could grab the session once authenticated, but as for passwords stored, there isn't much an attacker can do with a bunch of public keys unless they happen to have a spare TWIRL or quantum factorization machine in their basement.
As for ISPs, the older mom and pop ISPs, I'd mostly trust. However, some other ISPs like some in the UK can't even be trusted to not actively MITM your Web connections, much less actually be worthy of housing secure credentials.
With some alarm systems having two-way remotes, it would be nice if more car makers just went with a cryptographically sound setup. It isn't that hard -- pairing could be done via some type of NFC communication, and the communication could be three way -- remote sends a request for a challenge ID, car sends a nonce, remote sends the command the user wants and the nonce, both signed with the remote's key. Of course the downside of this method is having to have a remote with the CPU power to deal with RSA, especially larger keys, because the compute power to sign/decode goes up by the cube of the keylength (which means a 2048 bit key takes eight times as long to do stuff than a 1024 bit key.)
If this were found at L3, that would sound about right.
Where there is a will, there is a way.
Lets say someone makes a standardized "cube" that would set off tamper alarms should the case be entered without a code inputted, it disarmed from remote, or similar. This has been done with some HP and Compaq boxes which used solenoid locking and chassis intrusion sensors.
Someone will figure out with a fiber optic endoscope where the sensors are, and eventually find a way to bypass them. Once this is done, it is a relatively trivial matter of forensic work of dumping the RAM to pull out the encryption keys, disable the GPS alarm, then stealing the enclosure and decrypting the contents.
Nothing beats physical security, defense in depth, and layered security. This isn't revolutionary stuff -- in the 1970s, IBM made handbooks on how to make sure the mainframes were put in theft resistant buildings with design of the locks and rooms to deter physical access layer by layer. Someone comes in with a sawed off 12 gauge? That is what man traps, holdup alarms and duress codes were designed for. Someone bribes another employee? That is what audit logs and separation of duties are for.
Agreed. It has moving parts (turbines), and needs some architecture on a vast scale, but if done right, we (meaning scientists) may learn some technological abilities from this to make it useful in other areas.
I wonder how this compares by price compared to just taking the same amount of area and laying down photovoltac cells either actively tracking the sun, or just passively facing south. Passive tracking gets less sunlight, but doesn't require the presence of moving parts.
A better analogy is to compare a Craftsman tool made 15-20 years ago to one made now. Even if the recently made one has the lifetime warranty, it just is not as well made as the older one. Pretty much most new hand tools are made to be "just good enough", unless you spend the cash for MAC or Snap-On.
Another example is an old FM radio for instance that was made in the 60s. The back has the complete circuit schematic on it, even though transistors were the mainstay back then. The materials, fit, finish, and craftsmanship was just outstanding.
Even recently, a friend of mine picked up an old AT tower case. It was on wheels (pretty much a two man lift), had space for plenty of fans, and it actually had serious locks on it. Not the little padlock loops, or the mini Ace locks either -- the case actually had multiple Medeco keyswitches and cam locks. One keyswitch allowed/disabled the reset button. Another would lock the case. Still another would lock the keyboard/mouse if the motherboard supported it. Finally key #4 would lock the panel that protects the floppy/CD-ROM drives. The case had not just a flimsy loop, but a fairly thick steel piece to attach a padlock and security chain.
You find that even though something made in the 60s and 70s is likely obsolete, it usually has a better fit and finish than something made these days.
Wireless is also not limited. There are only a few bands out there, and they have been auctioned off. Having another wireless firm start up would be an impossibility as of now.
With the way things are now, the only way an ISP could make it in any way, would be to either lay fiber and use line of site communications, or via IP over power lines.
If we pull the cloud buzzword out of the picture and consider this a remote storage/collaberation option, it can be decently secure, if controls are put in place doing encryption on multiple levels.
On the workgroup level, PGP NetShare can do a decent job, especially if the PGP keys are stored on cryptographic hardware tokens.
On the enterprise level, there are various IRM/encryption systems which can help, be it LockLizard or others. There is even one built into Windows/Office that is fairly usable.
The key (pardon the pun) is how this gets implemented. Done right, a compromise of the external disks may net a bunch of unreadable files. Done wrong, and the UK might as well just seed their snapshots to demonoid's tracker.
I have heard of hacks for other sites that use two step authentication that install themselves as browser add-ons and slurp the cookie typed in. Then the blackhat is able to add or remove the second factor authentication, change the password and the account is theirs.
The first line of defense is making sure your endpoint is secure. Compromise that and the game is up, regardless of what authentication one has.
Your computer might. Almost all business line Dells and HPs have a provision for keeping a LoJack for Laptops agent in a part of the ROM where even a BIOS flash can't get rid of it. You can turn it on, install LoJack, and go from there. Additionally, you can have the private files or the whole machine erased from remote.
Of course you give up privacy in return for this ability so be aware of that.
Personally, I prefer to pack my own parachute, and use disk encryption so a hardware theft is just only a hardware theft and not a theft of data as well. If using Windows, BitLocker is probably the easiest to implement, and arguably the most secure if used with a hardware TPM. Otherwise, TrueCrypt is excellent.
I agree -- tape drives are perfect for backups. Like someone mentioned, tar volumes from the 1970s are readable on tapes today.
Tapes are an ideal backup medium, provided you use more than one tape for archiving, and periodically go through and recopy files to new media every couple years or so. Newer tape drives offer WORM capability, so data can only be destroyed, not tampered with.
However, why I mention tapes secondary is that they are so expensive for meaningful capacity. Yes, you can buy tapes with less capacity cheaper, but there is a point where you are better off with multiple hard disks than trying to copy an archive onto 50-100 tapes. Same with optical media.
Take a LTO-5 drive, which is par for the course, and has enough storage capacity to be useful. It costs about $2500.00. However, it needs a SAS card, and it also needs I/O. Similar to old CD-Rs, a tape that doesn't get enough data streaming to it starts shoe-shining, which jumps the chance of errors and adds considerable wear to the heads and the tape. So, the machine that tape drives need to be attached to either has to be fairly high end, or a dedicated machine just for moving stuff to tape with no other functions.
If you can afford tape, it can be argued as the best backup media out there. However, most people can't, so external HDDs (laptop drives are better as they do not require power supplies) are the second best choice. They are nowhere near perfect, but for those who can't afford a new tape drive, are pretty much the only game in town for large files.
Just make sure your encryption program is available, perhaps as freeware, or use a utility that is widespread and easily gotten. I've seen fancy encryption programs for drives that would be useless if there ever was a restore needed just because the license keys likely wouldn't work.
For encryption, I'd go with LUKS, or TrueCrypt on a disk level. For file encryption, gpg is solid, perhaps tar, bzip2, and gpg, although you might need a utility for error detection/correction to repair any data lost due to bad sectors.
The hardware is one piece of the puzzle. Having the right software to pull data off is the other. This is what is nice about hard disks -- assuming a common filesystem, a hard disk that has USB access today likely will be readable by most machines 10 or 20 years from now either directly, or via an adapter. Tape can be universal, but oftentimes a tape archive may not be readable because it was created in some wierd format (like the DOS backup programs that backed up to QIC drives in the '90s, all incompatible with each other.)
BD-R disks are an idea, and relatively inexpensive, but your best bang per buck would be large removable disks in the 2-3 TB range. The reason I state "disks" plural is for obvious reasons.
I would also use a program like WinRAR with a recovery record, or one of the PAR utilities used for USENET to store your files in. This way, you can tell if there was file corruption, and have a good chance of recovering from it.
For serious stuff where money is less of an issue, I'd consider a LTO-5 tape drive and multiple tapes. Tapes tend to last longer than HDDs because they have very few moving parts.
Don't forget to see about copying your archives to new media every couple years. It isn't uncommon to be able to pop a 10+ year old tape or HDD in and pull off the contents... but it isn't uncommon either to find the HDD clicking, or the tape full of hard errors.
Well, if one shreds documents properly, it should be full of cryptographically secure random numbers.
I will be a devil's advocate here, even though I use e-books all the time (mainly because it is a lot easier to carry a Kindle with an IBM Redbook and the O'Reilly UNIX admin books on it than to have the physical volumes.)
We are giving a lot of power to the people who sell the eBook readers. It might be that in the future that the next Catcher in the Rye may not be subject to book burnings and bannings -- it may just silently vanish due to a kill command issued to our readers.
eBooks are still in the infancy, but so are the DRM setups. It is only a matter of time before the threat of losing access to purchased material by an account banning cows the masses into accepting any DRM scheme copied to a device.
I'd look at the next generation HTC offerings. HTC does not lock bootloaders anymore, so you can install what you wish.
Jailbreaking doesn't make sense in the Android realm. It is akin to calling lockpicking something like safecracking. Similar, but what is needed to get a safe open has little to do with getting tumblers to line up.
There are also degrees of getting a phone functional in the Android realm that are not present in the iOS ecosystem. With iOS, you have the usual locked down state, a tethered JB, and an untethered JB. You also have if the phone is locked or unlocked.
With Android, you have a lot more granularity. You can get root that is read-only or vanishes on a reboot (which is useful for Titanium Backup), you can have a device with a completely custom ROM and completely unlocked, and various degrees in between (such as having a ROM that kexecs over an existing stock ROM due to signed kernels, a common way to deal with Motorola devices.)
True, but the traffic has to come from somewhere outgoing, and pretty much the ISP will be in hot water unless they have some address to cough up, be it a node previous in the chain, or an actual person. Same problem happens with TOR exit nodes, which is why there are so relatively few of them.
Even if they went along with this "service", all it takes is one of the Four Horsemen of the Infoclypse (as Tim May put it) to rear their ugly heads through the connection, and the ISP will either stop running the station, or make sure they have thorough logging.
Seconded on that. I'm sure there will be an untethered JB for 4.3.4 because the core exploit is in hardware. But, it can't hurt to keep that around just in case.
The SHSH party ends once iOS 5.x comes out though... unless you want to downgrade to 4.x, you either are at the latest iOS 5.x version or nothing. Blecch.
Giving someone a self destruct key will give a destruction of evidence charge which can put someone away for a long time.
Just curious... does Netcraft confirm this?
The reason online services have not bothered is because until now, it really didn't matter. Having security is expensive, and the PHBs believe anything security related has no ROI, so it doesn't get done.
Now that attackers have snarfed password databases and made them public, online services are starting to actually bother with some security such as using salts and hashing passwords, enforcing basic password measures, and adding anti-brute force attack provisions, such as locking out IPs, tarpitting (where the replies get slower and slower, or they remain the same speed, except any passwords guessed get completely ignored), or locking out the account.
The ironic thing... online services are just discovering this... this functionality has been in AIX, Solaris, and various Linux distros since the early 1990s.
Seems like we are reinventing the wheel. Now all we need are websites to have a standard form of two-factor authentication, with multiple devices on the list (so if one loses their phone, they can use a SecurID card to still get in, or even a printed TAN list as a last resort, similar to how Google's authentication does it.)
This is something that public access UNIX systems and universities with a ton of students learned ages ago, when all it took was a guy running Crack on /etc/passwd (before passwords were shadowed.)
Most operating systems have a small dictionary they check against so people using "12345" for something other than their luggage will be stopped immediately.
History just repeats itself... websites are now learning what operating system makers learned in the early 1990s -- keep the passwords well encrypted, and disallow obvious dictionary entries, so a brute force operation may take seconds to find a password rather than microseconds.
I would actually be astounded if they actually honored it. However, because there are no laws (unlike the do not call list), the cookies, LSOs, and "ever-cookie" stuff still persists.
This makes me glad for not just AdBlock, and BetterPrivacy, but for sandboxie so anything that gets missed will get completely deleted once the browsing session is done.
What I'd like to have is something simpler, and this was suggested by another /. person:
Go to a site. Type in your username. It will have a string of random character (or perhaps a timestamp + some random characters) that is copy/pastable. Copy this text. Sign it with your PGP/gpg private key. Paste the result back, and log in.
The advantage of this is that PGP/gpg is pretty much platform agnostic, the keys can be stored in secure locations such as smart cards, or TPMs, PGP has proven itself and stood the test of time, and one's private key remains theirs, generated by the mechanism they so chose. For example, if I wanted a key that was generated on a smart card and would never leave that physical enclosure, I can do so. I even can have an offline computer to do the signature validations, although it is a PITA to type that in though.
This should be done over SSL, as an attacker could grab the session once authenticated, but as for passwords stored, there isn't much an attacker can do with a bunch of public keys unless they happen to have a spare TWIRL or quantum factorization machine in their basement.
As for ISPs, the older mom and pop ISPs, I'd mostly trust. However, some other ISPs like some in the UK can't even be trusted to not actively MITM your Web connections, much less actually be worthy of housing secure credentials.