Security

Perhaps that's interesting for people needing a highly secure tape storage. As reported by eWeek the StorageTek T10000B tape drive got the FIPS 140-2 certification:

Nonetheless, Sun revealed Aug. 19 that it has become the first enterprise tape drive maker to be granted a prestigious federal security qualification: the FIPS 140-2 Certification at Security Level 2 for its Sun StorageTek T10000B tape drive.

The T10000B drive has the integrated capability to encrypt the data before writing it to the tape. Thus it contains components to do this encryption. The FIPS certification states that a hardware device complies to the standards set by the FIPS 140-2 document, which is headlined "Security Requirements for Cryptographic Modules". A level 2 FIPS certification means (copied from the Wikipedia article):

Security Level 2 improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access.

Thus you can't get the key without leaving traces. BTW: I'm sure the messages in "Mission: Impossible" are FIPS140-2 Level 5 certified ... "This tape will self-destruct in five seconds"

The T10000B is the first tape-drive with this level of certification. If you are interested in this matter, the certification of the T10000B is available the nist.gov website. The FIPS140-12 document itself is available for download at NIST, too.

A reader that wants to be anonymous (thus he use such a pseudo in his comments) asked an interesting question: How do you do secure deletion in ZFS? The standard mechanism to it, is to overwrite data with zeros, ones or a data pattern to ensure that the data is deleted as normal delete would only delete the metadata and not the data itself. This is a little bit hard with ZFS. Why? ZFS is a copy-on-write filesystem, thus the zeros are written somewhere else, as active data is never overwritten by ZFS. There are hacks to solve this problems: For example overwriting all sectors on the free list. Or you can implement code to overwrite the data directly in a kind of secure delete. But from my point of view this wouldn´t really help.

Ich hatte ja schon vor einigen Tagen angekündigt, das es bald wieder ein neues Webseminar von mir geben wird: Ich werde in diesem Seminar auf die ganzen Sicherheitsfeatures in Solaris eingehen. Also wie gehe ich mit Least Privileges um, was hat es mit den signed Binaries auf sich, was bedeutet eigentlich EAL und Common Criteria, wie können mir die Trusted Extensions weiterhelfen, was ist die Solaris Fingerprint Database und vieles mehr. Stattfinden wird dieses Webseminar Seminar am 30 September 2009 von 14:00 bis 15:00 Uhr. Für dieses kann man sich nunmehr auch anmelden. Das Anmeldeformular findet Ihr hier.

Bei dieser Gelegenheit möchte ich gleich noch auf drei weitere Webseminare hinweisen: Am 26. August wird Volker Wetter (Technical Architect Systems Pratice) zum Thema "10 Gründe, Ihre Applikation auf Solaris zu betreiben" sprechen. Für den 16. September ist dann ein Vortrag zum Thema "Sun Unified Storage in der Praxis" geplant. Dieser wird von Karlheinz Vogel, seines Zeichens Senior Storage Consultant vorgetragen. Der Holodoc, sorry ... Dr. Stefan Schneider, Chief Technologist, wird sich dann am 22. September mit dem Thema "Start smart. Scale hard! Warum Web-Startups mit Ihrer IT skalieren müssen" befassen. Weitere Informationen findet Ihr dazu auf der Webseite der deutschen Sun Webseminare.

PS: Entschuldigt bitte den Text bei der Beschreibung meines Seminars. Is vom Produktmarketing. Der Vortrag ist marketingfrei

Even the Register reports about Deduplication in ZFS. I´m asking myself, if the people at the Register read my blog, as i´ve talked about that a few days ago.

Fun aside: Synchronous Dedupe is the only sensible way to do dedupe data as you would need to provide the storage for undeduped data otherwise until the system gets to the point where the data gets deduplicated. Dependent on the frequency of dedupe runs, this could be a vast amount of storage. On the other side, synchronous dedupe is dependent of a fast mechanism to detect duplicates. The checksumming feature of ZFS looks like a good way to do this, as it capable to use various hashing algorithms. When the probability of collision is less than the probability of reading wrong data from disks it should suffice just to check the checksums instead of checking the complete block.

Soviel zum Thema Kompetenz zum Thema Computersicherheit: Herr Schünemann sitzt vor einem Rechner des LKA. Achtet mal auf den Monitor. Ich vermute das ist ein DemoPC, aber trotzdem: Sowas macht man nicht ...

You should opt for a new keyboard, when you use certain wireless keyboards. Thorsten Schroeder & Max Moser of Dreamlab Technologies published the software and the hardware to enable someone to intercept the keystrokes. You can read more about it at their webpage for their Keykeriki project.

Glenn Brunette updated his Solaris 10 Security Deep Dive presentation to represent the changes in Solaris 10 U7.

We all take the function of SSL and TLS as granted for our secure communication needs while surfing in the web or for encrypting the access to our mailboxes. But before we can start to communicate, a lot of stuff happens: Jeff Moser wrote an excellent article about the first few seconds in the life of a HTTPS connection.

Hits the nail on its head:

Security fixes are different from every other kind of fix. As every good troubleshooter knows, when problems occur something almost invariably has changed. For most bugs it is something like load, configuration and so on which can be undone.
With security bugs it is knowledge that has changed and a security weakness can't be unlearned by the world at large.

Peter Harvey wrote this in his blog and i think he is correct with his insight. But i would add a hybrid group. There are security bugs similar to the normal fixes. Introduced by normal bugs ... or lazy checking. And then there are security weaknesses inherent in a protocol or idea. Those can´t be unlearned at all from the world. You can´t even fix it when the protocol has a huge acceptance in the network. Just think about the long standing search for a more SPAM resistant SMTP ... or the recent discussions about weaknesses in BGP.

Da rennt die Polizei seit geraumer Zeit einer unbekannten weiblichen Person hinterher, die Spuren an Dutzenden von Tatorten hinterlassen haben sollen, beispielsweise auch an jenem des Polizistinnenmords von Heilbronn. Ich hatte mich ja auch schon gewundert, wie umtriebig diese Dame ist, die mittlerweile von der Presse schon "Phantom" genannt wurde.

Der Stern berichtet nun, das man unter Umständen lediglich die DNA einer Verpackerin von Wattestäbchen zur Aufnahme von solchen Beweisen gefunden hat, die diese unvorsichtigerweise beim Einpacken mit eigenen Zellen kontaminiert hat. Das ist irgendwie ... wirklich peinlich.

While waiting for my tea water to boiling, i had an idea: Perhaps it´s much easier to hack a router to a botnet drone than i initially thought. I think it´s consensus, that Windows based PC are still easily infectable with bots. But the PC are under steady control by their users. As tight as the firewalls of these routers are to the outside, as open they are to the inside. I think it would be nice idea, to target the Windows PC at first, infect the router from there (it´s easy to find the router ... it´s the default router). Perhaps by an exploit for the remote administration software or just by router passwords stored in the browser password chain. After infecting the router, the bot could remove itself from the Windows PC without leaving traces. An bot detection tool can´t find something on the PC and it doesn´t check the router for an infection. Well ... you can think about Trusted Execution or TPMs what you want ... but there are valid use cases outside DRM.

It´s a little bit like tonsillectomy by opening the chest, but sometimes it´s easier this way ... especially when the patient don´t want to open the mouth

With a sharp tongue, you could state: Microsoft already proofed that cloud computing is a economic success. The large botnets in the Internet are nothing else than clouds, even with SaaS (no, not software as a service, spam/scam as a service). And you can make really a money by owning a botnet. Well ... I hope that the discovery of DroneBL doesn´t lead to a much larger wave of BotNets.

The worst managed computer system in the common household is often not the Windows PC .... it´s the small Linux computer that got ubiquitous since DSL or cable internet is something normal. Most people configure them once, put them somewhere in a closet and forget them. So it was just a matter of time before someone would have created a botnet consisting out of this small routers. DroneBL writes about such a botnet.

When you really think about it: These small routers are a perfect target. They run 24h/7days a week. Most people don´t really look at them, so they can´t detect strange traffic patterns by looking at the blinkenlights. Furthermore the once you have an exploit for a certain type of router, it´s highly probable that you can exploit a vast amount of systems. Depending on the type of the router, there is a large population of identical system. Just a thought game: Let´s assume, you find an exploit for a brand of routers distributed by almost all ISP in a country to their end customers. This would be a hell of a botnet. Millions of members Obviously the first action of such an exploit would be the deactivation of online router software update and the redirection of any request to the support website. It would be really hard to get rid of this bot.

I hope the developers of the OS of such small router boxes are aware of their responsibility ... an error could be an really nasty home run for the dark side.

I just thought about an interesting for the mechanism explained in "Proof of concept hack for encrypted direct messages on Twitter - you could deny that you are the intended receiver of the message. Just post the encrypted stuff as a public tweet. The recipient just have to read the public timeline and just reads all messages, gathers all crypted tweets and tries to decrypt them. Messages for other people are unencryptable for you, as you don´t have the correct secret key, but the messages for you are encryptable, thus you know, that the messages are for you.

BTW: You could use blog comments as well to transmit such messages. Just distribute a line per blog comment on a vast amount of messages. They have just a single point in common .... the pages with the comments are part of the first few hundred hits in Google blog search. The recipient knows the correct query (a shared secret for example as the google query "What to do with coronary insufficiency?")and is able to gather them, reassembles them and tries to decode it.

The whole mechanism described in this article isn´t new at all. It is the same idea used for the strange radio stations sending just rows of numbers.

Update: The actual code of the proof-of-concept doesn´t strip of the key-ids. Before using this code, you have to add --throw-keyids to gpgopts($opts). But i have to reiterate about this: The code was meant to test encryption and reassembly/decryption ... it´s not meant as actual production code.

Most of the times brute-force algorithms are much more effective than even the most sophisticated crypto analysis:


(found at xkcd.com)

Bruce Schneier linked to an interesting essay about mass screening of people with infrared thermometry guns. With this devices you can measure the temperature of a person from a certain disctance. But the essay questions the sense of such a method as they compared the results of this IR guns with :

We assessed the accuracy of cutaneous infrared thermometry, which measures temperature on the forehead, for detecting patients with fever in patients admitted to an emergency department. Although negative predictive value was excellent (0.99), positive predictive value was low (0.10). Therefore, we question mass detection of febrile patients by using this method.

Negative predictive value means "The device says you have no fever and you have really no fever". Negative predictive value stands for "The device says you have fever, and you have really fever." So the system is good at detecting a person without fever, but not at dividing people with a higher (but normal for them) skin temperature and people with fever.