Observations of a geek.

Attack of the SSN and DOB

Altered Grades Lead to Student’s Arrest, reads the headline. Upon further reading it is clear to me that naivete in system design combined with unscrupulous behavior are to blame. I am so sick of hearing about systems that have been access by people impersonating authorized users. Many times these systems are protected by passwords and the hole that makes them vulnerable is the utility for resetting the password when a user forgets it.

How can an administrator say, "...illegal access to the computer grading system was not the result of a deficiency or flaw in the program." Of course there was a flaw! The flaw exists in the logic that lead to the procedure to reset a user's password using their Social Security Number and Date of Birth. Two elements of data that are trivial to obtain and never designed to be secret!

Mitigating Identity Theft

Mitigating Identity Theft by Bruce Schneier.
Identity theft is the new crime of the information age. A criminal collects enough personal data on someone to impersonate a victim to banks, credit card companies, and other financial institutions. Then he racks up debt in the person's name, collects the cash, and disappears. The victim is left holding the bag. While some of the losses are absorbed by financial institutions -- credit card companies in particular -- the credit-rating damage is borne by the victim. It can take years for the victim to clear his name.
Read More...

Insecurity of Signature Images on the Web

Someone recently asked about the security of a signature image on their web page. They wondered if they should remove it or if there was some way to keep it from being downloaded or spidered and cached by search engines. While I can understand the desire to give that personal touch to a web page I wouldn't publish an image of my signature. That being said, here's some analysis.

I assume we all agree that there is no reliable way to keep a publicly viewable web image of anything, including a signature from being viewed, downloaded, cached, reused, etc. If you disagree, consider that you're not trying to hide it from search engines. You're trying to hide it from people, unscrupulous people specifically. How can you make it public while at the same time hide it from people with questionable intentions? My web-enabled mind reading system is not finished yet, is yours?

Death to the Secret Question

In The curse of the secret question, an article by Bruce Schneier, he explains why security questions are so inadequate. Schneier and I share the view that the security question is, essentially, a second password which serves as an alternate login mechanism. Since most people answer these questions truthfully the accounts that these questions are supposed to protect are only as safe as the answers provided. Having more security questions does little to solve the problem.


Consider this, you are asked to choose one of the "secret questions" and to provide an answer. The questions are:
  1. What is your dogs name?
  2. What was your first phone number?
  3. What color was your first house?
  4. What was the name of the street you lived on when you were 10?


You choose number 2, "What was your first phone number?" and you answer truthfully, 321-555-1212. Is that really as secure as your password was? (You have good password management practices, right?) NO, it's not as secure, because that phone number was known by everyone else that lived in the house and all the people who called it knew it too. Worse yet, it's still your phone number because you haven't moved out yet!

Email is insecure but it doesn't have to be

Perhaps you've heard that e-mail is insecure. Do you know why it is considered insecure? Do you know how to secure your e-mail?

Many of the protocols involved with the sending and receiving of e-mail are not considered secure protocols, in the sense that they are vulnerable to eavesdropping. For instance, Simple Mail Transport Protocol (SMTP), the protocol used to route e-mail around the Internet, is typically implemented without any type of transport encryption. This means that unencrypted e-mail messages are viewable to anyone with the tools to eavesdrop on the network connections between mail servers. Post Office Protocol (POP) and Internet Message Access Protocol (IMAP), when implemented without transport encryption, suffer from the same eavesdropping problems as SMTP. Even when SMTP is implemented with transport encryption it does not, by default, require the authentication of e-mail message senders, therefore mail servers cannot be sure that the senders of messages are really who they claim to be. Even though POP and IMAP require users to authenticate themselves, messages are sent and delivered using SMTP. The result is a situation where the recipient of an e-mail message can be positively identified but the sender cannot.