Secure SmartPhone? No Such thing

iPhone Today’s CNN reports that President Barack Obama will supposedly get a secure smartphone that would be similar to his Blackberry. The Sectera Edge, made by General Dynamics, has already received a seal of approval from the National Security Agency. There is only one problem: either it’s not that smart or it’s not that secure. You can have either one, but you can’t have both. Smartphones are those phones that can provide some form of general purpose computing function. It is that function that is subject to abuse. While it is possible to develop and provide a general purpose computing function that is perhaps even provably secure, it will also be provably useless.

Another problem with the Sectera Edge is that it lacks the ecosystem that Mr. Obama may be used to with the Blackberry, or others might be used to with the iPhone. I imagine that very few applications have actually been written outside of GD. Looking at the iPhone, only a fraction of the apps for the iPhone are developed by Apple.

And so now I’m on Facebook

Having staved it off for years I’ve finally joined Facebook. Here are a few initial thoughts:

I was disappointed that the only authentication method offered was old fashioned passwords. We are still as an industry struggling with making the leap to a better means. And it’s not like there are none out there. OpenID and Infocards can no longer be considered new. A question for a future blog entry might be why these technologies are not succeeding. Indeed just this week SlashDot.Org ran a story about how OpenID is losing ground.

There is a whole different set of social rules on Facebook, and I don’t know what they are. For instance:

One of my friends wanted to add detail about my previous employment experience, which is something I wasn’t prepared to do myself. And so I refused. Have I offended him? I don’t know.
My initial “note” indicated that I don’t do much with FaceBook, and that people should see my blog. This elicited a long discussion, not involving me. If I don’t reply, have I offended?

Why is Facebook even necessary? Isn’t this what we want the Internet to be in general? Why should this form of communication be limited to one site? For one, people are tired of spam on the Internet and so they are looking for an email replacement. Beyond that, having one’s own web server is a royal pain in the ass. But moreover, the comment I got more than once was that a blog is isolating. Why is that? What makes this blog isolating as compared to Facebook?

Bamford’s latest update on the NSA

James Bamford is well known for his revealing of the National Security Agency in The Puzzle Palace, published in 1983. He has written two updates since then, Body of Secrets and The Shadow Factory, the latest one covering the Bush Administration in some detail. Bamford’s technical details in The Shadow Factory are nowhere near as good as they were in The Puzzle Palace, which is something that really attracted me to his writing. Also, in this book, Bamford seems to play both sides of the fence, at one point arguing that the attacks on 9/11 were an intelligence failure, while at the same time arguing that we must safeguard our civil liberties. This works, mostly because he successfully argues (in my opinion) that the government had all the power it needed to stop the attacks, but that incompetence ruled the day.

To be sure there are a few points I would take issue with. For one, although I despise the name, it was probably a good idea to roll together many agencies into the Department of Homeland Security. But quite frankly even that was done ineptly, as we have seen from auditor reports, again and again.

Returning to the Shadow Factory, in this update Bamford highlights the role of the Internet and the change in the nature of communications, where many communications have moved from sattelite to fiber, and from simple voice circuits to voice over IP. He talks about certain organizations wanting to hire Cisco employees simply to reverse engineer IOS and find ways to install back doors. I have no way of knowing if that has happened.

Bamford retreads much of the story about the illegal spying the NSA did within the United States, and how James Comey would not recertify the program. While it makes my blood boil to think that anyone in government would think that such a program was legal (certified by the attorney general or not), that part of the story isn’t so much about the NSA as it is about Dick Cheney and David Attington. Quite frankly I think Bob Woordward has covered that ground as well as could be covered.

Were I to give advice to Mr. Bamford it would be simply this: it is difficult to read just one of the three books he’s written, as either the earliest is woefully out of date, or the latest doesn’t stand on its own without having read the earliest. A consolidated update that combines all three seems in order.

How Much Do You Value Privacy?

People in my company travel a lot, and they like to have their itineraries easily accessible. My wife wants to know when and where I will be, and that’s not at all unreasonable. So, how best to process and share that information? There are now several services that attempt to help you manage it. One of those services, TripIt.Com, will take an email message as input, organize your itinerary, generate appropriate calendar events, and share that information with those you authorize.

The service is based in the U.S., and might actually share information with those you do not authorize, to market something to you- or worse. If the information is stolen, as was the case with travel information from a hotel we discussed recently, it can be resold to burglars who know when you’re way. That can be particularly nasty if in fact only you are away, and the rest of your family is not.

But before we panic and refuse to let any of this information out, one should ask just how secure that information is. As it happens, travel itineraries are some of the least secure pieces of information you can possibly have. All a thief really needs is an old ticket stub that has one’s frequent flyer number, and we’re off to the races. In one case, it was shown that with this information a thief could even book a ticket for someone else.

So how, then, do we evaluate the risk of using a service like TripIt? First of all, TripIt does not use any form of encryption or certificate trust chain to verify their identity. That means that all of your itinerary details go over the network in the clear. But as it turns out, you’ve probably already transmitted all of your details in the clear to them by sending the itinerary in email. Having had a quick look at their mail servers, they do not in fact verify their server identities through the use of STARTTLS, not that you as a user can easily determine this in advance.

Some people might have stopped now, but others have more tolerance for risk.

Perhaps a bigger problem with TripIt is that neither its password change page nor its login page make use of SSL. That means that when enter your your password, the text of that password goes over the network in the clear, for all to see. It also means that you cannot be sure that the server on the other end is actually that of TripIt. To me this is a remarkable oversight.

For all of these concerns, you still get the ability to generate an iCal calendar subscription as well as the ability to share all of this information with friends and family. Is it worth it? One answer is that it depends on whether you actually want to enter the information yourself, whether you care about security concerns, and whether you like using calendaring clients. It also depends on what other services are available.

Another service that is available is Dopplr. It also attempts to be a social networking site, not unlike Linked In. Dopplr allows you to share you itineraries with other people, tells you about their upcoming trips (if they’re sharing with you), and it lets you create an iCal subscription.

Dopplr also has some security problems, in that they do not use SSL to protect your password. They also do not use SSL for their main pages. They do, however, support OpenId, an attempt to do away with site passwords entirely. I’ll say more about OpenId in the future, but for now I’ll state simply that just because something is new does not make it better. It may be better or worse.

And so there you have it. Two services, both with very similar offerings, and both with almost the same privacy risks. One of them, by the way, could distinguish themselves by improving their privacy offering. That would certainly win more of my business.

Social Contracts on Internet Security

Everyone and I mean EVERYONE tells you that the best thing you can do for yourself and others if you have a Windows system on the Internet is to run anti-virus software, and keep your patches current. Otherwise your system can be a nuisance to others, as it is broken into and used as a bot to attack others.

That doesn’t work so well when the anti-virus software causes the user problems. These systems take a performance hit, that is for sure. But they can have bugs as well, as this page from McAfee demonstrates. What has happened here is that a program called “McScript_InUse.exe” has gone crazy, pegging the system’s CPU. Not only does this kill performance of every other application on a system, but it can have an impact on your energy bill, because a 100% used CPU means that it will run faster with more fans on and more cooling required.

McAfee cannot be condemned for having bugs in their software, even though it is ironic that they exist in large part because Microsoft Windows has bugs that are taken advantage of. It never-the-less brings up the question of whether such active scanning technology is the right approach, or whether we have to do better at providing better underlying security. The extreme version of this would be provably secure programming, a field in which Dr. Gene Spafford (a network legend) has devoted his career.

In the meantime, however, we have to hold McAfee to a higher standard, just as we should Microsoft. When people believe that they will be harmed by the very software that is meant to protect them and others, especially when the more negative consequences impact others, they will not upgrade. We discussed this with the ETH Study, some time ago, and now we can expect additional consequences.