Jazoon Cut: Privacy Supporting Identity Systems

26. June, 2008

Jazoon Cut is a nice idea: You got a project, they give you 20 minutes to present it (i.e. “cut” as in “cutting edge”). In this Cut, we had NetKernel, iGesture, Interactive Paper, and Privacy Supporting Identity Systems. A rather interesting mix.

When we buy something, we hand over money. This money is untraceable. If the vendor passes it on to his bank later, there is no way anyone could tell that it was you gave him this specific bank note or what you bought with it (the vendor might know that but again, he couldn’t say which bank note you gave him). This is a good thing. If the bank could figure out what you bought, some people would become very interested in this data, for example marketing people. They are looking for a way to measure how easy we are to influence for ages.

But the area is getting more tight. If you had some RFID chips on you, say, one of those new passports or a contactless credit card, I could place some people in a shopping mall or city center with technology to track where you go. Under optimal conditions, an RFID chip can be tracked over the distance of 60 meters. That’s not much and I probably need a couple of radio stations spread over the city to do that but with such a system, I could find out what you buy.

“Now,” you say, “I can’t be identified by that,” and you’d be wrong. Some credit cards will offer all the details stored on them (enough to buy something with that data in the Internet) when asked. For the rest of you, you’re lucky until someone figures a way out to do that. Nonetheless, even if I don’t know your identity I can track you. So if your last stop was at an expensive jeweler, chances are that you have enough money that it’s worthwhile to mug you.

And I can pick you from a safe distance of 20 to 60 meters, follow you around out of sight and wait for the perfect moment to strike. Oh, and better not step into some sex shop because I’d know. In fact, I can track your movements for a couple of days, find out where you live (and thus your identity). All without you ever knowing that I even exist.

I hope I have made you understand that the question is not that you have nothing to hide (which is not true; when was the last time you filed a correct tax declaration?), the question is what evil someone could come up with if he knew something about you. The problem with this question is: Nobody knows the answer until someone comes up with a new evil that nobody else thought about so far!

In his talk, Thomas Heydt-Benjamin showed how you might be able to have both: Comfort and security. The attack described above wouldn’t work if the range of the RFID chip in your credit card would be reduced to a few centimeters. It would still be comfortable if you had to put it on the desk for a moment, making hard contact with the surface to be able to read it. Surely, you would notice if someone followed you holding a strange device to your pocket.

The next thing is the data on the card. The vendor needs the data to know who you are and if your credit is valid. But actually, he does never have to see the real data. The only thing he needs to know is “credit is valid” or not. He doesn’t need your credit card number. Or the name. Or the expiration date. Or the security code on the back. What could be done is this:

You check into a hotel. You present your passport to the reader device on the desk. On your side of the screen, you can select which data the hotel guy can see. To allow the police to track you in case you didn’t pay your bill or you’re involved in some kind of crime, the hotel’s computer gets an encrypted code that identifies you. For everyone who can’t decrypt this key, it’s just a long, random string of data. For all legal means and purposes, you’re as anonymous as you want. While this might not make much sense in the hotel scenario (hotel staff hates it to call everyone “Mr. Smith”), it starts to make sense on the Internet.

You’re stuck in some kind of game and want to check the walk through. Only, the game is for people over 16. So the site with the solution should check your age because the walk through contains all those images which were the reason for the age limitation. In this case, you only want to tell the site your age or rather that you’re older than 16 and nothing else. You don’t want to tell them your name, or where you live. Otherwise, the police might decide to shoot you for reasons of precaution (this is an example, okay?).

Or let’s face the truth: 99% of the Internet is pr0n. And you surely don’t want to leave your personal details with people who treat women like in the movies they sell.

With the Higgins framework, such things are possible. This framework allows to transfer data like “I’m older than 18” in such a way that the other side can be sure you are even though they will never find out what your real age is or your name. At the same time, it doesn’t allow for illegal activity because you can be identified by your IP address and when the police compares the data sent to the web site in question and your passport, they can prove without doubt that it was your passport that was used in the transaction.

At that time, you want a passport that can’t be skimmed in the subway.

While I talked to Mr. Heydt-Benjamin, he also explained to me that certain pacemakers contain a radio interface. Which makes sense. By this interface, you can query for the patient’s data (name, for example) and you can also control the pacemaker. This interface is not protected by any encryption or password. So you can see the heart curves recorded by the sensors. But you can also change the sensor settings of the pacemaker. This is actually what happens when the doctors adjust them to your needs after the surgery.

The scary part is that the pacemaker has a function to stop a heart. This is necessary to “heal” certain kinds of heart rhythm irregularities like ventricular fibrillation. Now if I’m a hacker and I don’t like you, I can turn off the sensors and stop your heart. The device will try to start your heart again after stopping it but that will fail because the settings of the sensors will prevent it to get any feedback.

So if you can see a large antenna at the horizon, the words “denial of service attack” might make you feel a little bit uneasy in the future if you do need a pacemaker.

Leave a Comment » | Conference | Tagged: , | Permalink
Posted by digulla

Jazoon: openID

25. June, 2008

Robert Ott showed off openID. If you wondered about these strange links which start to pop up all over the web near the login buttons, openID is a way to register yourself once at a place you trust and then use that to login elsewhere.

The idea behind openID is that you click on the link, the web site passes you on to an identity Provider which can use any means to make sure you are you and then give that confidence back to the original site. See the openID.net website for details.

The cool thing about openID is that you just have to manage a single identity and use that to log in into various services on the net without giving all of them the same password (and thus make you very vulnerable agains attacks). The main problems which openID doesn’t solve is stalking and spamming.

openID makes stalking easier because you have to enter your openID at every place you want to log in to. Same id means same person. There are talks in the openID community to allow a person to have more than one ID and still use the same identity provider but there is nothing definite, yet.

Also, openID doesn’t protect against spammers. It might help, though, because of two things: a) You can black list identity providers which allow spammers and b) you can send the police to the other identity providers which will hand over the real identity of the person behind the openID to the authorities on court order. So this might help in the war against forum spam, we’ll see.

All in all, a good talk.

Leave a Comment » | Conference | Tagged: , | Permalink
Posted by digulla

Automatically Hacking Computers

25. April, 2008

Imagine, you had access to the Windows Update servers. What could you do?

No, no write access. Just read access.

Not to the harddisk or the OS, just the normal patch download access via HTTP.

You could automatically hack any software that Microsoft patches (or anyone who supplies security patches for their software for that matter).

Confused?

Okay. Follow along on a little thought experiment. Security patches contain fixes for security bugs. Security bugs allow to do bad things with your computer like turning it into a spam zombie. Or make it steal your bank account data. Or allow someone you’ve never met to put illegal stuff on your computer like stolen music or pr0n.

The security patch fixes that. But there is a catch. The security fix is a little piece of program with instructions how to install it. Basically, it replaces a piece of program that is already on your computer.

How could someone possibly abuse this? Isn’t the security hole fixed after the patch?

Actually, for the kind of attack we’re talking about here, this is irrelevant. What is interesting is this: The patch is almost identical with the program that you already have. The difference is a few bytes which fix the security hole.

While it is usually very hard to find a security hole in a program (you’d have to analyze a whole lot of code), the security patch is actually a map to the hole. It tells you exactly what was broken and how it was fixed.

That allows for two kinds of attack: First, you can now easily write a program which can successfully attack all computers which don’t have the patch, yet. And you can check if the guys made a mistake with the fix. If they did, you now have a perfect recipe for disaster.

To make things worse, there is only a limited amount of ways to make a program break in such a way that you get a security hole. This means: It is possible to write a program which compares the original code and the patch and which comes up with a virus for the hole which has just been fixed (or not). Automatically.

This program could just sit there, watch the Windows Update servers, wait for a new patch to come up, create a virus from that and distribute it to already cracked websites.

Scientists from three different universities were able to show that it is actually possible to do this.

For you, this means two things: Firstly, whenever a security patch is available, you must install it immediately. Secondly, you must not visit any website until you have installed all available security patches. Otherwise, you’re risking to be infected by visiting an innocent website that someone has hacked. Remember, those are vulnerable to the same kind of attack: A cracker could have gained access to the computer of one of the administrators of the site with the attack described above and could have got a copy of the password with the help of a keylogger.

In a few years, we’ll have an immune system for the Internet.

Or we won’t have an Internet anymore.

Leave a Comment » | Software | Tagged: | Permalink
Posted by digulla

Do Not Reply

25. March, 2008

Do not send mails to donotreply.com

Oh, you don’t?

Sure?

Really?

Well, just make sure that none of the many applications and servers you’re running doesn’t send mails with “ignore@donotreply.com” in the mail header as a hint to the recipient that they should not reply to this mail.

Because if you don’t do that, someone will get a lot of mail from your business and some of that mail (error messages, security information, etc) is of the type you don’t want to leak.

I especially like the post about the Department of Homeland Security. If people like that “protect” America, then I understand why the General Public puts so much emphasis on religion and faith.

And who is this General anyway? 😉

Leave a Comment » | Software | Tagged: | Permalink
Posted by digulla

Spammers “Cracking” Accounts on Blogger

10. September, 2007

There seems to be a recent increase in spammers “cracking” blogger accounts and replacing the blogs with spam/porn/etc.

If you want to save yourself from some hazzle (like your boss asking why you advertise porn on your blog), here are a few tips:

  • Don’t blog while connected via WLAN.
  • Always log out after blogging.

If you have to blog via WLAN, always assume that everyone on this planet watches what you do. In our case here, the spammers don’t actually “crack” your account; they just copy the cookie which your browser uses to identify itself against the server.

Anyone who can present that cookie is “you”. So they listen for it when you talk to the server on a WLAN and, after you’re gone, they run a little script which deletes your blog and replaces it with spam. Takes a few seconds and is almost impossible to track down afterwards.

If you want to be safe, don’t use hotspots to connect to the internet. If you have to, you must set up a VPN, otherwise it’s just a matter of time until your blog will be “cracked”.

Leave a Comment » | Software | Tagged: , | Permalink
Posted by digulla

What’s Wrong With … Surveillance

5. July, 2007

“If you have nothing to hide, you have nothing to fear from ubiquitous surveillance.” Uhm, really?

Well, I have something to hide. It’s nothing illegal. I just want to hide from a lot of people: Sales and marketing people, for example, who want to get my mon*cough*attention. People, who hate the company I work for (for whatever good or bad reason). People, who dislike my religion, my taste in clothes, politics or sex.

Imagine a male working for the London police. He’s been dumped by his girlfriend, he’s jealous or just seeking revenge. He sits in his little office and tracks her moving around the city with the some of the 500’000 cameras in the city. Eventually, he sees her meeting with her new flame. What will he do?

Maybe he will not use the face recognition software (which was pretty useless a few years ago). But there are other way. The new boyfriend of “his” girl will probably walk to his car (identification by license plate is a standard tool for the police and you wouldn’t believe the zoom levels the surveillance cameras can get if you don’t limit them artificially) or he will go home. Guess who is having a surprise visit tonight? In 2003, the LA Times brought an article “LA Police Officer Uses Database to Snoop on the Stars“. Apparently, this fellow was looking for a way to even out his income by selling juicy details to tabloids.

The problem with surveillance is not that I have nothing to hide, it’s that I don’t trust all the people who operate the system. In order to “increase” the safety of the system, little is known about which directly leads to a sense of untouchability by the people who run them. We have seen where this leads. Power doesn’t corrupt, unaccountability does.

But there are other problems as well. In Germany, a camera was installed to protect a museum but it also watched the private flat of Angela Merkel (German only). Don’t worry, it watched her only for eight years.

This could be fixed by operating the cameras automatically by a computer. A judge could grant access to the files when authorities receive a complaint. Unfortunately, this just shifts the problem. For most people, computers are still magical boxes. They know that it’s just a bunch of cleverly arranged silicon atoms but the real problem is that they can’t tell when a computer lies. Of course, that never happens. Right?

Well, computers don’t lie in the sense that they can know fact A and tell you B. That’s a human skill. But a human can delete fact A and replace it with fact B and the computer will happily present fact B as The Truth(TM). Since security systems are by default accessible by a select few only, it becomes increasingly hard to know if someone has tampered with a system. Worse, someone can accidentally break something. Your name might suddenly appear on the persona non grata list of the USA because someone mistyped the last name of an evil doer who has the same birthday as you (a chance of 1:366 or less). Luckily, you will notice the next time you pass through customs. Enjoy your strip-search if they don’t arrest or shoot you on sight.

“But the computer said …” Several billion will find this funny, one person won’t. Of course, this is an exaggerated example. But quite a few people do find themselves at the special attention of customs and they don’t know why. That is because the victims aren’t informed about the mistake (the culprit already knows, the guy who made the mistake is sure he didn’t and the person who eventually finds out is too embarrassed to talk about it). Even when they eventually find out, it is insanely hard for to get the mistake fixed everywhere. So when you have finally made sure the guys at airport A know you’re cool, the computer at airport B might not know or might not trust that new information. After all, you might be a very clever cracker, trying to clear your slate! Can’t trust nobody!

Any system that is supposed to be secure, must allow for error, especially human error. When I was taught engineering, the rule was to make each piece twice as strong as it needed to be if a human life was in some way connected to it. That meant you could hang a small car to a swing and it wouldn’t break (don’t try; they have optimized the process since then). The security systems that are being sold to us today are sold as “infallible”. Like the Titanic, the Hindenburg, Bank computers, “automatic” invoice systems. They can’t make mistakes, so when one happens, no one will ask any questions. Somehow, everyone seems to forget that there are still very few computers that can read (and none who can understand what they just read; just ask Google … and they get the data in a computer readable format). Most data that you can find in any computer on this planet has been planted there by humans! Especially the data about other humans! Or as Thomas R. Fasulo said in his infamous IH8PCs blog: “You should never believe anything you read or hear. Especially if you read it here. “

Furthermore, the wide spread surveillance is sold under the flag of “safety”. We are supposed to be more safe. How so? The number of crimes doesn’t change. A few more crimes can be resolved because of the surveillance but the idea that they prevent them is foolish. People commit crimes because they believe they won’t be caught. If there is a camera, they will just adjust their strategy, not change their lives. Many of them believe that the reasons for their behavior is outside of their own control, so they really can’t do anything. On the other hand, imagine the torture of a rape victim that is being filmed in the act and the criminal doesn’t get caught.

Unfortunately, the surveillance systems are sold as a cheap solution for the underlying problems. If a kid has no perspective in life and only gang members as role models, what choice does it have? You would be astonished. Take the Bronx, turned into the sin pit of the world by the media. In 2000, there lived roughly 400’000 people between 10 and 25. In that year, a total of 48,070 crimes were recorded. If each was committed by a different individual, that means that 88% of the people followed the law (remember, even if they were not caught, the crime is still recorded). Sadly, spending millions of dollars for CCTV cameras is more cheap (as in simple) than trying to solve the real problems.

More safety by more surveillance? I don’t buy it.

Leave a Comment » | Philosophy | Tagged: , | Permalink
Posted by digulla

Next Entries »