Mark's Information Security Blog

“Beyond Fear” by Bruce Schneier. ISBN 0-387-02620-7 published 2003.

In this book, Bruce Schneier attempts to demystify security and asks us to move ‘Beyond Fear’ when making everyday, and often emotive, security decisions. It guides us through three sections, in which we are asked to understand the concept of security trade-offs, the technicalities of security, and finally the ongoing process or security ‘game’.

The main focus of the book is the ‘five step process’, which boils down to a security risk analysis written in layman’s terms. This process defines the five questions each of us needs to ask ourselves when trying to make a fair and balanced judgement on a security decision. It’s clear that the book is aimed at readers with no prior knowledge of security; it is a populist book for general readers. To this end, the level at which it pitches is about right, but because of this, I wouldn’t recommend this book to people who already work in the security industry.

There are several things that Schneier does well. It’s very important that someone presents a composed and rational argument of how to manage security post 9/11 – a theme that runs throughout the book. He also takes good care to ensure the arguments are easily understood and written in plain English with no jargon. The examples he draws upon are relevant and topical, such as whether or not to buy a burglar alarm, arm airline pilots or shop over the Internet. He makes the point of trade-offs very clearly, especially that you need to consider the new risks inherent in introducing a security control, something that is often overlooked even by professionals. For example, although there are benefits to creating a national identity database, it would place all citizens’ data in one place and cause it to become a prime target. Having so much data in one place is fine until security is breached, at which point it will fail catastrophically – a situation Schneier calls ‘brittle’ security. There is consideration also for the politics of security, which more often than not is the deciding factor in security decisions that affect the general population.

Unfortunately, there are several negative aspects. Many of the main points of the book are lost amongst the dozens of anecdotes and examples that, although serving to illustrate the concepts, cause the reader to lose track of the book’s direction. This is compounded by Schneier’s writing style, which isn’t as well suited to the popular market as it could be. There is also a distinct lack of answers to many of the main questions that are posed. It’s true that ‘it depends’ is often the only answer given the complex nature of security, especially when applied to terrorism, but it often leaves the reader feeling none the wiser.

Overall, the book is fair. It requires the reader to have a genuine desire to want to gain a better understanding of security, but will be too dry for the casual reader and too basic for those with experience. I would recommend it to someone who feels disillusioned by or suspicious of the intrusive nature of post 9/11 security controls, but they would need to exercise a lot of patience to ensure they read each chapter in its correct context and follow the book closely to its conclusion.

This post is now horribly outdated. There is a Linux Mint 8 installation program that can be found on pendrivelinux.com that installs Linux Mint 8 with persistent changes directly to a USB key from Windows.

***********

I have been experimenting with bootable USB flash drives for some time now. One of the best features of Linux is that it allows people to play with USB distributions and create portable operating systems to suit their own needs.

In the last couple of years I have tried to find a way of taking my computing life with me wherever I go, but without really getting what I needed. Fedora and PenDriveLinux were unstable; Puppy Linux was lightning fast, but the wireless networking was unreliable; and BackTrack was incompatible was almost every monitor I used.

But over time computing needs change. I realised that almost all of my computing time was spent within a web browser. I have little need for much else. My requirements for computing become nothing more than a browser with multimedia furnishings. Google spotted this with ChromeOS and I think we’ll all be converted soon enough.

The problem with USB distributions is that it’s hard to install software. Generally your OS will fall flat on its face the moment you try to bolt a program on top of its ‘live’ image. This makes it hard to install multimedia add-ons (flash player, codecs etc) and leads to a below-par web experience. The solution, I found, was my least favourite of all the Linux distributions, which pissed me off a bit.

Linux Mint is designed to make the user transition from Windows as smooth as possible. It’s basically designed to look and feel very much like Windows and comes preinstalled with multimedia add-ons. The purists will hate it because it includes so much proprietary software. I hate it because I want to see Linux offer something different.

Whatever. It’s pretty damn useful if you want a rich web experience without having to install extra software.

Linux Mint doesn’t come with a USB download. I believe it might be possible to install the Ubuntu USB creator on a Linux Mint install to use, but I haven’t tried it. The method I’ve used is Linux Live USB creator (http://www.linuxliveusb.com/), which is a download for Windows and can be used to create Live USB installs.

The next step is to set up your USB key to take the install. You should set up two partitions on the key – the first should be FAT32 and at least 900MB in size. The second can be any filesystem and doesn’t need much, however I would use FAT32 to avoid having to mess about with permissions. My 2GB key is set up with 1.5GB FAT32 and 0.5GB FAT32. It’s very important that the >900MB FAT32 partition is created first, as Windows will not recognise the second. The reason for using two partitions will become clear later.

Boot into Windows, insert your USB key and download the Linux Mint live CD (http://www.linuxmint.com/download.php). Use Linux Live USB to install Linux Mint onto the key. It’s easy to use, so I won’t go into too much detail. However, you need to know that persistence doesn’t work, so in step 3 of the install select 0MB, or ‘live’ mode. In step 4, choose not to format the key. You can choose to use VirtualBox virtualisation if you wish, but I’ve found it to be painfully slow.

Once installed, you need to manually edit the ~\syslinux\syslinux.cfg file on the key. You need to change all mentions of /casper/initrd.gz to /casper/initrd.lz. It may help you to delete or comment out the persistent mode entry. You can also change the locale boot options for the other entries. As I’m from the UK, I have changed all mentions of us to uk. If you don’t do this, then you may find regional problems, such as an incorrect keyboard mapping.

Now, get back into Linux. You need to go to your second USB partition and do the following:

• Create a folder called mint
• Download http://crabwise.co.uk/shared/applyMintSettings.bash and place it on the partition
• Download http://crabwise.co.uk/shared/defineMintSettings.bash and place it on the partition

If you are using EXT as your filesystem, you’ll need to set up proper permissions for all of these files. If I were you, I’d just use FAT32 to save the hassle.

It’s time to boot up! Reboot into Linux Mint by restarting and selecting your USB as the boot device. You should see a menu counting down from 10. If you got rid of your persistent option in syslinux.cfg, then it should boot properly into Mint automagically. If you want to be sure, you can enter the menu by pressing any key and select Live Mode.

Once booted, get Firefox set up the way you want. Get your favourites, saved passwords and home pages all sorted and then close it back down. Same for any of your other favourite programs. Once you have done this, have a look at your defineMintSettings.bash and applyMintSettings.bash files – you need to edit them so that the /media/Storage/mint directory is set to the location of the mint directory on your key. Once you have amended the files, run defineMintSettings in a terminal.

So, what have we just done? Well, your newly created settings are all stored in your home area, /home/mint. You’ve just copied them all over to the second partition on your USB key. The first partition is read only, hence the need to copy everything to the second. As soon as you power off, all of these settings will disappear, hence the need to back them up somewhere.

Reboot again, and once logged in, run the applyMintSettings.bash. This will copy all of your saved settings back, and you will have all of your favourites, passwords and cookies that you love so much. If you want to add more, you simply run defineMintSettings.bash again and your current settings will be saved.

If you don’t run the files, you get a perfectly usable live session. Perfect for browsing porn apparently.

I discovered an incomplete but useful tutorial on how to create a user with an encrypted home directory in Ubuntu using Truecrypt. This how-to should cover this in full. It should work under other Linux variants, but relies on GNOME being present and started.

It is easy to set up encrypted home directories as a default during an Ubuntu installation, however you can’t apply encryption after installation. Also, sometimes it’s fun to see if you can do things the hard way.

I have tried to create a hidden volume to use as a home area with plausible deniability. However, you need to use FAT as the filesystem type, and this has caused problems. EXT3 has been much faster and more reliable for me on Linux.

This how-to assumes a knowledge of both Truecrypt and basic Linux commands.

• First up, we need to install Truecrypt. Visit http://www.truecrypt.org/downloads and download your required package. Extract the file and run it as root to install.

• Create an encrypted volume to use as the home area. This is easily done using the Truecrypt GUI. We’ll assume it’s called /home/bob.trc.

You will be required to choose a filesystem type as part of the process. This how-to assumes EXT3 has been chosen – I have had massive issues trying to use FAT. You will also need to be running as root if you wish to place the volume directly in /home. You want to use a standard volume, not a hidden volume.

• Mount the encrypted volume in a temporary location. The easiest way is “truecrypt /home/bob.trc /mnt”, assuming /mnt is free to be used.

• Add the new user either using useradd or through the Users and Groups GUI. Let’s assume the user is called bob and has a home area of /home/bob.

• Set the permissions on the Truecrypt volume: “chown -R bob:bob /mnt”.

• Copy the startup files over “cp -Rp /home/bob/* /mnt/” and “cp -Rp /home/bob/.??* /mnt/”.

• Unmount the volume “truecrypt -d”.

• Recreate bob’s home directory “rm -fr /home/bob”, “mkdir /home/bob”, “chown root:root /home/bob”, “chmod 700 /home/bob”.

* bob’s home directory is a mount point, so the permissions don’t have to allow bob access whilst the volume is not mounted.

• Edit /etc/gdm/Init/Default to mount bob’s home directory when GNOME starts:

After the line:

OLD_IFS=$IFS

Add in:

if `df|grep “/home/bob” > /dev/null`
then
:
else
truecrypt /home/bob.trc /home/bob
fi

It doesn’t seem to be possible to mount the volume using a normal startup script. Not sure why. Hence the GNOME startup workaround.

• Done!

You will need to enter the correct password during startup. A dialogue box will appear allowing you to do so as GNOME will already be started. Have fun!

First up, ethics are fluffy, intangible and open for debate. Security is cold, hard and measurable. It’s difficult to measure, but it’s measurable nonetheless.

I’m not going to debate the ethics of the national DNA database. I’m going to argue that security is not a reason to dismiss it.

The “establishment’s” argument is pretty simple. A crime is committed and DNA is left at the scene. Match the DNA to the database and bang! You’ve got a strong lead.

This is good security. It helps catch criminals. It’s no different to playing back CCTV or taking eyewitness accounts.

The counterargument is also simple. How are you going to store my DNA? What are you going to do with my DNA? What if you lose my DNA?

What if you lose my DNA?

Seriously, so what if you lose my DNA? You could clone me, I guess. I’ve already got a clone – I’m a twin – yet I don’t feel violated. You could work out if I have any genetic diseases, but no-one argues that we should destroy everyone’s medical records. Maybe you could blackmail me with the threat of releasing my DNA to the whole world! PLEASE NOOOO!!

Does the “establishment” know my address, date of birth, mother’s maiden name, postcode? Yes. Yes they do. What if they lose that instead? Well, I could become a victim of identity theft. That’s cold, hard and measurable. That’s a security risk.

The whole “stop losing my personal information, you bastards!” issue has come about because of identity theft. No-one really cared before that. Of course, being unique, there’s nothing more personal than your DNA (unless you’re like me), so naturally we feel it’s the most personal of all the data. It is our identities.

But it’s not our financial identities.

Put it this way, if my twin was asked to submit his DNA for a medical project, he wouldn’t ask my permission. If he was asked to give his mother’s maiden name and date of birth coupled with my name and address, he’d do it in a heartbeat. But that’s only because he’s an evil bastard.

How can having complex passwords save us from identity theft? Not much. Despite what you may read here:

http://news.bbc.co.uk/1/hi/technology/8298489.stm

and here:

http://www.theregister.co.uk/2009/10/07/hotmail_phish_password/

Complex passwords defend against a single attack: the brute force password guessing attack. When you log into your online banking account, the system doesn’t check your password against a list of stored passwords. Rather, it stores a hashed version of your password and compares it against a hash of the password you provided. This is a good control – it means your password isn’t stored in the clear on your bank’s system. It means that even the bank’s system administrators don’t know your password and can’t spoof your identity.

If a system administrator does want to know your password, she has two choices. She can either reset your password, which is risky because this will be recorded, or she can copy your hashed password and try to find the password that hashes to the same value. This is the brute force attack. You go through a (very) long list of passwords hashing each one in turn until you find the right one. It’s best to start with the most common passwords first, so using a complex password makes you less exposed. The hash of your password isn’t available to anyone but system administrators (and, of course, their close friends).

The brute force attack isn’t an online attack. If your bank locks your account after 5 invalid logon attempts, then how could you guess a password at a login prompt? What if your bank enforces a 3 second delay in responding if your password is wrong? It’s impossible. Simple as that. That’s why phishers trick you into telling them your password instead.

And a complex password is no good if you tell someone what it is.

To defend against phishing it’s better to have a weak password and change it every month than a strong password that remains the same. It’s good to use different passwords across each of your accounts. It’s also good not to give the damn thing away.

Of course, you may not trust your bank’s system admins, in which case a complex password is a good move. That’s all it’s good for though.

Welcome to my new blog. It probably won’t take off, but I’ll get blogging anyway.