Posted on

Relabel the Email Send Button “Make Public”

Email is not private. Ever.

We’ve heard a lot about email security during this election year and I am afraid people may have gotten some wrong impressions from the discussion. Most of the debate has been over the use of secure email servers. People may get the impression that using a secure email server makes the information on email private. Securing an email server makes it difficult to snoop into email stored on the server, but that is only a fragment of the picture.

Using email for critical private information is unwise under any circumstances. I fear this point is lost in the discussion. An email server is only one vulnerability in the chain of vulnerabilities from sender to receiver. You can never be certain, even reasonably sure, they are all safe.

Sending information in an email exposes the information to unauthorized access that you will not be able to control. In addition to unauthorized snooping, any email sent or received on company email is open to both the employer of the sender and the receiver. A business may be legally required to make their email public in court. An additional danger is the email message you receive may not be the message your correspondent sent to you. The sender in the email header may not be the real sender. Email was designed for convenience, not for integrity or privacy of communications.

My attitude, and that of a few other software and network architects with whom I have discussed it with recently, is to treat an email as a postcard, open to anyone who cares to snoop.

How email snooping works

To understand email security, you have to know a little about the email system architecture. There are five components: the email sending client, the receiving client, the connecting infrastructure, and the sending and receiving servers. Usually the sending and receiving clients are a single piece of software, like Outlook or Thunderbird, but the sender and receiver each has their own. In addition, unless you are sending email to someone in your own domain (the right side of the “@” in both addresses are the same) the email will go from the sender’s client to the sender’s email service to the receiver’s email service to the receiver’s client. The connecting infrastructure is usually the Internet, and it is often the most vulnerable part of the process.

As an email sender, you can protect your email client by choosing a reputable email service, managing your email account passwords carefully, and following good security practices on the devices you use for sending and receiving email, but you do not control the receiver’s elements in the chain. Steps can be taken to increase the security of email, but there is no way to tell if they have been taken at the links you do not control in the chain. In other words, no matter how careful you are, there are still many opportunities for tampering with the email you send and receive.

Email encryption

However, you can do something to protect your privacy: you can send encrypted messages that you encrypt yourself and your recipients must decrypt themselves. Independent encryption that is controlled by you and your recipient eliminates most of the issues. The problem is that you can’t send an encrypted message to just anyone because you and your recipient have to share some secret key to the encryption. This is the method behind PGP (Pretty Good Privacy) that technical types have used for a long time for email privacy. Many off-the-shelf products require less technical skill to use than PGP, but senders and recipients still have to share some secret information before communication can take place. Off the shelf products can hide the sharing and lessen the pain, but you and your correspondents will still have to agree on tools and keys before you can exchange messages privately.

Encrypted email is the only kind that I consider secure. But I also keep in mind that encryption-based systems are still fallible. What is safe today may be vulnerable tomorrow because all encryption can be broken if sufficient computing power is applied. Today, breaking the most secure encryption requires decades of computer time, but tomorrow’s computers are likely to be much more powerful. Emails that are securely encrypted today will be easy to hack in a few years.  Also, if an encryption key gets into the wrong hands, the message is no longer private. If a careless recipient saves an unencrypted copy of a message, it is no longer private. Also, a strong but poorly implemented encryption is still weak. Encryption products that ought to have been secure have turned out to be insecure through implementation errors. Always keep in mind that email places whatever you send into the hands of strangers.

Email was, like the Internet, designed for flexible and open communications. Its complex and sprawling structure changes slowly. Computer and network security in general has improved greatly in recent years, but the criminals have gotten better too.

The upshot is that secure email servers do not secure email. I, and many other software engineers and architects, regard all email as insecure. Period. Always assume that hitting the send button makes the message public.

Email is fast and convenient, but not private.

Posted on

Seven Rules for Bluetooth at Starbucks

A few weeks ago, I was talking to another engineer about Bluetooth security. Between us, we weren’t sure how secure Bluetooth is. I decided to find out. The first place I went was to the Bluetooth standard. That got me a great answer to the question “How secure is Bluetooth?” The answer: a firm maybe. To remove some of the uncertainty,  I compiled seven rules for reducing the chances that your Bluetooth connections will be hacked.

Before I list the rules, I will explain why the answer to Bluetooth security is only maybe.

What Is Bluetooth?

BluetoothLike Wi-Fi, Bluetooth is a standard designed to be a cord and cable eliminator. It is a well-established hardware and software standard for short-range communication between computing devices and peripherals that most of us use all the time. Bluetooth and Wi-Fi use the same radio frequencies, but they are quite different. Bluetooth connects accessories to computers. Wi-Fi connects computers to networks.

Bluetooth’s normal range is 30 feet, with special antennas, the range can extend to about 100 feet. The signal can penetrate some walls. In contrast, current home Wi-Fi range is over 200 feet and commercial variations on the standard have greater range. Any Bluetooth client device within 30 feet in any direction will be able to communicate with your Bluetooth host computing device, if your host will accept the client. Your host could be a desktop, laptop, tablet, or smartphone. In our Internet of Things world, almost anything, like a coffeepot or a bathroom scales, can be a Bluetooth client device, but headphones, keyboards, and mice are usual the candidates. The client device could be on the other side of a wall or across the room.

Bluetooth Security

Most people realize that an unsecured Wi-Fi connection can be intercepted by hackers, but how secure is Bluetooth? What can hackers do to us through Bluetooth? It is a complicated question.

Let’s be clear. Bluetooth is sometimes completely insecure. For example, the NSA has declared commercial Bluetooth headphones insecure and bans their use in the military and agencies that deal in confidential or classified information. However, some uses of Bluetooth are secure and a lot of uses are secure enough.

Dispelling a Myth

Bluetooth uses frequency hopping to eliminate interference with Wi-Fi and other radio devices that use the same frequencies. Bluetooth rapidly hops from one frequency to another. This blocks interference that doesn’t follow the hops. Occasionally, this scrambling of the signal is proposed to be a security measure that guarantees that Bluetooth is always secure. This is False! Hackers circumvent frequency hopping easily.

Bluetooth Profiles

A standard like Bluetooth is written to be used for many different purposes. To meet varying sets of requirements, standards like Bluetooth use a concept called profiles. A standards profile is a subset of the standard and a set of practices that narrow the scope of the standard to a specific need. Bluetooth has over thirty profiles. If you look at the details of Windows 10 Bluetooth documentation, you find a list of about a dozen Bluetooth profiles that Windows 10 supports. When a Bluetooth device pairs with a host, the devices agree on a profile they both support. A Bluetooth mouse or keyboard, for example, uses the Human Interface Device profile and a Bluetooth TV remote uses the Audio/Video Remote Control profile. Each profile tailors the standard to a specific purpose.

These profiles also determine the security of the connection. Profiles choose between security modes that vary between wide open to quite secure. Those headphones NSA doesn’t like use an insecure mode that makes it quite easy to for a hacker to listen in. Those low-security head phones pair up with phones and music players easily and are not weighed down with extra security circuitry. You may still want those convenient headphones because, unlike the NSA, you may not care if someone listens in.

Threats
man-in-the-middle
Man-in-the-middle Bluetooth attack.

A Bluetooth hacker can listen in on the connection passively without interfering in the traffic, but they can also launch a man-in-the-middle style attack in which the hacker takes control of the traffic over connection. The most dangerous attack is spoofing, in which a hacker tricks your host device into believing that the hacker’s signal is coming from a device you have paired with. The first step in spoofing usually occurs while your host and a Bluetooth device are exchanging security information during pairing. The hacker listens in on the exchange and then uses the information to spoof your host device.

Secure password exchange prevents man-in-the-middle and spoofing. Encryption blocks passive eavesdropping, which may not be so important if you are listening to Beyoncé on Bluetooth headphones, but critical if you are typing in your bank password from a Bluetooth keyboard and an eavesdropping hacker is recording it. Worse, hackers may use the connection to get into your device. A skillful hacker can take over and seriously compromise your laptop or other host device.

Secure Bluetooth

The most secure Bluetooth connections require secure passwords to be exchanged every time they connect. In secure mode, encryption is optional, but if the transmitted data is encrypted, the connection is similar to an HTTPS connection, which is the usual standard for secure network communications.

The big question with Bluetooth is which profile is in use and how it was implemented. A secure profile is secure; a low security profile is not. A rule of thumb is that if you are asked for a password when pairing, the profile is more secure. If you get to choose the password, rather than copy it from printed instructions, even better. The best approach is to find documentation on the security of the Bluetooth implementation. Knowing the profile is not enough to determine the level of security. For example, the Human Interface Device (HID) profile, which is used for mice and keyboards, leaves encryption optional. You can hope that all Bluetooth keyboards encrypt, but the HID profile does not guarantee it. If the situation requires security, you must consult the security documentation for the device. You may have to dig for it. Don’t rely on marketing literature. Marketers often over-simplify security issues.

My recommendation is that Bluetooth can usually be used safely at home if you control at least a thirty foot perimeter in all directions. Using Bluetooth in public is risky, but the risk can be moderated by following precautions.

Seven rules basic rules for Bluetooth safety:
  1. Avoid high-stakes private activities, like banking transactions, when using Bluetooth in public.
  2. If you are not using Bluetooth, turn it off!
  3. Assume your Bluetooth connection is insecure unless you are positive it is encrypted and secured.
  4. Be aware of your surroundings, especially when pairing. Assume that low security Bluetooth transmissions can be snooped and intercepted from 30 feet in any direction, further with directional antennas. Beware of public areas and multi-dwelling buildings.
  5. Delete pairings you are not using. They are attack opportunities.
  6. Turn discoverability off when you are not intentionally pairing.
  7. If Internet traffic passes through a Bluetooth connection, your firewall may not monitor it. Check your firewall settings.
Posted on

Ransomware– You Don’t Have To Pay!

Monday, 3/28/16, what appears to be a ransomware attack forced a hospital in Maryland and Washington D.C. to shut down their network. Ransomware attacks on hospitals have been increasing. Attacks on individuals are also on the rise.

Ransomware is the most direct route from a victim’s wallet to a hacker’s pocket. The hacker infects a computer, tablet, or phone with malware that makes a threat and demands a ransom. Extortion. Pure, simple, and lucrative. Ransomware has extorted hundreds of millions of dollars from innocent victims during the last few years. Despite some notable busts, the number of assaults has increased each year for several years.

The Course of an Assault

An assault follows a predictable course. The initial infection comes from executing an attachment from a malicious phony email, or clicking a web site that is a drive-by infector. Then comes the threat and demand—the choke and puke, as it is called. The victim is ordered to pay, usually in bitcoins.

Threats

Sometimes the threat is idle. The victim might click on a dodgy site that promises salacious celebrity photos. Shortly thereafter a realistic image pops up that looks like it came from the FBI, the county prosecutor, or whoever. The pop up accuses the victim of downloading something illegal. Send money and the charges will be dropped. Another variant pops a message saying that the victim’s computer is infected with a deadly virus. Buy this expensive software to clean it up or suffer the consequences. In most cases, threats like these are entirely bogus. A good anti-virus scan will probably take care of the infection.

File Encryption Threats

There is another type of ransomware that is a more serious threat. These infections disable the victim’s computer by encrypting the victim’s files. The encryption is strong and nearly impossible to decrypt without the key, which the hackers will gladly supply, for a ransom, usually between three hundred and eight hundred dollars for an individual. Businesses are hit for larger ransoms.

These criminals are ruthless and heartless. Lately, hospitals have become a favored target, no doubt because the threat to patients ups the urgency. A hospital in the Los Angeles area recently paid out $17,000 to get their files back. Around a dozen other hospitals have been hit.

Solutions

This threat is so effective, on at least one occasion, the FBI recommended paying the ransom, but you don’t have to fall victim to these file encryption attacks.

First, follow basic cyber hygiene. Don’t open email attachments unless you are absolutely certain the email is from a trusted source. Don’t visit dodgy web sites. Use an anti-virus and run scans regularly. Keep your system and anti-virus up to date. These steps will protect you from infection in most cases.

If your defenses don’t protect you, a good backup will still keep your data safe. What makes a good backup? It must be kept current, either by frequent runs or continuous backup. Most ransomware will encrypt any drive that is accessible to the infected computer, so your backup must not be connected directly. The easiest way to do this is with a reputable cloud backup service, not a cloud storage service. Cloud storage services, such as Dropbox or OneDrive, will not provide a full restore. They can help, but a regular backup is more likely to completely restore your system.

Using backups, Methodist Hospital in Kentucky was able to recover from a ransomware attack that put the hospital into an internal state of emergency for four days. They did not pay the demanded ransom.

In a Pig’s Eye

If you have a reliable backup, when the ransom demand appears, raise your right hand in a fist and shout out “in a pig’s eye,” completely reinstall your OS to get rid of the malware, restore your data files from your backup, and return to normal. You might not need to completely reinstall, but reinstalling is a sure way to remove all malware. You will have to update and patch the system. That will probably be automatic, but you should check.

Posted on

Memory On the Task List

Memory usage is another column on the task list that can help you understand what is happening under the hood of your computer. In my last blog, I wrote about CPU usage. Memory is similar to CPU in that it is a critical resource that affects computer performance and it can help evaluate malware on your system.

The Role of Memory

Without memory, often called RAM, your computer has Alzheimer’s. It may have the fastest processor in the world and the coolest programs, but it won’t do anything unless it can keep track of where it is at. The processor pulls an instruction from memory, executes it, and puts the result back into memory to use later. Without memory, a processor doesn’t know what to do next or what it has already done; it is nearly useless.

Memory vs Storage

Memory has to be as fast as the processor or the processor has to wait for data and instructions to be fetched from memory and results to be stored in memory for later use. Using present technology, the fastest memory is volatile. By volatile, I don’t mean memory is liable to fly off the handle and jet to Maui without provocation. Instead, data stored in volatile memory flys to Maui, as far as I know, when the electricity is switched off. In any case, it disappears.

Speed and volatility make memory different from storage. Data that stays around between computing sessions resides in storage, which is useful, but not when speed is the main consideration. Usually storage is on a hard disk. Hard disks are much slower than memory chips, but they store more data at less expense and they are not volatile. In other words, powering down does not affect data stored on a disk.

As processors get faster, memory must also get faster and speed is expensive. This makes memory a scarce and expensive commodity on computers. A laptop with 4 gigabytes of memory and a terabyte of storage has 400 times more storage than memory. At today’s prices, 1 gigabyte of memory costs about the same as 200 gigabytes of storage. Speed costs.

Performance and Memory

Memory is precious, but it performs. When developers have to make a process run faster, one way is to change the code to use memory instead of disk storage. If the developers go overboard and use more memory than the system has available, their optimization backfires. When the system starts to run out of memory, it moves data from memory to slower disk storage and the system begins to bog down as the processor waits for the slow moving data. The same thing happens when several heavy memory consuming processes run at the same time.

Memory Hogging

There are many reasons for heavy memory consumption. One I already mentioned— a process has been designed to consume more memory in order to perform well. Processes running above their designed capacity can also use extra memory. For example, a process designed to support ten simultaneous users might use much more memory if it is supporting a hundred users. Sometimes excess memory usage comes from defective code. A “memory leak” is a classic defect that causes processes to consume more and more memory the longer the process stays running.

Whatever the reason, when memory consumption reaches beyond the optimal level for your computing device, performance will slooooow. The cursor may get jerky. The keyboard will seem to hang, then spit out a clump of characters. When you attempt to start something new, there is a long pause. Nothing works right. Not pleasant. Not pleasant at all.

Memory Shortage Diagnostics

The task list is the first tool I use to determine if I have a memory shortage and what is causing it.

On Windows 10, a convenient way to get to the task list is to right click on the Windows icon in the lower left-hand corner of the screen. The task list will be below the line not too far from the center of the menu. Click on it.

You will get something like this.

In this snapshot, 55% of available fast memory is in use. That is a good number. When the percentage gets above 60%, into the 70s and 80s, your system will begin to suffer. Here, I’ve clicked on the memory column header to sort the processes by memory usage. In this case, I had Firefox up when I took this screen shot and it is the biggest memory consumer. Firefox uses a lot of memory so popping up a new screen is snappy. Therefore, I don’t mind that it is a big consumer. If one of the heavy hitters was an application that I was not using, I would shut it down to free up memory for a performance boost.

Memory Hogging Malware

If a memory-hogging process happens to be malware, it’s bad. You seldom know what the malware is doing. It could be generating spam or sending large quantities of messages to a server that the hacker is trying to overwhelm. It could, perish the thought, be encrypting your files, preparing to demand ransom for their return. Hogging memory is not the only way malware can slow your computer, but it is one way.

As I mentioned in my previous blog, I Google a process name if I am not familiar with it. Usually it is a Windows internal process I don’t know about, but sometimes it will show up as malware.

Emergency Measures

Now we get into some risky stuff that could force you to restore your system, but could also avoid restoring the system. You will have to decide for yourself how much risk you are willing to take, and own the results.

Removing the executable file of the malware can stop the malware’s damage. If you want to remove the file from the system, right click on the process name in the task list, the click on “open file location.” From there, you can delete the executable, but you should think about that before jumping in.

It is always better to remove an application through “Uninstall or change a program” in the Control Panel if you can. Removal is often more complicated that removing a single file. Sometimes configuration files and registries have to be modified and several files deleted. The uninstall in Control Panel is supposed to clean up everything, and, unless the author of the uninstall was sloppy, it always does.

For malware, there usually is no uninstall. If an anti-virus tool detects malware, it will do a better job of uninstalling than you can do manually. So try an anti-virus scan of the malware executable file. If scan finds and eradicates the malware, you win!

Manual Kill

However, if the scan fails and there is no uninstall, I delete any malware files I can find. Deleting the wrong file by mistake will not harm your hardware, but it could require reinstalling your operating system and restoring from a backup. (Highly unpleasant.) However, in my opinion, if your system is already damaged by malware, deleting will probably do no more damage than has already been done and may stop the damage. Therefore, when all else fails, I usually choose to delete immediately to limit the damage. This is a risk I am willing to take, but it is a risk.

If the malware is clever (bad!) it may regenerate the file you deleted. Also, deleting a file out from under a running process may not kill the process, so you will have to hit the end task button to kill it.

Manual Kill Checklist
  • Verify that the process is malware
  • Run a virus scan on the file and let the anti-virus take care of it
  • Check “Uninstall or change a program” in the Control Panel on the off chance you can uninstall it there
  • If all else fails, try killing it with the “End Task” button and deleting the file

Good luck! You could save the day for yourself. Or ruin it. I’ve seen it both ways.