Self-encrypting hard drives are becoming a reality. One standard, led by the Trusted Computing Group, has been adopted by a number of vendors; see the press release here. I like this initiative a lot and really consider it a win-win situation. The cost of encryption is virtually nill because the encryption itself takes place in hardware on the drive. This means that everything is encrypted by default, without compromising performance. Note that this is a huge advantage. We may remember to encrypt our most sensitive files, but at the same time forget to encrypt our email archive, previous versions of the sensitive file, and of course the swap and hibernate files which can contain everything. Encrypting everything by default protects us from these omissions.

How secure are these drives? Well, the encryption keys are generated and stored internally on the drive. Thus, the security of the system depends on the security of the key inside the drive. This means that the main question to ask encrypted-drive manufacturers is how is the key stored inside, and how secure is it? If a secure smartcard chip is used, and the key is password protected, then this is great. If the key is obfuscated and somehow hidden (of course, and still password protected), then someone stealing the drive can probably get to it given enough effort. However, you have still made their life difficult and they have to take the drive away with them (it's unlikely that they'll be able to do this without taking the drive apart). So, in any case, you have gained a lot. (I am ignoring the possibility of really bad implementations, although experience tells us that this can also happen not too infrequently...) It is worth noting that highly sensitive files should probably still be encrypted on a higher level (using an encryption key that is stored in a separate smartcard that you take with you). Keeping the encryption key in a completely separate place is always the best practice and prevents even the most concerted efforts to decrypt.

On a usability note, since the encryption keys are internal to the drive there is no key management issue. This is good because key management is often the biggest hurdle to adoption. Regarding data loss, it is important to realize that if the encryption key is somehow lost due to a fault in the drive, then this would be the same as if your hard drive was completely destroyed. So it's important to also ask manufacturers what sort of fault tolerance has been built into the system regarding the encryption key. Needless to say, you should backup your files anyway (even if your hard drive is not encrypted).

I spent last week at BlackHat in DC. As usual, I really enjoyed it. There were many really great technical talks. My favorite was a talk entitled "Attacking Intel® Trusted Execution Technology" by a team at the Invisibility Things Lab. One of the reasons that I really liked this talk was because it presented results from an in-depth, long research project. These are not researchers who were looking for a quick way of getting a catchy title out there. They painstakingly studied the new Intel infrastructure and came back with good and bad news. The good news: this is really the right direction, and Intel has made a great contribution with this technology. The bad news: there are still problems, and in particular, it is possible to attack the secure loading process. This is also a great differentiator: rather than blasting Intel over the security flaw, the researchers gave an objective overview and gave both praise and criticism.

This is what great research is all about. Take the time to carry out an in-depth study on an important subject and then report the results, both good and bad. This team did a great job, and it showed. Their presentation was well accepted and appreciated.

Just one more comment: there were many other great talks at BlackHat that also presented high quality research, so my above statement is not to the detriment of anyone else.

Recently, seven researchers succeeded in constructing a full-fledged certificate that was never issued by a CA, but will be accepted by any browser who trusts a certain CA; read more here. They did this by finding two certificates that have the same MD5 hash: the first certificate is legitimate and was issued by a given CA, while the second never would have been and can be used to attack a website. The ramifications of this result are significant, but it is important to understand them properly.

First and foremost, the attack has nothing to do with the SSL protocol, but rather is an attack on the MD5 hash function. MD5 was broken a long time ago and should never be used by any self respecting CA. So, if a CA is using MD5, we should remove it's root certificate from our certificate store. Such a CA is at best grossly negligent!

Second, this is yet another reminder that once significant weaknesses have been demonstrated on a cryptographic primitive, it should no longer be used. The argument that a revealed weakness is not yet a practical attack - and therefore one can continue to use the primitive - is a dangerous one. The MD5 collision attacks are an excellent example of this. Until now, most attacks on MD5 did not have any practical use (especially not with respect to web security). However, a real attack did not take too long to come along. Certificate authorities who did not heed this, and are still allowing the use of MD5 in new certificates, are behaving recklessly and irresponsibly.

In conclusion, SSL is fine and the problem is not there. The problem lies in our Public-Key Infrastructure and in the fact that our root certificate store comes with CAs who are irresponsible. The solution is simple: remove all such CAs from your certificate store. Since this is not trivial for the average user (indeed, as a regular user, I may not even know if a given CA allows the use of MD5), I would hope that this will be done in an automatic security patch by Microsoft and others.

Most of us are willing to connect to wireless networks at cafe's and airports. The problem is that we don't really know who we are connecting to. Let's first make it clear that this is a highly undesirable situation. Think of your favorite malicious hacker. Now, ask yourself if you would plug your laptop into his/her personal network, and surf the web via his/her router. OK, the answer is pretty clear... The easiest thing to say is that you should only use your wireless at home and at work. However, this isn't very realistic for most of us. (I would hope that users with highly sensitive information on their laptops would take greater care, but for most of us, this isn't going to happen. The "need" to be connected is just too great!) In any case, there are a few things that you can do that are of little bother and can significantly help you.

Typically, every time you connect to a wireless network, the network name is stored by your machine. You can view the networks that you have connected to by clicking on "Wireless Network Connection", going to "Advanced Settings" and then clicking on the "Wireless Networks" tabs in the dialog that opens. Most of these networks will be labeled "Automatic" meaning that next time you get in their range, you will be automatically connected. However, the only thing that your machine checks is the network name. So, if your home network is "home" or "default" (which is the case for a very high percentage of users), then anytime someone sets up a wireless router with that name, your computer will automatically connect to it without asking you. (Needless to say, the same is also true of tmobile and other popular names.) This is a really easy attack and it yields very high success. So, what can you do?

• Turn off your wireless network when you don't need it (my laptop has an external button to do this). This will also save you battery power.
• Erase wireless networks that you connected to in the past and don't need anymore. (You can erase the network that you used at a hotel after you leave.)
• Don't use a generic name for the wireless network that you have at home (change it to something specific for you).
• Require authentication on your network at home (preferably WPA-AES), and use a long key (you don't need to remember it anyway). This will prevent your computer connecting to another router with the same name (because the other router won't know your encryption key).

This doesn't fully protect you, but it greatly reduces the risk, and it's easy to do as well!

It's a well known fact that computer (or cyber-) crime is a big business today. It's been a long time since attacks were carried out by amateurs who were looking for a thrill. Today, there are large, well organized, organizations whose business is cybercrime. Their business includes selling cybercrime tools (e.g., for spamming or infecting machines with malware), stealing credit card numbers and reselling them, attacking banks in order to transfer funds to offshore accounts, and much much more. A short article summing up 2008 can be found in NetworkWorld (12/15/2008), and a more thorough and detailed description can be found in Aladdin's AIRC (Attack Intelligence Research Center) threat report. To keep up to date, I strongly recommend reading the AIRC blog as well.

So, if this is so well known, why am I commenting on it? The reason is that despite the above, user awareness regarding computer security is still horribly low. Worse still, many corporate organizations are still deploying very low-security measures. So, even though it's well-known, it's helpful to remind everyone...