Glass Box Voting

It’s all in the news these days, the Debian distribution used a version of OpenSSL with a key generation flaw.

This bug raises an interesting can of worms that I’m still trying to figure out.

Debian/Ubuntu servers built since 2006 need to be rekeyed.  That is a nontrivial thing, and it not going to happen in a lot of cases.  HTTPS and SSH impersonation is the first thing that leaps to mind if this vulnerability is exploited - those are very serious problems given how many systems are using those protocols for trusted path and authentication purposes.

Also, any servers relying on keys that were generated on vulnerable machines need to stop trusting those keys.  How many systems have good notes in place on where keys were generated?

It is worth noting that defense in depth works.  I have a couple of Ubuntu machines in this office right now that are probably vulnerable, but they are stored offline in a physically isolated location.  Once they are brought back online patching the vulnerability will be the first order of business.  Fortunately Linux package management functionality makes the patching process almost trivial, but it can throw a system (hypothetically) out of evaluated configuration or FIPS approved mode of operations (for example).  Nevertheless patching and rekeying is very much the correct action.

An interesting post about an exploit in some forum software causing medical harm to epileptics. That got me thinking about social networks generally as a security domain. As with voting, you have understand the security environment before you can determine the security requirements. Users of new social networks have a wild array of choices, from reasonably well authenticated and community policed sites like LinkedIn to much more pseudonymous arenas such as IRC and ICQ.

The Off the Record tool from http://www.cypherpunks.ca/otr/ is a recommended example of a security utility for social network users It enables a private conversation with another party, enforced by cryptographic means. From their site, the utility offers:

Encryption

No one else can read your instant messages.

Authentication

You are assured the correspondent is who you think it is.

Deniability

The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.

Perfect forward secrecy

If you lose control of your private keys, no previous conversation is compromised.

Finally, it’s licensed under the LGPL so it is free for use.

I am an amateur gardener in my not-so-copious spare time, and this year I am attempting to train wisteria and honeysuckle vines onto some cords I have strung around the garden. This involves going out to all of the vines several times a week and gently moving the new growth towards the cord you want them to grow on, as well as pruning growth that just isn’t headed in the right direction.

Meanwhile, at my day job, we are having trouble filling a slot because we lack people with the proper certifications - a direct consequence in management decisions to focus solely on revenue with little to no investment in useful training. Training a workforce is like training a vine - it’s an ongoing process, it has to be maintained for the more senior employees / older vines just like the entry level / new shoots.

Also meanwhile, another client - a business with over a hundred thousand employees and as many additional contractors, is asking their workforce to get trained on regulatory compliance, by having us sign up and watch webcasts. This kind of approach is done with the hope that the people who actually need to comply with the regulations get the information they need, but I’m not sure it’s more cost-effective than targeting the training at those that need it.

Since I’ve been thinking about usability problems, especially where it relates to security engineering, I can carry the metaphor a step further. Administrators, employees, and customers are all users, and a system of any complexity requires all of those users to have decent initial training (introduction to the system), ongoing training (in the form of easy to navigate, complete and comprehensive documentation), an approachable technical support mechanism, and a mechanism for entering trouble tickets and/or bug reports.

And, um, that’s like training vines. Blah, the metaphor slipped away.