Cryptography

Another Little Known Tool to Securely Delete Files, Folders, and Volumes

Why, all of a sudden, is everyone concerned about secure file deletion? I hesitate to say it’s a sign of the poor economy, but perhaps people consider it even more important to protect their personal information when the idea of losing control of their assets—and their lives–through the incompetence of corporate “managers” and well-intentioned but clueless politicians is more abhorrent than losing control through the outright thievery of Internet gangs. It’s weird. I harped on people about securing their data all along and mostly, my advice fell on deaf ears. Now people are worried. And it’s not because they see more spam email phishing attempts, it’s because they feel they can’t trust anyone anymore, not their formerly respected captains of industry, and certainly not their elected officials.

But, I digress. This post is about security tools, not politics, so I’m now officially off of my soapbox.

I recently posted an article about SDelete, a tool that can be used to securely delete files and folders on a hard drive. There’s another little known, useful tool that has been built into the OS since Windows 2000: cipher.exe. Microsoft provides the following in Knowledge Base article 315672:

How to Use the Cipher Security Tool to Overwrite Deleted Data

To overwrite deleted data on a volume by using Cipher.exe, use the /w switch with the cipher command. Use the following steps:

1. Quit all programs.
2. Click Start, click Run, type cmd, and then press ENTER.
3. Type cipher /w:driveletter:\foldername, and then press ENTER. Specify the drive and the folder that identifies the volume that contains the deleted data that you want to overwrite. Data that is not allocated to files or folders will be overwritten. This permanently removes the data. This can take a long time if you are overwriting a large space.

One more tool you can use to mollify your paranoid clients.

MD5 Hashing Algorithm No Longer Safe

Just last week, two German security researchers, Alex Sotirov and Jacob Appelbaum, made a surprising announcement at the Chaos Communication Conference in Berlin: they had created a fraudulent Certificate Authority (CA) that had a valid signature from a root CA, Equifax, one of the oldest. The ramifications of this are far-reaching. Imagine what will happen if cyber criminals generate fraudulent certificates. The phony certificates could be used to create phishing sites that would appear to browsers to be perfectly legitimate.

Steve Gibson focused on this issue in his latest Security Now! podcast (#177). On the resource notes for the episode, Steve gives a link to the actual certificate with instructions on how to view it.

The extremely paranoid can remove any certificates that don’t rely on SHA1 hashes to protect their certificates and CAs should immediate ditch MD5.

Virtual Safe Deposit Box?

A bank safe deposit box, securely stored in a vault behind several feet of concrete on five sides with a virtually impenetrable combination-and-time-lock-protected door on the sixth side, is about as safe a storage place as you can get for your cash, gold, jewels, important documents, and other valuables. You rarely hear of anyone losing valuables from a safe deposit box, but there’s an almost daily news story about sensitive data being lost or stolen. This makes for an interesting thought experiment.

While it’s not possible to provide the physical security of a bank vault on a laptop or other portable storage device, it is possible to protect the information itself with encryption so that only authorized persons can access it.  Take the bank’s physical security out of the mix for a moment, making it possible for someone to walk right into the vault; they still can’t unlock your box without access to the bank’s key and your key. Similarly, encryption requires two keys: the encryption key and a passphrase; without both, the encrypted volume won’t open.

One could say, therefore, that an encrypted volume is a virtual safe deposit box for your valuable data.

WiFi Security–The Only Way is WPA

Please note: since this article was posted, WPA-TKIP has been found to be vulnerable. See my post of 2008.11.13 entitled “WPA-TKIP Vulnerable to Attack” for more information.

It’s far too easy to set up WiFi for your home or business; all you have to do is go to your local electronics superstore and pick up a wireless router, plug it in to your network, and connect to it. The default configuration of most consumer products–completely open with no security enabled–will allow you to connect without having to enter any configuration information into your wireless PC. That’s why in any given neighborhood you’ll see multiple unsecured wireless network connections available. Most public WiFi hotstpots are also unsecured, open connections. If you just surf the web and send an occasional email, you might be OK (besides the fact that anyone in range can connect to and use your Internet connection), but the moment you start using your PC for banking, making purchases, and paying bills online, that wireless connection absolutely must be secured. It must be done right, and there’s really only one right way to do it. Before I explain that, let me tell you what not to do:

1. Don’t rely on SSID hiding. I’ve seen numerous articles that tout SSID hiding as a security measure (and one CISSP, no less, is recommending it!) While this technique may serve to hide your network from casual view, there’s nothing secure about it: the SSID is transmitted in clear text in every packet and is easily sniffed by wireless packet sniffers. For example, Network Stumbler will identify the SSIDs of any network within range, regardless of whether or not the wireless access points are broadcasting.

2. WEP is broken. Using 40,000 to 100,000 packets, which can be captured in about a minute, you can crack a WEP key in about three seconds on a Pentium M 1.7 GHz PC. Don’t believe me? Check it out: This list even provides video tutorials on how to do it. Sure, it provides a small measure of security and it’s better than nothing, but why use something that’s already been proven inferior? Would you feel more secure knowing the garage where your store that vintage Corvette is protected by a Master lock or one you bought at an everything-for-a-dollar store? Your personal information is much more valuable than that car.

3. Don’t bother with MAC address filtering . I don’t know why so many people are recommending this. MAC address filtering is equivalent to SSID hiding–it’s virtually useless, except to keep a casual user from inadvertently connecting to your wireless network. Like the SSID, MAC addresses are sent in clear text within the network packets and can easily be discovered and spoofed by anyone sniffing your network.

So, what’s the right way? WiFi Protected Access, known by its acronym, WPA. There are two versions: WPA-Personal and WPA-Enterprise. WPA-Personal relies on a pre-shared key (PSK), while WPA-Enterprise requires a special authentication server and is therefore more suited to corporate environments. WPA implements 128-bit encryption and as long as you create a strong, unguessable passphrase, it’s completely secure. Configuring WPA-PSK on a given wireless router depends on the brand, but you can find a general tutorial at this site.

And that, my dear reader, is Maxim #13 in the How to Secure Your Computer series of articles:

When it comes to securing a WiFi network, the only way is WPA.

SSL is Your Friend and Protector on the Web

I hope I’ve given you some valuable advice in this series of posts on how to secure your computer. If so, and if you’ve chosen to take my advice, you’re probably careful about what you do on the web. You certainly have strong passwords for all of your logins, all of them different, and you don’t go around telling people what they are or keeping them on sticky notes attached to the monitor at your workplace. But the web can be a dangerous place; make a mistake and you could be in trouble. There’s one common mistake that if you make it, you may as well paint your passwords in 10-foot tall letters on a lighted billboard next to a busy freeway and invite every hacker to drive by it.

I’m talking about entering your password — or any sensitive information — into any web page that’s not secure. All communication — including your username and password — between your browser and a web server is normally transmitted in clear text, easily read by anyone who cares to look. Your data is being sent in clear text if you enter anything onto a page that has the prefix http:// in its URL. That’s how you know the page isn’t secure. While not a totally reliable method of identifying a phishing site, it’s a pretty good bet that any financial site or one requesting personal information that displays http:// is suspect; steer clear and don’t enter your credentials.

How do you know a page is secure? It will use an encrypted connection, signified by the prefix https://. This page will use a technology known as Secure Sockets Layer (SSL). Any information you put into such a page is unreadable by anyone who might intercept it. Only your browser and the web server at the other end can decipher it. Some browsers even show a lock icon to let you know it’s secure. SSL relies on special security certificates issued by a trusted authority who has verified the identity of the website you are logging onto. So, I present you with Maxim #11 in the How to Secure Your Computer series:

Never enter sensitive information into any web page unless you have verified that the information is being sent over a secure connection signified by https:// in the address bar and a lock icon in the browser’s status bar.

How to Secure Your Computer: Maxim #10

A friend of mine came up to me the other day and said, “I love your computer security maxims, but there’s one thing I don’t have anything to worry about–I keep all of my passwords stored on an encrypted thumb drive.”

“Well, that’s a good thing,” I said. “Where do you keep your backups?”

“On my external USB drive.”

“That’s encrypted, right?”

He blinked and looked away. “No.”

Doh! If a cracker is able to access his PC and that drive is connected and turned on, my friend could be toast. If someone breaks into his house and steals the drive, my friend could be toast. Depending on what is actually stored on the hard drive, full backups can contain lots of personal information–information that is much more valuable than mere passwords. Think about it: if you have the user’s name, address, SSN, pet photos, you-name-it, you’re in Fat City; you can easily assume the identity and recover usernames and passwords.

Few people encrypt their data, much less their backups. They should, but they don’t. Some backup programs allow you to make encrypted backups. If this option is available take advantage of it. The most secure plan would be to both encrypt your data and encrypt the backup for a double layer of protection. Then, take the backup media offline and store it in a secure place. And that is Maxim #10:

When using external removable media for backups, either encrypt the backup files or make sure the media is taken offline after the backup has been completed.

Windows XP SP3 Offers Enhanced Reliability and Security, But Not IE7

The long-awaited Windows XP Service Pack 3 became available as an Express Update May 6, 2008 on Windows Update, and offers enhanced reliability and security through a few new features: Network Access Protection (NAP), designed to work with Windows Server 2008; a product key-less install option; a Kernel Mode cryptographics module, and; a “black hole” router detection algorithm.

One puzzling thing, however, is that SP3 doesn’t include the more secure IE7–it ships with a fully-patched IE6 instead. As I found out, having applied SP3 to my systems, all of which are running IE7, this isn’t a problem; systems won’t be rolled back to IE6. Here’s an excerpt from the IE Blog:

XPSP3 will continue to ship with IE6 and contains a roll-up of the latest security updates for IE6. If you are still running Internet Explorer 6, then XPSP3 will be offered to you via Windows Update as a high priority update. You can safely install XPSP3 and will have an updated version of IE6 with all your personal preferences, such as home pages and favorites, still intact.

If you are currently running IE7 on XPSP2, Windows Update will offer you XPSP3 as a high priority update. If you choose to install XPSP3, Internet Explorer 7 will remain on your system after the install is complete.

If you’re still running IE6, you really should upgrade to IE7. Along with SP3, that will make your XP system as secure as it can be at this time.

Make Your Own Paper Enigma Machine

The Enigma cipher machine was a very cool electromechanical device for producing polyalphabetic ciphers that reached it’s heyday during World War II. The original surviving devices are all in museums or private collections, but you can make a paper version. This site: http://mckoss.com/Crypto/Enigma.htm will let you print one out and play with it.

Using the paper version is tedious, though, so you might want to check out this cool simulation that you can install on your PC. There’s also an online Flash-based simulation.

Have fun!

Encrypt, You Must, But Do It Right!

One of the clients I service has information that falls under HIPPA. Prior to last week, all of the data was stored on a server located behind a strong firewall in a building with good physical security. Last week, however, this organization decided to deploy laptops for their field operatives. Major security problem. Full-drive encryption was my first thought.The good thing is that there was nothing on the laptops except for the OS–they were brand new. Nobody had seen them except me. I was able to encrypt the hard drive before any data had been written, thus insuring that no remnants of unencrypted data exist. Every future write to the hard drive will be encrypted.

If you think about it, this is the safest way to do full drive encryption. But what if you want to re-deploy equipment that has had data on it? In this case, you’ll want to first wipe the drive using a good tool like Darik’s Boot and Nuke (DBAN) or CMRR’s Secure Erase, depending on the sensitivity of the data. DBAN will let you write multiple passes of pseudorandom data, which is usually “good enough.” Then, reinstall your OS of choice and run your full drive encryption program assigning a passphrase at least 20 characters long (mine’s 45). All this working of the drive should sufficiently scramble any data remnants.

The Unsolved D’Agapeyeff Cipher

Sometimes, it’s a good thing to take a breather from the routine, to venture off into something more fun than the serious day-to-day concerns of network and computer security. One of my interests is cryptography, especially its history, and I love to play around with cryptograms in the daily newspaper, even though they’re just simple substitution ciphers (though there are some puzzle books out there that use polyalphabetic and transposition ciphers).

There’s no question that computers have taken cryptography well out of the realm of human-generated codes and ciphers. Done properly, modern encryption systems produce output that appears to be nothing more than random noise to a human–and no human will ever be able to break those ciphertexts without the help of powerful computers. Yet, there are human-generated ciphers that haven’t been cracked. One of those is the D’Agapeyeff cipher, which appears as “…a cryptogram upon which the reader is invited to test his skill” in the first edition of “Codes & Ciphers, ” written by Alexander D’Agapeyeff, published by Oxford University Press in April, 1939.

The book is an elementary text on classic encryption methods and the cryptogram is placed on the final page of the final chapter which details methods of decryption of the various types of ciphers. Here’s the cryptogram as it appears in the book (this was omitted from later editions for reasons unkown):

75628 28591 62916 48164 91748 58464 74748 28483 81638 18174
74826 26475 83828 49175 74658 37575 75936 36565 81638 17585
75756 46282 92857 46382 75748 38165 81848 56485 64858 56382
72628 36281 81728 16463 75828 16483 63828 58163 63630 47481
91918 46385 84656 48565 62946 26285 91859 17491 72756 46575
71658 36264 74818 28462 82649 18193 65626 48484 91838 57491
81657 27483 83858 28364 62726 26562 83759 27263 82827 27283
82858 47582 81837 28462 82837 58164 75748 58162 92000

I assumed (correctly, I think–see this article) that two numbers represent one letter and that this was some sort of simple substitution cipher. I divided the cryptogram thus, omitting the three zeros that are obviously nulls:

75 62 82 85 91 62 91 64 81 64 91 74 85 84 64 74 74 82 84 83 81 63 81 81 74
74 82 62 64 75 83 82 84 91 75 74 65 83 75 75 75 93 63 65 65 81 63 81 75 85
75 75 64 62 82 92 85 74 63 82 75 74 83 81 65 81 84 85 64 85 64 85 85 63 82
72 62 83 62 81 81 72 81 64 63 75 82 81 64 83 63 82 85 81 63 63 63 04 74 81
91 91 84 63 85 84 65 64 85 65 62 94 62 62 85 91 85 91 74 91 72 75 64 65 75
71 65 83 62 64 74 81 82 84 62 82 64 91 81 93 65 62 64 84 84 91 83 85 74 91
81 65 72 74 83 83 85 82 83 64 62 72 62 65 62 83 75 92 72 63 82 82 72 72 83
82 85 84 75 82 81 83 72 84 62 82 83 75 81 64 75 74 85 81 62 92

You can see that no pair begins with a number less than six and no pair ends with a number greater than five. This suggests a matrix like this:

1 2 3 4 5
6a b c d e
7
8
9
0

Using this hypothetical grid, 61 is “a,” 65 is “e,” etc. That’s as far as I’ve managed to go.

Anyone else like to play with this?

Cheers!
The Geek