Posted on 2009-07-30

Both secret and sensitive documents from the United States Secret Service, having to do with the presidential safe-house and motorcade routes, have been leaked via P2P file sharing networks.

The details of one of the "undisclosed locations" the USSS uses for the First Family, specifically in the event of a national security emergency, were found being spread on the Internet file sharing network LimeWire. Other information, not actually classified as secret but still extremely sensitive, such as presidential motorcade routes and a detailed listing of nuclear facilities throughout the country were also found in foreign hands. This may actually be innocuous, but how would one tell that the documents were or were not legitimate? This is a clear warning that proper security precautions are not being taken to safeguard this information.

Information Security means provably protecting the Confidentiality, Integrity, Availability, Authenticity, and Nonrepudiation of the data. Obviously the first failure here is Confidentiality, the information was stored in an unprotected format, on an Internet accessible computer, used by a person that was not aware of the consequences of using P2P software. Encryption is the obvious answer to protecting sensitive documents, but this means more than simply encrypting the entire disk with a low level system, as once such a system is unlocked, that data is available to programs running on the computer; in this case the Limewire P2P application would still have access to the information even if the drive was encrypted. So, the files need to be individually encrypted and only be decrypted to be used; this protects them from accidental disclosure, but this is not the only consideration. What of a single rogue agent, who decides that they will sell this information to the highest bidder? To protect against this, the encryption key should be a "shared secret", using advanced cryptographic techniques, it would require the private keys of at least 3 separate USSS agents to decrypt the secured document. This brings us to Integrity. What would happen if there was a bug in the P2P software that allowed a third party to modify the document, changing the motorcade route to one that was easier to attack. Again cryptography provides the answer; sensitive documents should be cryptographically hashed and signed so that any unauthorized changes are detected immediately. Again, if the private key used to sign is divided up as a shared secret, it would require three or more agents to authorize a change. Availability means ensuring that the data is always accessible; it would seem from this incident that the documents are just strewn around a bunch of different computers in some government office somewhere, although it is possible that they are on some kind of shared network storage, but that fact would actually increase the scale of damage done by this leak. True availability requires that there be multiple copies of the document in disparate locations, and that all of these copies be properly updated when a change is made. In the case of a secure document Authenticity and Non-repudiation are actually achieved in the same way as integrity, with cryptographic signing. Overall it seems the I.T. practises and policies at the USSS are in need of an overhaul. While the USSS is known for keeping its secrets, it seems not everyone there is up to speed with how digitizing the information affects the security model.

The disclosures have prompted the US Congress to consider passing a law that would ban the use of P2P software on government and contractor networks. While I think that, in and of itself, this is a fine idea, it really should just be an IT policy rather than a law. It is the next step that is more worrying. The Congress is also considering forcing P2P software developers to change the way their software works, and eventually become liable for information that is leaked via the service. Why should the software developer be liable for information disclosed and the illegal activities of those who stole the information, when it was in fact the user of the software that mis-configured it to share the sensitive information. This is tantamount to making Microsoft liable for any sensitive information disclosed due to a malware infection on a Windows machine. Do you know how many credit cards are stolen in this way? That would be an awfully big burden for Microsoft to bear, especially when in a large portion of the cases, it is in fact the user who prompted the infection. It seems to me that the US Congress does not understand what it means to develop software, and the number of unintended consequences that are involving in creating complex programs; as such, I feel it is not their place to try to regulate the industry that they can barely understand.

By: Allan Jude
Via: Computer World

Posted on 2009-07-27

HostGator, one of the many "unlimited" hosting for $4.95 providers out there (claims to host 2.2 million domains), seems to have gotten a bit scared by, or tried to capitalize on being the first to take proactive steps against a supposed 0day OpenSSH flaw.

Read more

Posted on 2009-07-13

Rogers Communications Inc. (TSX: RCI.A, TSX: RCI.B, NYSE: RCI) the largest communications company in Canada, has had an entirely inaccessible website for most of the day today. It seems to be a failure of some kind in their Java Server, which is normally masked by a friendly error message, but even that only seems to be working about 10 percent of the time

Read more

Posted on 2009-07-10

A mouthy blogger over at lockergnome has posted claiming that HTML5 spells the death of XHTML. Read on as I rip him to shreds while explaining what is actually happening.

Read more

Posted on 2009-07-09

Got a question that requires some technical prowess and would be of interest to the AppFail audience? Submit a question and you are eligible to win one of two $25 USD Gift Certificates from ShopSharkSystems.com - AppFail's favourite hardware supplier. As always, if you have an idea for a new story, or a tip on a developing situation, let us know, and we'll attribute you in the post, and link to your blog or twitter stream.