Security <-> Usability
"It does what I want with no fuss" and "it does ONLY what *I* want" have always been at opposite ends of a sliding scale. Nope, too long for a bumper sticker. Now how are the masses going to understand?
At the end of April my home was broken into by a professional who silently and systematically looted my residence of all my portable wealth while I slept. In the morning, as I looked around for a phone to call the cops (there wasn’t one, so I had to Skype them from a desktop machine), I saw he’d used an entrance that offered …
"It does what I want with no fuss" and "it does ONLY what *I* want" have always been at opposite ends of a sliding scale. Nope, too long for a bumper sticker. Now how are the masses going to understand?
Actually the latest IEEE "Security and Privacy" Magazine has a collection of articles about the "Security/Usability Tradeoff Myth"
Haven't had time to read them yet though.
The delusion that consumers have any sense when it comes to safety or security is dangerous. Time for some security regulation for internet devices. We have building codes for safety because buyers and builders often don't do the right thing without them.
As, indeed, Mr. Schneier has pointed out. As he also pointed out:
this would only be a domestic solution to an international problem... attackers can just as easily build a botnet out of IoT devices from Asia as from the United States.
What he has also said is that governments themselves must be behind some of the lower-profile but steadily-growing attacks on key bits of Internet infrastructure. My conclusion from that is governments may well see an interest in the widespread deployment of devices that can be exploited for surveillance or active hostility.
I think we've seen that governments are not fond of devices and systems that are beyond their control and I'm sure if there is any regulation of security, it will include a stipulation for government access that will effectively undermine its purpose.
Indeed, this was pushed through the UK parliament (unopposed by the so-called "opposition") and signed into law just today.
Unfortunately, the world is run by marketing, not engineering. Marketing is only thoughtful when it involves short-term profits, wouldn't understand security if it bit them in the ass, and is completely mystified by the concept of design. Other than that, I think your concept has legs.
"Unfortunately, the world is run by marketing, not engineering" - have mentioned elsewhere on here before about an acquaintance who is studying marketing, as it's the only important subject for a degree, not like boring engineering or pointless arts subjects ... don't let her hear what you're saying, she'll take it as proof she's right !! [not only can she not change a lightbulb without advice - or, it turned out, go out and buy one without help - but she just doesn't do sarcasm .. ]
This is true. Any solution that doesn't appeal to the masses is a failure. FOSS is a hard requirement, but it still has to be 'marketable'.
"No more passwords" would be a huge selling point.
I think storage is the place to start. Imagine a 'cloud storage' system that's actually secure and fully controllable by the user. Client-side key-based encryption. Key-based sharing / group access too. Clean, simple protocols. Servers only handle storage & retrieval of encrypted blobs, having just enough metadata for compartmentalization, just granular enough for efficient access & replication. Backends for existing storage options. Filesystem drivers, web APIs, etc, for compatibility with existing applications.
Make it easy for idiots to encrypt & backup their data. Kill off the proprietary cloud services. Once people get used to key-based access, extend it to everything and kill off passwords.
Secure by design does not just mean that the pre-set UID/PWDs should vary. Devices should have auto-update capability.
Any auto-update mechanism can be abused. Didn't someone hijack Windows Update in the past?
You could have doors that auto shut, unless physically put in a locked open position. The locks themselves would never have a "latch" position, defaulting to lock on closure.
And the house would be much more secure. Then that fateful time, on a cold winters day, you are late putting the bins out and BANG! You find yourself locked out, freezing cold, because the door has closed behind you, auto locked and the key is in the key safe next to your bed.
As said, its convenience vs security.
Default passwords are like having a £3 lock on the door,pretty pointless. Whereas having to type in a 30 character alphanumberic password that expires every 15 days, is like having a door with 20 high security, auto securing deadlocks. Secure, but an utter pain in the arse.
"You could have doors that auto shut, unless physically put in a locked open position. The locks themselves would never have a "latch" position, defaulting to lock on closure."
How many doors do people have that it would be worth doing that in case you forgot one? Seriously, I live in an old building with seven outside doors. That's really unusual, but I keep most of them locked and the front and back door are locked and unlocked as needed. I can't imagine someone not being able to keep track and simply locking a few doors when they go out or to bed.
Are you actually The Queen ? If so, I claim my £5. (Ma'am.)
It's Brian Rix's old house.
(RIP old boy)
lol it's actually an historical old west general store. Crazy and different, but not the castle that some might imagine. (here) Ya, I'm not normal, but I can still remember to lock my doors when I go out.
Nice place - I especially like the Union Jack flying proud on streetview :-)
I think the AVM FritzBox has something like a "physical handshaking" process. You can buy (could, at least) USB WLAN sticks to go with the access point. To configure them for your network, you would plug them into the FritzBox. This would load the SSID and authentication information onto it (supposedly, I don't own their stuff). This sounds like a no-fuss process, very accessible, very simple. Unfortunately not so easy to do this with a phone or 'slab. Especially if some companies insist on having a very strange connector, the design of which they also change, rendering equipment useless.
Yes, this is not a perfect method, but if somebody has physical access to the network equipment that should not have it you have other problems.
"I think the AVM FritzBox has something like a "physical handshaking" process. You can buy (could, at least) USB WLAN sticks to go with the access point. To configure them for your network, you would plug them into the FritzBox. This would load the SSID and authentication information onto it (supposedly, I don't own their stuff). This sounds like a no-fuss process, very accessible, very simple. Unfortunately not so easy to do this with a phone or 'slab. Especially if some companies insist on having a very strange connector, the design of which they also change, rendering equipment useless."
NFC comes to mind. Easy, cheap, extremely short range (almost contact only, if you want), and good enough to home routers and such.
"NFC comes to mind. Easy, cheap, extremely short range (almost contact only, if you want), and good enough to home routers and such."
Someone points a Yagi antenna at it. Range significantly increased.
I think devices should force you to change the password the first time you login. New router, well, it should take over the DNS and force you to login the first time. Annoying? Yes. Security enforced: Yes, but of course if you force someone to use a long password (12+ chars), and it doesn't match anything on a common list like, "correcthorsebatterystaple"
And where exactly would you store that glorious "common list" in the world of routers that are unable to run the latest OpenWRT due to not having enough storage to keep it? Unless of course you want the router to immediately send your proposed password to a perfectly safe and reliable (of course) server somewhere on the internet, for a "commonness check"...
Force you to change the password? - Luxury
The router my new isp sent me doesn't actually contain the functionality to change the admin password at all.
Ignoring hassle: in the case of a house burglery the insurance company. These are in the position to push through a change; not (or reduced) payouts if the door locks are inadequate. The sell is reduced premiums to the householder. Properly done it will encourage the householder to do a one off investment in locks for a multi year drop in premiums.
Unfortunately: the marketing department shouts loudly about the lower premium and hides the good lock requirement on page 35 of the T&Cs; it is only pointed out after the theft.
Opportunity lost - squandered by marketing and that most people don't read T&Cs.
Much the same with our electronic bling: ease of use and price are seen as the draws. How to make it secure comes many pages after the instructions of how to view cuddly kittens.
Losses are less obvious unless someone grabs your banking details or similar. Many still take the view that the loss will be picked up by the bank; I have friends who proudly tell me that they use the same 3 passwords everywhere - even as I tell them that this is stupid.
Banks are refusing to cover some scams, but so far it is often seen as ''something that happened to someone else'' and that they will be OK ... anyway the next Bake Off is about to be aired.
Not quite true. My homeowner insurance company doesn't bother with encouraging me to use industrial-grade doorlocks, but they do put a good deal of effort into promoting that they will give a discount to anyone who has an alarm installed and kept up.
But alarms are fecking useless....
Neighbors will just cower more deeply in their beds. Excellent.
But alarms are fecking useless...
More effective if you replace the normal audio with a track that plays someone screaming.. Young woman is best for effect.
Though it will cause some neighbours to cower in their beds. Knowing the track I picked, I wouldn't blame them. I also wouldn't want to run from the house when it is going as you can guarantee that someone will be out there with a baseball bat or axe to try to defend their neighbourhood/safe a life/be a hero... (well, for appearances sake anyway)
"More effective if you replace the normal audio with a track that plays someone screaming.. Young woman is best for effect."
No, because then you'll just deaden people to screaming. It's like with car alarms. They're loud and annoying by design (for the same reason, to draw attention to it), but because of all the false alarms, people start ignoring them. Trip a bunch of false scream alarms, and you'll end up with a case of Cry Wolf Syndrome; people will stop turning up when genuine screams are heard.
Basically, ANY notification system in the world can be trolled to produce Cry Wolf Syndrome.
Two dogs for physical break-ins, a Mikrotik for broadband ones.
Forunately our ISP allows us to own our own equipment rather than forcing us to lease. Although we cede control of the plain vanilla cable modem (set to bridge mode) to them, we've got a firewall/router (RB2011UiAS-2HnD) in between it and the rest of our home network. And yeah, it took some effort to configure beyond the defaults: but so does setting up a new TV. The biggest problem as always is inadequate documentation. Engineers write awful doc, and professional technical writers aren't much better. Both groups seem to aim for the same goal as my teenage sons, TBFM (The Bare F*ing Minimim). Here's three hints for better doc: EXAMPLES EXAMPLES EXAMPLES!
I'd check that if I were you. Not having the right door locks (in the UK, a 5 lever British Standard door lock on a wooden door, or a multipoint lock on plastic) *invalidates* your insurance, whilst an alarm or not gets you a 15% discount which generally isn't worth the cost of the monitoring required!
IoT gear should not have a password until you boot it for the first time. I came up with "4 simple rules for IoT development" on Twitter after a challenge. That was number two.
"Ok, 4 simple IoT rules? I'll try: Close all unnecessary ports. No default password (prompt at 1st boot). Make firmware updates possible. Have an ID on device to link back to manufacturer & manual/website for tech & update support."
The problem is that most end users either do not understand the risk, or do not care about the risks, as obviously "the security types are shroud waving again".
Even if users are provided with standards, if the standard involves effort (sliding the bolt on the door) there is no guarantee that the standard will be followed.
"if the standard involves effort (sliding the bolt on the door)"
Too late, there's probably a patent on that.
"Too late, there's probably a patent on that."
But it's probably also expired.
In the UK at least, if you get a router from BT or Virgin Media then your default SSID password is set to a unique value on a sticker affixed to the device. This presumably corresponds to a value flashed into the hardware at manufacture. By default at least the SSID passwords are unique and non-guessable.
You can reset it to your own choice (subject to password complexity requirements) if you want, but a reset of the device will set it back to that unique password on the sticker.
Of course, that doesn't help if someone has physical access to the device or if there are other backdoor logins with weak/common passwords in the device that the ISP can use for remote admin...
Plus it doesn't help if the manufacturer is on razor-thin margins such that 2-3 cents per devices pivots it into unprofitable. And yes, many DO run on razor-thin margins as it's the ONLY way to compete. And that's against companies that have alternate revenue streams and can actually loss-lead.
The problem is that BT routers have 'BT' in the broadcast name, Virgin has 'VM' eg VM997772-2G. you get the idea.
By having the ISP name in the broadcast name makes the hackers job an awful lot easier.
My router used to have the network name of 'EffOff' just to make it different. now it does not broadcast a name at all.
My router used to have the network name of 'EffOff' just to make it different.
In the next street to mine there's an SSID of "Get your own fucking WiFi!"
I guess he had a problem with freeloaders.
@Steve Davies 3: "now it does not broadcast a name at all."
Hiding your network name from beacons does not appreciably add to security. The problem is that the Probe Request, Probe Response, Association Request, Association Response, Reassociation Request and Reassociation Response frames contain the SSID in the clear. All an attacker has to do is listen for one of those frames.
If he doesn't have the patience to wait for a new device to connect, he can send Probe Request frames to the Access Point. If the AP is configured to ignore Probe Requests that don't contain its SSID, all the attacker has to do is identify a device that is already connected, forge a Disassociate message from the AP to that device, and wait for the device to send a Reassociation Request.
Hiding the network name also has another downside - if your device is configured to connect automatically, it will send Probe Requests with your network name whenever it's not connected to something else, so leaking the name of your network if you're out of range.
now it does not broadcast a name at all.
Which is actually a negative level of security added.
Setting the SSID to hidden doesn't actually hide the SSID from anyone who wants to see it. In actual fact, it makes it get broadcast more often under many circumstances - just not in a way that makes it appear in normal users' WiFi list.
Why ? Because if you hide it, every device that you join to it must then broadcast to find it - in effect shouting "Is the network 'EffOff' around ?" Thus instead of one router advertising your SSID, each of your devices will be doing it - IIRC they'll be doing it all the time, when not connected they will be trying to connect, when connected they will be looking for other base stations that might have a better signal to roam to. For bonus points, your mobile devices will use more battery power as well.
So any WiFi analyser will show the hidden SSID network exists, it takes naff all effort to actually find out what that SSID is.
But, this is all academic anyway - unless the hacker is in close proximity then they won't be trying to connect to to your WiFi. Hard to do that from half way round the world.
> > My router used to have the network name of 'EffOff' just to make it different.
> In the next street to mine there's an SSID of "Get your own fucking WiFi!"
Lately I've been fine-tuning the settings on our wireless devices, and noticed the appearance of the ESSID "WiFiDetectorVan".
"Plus it doesn't help if the manufacturer is on razor-thin margins such that 2-3 cents per devices pivots it into unprofitable."
Which is why some of us keep saying the solution is to make such security provisions mandatory. You want to sell your stuff here? This is what you have to do.
To some extent it levels the playing field - those costs are common to all products. And for manufacturers who can't afford that, maybe they're best kept out of the market. If they were selling cars would you consider it acceptable to omit bakes to enable them to compete on price?
"Which is why some of us keep saying the solution is to make such security provisions mandatory. You want to sell your stuff here? This is what you have to do.
To some extent it levels the playing field - those costs are common to all products. And for manufacturers who can't afford that, maybe they're best kept out of the market. If they were selling cars would you consider it acceptable to omit bakes to enable them to compete on price?"
You ever thought about the Law of Unintended Consequences? Instead of keeping them out, you'll just move them to the lawless badlands of the gray and black markets. If people want them badly enough, they'll be provided in spite of God, Man, or the Devil. See Prohibition.
[quote]But, this is all academic anyway - unless the hacker is in close proximity then they won't be trying to connect to to your WiFi. Hard to do that from half way round the world.[/quote]
Fortunately, you've got always-on broadband for those people.
Unless you are a geek a nerd or actually work in IT you probably look at any piece of tech as a white good.
You don't need to update the firmware on your fridge or microwave (IoT nonsense avoided) so why should you need to on anything else? Things should just work.
I know more than a few people who think it's ridiculous that a car should need serviced, again "it should just work".
Manufacturers passing the buck to non-technical customers are doing just that passing the buck for their poorly implemented products.
"Manufacturers passing the buck to non-technical customers are doing just that passing the buck for their poorly implemented products."
They're passing the buck because that's what customers want. At least with cars they run on government-run-and-regulated roads. But a router runs in the privacy of one's home, so how are you going to possibly enforce an Internet license?
you know if i give someone the keys to my car and let them go for a drive - no one gives a shit.
you know if i give someone the keys to my house to feed the cat - no one gives a shit
If i give someone my logon password so they can get a document from my home drive - everybody freaks the hell out!
However, if you left the keys on a wall outside the house, with a note saying 'help yourself' you would have little comeback when the car was stolen / emptied / trashed. No insurance payout, and no-one would be impressed by 'but it never said i should not leave the keys right next to the car'
Which is pretty much like using an easily hacked device.
I'm not sure that's a valid analogy as the first two examples are of something you "have" and the last is something you "know". Once the person has returned the keys, they are no longer able to access. But giving the password gives them permanent access until you change it.
<quote>Once the person has returned the keys, they are no longer able to access. </quote>
BUT what IF they had them duplicated???
Then all bets are off.
The author must be a pretty heavy sleeper. I mean I can understand how you might sleep through a burglary, but cutting the Zs while being roughed up by a robber is remarkable.
Biting the hand that feeds IT © 1998–2018