|Home Forum RSS PGP Alerts Links (D)|
Almost Anything Can Be Shot...Comment on this article
...one way or the other.
There's a scene from a Pink Panther movie that keeps popping up in my internal projection room everytime I see futile security of a particular kind being excercised. In this scene, the detective (Peter Sellers) comes into a room and is suddenly confronted with a raging Kung Fu fighter that flies from one end of the room to the other, swirling arms and legs all around, accompanying it all with HO!...HAH! YI!... and similar loud and intimidating noises. After a fairly long and very scary show of skill and power, the guy faces Peter Sellers, ready to pounce and make chopped liver out of him. Peter Sellers calmly lifts a pistol and fires a bullet through his head, while looking slightly mystified. This guy had spent a lifetime of intensive martial arts training, sacrificed the lord knows what to get to the pinnacle of his art only to be defeated by a cheap pistol fired at point-blank range. There's a moral in this story, especially for security professionals.
Sometimes it's described as: don't put umpteen expensive locks on the doors if you leave your Windows™ open.
Copy protection mistakes
A number of web masters have added scripts to their web pages in an attempt to limit copying of content. These little scripts disable the "copy to clipboard" function and "Print..." in the client browser, much to the irritation of entirely legitimate users. Working around it is trivial. You either pick up the web page source with a GET command or from your local hard disk cache and remove the scripts. Or you use a browser that doesn't run the scripts. Or you take screen shots and use those. In other words, it's totally useless security theater that doesn't hinder the copycats in the least and only pisses off your valued customers.
Acrobat lets you set attributes in documents disabling "copy to clipboard", printing, editing, etc. I can't imagine that Adobe intended this to be very secure; it's trivial to take screen shots of the pages. I think it's better to view it as a feature that stops readers from making mistakes. For instance, if I'd write a draft of a standard operating procedure, I would watermark it with "Preliminary" and disable printing and copying, since I wouldn't want anything from the draft version to be included somewhere else by mistake. I would also mention this fact in the introduction or accompanying email, to make it clear it's not an indication of mistrust but a precaution against mistakes. Once the draft was amended and the definite copy published, I'd probably remove all these restrictions. Keeping the restrictions would only challenge people to beat them, for no good purpose at all, keeping them busy with an entirely non-productive task instead of the work they should be doing.
E-books are also protected this way, which may explain why they're so unsuccessful. The ridiculous price is another reason, of course. If I could print out my e-book at home and read it in bath, I'd be much more likely to buy one some day, but as it is... forget it. The determined copycat with too much time on his hands, however, simply makes screenshots and pastes those into a new Acrobat document. Or runs them through an OCR package and typesets the whole thing anew. Or buys a paperbased copy, OCR's that and prints anew. Or simply photocopies the whole darned thing. Again, the only people that are defeated and inconvenienced are the innocent, well-meaning, paying, customers.
Macrovision designed a copy protection system based on a little executable on the CD that gets automatically loaded into your PC and then inhibits any attempt to copy the contents. Then this Canadian guy "discovered" (it's in the Windows help file) that holding down the shift key as you insert the CD stops the protection program from loading and you can copy the contents of the CD to your heart's content. He published that fact, which earned him a lawsuit under the Digital Millenium Copyright Act. (The suit was later dropped.)
A couple of weeks ago, I copied one of my CD's (bought and paid for, you spies out there!) to iTunes to load into the iPod, but as I put back the CD in the rack, I noticed a symbol on the back of the jewel case that said it was copy protected. I hadn't even noticed, that's how effective it was! Since I disable auto-run on my CD drives for general security-hygienic reasons, the copy protect mechanism never kicked in. Did I contravene the DMCA by not enabling the auto-run before inserting the CD? Did I contravene the DMCA by telling you all how I forgot to enable the auto-run? I don't know, so I'm just going to wait now and see what law-suits or cease-and-desist orders may come dropping in. The only real crime in this whole sad story is that both the US government and the RIAA are making themselves so thouroughly ridiculous. Not to mention Macrovision, of course.
Then again, thinking about all the money and manpower that went into this copy protection system and then realizing it was all for nothing since I forgot to give it a chance... Now I have a vision of Peter Sellers not even doing the effort of pulling the trigger, but just watching as the Kung Fu guy hammers himself to death, entirely unassisted.
There are email systems out there that have features that let the sender control what happens to the email at the receiver's end. A lot of sweat and manpower has gone into these systems, in the hope of being able to keep email contents secure from any wilful or accidental action the receiver may take. This is a totally futile endeavour, except in highly secure and controlled environments, such as at the bottom of a nuclear missile silo with armed guards outside. These systems can put limits on how long an email is viewable, making sure it is destroyed after a certain time and that it cannot be forwarded, printed or copied. But, sadly, if you don't control the machine it is viewed on, there is no way you can stop the reader from taking a screen-shot of it. And even if you can control the machine entirely (think thin client), how are you going to stop the user from pulling out a mobile phone with a built-in camera and simply take a picture of the screen?
Lotus Notes has some of these features, and I can very well imagine that it's a sales argument that a lot of management types fall for. If something promises them a technical means of control over their employees, it must be worth a lot of money, so they don't bother to think it through. KA-CHING! Another expensive and useless system sold. But it's not only useless, it can be downright anti-productive and introduce entirely new security problems. If you stop thinking about the problem in a technical way and take the human angle, you'll see what I mean.
Your executive's wet hallucination
A really good friend of mine, somebody I trust totally, told me the following story. The thoughts and interpretations are his. Names are fake, to protect the guilty. (Actually, depending on circumstances, the entire story may be a total fiction, but that doesn't detract from the point I'm trying to make. These things really do happen in real life.)
This friend of mine, let's call him John, was regularly getting fairly offensive email from a superior, let's call him Oscar, and the relationship was getting decidedly chilly. One day, recently, he gets yet one more insulting and unpleasant email from Oscar, but, as these things go, nothing out of the ordinary, just the usual illogical and offensive rant. But when he wanted to reply to it, using Notes' normal "Reply with History" (quote the original email, that is), no quoted text appeared. When he tried "forward", Notes refused. Same for print and "copy to clipboard". Whoa! Oscar had been playing with Lotus Notes' features for some reason. (Oscar takes pride in knowing a lot of Notes arcana.)
First and obviously, the trick with Notes is meaningless. John just took a screenshot of the relevant text and included that as a quote, not wasting time to find a more technical way around it. The whole process, including the failed reply and forward attempts, the Whoa! exclamation, bringing up a screen shooter and pasting in the result, took less than 30 seconds. (This is the equivalent of Peter Sellers' firing that bullet through the head. Quick, definite, very energy-efficient and to the point.) But think about this a little longer and the following occurs to you: why exactly did Oscar want a limit on the distribution of this particular email? A couple of possibilities come to mind:
Whatever the "right" conclusion may be, it doesn't much matter, since John did absolutely nothing. The only effect of it all was that it did alert John to the fact that the company in question had remote control over his email storage, so he immediatly forwarded to his own outside mail account, any emails he wanted to save, in case he needed to defend himself later against some random accusations from Oscar. Since the company had not instituted a security policy prohibiting the employees from doing just that, there's no problem. The only ultimate effect of Oscar's action was to make John take precautions that cannot conceivably be in Oscar's interest.
As far as email, and even oral or any other kind of communication, goes, the following is the moral of this possibly fictional story: do not ever say anything to anyone that you are not prepared to defend and back up in front of others. Trying to get somebody's goat using self-destructing or limited email will only back-fire. It's so easy to show that you tried to sneak out of taking responsibility for your own words, that it is certain to only weaken your case even further. The false sense of security may even make you say things that you wouldn't have said if you had not thought your writings to be magically protected from public view.
So, before writing or saying anything at all, make the thought experiment of how it could look in public, pinned up on the office billboard, for example, or discussed in a board meeting. If you'd be embarrassed in one of those situations, don't write or say it at all, using any medium. This goes for everyone everywhere, except maybe the military and prison authorities. And this is exactly the point I'm making: the false sense of security these products instill, cause more problems than they solve.