Monthly Archives: March 2008

Number One WordPress Security Step

So, what is the most important step you can take to keep your WordPress blog secure?

  • Keep the software up-to-date

This may sound almost patronizingly obvious, but hold on a second. Every day hackers use unpatched servers or services of one kind or another as the bread and butter of their trade (stealing data, creating Bot networks, selling hacked server access to phishers, etc.).

So, why are there so many unpatched (or under-patched) servers and services?
  • Lack of awareness that a patch or update is available or needed
  • Lack of urgency regarding maintenance
  • Attitude that you are immune to these types of problems, and don’t need to worry about them

The good news is that the WordPress community has resolved the first two problems.
(Folks with the last issue are the reason there will always be script kiddies…)

Here is the quick and dirty path to keeping your blog up-to-date:

(1) Subscribe to the WordPress Development Feed
If you log into your WordPress blog’s administrative interface, you will be notified if a new version is available. But if you are in a low-activity time with your blog, you still want to know when maintenance is needed. The best way is to subscribe to the WordPress Development Feed in your RSS feed reader (You may also want to subscribe to the RSS feeds for the plug-ins you are using.).

(2) Install and Use the WordPress Automatic Update Plug-in
I have two blogs, and have used this plug-in for my last three software updates (including the move to 2.5 yesterday), and have been very happy with how well the plug-in works. Now, I do automated daily backups of my blog db and files. So, I would recommend that you perform your own backup before using the script so you know you can recover if the unthinkable happens (Always make sure you are using the latest version of the plug-in before starting an update.).

(3) WordPress 2.5 Now Includes Built-In Plug-in Updates
I do not think that your site will yet email you when your plug-ins need to be updated (2.5.1 please?), but with 2.5 you can 1-click update your plug-ins, if they are registered with WordPress.org.

Step four would also be to make sure that your operating system is up-to-date. Automating that is almost always possible, but is dependent on what operating system you are using. Google “X automated security update”, where X is your OS.

BTW, I found the jump to 2.5 very smooth and have encountered no problems – Thanks, WordPress!

Cheers, Erik

Advertisements

What do the Cold Boot Crypto Attack, DVD Players, and MiFare tell us about the Future of Biometrics?

Last week Slashdot pointed me to an “interesting” article in The Standard:
Understanding anonymity and the need for biometrics.

In fact, I found the article to be rather upsetting. Not because of the article’s thesis that strong authentication through a national ID program would not necessarily pose a threat to privacy; but rather, because of their naive (and irresponsible) handling of the realities of the biometric authentication challenge. They gloss over the real security challenges with creating a national biometric infrastructure. Here are the two quotes that are most misleading:

  • Confusing privacy with anonymity has delayed implementation of robust, virtually tamper-proof biometric authentication to replace paper-based forms of ID that neither assure privacy nor reliably prove identity.”
  • “This emerging technology makes it virtually impossible to assume someone else’s unique identity.”

The problem that the authors are glossing over is that no such technology exists today, and it is unlikely to ever exist. Now, to be fair, I am assuming that a critical success factor for any national biometric program, as described, would be that the authentication devices have to be available, and usable, anyplace paper-based IDs can be used today. This of course implies that the authenticator must be an inexpensive, commodity device, easy to purchase, maintain, and operate. Such a device would have to be even more ubiquitous than the electronic credit card machine.

The problem is that the authenticator itself may be in the possession of the attacker (Perhaps after you authenticate your legitimate purchase the clerk desires to use your identity herself…). In the history of security controls, when the attacker has unsupervised at-will physical access, the attacker wins. Here are a few examples:

  • Defeated copy protection on DVDs ( more & more info)
  • Cold Boot Crypto Attack on hard disk encryption (more info)
  • MiFare RFID Cards (more info)
  • Skimming devices attached to ATM machines to steal card and PIN data (more info)

Of course, all of these systems worked in the lab. But when a security system is widely deployed, it has to withstand an enormous amount of scrutiny, and minor flaws will be exploited. And of course, the greater the financial gain, the greater the time and energy attackers invest in trying to defeat the system. The authors of the article ignore these issues, idealistically assuming biometrics will just work.

Now, of course there are lots of examples where biometrics work very effectively. But I would propose that biometric authentication is most useful when the authentication device is physically secure and the authentication itself is supervised. The MiFare example above also demonstrates two other issues:

  • The system chose not to implement a reviewed and standard cryptographic algorithm – always a bad idea
  • MiFare was able to sell 1 billion cards and authenticators before the system failed

The cost of investing in a national biometric authentication program, and then having the security fail, is enormous. Can you imagine deploying a biometric authentication infrastructure to every bank, police car, restaurant, shop, etc. and then having video on YouTube of it being defeated ?

– Erik

BTW, Maybe the attacker doesn’t even need to tamper with the device -> ftp://ftp.ccc.de/pub/video/Fingerabdruck_Hack/fingerabdruck.mpg