July 30, 2008
I constantly worry about backing up my (precious) photos. A local backup (such as an external drive or Apple’s Time Capsule) isn’t sufficient because my house could burn down. I just heard of a real example (thanks David Kotz) where a power surge fried both the computer and the external hard drives! So, I’m on a quest for the perfect off-site network backup service.
At the moment I’m using two services: Mozy Backup and Jungle Disk. At the surface, Mozy seems like a perfect solution: $5/month for unlimited storage. Jungle Disk uses Amazon’s Simple Storage Service (S3), which charges pretty reasonable rates for storage and transfer. You can check out Jungle Disk’s website for the rundown. What I’ve concluded for now is that Jungle Disk provides more reliable transfers, but Mozy is perhaps more reliable with storing the data itself.
Transfer Rates
Unfortunately, I’ve been getting unpredictable upload speeds with Mozy, and am now no longer confident that my data is getting backed up in a timely fashion. If I shoot 1GB worth of photos, it could be a long time before it gets backed up on Mozy. Just last night, uploading 40MB took Mozy 1 hour and 18 minutes. This is not a scientific comparison, but Jungle Disk took 8 minutes the previous night, for the same amount of data at approximately the same time. In general, Jungle Disk has been (relatively) blazing fast because uploads to Amazon S3 seem to be limited by my uplink bandwidth. Mozy on the other hand is probably being swamped at their end. All in all, I’m very disappointed with my upload speeds to Mozy.
Network Drive
Mozy backs up your data but doesn’t give you a network-mounted drive. Jungle Disk gives you a mounted drive for both your backups and other data. I’ve found it useful for clearing up space on my laptop without having to use an external drive. But I feel that network drives pose a serious problem:
Reliability with Restores
What worries me the most about Jungle Disk is that it is very easy to lose all your backed-up data. For example, a virus or a Trojan could blow away your local files as well as your backup directory on your mounted Jungle Disk volume. Mozy on the other hand would have their version archive intact even if a virus were to delete all my files. Backing up to mounted volumes is thus quite risky.
Now, it turns out that Jungle Disk doesn’t need to actually mount the volume to backup your data, thus mitigating that risk. Still, nothing prevents a virus or Trojan from deleting all your data the moment you mount the volume. If you’re worried about this threat, don’t use Jungle Disk as a network-mounted drive. I think Jungle Disk should make it difficult to delete the version archive, perhaps by requiring an admin password to change the version archive on a mounted disk.
Conclusion
So for now, I’m going to stick with both services. Jungle Disk seems to be a better backup solution if you’re worried about fires. Mozy seems to be better if you’re worried about malware.
1 Comment | 
Availability | Tagged: amazon, backups, jungle disk, jungledisk, mozy, s3, security | 
Permalink
Posted by Apu Kapadia
July 24, 2008
At several grocery stores, I have to sign my credit-card receipt on a “signature capture pad” such as this one. My signature is stored in digital form “affixed” somehow to the receipt. What purpose does that serve? With ink signatures on paper receipts, it is hard to forge or transfer signatures onto bogus receipts. But as for digitized signatures, what prevents the grocery store from “affixing” my digitized signature onto any other arbitrary receipt?
A client could be duped by the store with bogus charges. The store could be duped by a client claiming that he or she never signed that particular receipt.
If the courts assume that these capture pads are trusted devices and that it would take too much trouble to store and paste signatures onto fake receipts, the store wins, and the client is at the mercy of his or her credit card company. On the other hand, I am often amused by how terrible my signature appears on such capture pads. Perhaps clients have an easy out in that case, since the captured signatures look far from authentic.
3 Comments | security | Tagged: credit card, digitized signatures, security, signature capture pads, signatures | Permalink
Posted by Apu Kapadia
June 9, 2008
You type in the URL yourself, being sure to start with ‘https’. After loading the page, you check for the lock icon. You click on it, just to be certain, and examine the certificate chain. You look for the root certificate in the chain, and observe that the SSL connection is blessed by Verisign (whom you trust to issue certificates judiciously). You pat yourself on the back for being so savvy, and then go about your private business on the “secure” page.
But how can you be certain that your web browser isn’t a Trojan, simply faking it all? An intermediate router (such as a free wireless access point, or your employer’s gateway) could recognize that you’re downloading Firefox, and promptly send you a Trojan version instead. If that’s the case, your trust in the browser is misplaced, and you have more to worry about than just insecure SSL connections.
Several questions to consider: Did you download your browser over a secure SSL connection? How do you know it was a secure connection? Do you trust your older browser that made that SSL connection? Or alternatively, did you verify the md5/SHA-1 hash of the downloaded binary? How do you know whether the hash you’re comparing it against is authentic? Did you use an “out-of-band” channel to obtain the true hash? Does your operating system have built-in support for secure downloads? Does it verify the download of your browser?
Now, if you’re really paranoid, you have to ask yourself whether you trust the compiler that compiled your browser. See Ken Thompson’s excellent exposition on this topic if you want to turn truly despondent [1].
References
[1] Ken Thompson, Reflections on Trusting Trust. Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763. http://cm.bell-labs.com/who/ken/trust.html
Leave a Comment » | security | Tagged: browser, pki, security, ssl, trojan | Permalink
Posted by Apu Kapadia
May 12, 2008
Online services ask us to pick hard-to-guess passwords, and in the same breath ask us to answer “secret questions” just in case we forget our passwords. Some of these questions are “What was your first pet’s name?” or “What street did you grow up on?”
The attack is obvious: why bother trying to guess someone’s password if you can focus on the easier task of guessing that person’s first pet’s name? As Brainard et al. [1] point out on the same issue, the question “What was the make of your first car?” is weak because “General Motors, for example, had about a 43% market share in the United States in 1983.” In short, secret questions have lower entropy (they are less random) than passwords, are easier to guess, and are thus the weakest link.
Now, this topic is not new. Bruce Schneier wrote about it a few years ago [2]. Schneier says that he “type[s] a completely random answer,” but consider this anecdote: a colleague of mine uses the same technique. He called up customer service once, who then asked him, “what’s the answer to your security question?” He said, “some random numbers.” The response was “okay.” So picking random numbers might be less secure than picking a realistic answer? :-)
Anyway, what surprises me is that secret questions are still prevalent today. Why aren’t more people up in arms about this issue? There needs to be an uprising. Go!
References
[1] J. Brainard, A. Juels, R. Rivest, M. Szydlo, and M. Yung. “Fourth Factor Authentication: Somebody You Know,” ACM CCS ’06.
[2] Bruce Schneier, “The curse of the secret question,” Computerworld, February 09, 2005
Leave a Comment » | Authentication | Tagged: passwords, secret question, security | Permalink
Posted by Apu Kapadia
