Monday, October 17, 2011

How to disable the guest account in Oneiric

Ubuntu 11.10 now ships with the guest account available at the LightDM login screen.

This new feature isn't really a security issue, since by default using it requires physical access, and it is confined with an AppArmor profile. If an attacker has physical access to your laptop, all bets are off.

The guest account can be disabled by editing /etc/lightdm/lightdm.conf and adding "allow-guest=false" to the "SeatDefaults" section.

Saturday, September 17, 2011

Introducing the Pasaffe password manager

For the past few years, I had been storing my passwords in an application called GPass. What I liked about it when I started using it at that time was its simplicity, and the fact that each entry in the database has a notes field that can be used for any additional information that the predetermined fields don't handle.

Unfortunately, it doesn't seem to be actively developed anymore, and has been dropped from the Debian and Ubuntu archives. What's more, I've never looked closely at how secure the database format is, and there is no way to open the database it creates on other devices, such as my phone.

I started looking for a replacement about six months ago, and I didn't like most of the ones I tried. Some of them used a cross-platform GUI toolkit which made the app cumbersome to use. Others were too complex, didn't have a place to store notes, or were no longer actively maintained.

Since I've been wanting to learn GTK programming for a long time, this presented itself as a great opportunity. I started by looking at the popular password database formats, and the one that stood out was the one used by PasswordSafe. It is well documented, well designed, and has implementations available on numerous platforms. I implemented a Python library to read and write the database format, and then proceeded to use the excellent Quickly tool to create the initial GTK user interface. Since I want my app to run on the latest LTS release, Lucid, I decided to stick with PyGTK for now instead of PyGObject. I plan on converting it to PyGObject for the next LTS release. After having developed it for a while, I feel it's in a good enough state to be used.

Introducing: Pasaffe!

You can find the upstream project page here.
You can install it from a PPA here.

If anyone wants to contribute to it, there's a list of currently unimplemented features and other things that need to be done in the TODO file.

Tuesday, May 31, 2011

Check your cron jobs...

Yesterday, a PAM security update was released. Unfortunately, it introduced a regression which caused the cron daemon to stop working with a "Module is unknown" error.

The updates were quickly pulled from the archive, and a regression fix has been released.

If you have servers or desktops configured with unattended updates, they may have gotten updated with the broken release. If so, cron jobs will have stopped and updates will no longer be automatically installed.

You may fix this problem by performing one of the following actions:
  • Rebooting your machine
  • Restarting your cron daemon ("sudo /etc/init.d/cron restart")
  • Updating to the latest PAM packages (with Update Manager, or apt-get)
This is a rather unfortunate situation, and steps have been implemented to make sure a similar issue doesn't happen with PAM updates in the future.

We apologize for the inconvenience.

Wednesday, April 13, 2011

Self-Encrypting Hard Disks

I travel a lot with my laptop, and it can contain private information that shouldn't get disclosed if it's ever lost or stolen. For this reason, I've been using various types of disk encryption over the years, such as Ubuntu's encrypted home directory feature, to reasonably assure that my data remains private.

A few things have always bothered me with software encryption though. The first thing is the fact that software encryption is non-transparent. Although slight, there is a performance penalty in encrypting every read and write to your hard disk. Some people choose to only encrypt certain things to try and reduce that penalty. Do I only encrypt my home directory? What about my swap file or the /tmp directory? If I encrypt my swap file, do I give up hibernation, or do I make it ask me for a passphrase when I boot? What happens in case of disaster? Will I be able to boot a recovery cd and gain access to my data? Will I have saved the passphrase/encryption key somewhere safe in case an emergency arises?

Another issue is the fact that the decryption key necessary to access my encrypted volumes is located somewhere in RAM. There are a bunch of reasons why this is worrisome, from “Cold Boot” attacks, to hibernation, to simply having it leaked in some other way.

But the biggest gripe I have with software encryption is the “Evil Maid” scenario. Basically, every time I leave my laptop unattended, someone could boot off removable media, or physically plug my hard disk in another computer, and alter the software that is loaded before my encrypted volumes. The altered software could send them my encryption password as I type it, or could wait around for my volumes to be mounted before installing a back door. I need to stay physically present with my laptop at all times to make sure this scenario isn't possible, something I'm not always prepared to do. Although laptops are expensive, the loss or theft of an encrypted laptop is limited to the value of the hardware, not the incalculable value of its contents. Leaving my netbook in my hotel room is an easy choice to make if all I stand to lose is a couple of hundred dollars.

Since the hard disk that came with my Lenovo Thinkpad was a little small for my taste, I decided to replace it with a bigger one. In doing so, I specifically paid $20 more to get a model with FIPS 197 certified hardware encryption. These hard disks will encrypt everything that is stored on the physical platters with AES 128bit encryption, and a random key. When the disk is powered on, a standard ATA password is required to access it, and the password cannot be reset; if it is lost, the disk is no longer usable. A master password can be set that can be used to reinitialize the random key, so the disk is usable, but the data contained is lost.

Fortunately, most ThinkPad models come with the required BIOS support for disk encryption, so simply swapping the hard disk and setting a password in the BIOS screen was enough to get it working. Not all computer manufacturers have implemented the ATA security set, so you need to check carefully. Apparently MacBooks don't have it, for instance.

For under $100, I now have an encrypted 500GB hard disk in my laptop that asks for a passphrase when I boot. Is this solution perfect? No. But, it's better than what I had before, and is perfectly adequate for my piece of mind.