Reality in Security

The Difference Between Feeling and Reality in Security by Bruce Schneier (WIRED)

If we make security trade-offs based on the feeling of security rather than the reality, we choose security that makes us feel more secure over security that actually makes us more secure. And that's what governments, companies, family members and everyone else provide. Of course, there are two ways to make people feel more secure. The first is to make people actually more secure and hope they notice. The second is to make people feel more secure without making them actually more secure, and hope they don't notice.

The key here is whether we notice.

Bruce Schneier wrote this article in 2008. Ten years later, I end up working in certain places that, in my opinion, make too many information security decisions based on FUD and feeling. They'll claim to make risk-based decisions. But the risks are based on one (or a few) person's feeling about risk.

Saturday Links Week 33

Every Saturday, I share a list of inspiring or interesting articles that I read during the week. Here’s what I read this week.

[exif id="30908"]

Virginian multi-culturalism.

When I first moved to Northern Virginia in 1980, it was common to see Confederate flags and to hear “good ol’ boys” talk with racist overtones. Today the region is a multicultural success, has some of the best schools in the country, and is renowned for its globe-spanning ethnic food.
It also helps that Virginia’s immigrants are a mix of nationalities, with no one dominant ethnic group. That has encouraged broad-based assimilation, and prevented any single, easily identifiable group from being a source of social tensions.Bloomberg via Tyler Cowen

Dan Fredinburg, a Google executive who was killed during the 2015 Nepal earthquake:

WHILE CLIMBING CARSTENZ PYRAMID, the tallest mountain in Oceania, a fellow climber fell, lost a lot of her blood, and nearly died of hypothermia. Had we returned on the 6 day trek through the jungle that we used on the way in, she would have certainly died. To rescue her, I smuggled her through Grasberg Mine, the largest gold mine in the world. Along the way, we risked being shot by mercenaries, had our friends kidnapped and held hostage, and then were ultimately arrested and imprisoned inside a jail inside the gold mine. And I was on Mt Everest this year when an ice serac fell into the icefall and killed all but my team on the mountain. Afterwards we executed body recovery and then climbed back down through the damaged route. But these were mostly calculated risks.

If I had to select the greatest risk I’ve taken in my life, it has been to throw myself into a romantic relationship with someone to reach a point of deep, illogical and visceral love. To a point where emotion and human connection overpowers any reason and safety. To be vulnerable psychologically and emotionally. This is real risk, with the greatest reward.DAN FREDINBURG


Every Saturday, I share a list of inspiring or interesting articles that I read during the week. Here’s what I read this week.

What’s your data risk tolerance?

In response to a reader Ben Brooks wrote a recent article about his personal data security practices. That got me thinking about my own risk posture and how I secure the devices I own.

Hard Disk Encryption

Ben starts off with advice on disk encryption.

The basic things to encrypt are all of your HDDs/SSDs, your internet connection (when on a public network), your passwords, and any financial information you keep on your Mac.

Personally, I don't use it. Unless you are travelling to high-risk areas ( China? ) or are a high-profile person ( Scott Snowden? ) carrying highly sensitive your risk is quite low. Disk encryption is just too much of a hassle for the average person to deal with an it won't protect your data from a determined attacker.

I don't encrypt. I also don't carry any highly sensitive information on my a MacBook. I have no financial data on any portable device I own -- iPads, iPhone, etc --- I am more likely to have my iPad or iPhone lost or stolen than a laptop.

My philosophy is to try my best to mitigate the most likely scenarios.

iPad and iPhone

I hate having to type in a password each time I use my iPhone or iPad. But … both of these devices -- more so the iPhone -- are with me everywhere I go. These devices have apps for accessing my financial accounts and certain online storage accounts. Since it is more likely that I'll lose my iPhone or have my iPad stolen I put a very strong password on my device. Strong means something 12-18 characters in length. Something that's a combination of letters, numbers and symbols. No anniversaries. No birthdays. No names of your favourites pets.

Change your passwords regularly. At least once a year.

Most financial apps allow you to set a short four digit pin instead of requiring you to enter a username and password each time you use the app. Personally, I don't need access to my financial accounts more than once a day so I don't mind entering my credentials each time.

Internet Connection

I have two Apple AirPort Express wireless routers on my network. Both are configured to use WPA2 -- the strongest encryption for available for consumer Wi-Fi. I secure my wireless network with a strong password. I also enabled the guest network feature. This reduces the chance that compromised -- certain family members use Windows -- machines will attack my computers. The guest network also has a password. Why? I live in a townhouse development. Either my neighbours or the kids waiting at the school bus were surfing my network. At least that's what my router logs showed. Not anymore.

But just as I don't trust other computers on my network I don't trust other networks with my devices. I want to prevent malicious attackers from sniffing my network connection when I'm in an internet café. I want to be sure that a compromised computer on my in-laws' network doesn't hack my device. I encrypt all my internet traffic. Even when I'm on my own network.

The second most important thing to secure on your computer is the information you send and receive over the Internet. This information, if not encrypted, can easily be swiped by malicious individuals on open networks. (Think Starbucks, hotels, conferences.) This data is a very easy thing to secure with a Virtual Private Network (VPN).

Ben mentions Cloak which is a $24/year service -- per device. I use [Umbrella VPN][umbrella]. It's an enterprise-class service from the folks who run [OpenDNS][opendns]. For $25/year I get VPN coverage for all the mobile devices in my home. I have it installed on my iPad and iPhone, my son's iPad and iPhone, my daughter's iPad mini, my wife iPhone and her MacBook ( which almost never leaves the house ). The Umbrella service provides an easy to install app and profile, and a web front-end for configuring service options -- like the included web filtering. My family is no longer afraid to use Xfinity hotspot or Starbucks wi-fi.

There is, of course, an alternative: tethering. While tethering on a cell network is not the most secure thing, remember that the goal for the average user is just to be harder to hack than the average person.

But note Ben's caveat.

If you choose to use tethering via an iOS device, be sure to choose your own WPA key, as the automatically generated keys are susceptible to cracking.

I'm an Apple geek. No, I don't mean a Mac geek. I mean Apple. We have three iPads, three iPhone, a MacBook, an iMac, two AirPort Express devices, and an Apple TV. My kids and I have matching t-shirts with the words "I'm a Mac" on the front.


Ok, so this is where I should advise you to use strong, unique passwords for every site and get yourself a copy of 1Password.

I love 1Password. I use the auto-generate password feature quite often. As I stated before I use 12-18 character passwords.

However, there is a caveat. There needs to balance convenience and security.

Because there is a set of accounts that you will need access to if everything goes tits up, you should have a core set of strong passwords, perhaps unique, that you can commit to memory.

The email account that you will use to recover your password from your other accounts? That needs to be something you can remember. Something you can recall if your 1Password ( or LastPass ) password file is deleted. Use a long phrase you can remember and use the first letter of each word of the phrase in the password. Substitute numbers for some of the letters and add some symbols as well.

For example, "I love listening to local bands play outdoors in the summertime" would become "illtlbp0it5t!".


Longer version: it’s possible but incredibly cumbersome to encrypt this data and requires both sender and recipient to have encryption setup. Essentially you can’t just encrypt an email, one way, as both parties need to be able to deal with the encrypted data. The tools exist but they’re generally unfriendly to install and use.

I think Ben is overstating the difficulty of using digital certificates for encrypting email, especially given his position on full disk encryption. Installing a digital certificate is free and easy. I digitally sign all my email and my most technically savvy friends already used certificates. It's great to send encrypted email from my iPad or iPhone.

When you are evaluating how to secure your digital life, the most important thing is to determine what you are most paranoid about. Is it the NSA? Or Bob, the hacker that loves venti Macchiatos and reading your Twitter DMs?

The NSA most likely have tools that can defeat most of the consumer security tech available. I'm just trying to keep out the bored neighbourhood kids and the financial data thief sitting in the local coffee house.