Valer BOCAN’s Web Log

September 2010
M	T	W	T	F	S	S
« May
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

31 08 2007

Getting Security Measures Right

Posted by: Valer BOCAN in Security (2,469 Views)

I have just arrived from the local photo shop (Profi Foto), where I wanted to print several of my vacation photos. I am still stunned at how difficult security measures are for some people to get right. Here is why:

Endowed with a USB flash drive, I went to the photo shop and ask the clerk to print my photos. She refused to take my order, saying that they were forbidden to insert foreign USB flash drives in their PCs, as they might contain viruses. She added that some computers were infected in other two of their locations, therefore the management took the decision that all photo shops in the chain would refuse USB flash drives. I asked how I could then bring the photos down to their shop and have them printed and the answer was: CD, DVD or SD card.

Now I wonder who services the computers at Profi Foto? The alleged professional who advised them to ban USB flash drives has certainly no knowledge of how malware spreads. How is a CD different to a USB drive from the storage point of view? How a SD card is then different? They are all mass storage devices, they have an underlying file system (be it FAT, FAT32 or NTFS) and they are all readable by a Windows machine, regardless of their manufacturing technology (albeit SD cards and USB drives have… flash memories). Most importantly, they can all carry malware, regardless of their form factor and storage capacity.

My story has a happy end, as the lady at Profi Foto dutifully listened to my plea and decided to trust me. She understood my points and even invited me to insert the flash drive into the USB slot myself. Well, if I were to run the shop, I would offer her the job of the genial service guy J

2 Comments »

29 08 2007

About Security Trade-offs

Posted by: Valer BOCAN in Security (2,999 Views)

If security is a topic that interests you, you may be trapped within the “computing security mind-set”, that is you may think about security only in the context of computers. Security in general is a multi-faceted term which is not necessarily tied to computers. Having read several of Bruce Schneier’s books (among which the most recent is Beyond Fear, ISBN 978-0387026206) and after giving the issue some thoughts of my own, I came to realize that indeed, security is part of our day-to-day life and we are prone to security trade-offs.

Security decisions are usually taken in order to protect a certain objective. We lock the door in order to protect our possessions; we install antivirus software in order to protect the programs and the data in our computers and we read newspapers in order to be updated with the latest happenings. All these are security trade-offs: we lock the door, but we have the inconvenience of carrying the key around; we install antivirus software, but the system is somewhat slowed down. Finally, we read newspapers at the expense of the subscription and the physical time to read. These are trade-offs.

Trade-offs are almost never black or white. It all depends on the lengths one is willing to go in order to accomplish a specific goal and the intrinsic value of the objective being protected. For instance, my house has a regular door, with no special properties, which should protect against most burglars. Installing an expensive door with all the fancy features out there would make little sense here, unless perhaps I would need to protect a valuable collection of paintings. Similarly, I am willing to install one antivirus product, but there’s nothing you can do to convince me to install two at the same time (okay, the example is a bit not realistic here, as two antivirus programs would most likely collide in an odd way).

Here is a real-world example of what I consider to be a security trade-off. In my recent trip to Greece, I booked a room at a nice hotel (Roda Garden Village, north of Corfu Island). The room was nice and cozy and had a system for saving on electricity, described below:

The power in the room was conditioned by inserting a metallic strip attached to the key inside the EnerCard device (see image below). When the strip was inserted into the slot, the power would go on instantly. The system could not be easily fooled, as inserting objects such as sheets of paper or cardboard into the slot did not trigger the power. Nice.

To increase its efficiency, the air conditioning unit was further controlled by a magnetic sensor placed on the balcony door. So, even though I had power in the room, I had to keep the door closed in order the air conditioning unit to work.

If you are like me, trying to spot weaknesses in anything, you may have noticed already that I found a workaround that completely circumvented the power economizer. It’s more mundane than you might think. Since the EnerCard device needed the metal strip that was attached to the room key and I wanted the key (while being out of the room), I simply detached the key from its metal strip. I didn’t even force the two objects, I simply used my fingers. Voila, we have power in the room while the key itself is in my pocket. Now, next in line is the air conditioning unit. I noticed that the balcony door actually consisted in two twin doors opening on the sides. However, the magnetic sensor was only placed on one door, which basically allowed half of the door to be opened while still allowing the air conditioning unit to run.

If you are wondering how this fact relates to security trade-offs, remember that the designer tried to save on his electricity bill incurred by the average hotel guest. Securing the system harder (like for instance using a solid connection between the key and the metal strip and using two magnetic sensors, one for each door) would have probably rendered my efforts useless, but the added cost multiplied by the number of rooms would have meant something. Now, the designer may have either put little thought on the economizer system, leaving it flawed, or it may have reached to a judiciously thought trade-off. You judge.

Comments 1 Comment »

19 08 2007

High Capacity Flash Cards in Older Devices

Posted by: Valer BOCAN in Misc (4,409 Views)

Some of the older devices that work with flash-type memory cards (like for instance digital cameras) may not fully support the recent higher capacity cards that appeared on the market. I happened to learn this the hard way, after I borrowed an old HP PhotoSmart 735 digital camera to take photos in my vacation, following the unexpected death of my good old Canon camera. The HP camera manual stated that the largest SD card known to work at the time of printing was 256MB but chances were that larger capacity cards would work as well. I decided to purchase a Kingston 2GB card, but to my surprise the camera displayed several messages that indicated that something was wrong with the formatting of the card and proceeded with the format. The net result was that somehow the camera has created a 1GB partition on my 2GB card and still refused to work properly after this.

The image above is what my computer reads about the 2GB SD card when connected to a card reader. I eventually gave up the idea of using the card with the old digital camera and purchased another 1GB card for that purpose. Now I had to find a way to reclaim the “lost” space on the original card. I tried to handle the partition using the Disk Management feature of Windows, but that did not help too much.

Here is where the DiskPart utility (which comes with Windows Vista) may help. What we need to do is actually destroy the partition table and let Windows recreate it from scratch. Here is what you need to do:

WARNING: Exercise great caution when following the advice in this post. The data on your flash disk WILL BE DESTROYED. The data on your other disks may become inaccessible in a blink of an eye if you make mistakes. I am not the one to blame. You’ve been warned.

STEP 1 - Launch the DiskPart utility

You need to open a Command Prompt window then type diskpart.exe and the following window should appear. At the DISKPART> prompt, type HELP to obtain the list of commands supported by the utility. While DiskPart may not be as easy to use as similar disk-partitioning tools on the market (such as Partition Magic), it is quite powerful and best of all… it’s free.

STEP 2 – List the disks available on your system

At the command prompt, type LIST DISK. You will get the list of the disks available on your system. In my case, Disk0 is the physical disk of my laptop and the rest of the disks (1 through 4) come from the USB card reader. The disk we are interested in is Disk 1, which holds the SD media. We can see that the list shows the true size, no matter how the disk is partitioned.

STEP 3 – Select the desired disk

You need to select the disk on which subsequent operations will be performed. In this case I selected disk #1, as shown by the LIST DISK command. Make sure you select the correct disk, otherwise you may end up destroying your valuable data.

STEP 4 – Clear the partition information off the flash card

Type CLEAN at the command prompt to delete the bogus partition information created by the device (in my case the old HP digital camera). You may now exit DiskPart.

STEP 5 – Create a new partition on the flash card

Right-click Computer, then choose Manage. This will bring up the Computer Management window where you have to select Disk Management under the Storage section. Locate the disk you have previously dealt with (in my case Disk 1) and notice that the entire disk space is not allocated. Right-click the disk and choose New Simple Volume… then follow the indications of the wizard that appears. This will create a new partition on the flash disk and will optionally format it. At this point, the disk is ready to be used with its full capacity.

Hope this helps.

Comments 1 Comment »

31 07 2007

Object Initializers

Posted by: Valer BOCAN in Visual Studio (2,795 Views)

Another syntax twist that comes handy is the Object Initializers feature of Visual Studio 2008. What the new feature basically does is allow for a more concise initialization of class fields and properties. If we were to create several instances of the Employee class (introduced in my previous post about automatic properties), that would require several lines of code that would only perform object initialization. There is nothing wrong with this, except that the code would be verbose:

We may argue that constructors can be used for a more compact object initialization. However there are instances when we need to initialize fields or properties. The code above can be rewritten as follows:

Note that after new Employee, there are no parentheses, but a named declaration enclosed between curly braces. The syntax is flexible in that that it allows reordering of initialized fields, as well as partial initializations. In the example below I instantiated the Employee class twice, and each instance was partially initialized with a different property:

Let’s suppose that our Employee class is modified such as to have a parameterized constructor (the name and type of the parameter is not important right now, but let’s just assume we have a Boolean one). The code that initializes a class with a parameterized constructor looks like this:

Some may argue that object initializers feature is not absolutely necessary and all it does is to further complicate the syntax and make programs less readable. My personal opinion is that once this and other similar features start to appeal to the public, they will be embraced and eventually adopted by everyone. I may be on the err side, but I bet that exact thing happened when the += operator was introduced in the C language.