Encryption Could Make You More Vulnerable 126
narramissic writes "It sounds like a headline straight out of The Onion, but security researchers from IBM Internet Security Systems, Juniper, nCipher and elsewhere are warning that the use of data encryption could make organizations vulnerable to
new risks and threats. There is potential for 'A new class of DoS attack,' says Richard Moulds, nCipher's product strategy EVP. 'If you can go in and revoke a key and then demand a ransom, it's a fantastic way of attacking a business.'"
It's not so much 'more vulnerable' (Score:5, Insightful)
Encryption is necessary for many businesses, and if such attacks are truly a worry, they should be addressed in the same manner as any other risk.
Hmm (Score:5, Insightful)
Re:revoke isn't that big (Score:3, Insightful)
Re:It's not so much 'more vulnerable' (Score:5, Insightful)
We all know headlines exist solely to generate traffic...
Mission option for every security discussion (Score:5, Insightful)
Really, I've never seen a setup where stealing ONE (or a few) keys could result in a situation where a whole enterprise gets shut down for ransom.
More likely, consider the situation where only two guys have the password to the domain name registrar's account, they get laid off, and a year later some one realizes the company domain expires in two days. Before anyone figures out how to renew it, it's in the hands of a pr0n site. There's your missing/lost key scenario, happens all the time.
Revoking a key may be a red herring (Score:3, Insightful)
If someone tricks the key-checking mechanism into thinking a key is revoked, that's not a huge problem: All a revoked key means is that you may not be able to TRUST the key or the data it protects anymore. It doesn't mean you can't get at the data.
This is no worse than if a burglar broke into the building storing your paper forms. You can no longer automatically trust that those forms weren't tampered with. You have to either re-authenticate each of them or accept the fact that they may have been altered.
So the point is? (Score:2, Insightful)
Maybe I'm just being silly or showing my old-school mentality, but I think it's important to try to identify these types of potential "gotchas" before I click setup.exe.
Game over ... (Score:3, Insightful)
Re:Hmm (Score:5, Insightful)
Its like Mom always said; never write something down without expecting someone else to eventually read it. If its dangerous or hurtful information it should be destroyed. If its really important keep it in the only place its really safe your head.
Business are keeping more and more customer information. Information is leaked all the time stored encrypted or not. Encryption is likely to give an often false impression of security. People may think they are safely storing facts that will only be available to them and their organization and customers might end up really unhappy if they discover they were wrong about that some time.
There is always a risk (Score:3, Insightful)
Encryption is making things harder for those that want to penetrate your business, but use it with care. Too much will do more harm than benefit. Set up boundaries in your systems and encrypt the communication. That's the reasonable way to do things.
Encryption of hard disks may be useful on laptops, but is relatively useless on stationary computers and servers, and will probably only add to the performance overhead. Just be sure that all hard disks are erased before the computers are retired and you have been saving yourself a lot of trouble.
If someone stores data encrypted anyway and the key is lost - well - tough luck unless you have a good policy where backup keys are stored in a safe place.
Only a few businesses will benefit from extreme levels of encryption, and those are mostly working in the military area. In these cases it may be better to just call it a day and consider all data where the key is missing or manhandled as compromised.
Users are always the weakest link (Score:5, Insightful)
The problem comes in when people can't remember the encryption password. Either they lock themselves out of the laptop or they do something brilliant like write the password on a post-it and tape it to the laptop case.
No matter what strategy you have, your own customers will find a way to mess it up.
Not new or groundbreaking (Score:4, Insightful)
BUT, a mischevious person could put epoxy in all the keyholes, essentially revoking your keys and causing a denial-of-service.
Which is better, a small risk of being locked out of your data/car, or the larger risk of theft and/or misuse of your data/car due to lack of security?
Keeping doors unlocked is better? (Score:3, Insightful)
Considering this warning comes from a bunch of security companies, maybe this is some new trend of disclaimers, like anti-virus vendors warning that their product can only reduce but not eliminate attacks - in case a customer is stupid and tries to blame the encryption vendor for losing their keys, they can say 'I told you so' and point to these articles
Re:It's not so much 'more vulnerable' (Score:3, Insightful)
And as to encrypted email, you can always send it again.
Making people fear encryption because of this verges on sociopathic. BTW, BACK UPI YOUR DATA DAMMIT
-mcgrew (not the security guy)
Re:Users are always the weakest link (Score:3, Insightful)
People not remembering their encryption password is by far the lesser of two evils, though. I'd rather have the data be totally inaccessible than be accessed by the wrong people.
mod parent up! (Score:3, Insightful)
Re:It's not so much 'more vulnerable' (Score:3, Insightful)
I agree, but... (Score:3, Insightful)
The highest level of attack that the article mentions is DOS by which attackers steal your keys and ransom them back to you. Indeed, this would be a bad day for the IT department and the affected departments of the company could lose days or even a week of productivity, which is damaging indeed.
Compare this to the risks of not running encryption. A similarly motivated and skilled attacker as discussed above could easily grab things like log ins just by monitoring your traffic. Once he finds that login with the proper credentials, not only can he execute a DOS as outlined above, but he can also potentially steal all of your client information, your internal financial information and implant rootkits on all your servers so as to be able to come back for more later. One of the best ways to lose your entire customer base is to tell them that they have to cancel their credit cards because you got their numbers stolen.
This kind of stuff has killed companies. No thanks, I'll keep my ssh and ssl.
Re:To sum up: (Score:2, Insightful)
There are hundreds and thousands of case's where security has stopped crimminals in their tracks. Most people cant get past a $30 lock.
~Dan