On Balancing Security, Safety, and Convenience

There is a long-standing adage among security “people” that says convenience and security are ever at odds (or perhaps a bit more precisely put, inversely proportional). As the convenience of a given system goes up, its security will necessarily go down. Generally speaking this is true.  The convenience of a system is lent to authorized and unauthorized users alike. I would like to deal with specificity rather than generality in this post, however, and closely examine the relationship between these two concepts and one more.

Safety is the other factor that that I would like to bring into this discussion. Though safety and security are closely interrelated and often used synonymously they are different and must be examined as separate phenomena. Before we go further, I should tease out the difference between the terms safety and security.

Safety v. Security

Safety is, at its essence, protection of life and prevention of injury, caused primarily by accidents and mishaps. A manufacturing plant may place great emphasis on safety by implementing a “Safety First” campaign, installing fire suppression systems, placing eye-wash stations throughout the facility, and having an EMT on duty. All of these steps make the facility a safer environment but none of them increase security at all.

Security is typically defined as protection against criminal acts, and may or may not refer to the protection of people. The same manufacturing facility in the example above can install CCTV cameras, high security locks, an ominous chain-link fence, and an access control system to sensitive areas, all of which increase security. Unlike safety measures that do not make the plant more secure, these security measures may make it safer against certain threats while simultaneously making less safe against others. With the security measures, the employees are safer against criminal acts that would result in death and bodily injury such as a disgruntled gunman or a terrorist act. Depending on the implementation, however, the security measures may make it more difficult for employees to egress in the event of an industrial accident, lowering the overall level of safety.

Though all of the examples I have cited thus far pertain to physical safety and security, convenience, security, and safety are all factors in the digital security realm, as well.  Though the protection of data systems and data from power surges, natural disasters, hard drive failures, and other mishaps (typically through backups) is lumped in with “infosec”.  It would perhaps be more appropriate to call this type of protection “infosafety” (to coin a term).  Protecting these same infosystems and their backups from deliberate human threats is an approriate use of of the terms “infosec” and “information security”, however.  Finally, convenience plays a huge roll in infosec and “infosafety”.  Both infosec and infosafety can be at odds, though it may seem counterintuitive.  It would be very safe to have data backups on multiple hard drives and in mulitple cloud providers.  It would be even safer if these backups were unencrypted; encryption introduces the possibility that the data may not be able to be decrypted when needed.  This system would be very safe but it would also be incredibly insecure.

It is entirely possible for a system (whether digital, residential, commercial, industrial, et cetera) to be both safe and secure. It is also possible for the same system to be very secure but unsafe, or to be very safe but insecure; the distinction is in the dangers that are primarily protected against.

Security v. Safety v. Convenience

Convenience is also in competition with security. Generally speaking, the more convenient a system becomes for the user, the more convenient it becomes for an attacker and security is subsequently lowered. For example, employees at our exemplar facility may tire of having to use a key to gain access back into their workspace after smoking and leave the door propped open. This is a convenience measure in the interest of the individual employee, caused by the security measures that are in the interest of the plant’s owners or managers. This also impacts safety, since an open door will not prevent the spread of fire or dangerous gasses that a closed door would.

In closing, a physical security system must balance safety, security, and convenience. It must be safe for the occupants, secure against outside threats, and convenient enough that the system will not be overridden. In digital systems (at least at the personal user level) have no requirement for safety, but they should still balance security and convenience. The designer of the system (the homeowner or Chief Security Officer) must weigh all of these considerations when implementing a system. He or she must also monitor use and be willing to adapt the system or provide user training based on usage patterns to achieve maximum compliance.

The convenience of a system can impact both its safety and security.  It is not secret that as many security and safety processes as possible should be automated.  Things like backups, updates, and encryption should happen with as little user input as possible to ensure compliance.  When a system becomes overly complex, users will opt-out of the security of a system; this is when things like leaving computers on and unlocked being to occur.  The convenience of a system should be weighed against the risks the system faces and the tolerance of its users for security measures.  Make a system too secure and pretty soon it is far less secure because users will begin bypassing the security to achieve a balance, an equilibrium, a stasis of safety, security, and convenience.

The Point

This topic is especially germaine to me both in the writing of books on security, and in convincing my family and friends to adopt encryption and other security measures.  There is a constant struggle between the two, and those who do not have a specific interest in security and/or privacy typically have a very low tolerance for inconvenience.  Why do I recommend ProtonMail over Thunderbird with GPG/Enigmail?  The latter is certainly more secure.  Why do I recommend Cryptocat over ChatSecure when ChatsSecure is more secure?  I do so because I want to encourage participation among those who have little interest.  As security becomes more convenient through services like ProtonMail and Tutanota, perhaps a significant percentage of people will choose to adopt security.

Secure Your Physical Perimeter Part I: Rings of Security

I am a fan of security of all types.  I enjoy thinking about security theory and examining security problems.  I like messing with security systems, both offensively and defensively.  My interest in security is not confined to the digital world – I also greatly enjoy entertaining problems and considering solutions to physical security.  As such, this post will begin a series of posts on physical security and serve as a jumping-off point for a number of future posts.

This post is the first in a series called “Secure Your Physical Perimeter”.  This series will start from the outside and work inward in an attempt to create a physical defense-in-depth by considering concentric rings of security.  When most people think of “home security” they imagine getting an alarm and perhaps upgrading their locks.  While these are good measures to take, security should begin much further away.  It is far better to mitigate threats before they get close to your door than it is to wait until they are on your porch.

These RAB Super Stealth Motion Lights are a good deterrent and improve the physical security of almost any home.

1. The neighborhood:  Your neighborhood or building should function as your outermost ring of security  As simple (and perhaps undesirable) as it sounds, this means getting to know your neighbors and letting them know a little bit about you.  Your neighbors will remember the car at your house or the guy in you apartment building that doesn’t belong there.  They will notice if your car is gone but your door is wide open.  They will be skeptical of the “salesman” that doesn’t quite look the part.  Neighbors can call the police or fire department on your behalf if you are not home (or perhaps if you are).  It far less likely, however, that your neighbors will take an active interest in this if they haven’t at least shaken your hand and learned your name.

Your neighborhood, street, and apartment building are the outermost rings of your phsyical perimeter.  The specifics of your situation will dictate the rings of your outer perimeter, but don’t be afraid to get creative.  I value my privacy as highly as my security, so I am hesitant to give my neighbors too much information about me.  I do tell them enough so that they can help me.  My neighbors know my name, telephone number, and a working email address.  They also know that I travel constantly and I have asked each of them to “keep an eye” on my house when I am gone.  All of them are glad to help, and my next-door neighboor Jack has called me several times when things didn’t look right.  Each time I thanked him profusely and brought him a small gift upon my return, and now when I return from a trip Jack gives me a full report of everything that happened around my house.

If you don’t function well in meat-space or just don’t wish to have your neighbors over for dinners and get-togethers, check out Robin Dreeke’s It’s Not All About Me: The Top Ten Techniques for Building Quick Rapport with Anyone. (affiliate link).  It works.

2. Your yard, property line, or building:  Moving inward, the next dinstinct ring of security is your property.  If you live in an apartment building, this overlaps with the previous section and would be your apartment building.  Your yard is a dividing line between you and the rest of the world; you own or rent it, and encroachment on it is an escalation beyond simply being on your street.  As such, you want to be able to see anyone who is on your property and doing so can reduce the likelihood of criminal activity moving beyond your street.

  • Trim your shrubbery. Any shrubbery that would give an individual a concealed approach to your house should be cut back. Though it sounds overly simple, depriving a burglar of a concealed approach can make him feel exposed and uncomfortable.
  • Use motion lights in the yard. Being surprised by motion lights coming on unexpectedly can be shocking and may deter an attacker. Buy ones that are light sensitive so that they will not be activated in the day time.  I like the RAB Super Stealth Motion Lights (affiliate link) in the photo accompanying this article.  I use these lights because they work; the sensitivity can be adjusted to reduce false positives and they have an adjustment to control how long the lights stay on after they are activated.  This light also has a 360-degree bottom-facing sensor to increase their utility and prevent tampering.
  • Leave your porch lights on. An attacker would much prefer to do his or her work on a darkened porch instead of a well-lit one. Moreover, concerned neighbors are more likely to see the potential intruder and alert you and the police to his presence.
  • Advertise your alarm system. Place an alarm company sign in the front yard and stickers on your doors.
  • Keep your valuables out of plain sight. An intruder should not be able to look inside and see laptops, cameras, firearms, jewelry, or any item that can easily be carried away and quickly converted to cash.
The UL-Listed high-security lock and the alarm system can serve as both deterring and delaying security measures.
The UL-Listed high-security lock and the alarm system can serve as both deterring and delaying security measures.

3. Your house or apartment:  Your home, whether a house, apartment, condo, mobile home, or camper is your refuge and in almost every case, your innermost ring of security.  Sadly, this ring of security is usually the only one that most people think of when they are considering home security; as I mentioned earlier I attempt to mitigate threats well before they reach this ring.  There are a great deal of techniques that can be implemented at this ring of security, though.

  • Always lock your doors and windows. If you have one, arm your alarm system. Locks and alarms do no good if they are not used.
  • Use high-quality locks and ensure they are correclty installed.  Install UL-listed high security lock or increase the security of standard security locks (I will discuss increasing the security of locks in an in-depth, upcoming series).
  • Do NOT hide a key outside your home. A patient thief can find your key as can anyone who sees you retrieve or replace it. A much better alternative is to leave a key with a trusted friend or elsewhere “offsite.” A hidden key is an example of “security through obscurity” and is a serious security vulnerability.
  • Secure any utility panels on the outside of your home with a good padlock. Similarly, lock any secondary spaces like your crawlspace.

In addition to the above, make it difficult to tell if you are at home or away, especially when you are away. This will deter opportunistic attackers and make the job of a focused attacker more difficult. Most burglars do not want to risk bumping into a homeowner because it could result in violence and police, not to mention a failure to get your valuables. The following are some tips to make your home appear to be occupied at all times:

  • Continue routine home care when you are absent. If you are going to be gone for more than a few days, ask a neighbor or pay a service to mow your lawn and pick up your mail and newspaper. An unkempt lawn, an overflowing mailbox, or a pile of newspapers in the yard are tell-tale signs that you are away. This makes your home an attractive break-in target.
  • Use lamp timers. Lamp timers turn lights on and off at set times, which give the appearance of someone being home. Fairly sophisticated timers (affiliate links) are available, allowing you to program lights to turn on at different times each day, up to three or four times per day. Some timers can even be programmed to turn lights on and off randomly to avoid setting predictable patterns.
  • Use noise to your advantage. Used effectively, talk radio can sound like a conversation or someone watching television. Set a radio on a lamp timer to stay on from morning until bedtime, and turn the volume so it can be heard softly just outside a door.
  • Use blinds and curtains to your advantage. When you go out of town do not close every blind in the house as this looks odd. Instead, close blinds or curtains as you would during your normal routine such those in the family room and your bedroom.
  • Park in the garage if you have one. If you park in the driveway instead of your garage it is easy for a thief or targeted attacker to tell when you are home and when you are not. Also, when not in use, keep your garage door closed.
  • Place blinds over garage windows. This accomplishes two goals: 1) it prevents an attacker from seeing whether your car is in your garage and determining if you are home, and 2) it helps make your home an unattractive target by making it difficult for a thief to see the valuables stored in your garage.

Taking these simple steps will make your home much, much more secure than most.  If you are being targeted by a specific threat these measures may not be enough, but they will provide a good layer of protection against an opportunistic attacker.

Secure Notes for iOS: Codebook Secure Notebook Update

One of my favorite features on my iPhone is the ability to take notes.  Sadly, one of my least favorite features of my iPhone is the Notes’ inability to be encrypted or password protected, and its annoying tendency to backup to email accounts when you least expect it.  Because of the lack of security inherent in the native Notes app I began looking for a replacement several years ago and found Codebook Secure Notebook.

Codebook is a refreshingly simple app that encrypts your notes using AES-256.  Codebook also has some other cool security features.  It has a pretty standard Auto-Lock function that locks the app after a specified period of time ranging from one minute to one hour, and allows you to disable Auto-Correct.  Toggling the Auto-Correct slider to “off” prevents the phone’s dictionary from inspecting the contents of your notes, potentially preventing data from leaking in the OS from Codebook.  This is important if you store passwords, credit card numbers, or other especially sensitive data in this application.  The final setting that deals with security is Pasteboard: Clear on Exit.  This clears your clipboard when you exit or minimize the application.  This is helpful if you are copying text within Codebook, but you will want to leave this turned off if you copy text from Codebook into any other application.

Codebook does look dated (think iOS 5- or 6-ish)  though, and at the time of this writing has not been updated since version 1.6.4 which was released in January of 2013.  This gave me some pause when writing about the app in Your Ultimate Security Guide: iOS.  Though the look of the app doesn’t really matter I had real questions about whether or not it was still being supported.  The good news is that, yes, Codebook Secure Notebook is still being supported and an update is on its way very soon!  I had the opportunity to TestFlight this app and I am sharing a few screenshots below.

Codebook is everything I like in an app: simple, uncluttered with superfluous features, and secure by default.  I am incredibly pleased to know that Codebook will be around for the foreseeable future.  I would love to see a version of Codebook for Android, as well.  Codebook Secure Notebook costs $3.99 in the App Store but is money well spent.

IMG_2686 IMG_2690

IMG_2688 IMG_2689

Privacy and Security Considerations when Upgrading to Windows 10

With free upgrades to Windows 10 fully out in the wild the migration to the new OS has been, by all accounts, a resounding success for Microsoft.  Though Windows 7 will doubtlessly remain king of the hill for the immediate future, with 75 million downloads in the last month Win10 is making serious inroads.  Though popular out of the gate, it has not been received without some legitimate complaint.  There are some major privacy issues with the new OS.


Express Settings:  When going through the  upgrade process, do NOT choose the “Express settings” option.  In Express settings mode you are not allowed the opportunity to change privacy and security settings and they are set to defaults.  Worse, allowing the Express settings can cause an encrypted version of your Wi-Fi password to be shared with your friends through Wi-Fi Sense so they can use your Wi-Fi if and when they are at your house.  Instead choose the “Customize settings” option.

Forced Updates:  Perhaps the fiercest complaint about Win10 is that updates are mandatory, not optional.  While I strongly encrourage staying up-to-date, the ability to opt-out of select updates should be everyone’s right.  This ability is especially importan when updates are buggy or cause system instability as has been the case with some updates for 10.  Windows 10 users have no choice in the matter, though.  At least now Windows actually offers some transparency and explains what these updates do.  Before upgrading you should seriously consider whether you are willing to accept mandatory updates whether you want them or not.

Privacy Policy:  Windows 10’s privacy policy has been described by Ars Technica as “the new normal“.  While all operating systems send some information back some information the data collected and transmitted by Windows 10 is fairly significant by comparison but is, as Ars also points out, part of a continuing evolution of increasing data collection.

Data Collection by Default:  Windows 10’s data collection is enabled on the OS by default.  The new Cortana feature (the competitor to Apple’s Siri and Google’s Now) constantly records you and your actions to “get to know you”.  Windows 10 also has a very intuitive, very user-friendly Settings menu that contains a well laid-out Privacy section (shown below).  Unfortunately most of these privacy settings are enabled to collect data by default.  I strongly recommend going through these privacy settings immediately upon installing the new OS.  These settings are not complete; there are .  For more information on setting up the initial Privacy and Security settings in Windows 10 visit https://fix10.isleaked.com/.

Screenshots of my Win1o Privacy settings are attached a the end of this post.  Note that for most of these settings you must enable the global setting before disabling individual apps.  After you have disabled every app I recommend once again disabling the global settings.  Also note that these settings are not a substitute for using basic best practices and security utilities like encyrption and antivirus.

Some good news:  Windows 10 will still work with the security applications we know and love, like TrueCrypt, Password Safe, and others.  In fact, aside from OS-specifics, nearly everything I detailed in Your Ultimate Security Guide: Windows 7 Edition is still applicable.  Just one quick word of warning: if you are full-disk encrypted, DECRYPT YOUR HARD DRIVE before upgrading and re-encrypt upon completion of the upgrade.  I learned this the hard way.

Everyone loves the appeal of a new operating system.  Even I was excited at the prospect of an entirely new look when the computer finally finished installing 10.  But the more rational side of me dislikes change just for the sake of change.  After I complete the next installment of the Your Ultimate Security Guide series which will cover Windows 10 (look for it in March 2016) I plan to revert back to either Windows 7 or, much more likely, go full-time with a Linux distro.



Privacy Compromising Updates in Windows 7/8.1

Since the release of Windows 10 it has been no secret that Windows is collecting a great deal of data about its adopters be default.  Though some of this tracking cannot be opted out of most of it can, and this blog will cover these techniques for Win10 next week.  What is more alarming (at least to me) is that Windows is quietly installing some of these privacy-invading “features” on Windows 7 and 8.1 machines in the form of updates.  These updates send a great deal of information about your usage back to Microsoft.  Fortunately for users of Windows 7 and 8.1 these updates can be quickly and easily uninstalled.

The updates are (each is hyperlinked to a full description at microsoft.com) :

To uninstall these updates navigate to Control Panel>>System and Security>>Windows Update.  Click “View Update History”, and the click “View Installed Updates”.  This will open a list of the updates that have been installed on your machine.  Search for each of the four updates listed above.  If you find that any of them have been installed, right click on the update and select Uninstall.  You will be asked to confirm your decision.

Win7 Privacy UpdateI am disappointed that Microsoft has chosen to hold user privacy in such disregard, though my disappointment does not rise to the level of surprise.  This is a great example of something I talked about in Your Ultimate Security Guide: Windows 7 Edition.  Allowing updates to download and install automatically can have some serious negative consequences.  I prefer to download updates automatically but choose when to install them.  This gives you the chance to avoid updates like these that are not in your best interest.