How Secure is Your Email Address?

    Over the years I have had many different email accounts.  The deciding factors to make me change accounts was how much junk email or spam  I received and if there were any security concerns with my current email provider.  Recently Gmail was discovered to have a new security vulnerability.  This vulnerability put an indefinite number of Gmail addresses as well as business emails at risk.  Why is gaining an unlimited amount of Gmail addresses so valuable?  The reason this vulnerability is important is because it allows the attacker to send phishing campaigns and targeted attacks to an unlimited amount of users.  This guarantees that the attacker will have a higher amount of victims.

    The vulnerability allows an attacker to gain access to a list of Gmail addresses.  This discovery was made by Oren Hafif, a researcher at Trustwave's SpiderLabs.  He reported the vulnerability to Google, who has since fixed it.  One may ask how was this vulnerability even possible?  Hafif found a token exposed in a URL and was able to expose every Gmail address.  The URL token was found when using Gmail's delegation feature.  When an account user delegates that account to allow another person to access it, the delegated party has to accept or decline the delegation via an embedded URL link.  These links were nearly identical, the only difference was one link included /mdd (mail delegation deny servlet) while the other included /mda (mail delegation accept servlet).  He then researched URLs that Google used and determined that the sequence which followed mda and mdd was being used as an authentication token. 

    With the authentication token Hafif started running a brute force attack and was able to gain so many email addresses that every tool he used to conduct the brute force crashed from the overload.  To overcome this problem he wrote his own multi-threaded script in Ruby.  In addition to Gmail addresses, he discovered he was also obtaining non-Gmail addresses.  These were most likely businesses who were using Google Apps such as a mail service.  Hafif commented on the potential security threats that companies may face when considering if they should move their information to the cloud as many companies have done by choosing Gmail as their organization email manager.  When vulnerabilities like this exist it creates additional potential threats such as spear phishing attacks, advance persistent threats as well as other targeted attacks.  It is important to keep this possible vulnerability in mind when planning security threat mitigation for not only your personal email accounts, but also your company's email accounts.

 

Paganini, P. (2014, June 12). Gmail hacking, a mine of data for phishing and spam attacks. Retrieved June 23, 2014, from Security Affairs: http://securityaffairs.co/wordpress/25676/hacking/gmail-hacking.html

    

    

Privacy Threat Model

     When creating a threat model it also becomes important to examine privacy issues.  Microsoft has updated their free threat modeling tool for 2014.  These updates include improving security and privacy weaknesses.  Privacy has become an important issue not only for individuals, but for companies who are protecting their own information as well as customer information. 

      In order to understand privacy threat models it is important to examine Solove's taxonomy of privacy harms.  The harms are not only threats, but also the impact of the threats.  To use Solove's taxonomy in a threat model one should pay close attention to personal data within the threat model.  A few recommendations on where and how to focus on finding the harms is given by Adam Shostack in his book Threat Modeling Designing for Security.  They include: data collection points on web forms; inbound data flows from external entities; where the system has in-person interaction; where data is brought together for decision making purposes; secondary use that may cross trust boundaries including those that customers may expect and in person intrusion.  By closely examining data on the threat model one may see potential privacy threats.  Understanding the key to finding privacy threats will greatly help those creating threat models.

    To gain a new perspective on creating a threat model be sure to visit Microsoft's new Threat Modeling Tool.  One advantage of this is that it no longer requires Microsoft Visio to create new threat models.  Now it can be created using the included stencil set.  For more information visit http://blogs.msdn.com/b/sdl/archive/2014/04/15/introducing-microsoft-threat-modeling-tool-2014.aspx

Shostack, A. (2014). Threat Modeling Designing for Security. BoulevardIndianapolis: Wiley.

Threat/ Vulnerability Assessment

     Companies face many different types of threats on a daily basis which range from human error to criminal threats to natural weather related threats.  To ensure that business is running smoothly, it is necessary to develop a threat or vulnerability assessment.  The purpose of these assessments are that they will help develop plans to put in place to eliminate or mitigate the potential threats.  Threat assessments can be created to focus on one specific area such as software or a facility in its entirety. 
    
     When starting a threat assessment, the first step is to identify the area or areas that need to be protected.  Once identified, those involved must evaluate potential threats.  Several different methods can be utilized; they include brainstorming, reviewing past threats and vulnerabilities, thinking like criminals or hackers and asset or software driven threats.  After these credible threats are identified they should be ranked from highest to lowest threat impact.  This will help identify which threats are more likely to occur and the severity if it were to occur so they can be prevented or mitigated.

     To mitigate threats it is important for companies to have a documented plan in place to educate employees on what steps are to be taken to mitigate the threat.   In addition to being a resource for employees the plan also serves the purpose of being continuously reviewed to ensure the plan still mitigates the threats effectively.  Should it no longer be effective, the plan should be updated.  This process is cyclical as threats may never be 100% eliminated.  The frequency of review can vary from days, weeks, months or even years.  It all depends on the asset and the time frame those involved determined the system to be reviewed. 

     While a threat or vulnerability assessment may seem like a tedious or daunting task, it is necessary.  The only way for companies mitigate potential threats is to identify them beforehand.  Should they fail to do this it could cost the company more than just a financial loss, it could damage the company's reputation.

Risk

     Every company faces risk in some shape or form.  It is up to them to decide which of these risks are acceptable and which need to be mitigated.  In today's world it is uncommon for a business to not have a website or conduct their business online.   Since we have become increasingly reliant on technology to help run our businesses, we have to address the potential threats that they pose. 

     One of the most effective ways to mitigate these risks is through threat modeling.  Threat modeling offers different methods to examine potential threats.  During the next nine weeks I will be discussing various aspects and methods for threat modeling that will help businesses mitigate potential risks.