XB 2.0 Final Touches

Today I started work on a project that Kyle and I had discussed, which was inspired by interaction with a XeroBank client. The suggestion amounted to the realization that although we are very aware of how to make software easy to use, that there is also a corresponding need to understand how and why you are using the software, and how it integrates into a privacy enhanced lifestyle. Thus is born The XeroBank Best Practices Guide, a definitive manual for protecting your privacy. It will include how to create a security mindset, how to protect your computer security and personal data, as well as how XeroBank integrates into the big picture.

It has started to write itself much like a martial arts philosophy, because that is what it most closely resembles. Our kung fu is awesome.

Over the last 48 hours, we've been working on the final touches and functions for day zero operation for XeroBank 2.0. That means new software, new services, new webpage, new functions, and new user interface.

Here are some sneak preview images of the real UI:



Rumor: I hear that Kyle found a way to drop xB Machine's loading time from 60 seconds to 10 seconds. I have yet to visually confirm this.

What we can learn from a social-engineering jewelry thief

Today there was a news piece about a social engineering scheme whereby a jewelry thief pretended to be the security alarm company and got the victim to ignore the alarm. This particular instance cost the University of British Columbia some valuable gold pieces and gold artifacts.

While this is a slightly amusing story, it is also a sad commentary on the state of security theory. The point being that people often think of security as external object to that which it protects, an onerous obstacle that stops intruders and annoys legitimate personnel. The jewelry thief played on this way of thinking, as many car thieves do.

How many times, when a car alarm goes off, do you ever investigate to see if the car is being stolen or broken into? Is it ever more than a cursory glance out the window, to see who's overly sensitive alarm was set off by a gust of wind? Typically, the alarm registers as nothing more than a nuisance, and the only attention we pay is in wondering when the alarm will stop. After it stops, the whole issue evaporates from our perception. Problem solved, right?

This way of thinking is often ignored when designing security, and among those it is supposed to protect. The initial response is that we should only sound alarms when there is really and truly an alarming situation. However, game theory suggests that this won't be possible, because all things being equal, if alarms are silent in the future, you stand out by having a loud alarm, leading to the same situation.

In that case, we need to think about why we have the alarms, and who it is we are supposed to be alerting. In many cases, the alarm is to deter the thief. Unfortunately, this only deters unexperienced or unexpecting criminals, as experienced professional thieves will not only expect but ignore the alarm, knowing that those around him will ignore it too. What has happened here is that plural ignorance takes over as a coping mechanism. People assume that someone else will deal with the problem.

This type of group-think mentality results in paralysis while the crime happens right in front of their eyes. Plural ignorance claimed the life of Kitty Genovese, a New Yorker, who was attacked and stabbed many times over a period of 30 minutes, in front of her neighbors. Nobody answered her pleas for help. When questioned about it, they all assumed that someone else surely would have called the police, but nobody did.

So the result is that the alarm isn't the problem, the people who are exposed to the alarm are. This means that the solution must be derived from behavioral psychology, because it is the behavior of the alarm observers that we want to influence. Behavioral psychology suggests that to break out of plural ignorance, you must single out an individual, and tell them specifically what to do. It would have saved Kitty Genovese's life, and it would have saved the university's artifacts.

The practical application would be an alarm that could sound different types of alarms, and to notify specific people. For example, if the alarm was able to communicate that first there were intruders, then there was a door broken, and then the artifacts were stolen, this would give very specific and contravening indications against the claims of the supposed alarm company.

Of course, the human factor is always fallible, and additional best practices should be applied. The on-site guards must be notified that the alarm is to be considered an autonomous authority, and to ignore the influence of others and independently check on the notices the alarm provides. They must also be trained to understand where authority issues from. If the alarm company has authority, then it must be verified that you are dealing with the authority if they are asking you to do something out of the ordinary. If a police officer asks to enter your home, you should ask to see a police officer's badge and then call the police to see if such an officer exists and that they are at your location. This would be the same as the alarm company having to verify itself to on-site security by producing a codeword for that day.

Such quick and simple checks to verify authenticity of authority are critical. My bank called me the other day and asked me to verify some information to facilitate a transaction. I told them that their actions were quite irregular, and that they would have to verify they indeed were the bank. The woman on the other end of the line was quite surprised, as nobody really ever questioned her about who she represented.

What does all this mean?
1. Alarms should be designed to have informative properties, not just alerting properties.
2. When someone appears to give a command of authority, make sure you can verify they are who they say they are. Those with genuine authority do not bluster at verification attempts.

Software Update: We're going to release a version 2.0.0.14b for users that are having the end loop problem. In a future version of the installer, you'll also be able to select to install xB Machine, and it will update xB VPN if you already have it installed

Big Bang at ThePlanet

xB Browser 2.0.0.14a had a bug in the shutdown routine, so we replaced it. We didn't version it up to a new version because it was a very minor tweak to the source.

STATUS: One of the US XeroBank entry nodes was at ThePlanet, in Houston's H1 center, which suffered an explosion through three walls, temporarily disabling the server. It is unknown at this time if the cause of the explosion was incidental or sabotage, and the only statement has been that the damage is "unbelievable"... no pictures of the blast have yet been made available to the public.

The XeroBank server in question is encrypted in multiple layers, and has no process-critical or personally identifying information on it. ThePlanet reports that the servers are physically unharmed. The entry-node outage will not affect current customers or the XeroBank network at large, as we have multiple entry nodes at different locations in the world. ThePlanet has graciously offered to move us from their H1 datacenter to their H2 datacenter, as long as we give them root access to our machines. We have declined their offer, and await a resolution. We expect the server to be restored before launch of the XeroBank 2.0 network, after an integrity check is performed.



Here is a detail of the letter they sent out:

This evening at 4:55 in our H1 data center, electrical gear shorted, creating an explosion and fire that knocked down three walls surrounding our electrical equipment room Thankfully, no one was injured. In addition, no customer servers were damaged or lost.

We have just been allowed into the building to physically inspect the damage. Early indications are that the short was in a high-volume wire conduit. We were not allowed to activate our backup generator plan based on instructions from the fire department.

This is a significant outage, impacting approximately 9,000 servers and 7,500 customers. All members of our support team are in, and all vendors who supply us with data center equipment are on site. Our initial assessment, although early, points to being able to have some service restored by mid-afternoon on Sunday. Rest assured we are working around the clock.


...

We will take move requests on a first-come, first served basis. We will need the customer name and customer ID (for example C13572). You'll also need to update your root/administrative password in Orbit or ServerCommand prior to submitting your ticket. To request a move for your server from H1 Phase 1 to H2, please log into Orbit or ServerCommand and submit aManual Reboot Request. In the summary input box include 'H1 Phase I Server Move Request' along with the hardware object ID or server IP address in the description input box.

xB Browser for Mac and Linux

For a long time, people have asked for Torpark/xB Browser for Mac and Linux. This wasn't possible due to programming environment being strictly suited for Windows. Today, this is no longer the case. We do infact now have in development a version of xB Browser for Mac and Linux. It is an interesting design method based on virtual machines. That means we will be redesigning xB Browser from scratch, but it also means that it will be available with new security features by a full order of magnitude.

For example:

1. Fully encrypted surfing, including cache and cookies
2. Browser breakouts not possible
3. No need to stop scripts
4. No operating system interaction
5. Leak-proof by design

What does that mean? It means that plugins like NoScript and TorButton are now completely obsolete. It means that the software is invulnerable to new 0-day attacks that can compromise all other systems.

Amazing? I think so.

First Post

Hello,

The purpose of this blog is to let visitors stay informed about what is going on at XeroBank. This includes project development, news, network status, and discussions on current events affecting privacy and security.

Stay tuned,
Steve