Most Recent Posts

Index of Older Posts


Using passwords in Microsoft Office Documents: be careful!

In the last week or so I have been asked several times where my follow-up article(s) for a solution to sharing a sensitive document on Dropbox are.  Truth is, I continue to look for a solution that I really like and that I can recommend without reservation.  The questions have included how to share with a family member, and how to share with a colleague. 

Most of the time we would like to share a Word, Excel, or PDF document.  One approach I've been asked about would be to:

  1. Set a password in Word (or Excel) so that the password must be entered before the document can be opened.
  2. Put the file on Dropbox, and share it with the other party as you normally would.
  3. Give them the password by telephone (if it’s so sensitive that you are trying to add end-to-end encryption, you probably shouldn’t email or text the password).

In theory this should work very well, with some limitations.  But there are some important concerns. 

For Mac users, neither Word 2011 or Excel 2011 for the Mac actually encrypts the document when you set a password!  According to Microsoft:  “Given sufficient time and knowledge, a user can [read and] modify data in any document that he or she has access to.”  The password merely prevents Word from opening the document so passwords in the current versions of Word or Excel are essentially useless.  However, Powerpoint 2011 for the Mac does seem to encrypt the file, though Microsoft is not forthcoming about how the file is encrypted.

On the other hand, Word and Excel 2013 for Windows appears to allow reasonable encryption.  The online Microsoft documentation is somewhat vague.  In Office 2010 it’s 128-bit AES, which is very good, but Office 2013 is not directly addressed.  You should also know that if you are working in a corporate envoronment, there are administrative options for encryption that can affect how strong it is, and can allow the organization to decrpyt your document with a master password.  This is, of course, appropriate and necessary, you just need to know about it!

If you use Apple’s Pages, Numbers, or Keynote, then password-protecting a document results in encryption using 128-bit AES.  The only downside here is that the newest versions (Pages v5.2, for example) use a new file structure where the “File” saved by Pages is actually a container of files. This doesn’t play as nicely with Dropbox (and other cloud storage providers) as the single .docx file from Word.  This was a recent change by Apple though, and I’m hoping that Dropbox et. al. will fix these issues shortly.

Finally, PDFs can also be encrypted using Adobe Acrobat (which most of us don’t have) or, if you are using a Mac, either by Printing as a PDF, or from Preview by selecting “Export as PDF…” from the file menu, selecting the “Show Details” button near the bottom of the dialog box, and checking the box for Encryption.  You will then enter and verify the password that will be used to encrypt the document.  This method uses 128 bit RC4 encryption which may be slightly less secure than 128-bit AES, but will be fine for most purposes.  Provided, of course, that you’ve selected a strong password!  The problem with PDF files, of course, is that they aren’t easily modified and changed the way Word or Excel files are. 

Finally, it’s very important that you and whomever else you are sharing the file with do not open and modify the file at the same time.  Dropbox is pretty good about not corrupting everything, but you will end up with two versions of the file that then have to be reconciled, which might be a big pain.

So, the bottom line is that if you are a Windows user, and using Office 2010 or 2013, you probably get adequate encryption with the built-in tools in MS Word, Excel and PowerPoint.  If, however, you are a Mac user, the password protection for Word and Excel is only there to dissuade someone from opening the file in the Microsoft program, but there is no encryption at all.  If you use Apple iWork (Pages, Numbers, and Keynote) then the protection is good.  But watch out for file syncing problems until the cloud storage providers have the new container format figured out!  Overall, I'm still looking for the optimall solution!




Mitigating Risk

For a little change of pace, I'm going to branch out and spend a post or two on Flying topics.

Recently, I read a very good article written by Martha King, whom I usually can take or leave, in the April 2014 issue of Flying Magazine.

I often use the phrase:  “I like to plan the flight and fly the plan.”  Inherent in that phrase is the concept that the best flights that are nice and routine, where the plan is followed, and the goal achieved according to the plan.  And therein lies the problem.  Flying is done by goal-directed people and is inherently a goal-directed activity.  If we are too rigid about “flying the plan” and loose the ability to be flexible about the goal and fluid in our approach, then we will inevitably increase the risk of flying because we are motivated to keep to the plan, achieve the goal, and overcome any obstacles in our way despite clear indications that that may not be possible.

Martha King points out: “When you are in the company of pilots, you are in the company of achievers, people who are hard-wired to complete what they set out to do.  They don’t give up their goals easily.” She goes on to say that it is by realizing that the goal can be unachievable, and maintaining flexibility in our thinking, that we mitigate risk.

Another approach to keep in mind for mitigating risk is to increase the scope and contingencies in our plan.  We all plan an alternate, make sure we have appropriate fuel, and study the approaches, don’t we?  (Say YES!).  But do we pack an overnight bag on every day trip?  Do we call the alternate airport and select the best FBO, negotiate fuel and hangar if necessary, and generally lower the mental barrier to making the diversion?  Or do we believe that picking out the place is good enough?  I’m going to change what I do, and I think it’s going to be a big, big help in performing safer operations.

Here are some other things that you might think about.  They are strategies that make it easier to give up on a goal.  Some are directly from Martha King's article.

  • Always pack an overnight bag, even for a day trip.
  • If you feel “late” or “in a hurry” then you are loosing the battle of risk mitigation
  • Just as in a stall, you need to unload the pressure to recover the situation!
  • Remind yourself that airline flight are very frequently late, delayed, or just plain cancelled!!
  • Think about the whole trip the way we are taught to view an approach:  Make your expectation that the trip will be delayed or worse, but if all the pieces happen to come together, then you can make it as planned!  This is the same as the old adage: Expect the missed. Be surprised and happy that you can land.
  • Take along a second crewmember.  Or a virtual crewmember.

What Martha doesn’t explicitly state in her piece is that, in each case that she cites of changing or giving up on a goal, discussion with someone else was a big factor in making the right decision.  It’s having a second option to back you up in making the oh-so-hard decision that the goal just isn’t reasonable today.  If you don’t have a second crewmember, then use a makeshift “dispatch” — call your airplane partner, friend, or flight instructor!!  They too may be able to be the sounding board of reason.

Finally, I want to share a little story about a trip home that I took with my airplane partner on a commercial carrier from Dallas to Boston.  It was Thanksgiving eve.  We had finished our recurrent simulator training earlier in the day, and had made it to DFW airport with plenty of time.  But our flight was delayed first because it was late arriving, and then for somewhat mysterious reasons.  We were eventually told that they were working on a mechanical issue where water was leaking from behind the gally sink, flooding the aft galley area, and dripping through the floor into the “Ebay” of our Embraer 190 aircraft.  Water dripping into the Electrical Bay, where the critical electrical systems of the aircraft are housed, sounded like a problem that needed to be completely remedied before flight!

Next thing we hear is from the captain of our airplane, who seemed like a very nice guy.  He came out and addressed the assembled passengers.  He explained the problem and pointed out that he was pushing maintenance very hard for us to get repaired and make the flight back to Boston, because if we didn’t he would miss Thanksgiving with his 4 and 7 year old kids.  He explained that we were all in the same boat — wanting to be able to make our trip and make it in time for the Holiday celebration.  It was a very heartfelt announcement, and every passenger, save two, applauded after he put down the microphone.  The remaining two passengers, my partner and me, looked at each other and thought: “OMG.  Does he have perspective on the risks of this operation?  Are they pushing too hard to make the trip with a known and, in the words of the pilot, “very serious” problem?  Should we get a hotel room right now and refuse to get on this flight?”

It’s all too easy to forget that commercial crews are often under the same pressures that we are.  They want to be home to their families.  They want to complete their leg.  And they don’t want to let anybody down.  In short, they have a goal, and they will do nearly anything to achieve it.  And we are along for the ride.  We had just discussed this in our training.

Well, this particular crew did a great job, and managed the risk well.  We were very late, but after the leak was repaired, water completely drained from the fresh water tank, and the Ebay dried out, we made a safe flight back to Boston.  We used bottled water to wash our hands!

I hope we can all learn to manage our risks and look for creative, flexible solutions as well.  And if we can’t find a great solution, we will do what this crew was prepared to do:  miss Thanksgiving with their families.




Who needs the NSA, we have Heartbleed!

There has been a lot written about the NSA collecting our metadata and generally snooping in our private communications and, no doubt, this is an important issue.  But we don’t need the NSA, we have our own human failings!  Simple oversights and coding errors cause huge issues.  Witness two recent very significant security flaws:

  1. Apple’s very serious flaw in both iOS and Max OS X security related to a single extra “GOTO” statement, almost certainly completely accidental. 
  2. Heartbleed, where a programmer by the name of Robin Seggelmann just plain missed checking for an overrun condition while writing the code for the heartbeat function of TLS that keeps the connection alive.  

There’s an incredibly good cartoon done by Randall Munroe on, which explains Heartbleed better than I could, and in many (many!) fewer words.



If you want a more general and less technical explanation you might like the New York Times article, or for a more technical explanation, you can see Gibson’s explanation (which is where I saw the reference to the cartoon!).

Humans are imperfect, and despite our very best efforts, it’s virtually impossible to write flawless code.  And, as we have recently seen, inadvertantly introduce serious security flaws.  It's unclear to me whether there is any hope of truly secure online commerce with our present internet structure, which was never envisioned or designed with security in mind!  Back to paper?  It's not a completely crazy notion!




Microsoft Updates Privacy Policy after taking heat for Searching Blogger’s Hotmail to Find Windows 8 Leak

On March 28th Microsoft, in a message from it's General Counsel and Executive VP, changed it's privacy policy in a very encouraging way.  Here's the background story from a blog post that I wrote some time ago but forgot to post!

And here’s an example of why you might not want your cloud storage provider to have the keys to your castle.  Microsoft, while looking for the source of a leak of Windows 8 documentation before the release of the operating system, felt it was OK to snoop through and examine the contents of a blogger’s Hotmail (owned by Microsoft) account.  Here's a link to the New York Times article.

Microsoft appears to be within their rights, according to their online services privacy agreement.  They didn’t need a court order, and the data was right their for them to look at.  Remember, they hold the encryption keys to emails and data stored on your Hotmail account, if they are encrypted at all (I can’t seem to find a clear answer on that).

Just food for thought as we consider the implications of having your data out there in the cloud, and the fact that you are implicitly trusting the providers of cloud services to "do the right thing."  Mostly they do.  But not always. 

Never assume your data is private unless you, and only you, hold the keys.

In the recent post Brad Smith makes the following statement:

Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required.

This seems to me to be the appropriate position, and is as good as we are going to get.  I'd like to see Google come out with something similar.

But I still stand by my previous conclusion:

Never assume your data is private unless you, and only you, hold the keys.




iOS Security: Incredibly good!

Apple has recently been dragged through the mud for a very critical and easy to exploit problem that affected iOS devices as well as Macs running OS X.  It has now been patched, and the error has been analyzed (essentially an extra GOTO statement where it did not belong).  There has been question as to whether this was intentional, but I don’t think that’s even remotely likely.  Just a very big mistake.  Now fixed.  But you must upgrade to iOS 7.0.6 and OS X 10.9.2.

What has received much less attention is the white paper that Apple published in February, which is an in-depth explanation of how security works on iOS devices. You can find it here if you’d like to read for yourself, or you can find Steve Gibson’s three-part discussion of the security features.  I’m still working through it! 

Bottom Line:  iOS security is incredibly good.

But the most recent security flaw, discussed above, is an example of how the entire ecosystem must work together to protect the device.  A weak link anywhere in the chain from boot-up, to updates, software downloads, browser architecture, etc., etc., will allow potential exploits.  That’s why Apple controls the whole chain.

With what we know now from the white paper:

  • Security is both hardware and software on the most recent iOS devices.  Only devices with the A7 chip contain Secure Enclave and with it, the truly state-of-the-art security discussed in the white paper.
  • The A7 chip is contained in the iPhone 5s, but not the 5c or any of the iPhone 4 or 4s.  The iPad Air and iPad mini with Retina display have the A7.  Others do not.
  • If you have a device without the A7 chip then the security of the device is probably still pretty good, but you should be using an A7 device (iPhone 5s) if you are security conscious.
  • Android is a very distant competitor in terms of secure platform.
  • Fingerprint reading and recognition is very secure, and we shouldn’t have concerns

There is one very curious choice that Apple made which is just starting to be noticed:  everywhere in the systems they describe they use very strong cryptography which is, as far as anyone knows, not susceptible to any known attack.  Except for the Keychain.  For the Keychain, and only for the Keychain, they use a form of elliptic-curve cryptography that was developed and is championed by, guess who, the NSA!  Yep.  Many security analysts including Bruce Schneier and reporters with inside lines on the politics of the security world (Brian Krebs) assert that there is an NSA back-door in this scheme.  Most everyone else is either avoiding it, or not telling us about it.  And Apple chose to use it only for the master vault that keeps all the other keys on your keychain!!  Hmmm….

One wonders if Apple was “forced” to make this choice for a critical portion of their security infrastructure?   And it’s quite interesting that Apple has released this information.  Maybe they just wanted us to know without being obvious about the telling?  And, to be fair, the entire system is still light-years ahead of Android.  I haven’t figured out all the ramifications of this yet and, although I thought it interesting and worth pointing out, I am not very concerned and plan on using the incredibly convenient and otherwise excellent Keychain feature for many things other than websites and passwords for financial institutions and other very sensitive information, where I will continue to use Last Pass.

Unfortunately, the process of looking at secure cloud storage is taking much longer than anticipated as I'm having troube finding a solution that I really like, but more soon!