

Ask HN: informed opinions of Petraeus Gmail ('tptacek, 'paul, 'cperciva, etc) - niels_olson

As an active duty geek, I would really love a breakdown of the security issues surrounding an active duty person using GMail. Is CAC really any better than 2-factor authentication (eg, I have been told CAC will actually freely hand over all sorts of details about the card-holder to any server that asks)? In a hostile network environment, are there really any extra steps I should be taking besides using a machine <i>I</i> trust, and verifying the certificate chain?
======
tptacek
I don't know much about the low-level details of CAC. (We've somewhat
assiduously avoided working for the government --- not for political reasons).

I would venture a guess that Google 2-factor is comparably as resilient as DoD
smart card auth, except for the fact that it relies on the security of your
mobile device, and nobody in the world knows how far China can take an iOS
exploit at the moment.

The SMS/GSM network is probably totally insecure against foreign adversaries
(it's sound enough right now for routine financial transactions but I wouldn't
want my bank account directly hooked up to it).

If you're going to use GMail, you should use Chrome. Chrome pins GMail's TLS
certificates; Google will not let Chrome pretend that Comodo or GoDaddy or
some Middle Eastern CA nobody's heard of has signed their own certificates.

I trust Chrome's TLS connecting directly to Google's TLS server more than I
trust any third party VPN service. In fact, I don't trust VPN services at all.
VPN software scares the shit out of me.

Make sure your desktop isn't owned up. If you're on a hostile network ---
like, you really know the network is hostile --- one strategy is to install
VMWare and use it to host an image that can run Chrome, and then have that VM
be the only thing on your computer that talks to the network _at all_. Even if
you start with a trustworthy connection to Google, you assume an attacker can
trick Chrome (or Firefox or Safari or whatever you use to get to things
besides GMail) into talking to some other random website, at which point the
entire clientside of your browser is vulnerable to every zero-day
vulnerability anybody knows about. Aurora, for instance, was just Javascript
events.

Disable Java.

Thanks for your service.

