Wednesday, 31 July 2013

Email (outlook.com, gmail) should be stored on a git repository, with hashes used to detect account hijack

On the topic of being secure (and minimising account compromise) while using hostile networks (see Day 1 - made it to Vegas, start of ASP.NET MVC research  and Trying to keep secure while at BlackHat and DefCon 2013) I started using outlook.com, and was wondering how can I detect if that account is hijacked (for example by somebody who has a root SSL cert and is sitting on the same wireless network that I'm in (currently at Starbucks using the Mirage WIFI))

So what happens if somebody sends an email from this account:



How could I detect it?

Well, one interesting idea would be if all email activity was stored in a git repository (which I could sync from another location, be exposed to the latests hashes and have a browser extension keep an eye on them for me)

That way, with all data tracked by git, I would have:
  • complete history of all account activity
  • integrity of data, since If was able to track and provide my latest commit hash (i..e for example one created after I sent my last email), then, next time another activity was committed (by somebody else) to the email git repo, I would get an Git commit error (for example if another email was sent or moved/edited/deleted)
  • backup of all emails
Of course that there are tons of logictical and UI issues to sort out, but having the ability to track email activity and integrity like this would be a massive improvement on what we have today.

Note that I'm not after confidentially, I 'just' want integrity. I.e. I want to make sure that the email activity that happens on this email was actually done by me :)

In a way we are already doing something similar at TeamMentor, where not only are all articles tracked using a Git repository, ALL user data and activities are also tracked using git (i.e. when a user sees a TeamMentor page or changes its password, there is a git commit that occurs when the user object is persisted into disk)

On a related note, do the Databases you use/maintain, have similar capabilities? For example, If data was maliciously changed on an SQL server would you be able to detect it? Now I know that in principle that could be done from a FULL transaction log (if they exist) but what if the transaction log was changed? (is that easy/hard to do?)
Post a Comment