trusting the trust budi rahardjo [email protected] inixindo security day seminar the executive...
Post on 18-Dec-2015
215 views
TRANSCRIPT
Trusting the Trust
Budi [email protected]
http://rahard.wordpress.comInixindo Security Day SeminarThe Executive Club, Jakarta, 19
March 2009
Trust vs. Security[no 100% secure system]
march 2009 2BR - trusting the trust
Security vs. …
• Convenience• Performance
• Business Requirement
Failing the trust
• Malicious software; virus, worm, …
• Malicious users; crackers, attackers, …
• Fraud; disgruntled employees, …• Indentity theft; unauthenticated users, …
march 2009 BR - trusting the trust 4
identity theft
[facebook, friendster, … social networksdo you trust your “friends”?]
march 2009 5BR - trusting the trust
“On the internet, nobody knows you’re a dog”
Authentication
• Authentication factors– What you have (card, token)– What you know (password, pin, id)– What you are (biometrics)
• Electronic transaction requirement– 2 factor-authentication
Do you trust your bank?
march 2009 8BR - trusting the trust
[“borrowed” slides on skimmer attached on an ATM machine of a local bank. Sorry, I cannot add the slides here since I don’t know the owner of the slides to ask/acknowledge.]
march 2009 9BR - trusting the trust
Do you trust your e-government?
[election jokes, e-gov, e-proc]
march 2009 10BR - trusting the trust
[Examples of bad 2009 election campaign posters are available
at http://janganbikinmalu2009.com]
march 2009 11BR - trusting the trust
Can you trust your code?
march 2009 12BR - trusting the trust
Open Source is better, IF …
march 2009 13BR - trusting the trust
you play with your code
[read Ken Thompson, "Reflections on Trusting Trust"
ACM, September 1995]
march 2009 14BR - trusting the trust
Reflections on trusting trust
• Self reproducing code• “Learning” program• Create trojaned compilercompile a “bug” versionwhen detecta pattern
QuickTime™ and a decompressor
are needed to see this picture.
QuickTime™ and a decompressor
are needed to see this picture.
QuickTime™ and a decompressor
are needed to see this picture.
meaning … skill is important
[awareness too]
march 2009 16BR - trusting the trust
Reducing Risks
• Anti virus, • 2 factors authentication, • …
march 2009 BR - trusting the trust 17
Reducing Risks
• But … really …
• people, process, & technology
Reducing Risks
• Review periodically by
independent, trusted 3rd party
• How do you trust your partner?
Thank you fortrusting me :)
Budi [email protected]