Upload File

trusting the trust budi rahardjo [email protected] inixindo security day seminar the executive...

21
Trusting the Trust Budi Rahardjo [email protected] http://rahard.wordpress.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Post on 18-Dec-2015

215 views

Category:

Documents


1 download

Report

Tags:

TRANSCRIPT

Page 1: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Trusting the Trust

Budi [email protected]

http://rahard.wordpress.comInixindo Security Day SeminarThe Executive Club, Jakarta, 19

March 2009

Page 2: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Trust vs. Security[no 100% secure system]

march 2009 2BR - trusting the trust

Page 3: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Security vs. …

• Convenience• Performance

• Business Requirement

Page 4: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Failing the trust

• Malicious software; virus, worm, …

• Malicious users; crackers, attackers, …

• Fraud; disgruntled employees, …• Indentity theft; unauthenticated users, …

march 2009 BR - trusting the trust 4

Page 5: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

identity theft

[facebook, friendster, … social networksdo you trust your “friends”?]

march 2009 5BR - trusting the trust

Page 6: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

“On the internet, nobody knows you’re a dog”

Page 7: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Authentication

• Authentication factors– What you have (card, token)– What you know (password, pin, id)– What you are (biometrics)

• Electronic transaction requirement– 2 factor-authentication

Page 8: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Do you trust your bank?

march 2009 8BR - trusting the trust

Page 9: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

[“borrowed” slides on skimmer attached on an ATM machine of a local bank. Sorry, I cannot add the slides here since I don’t know the owner of the slides to ask/acknowledge.]

march 2009 9BR - trusting the trust

Page 10: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Do you trust your e-government?

[election jokes, e-gov, e-proc]

march 2009 10BR - trusting the trust

Page 11: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

[Examples of bad 2009 election campaign posters are available

at http://janganbikinmalu2009.com]

march 2009 11BR - trusting the trust

Page 12: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Can you trust your code?

march 2009 12BR - trusting the trust

Page 13: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Open Source is better, IF …

march 2009 13BR - trusting the trust

Page 14: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

you play with your code

[read Ken Thompson, "Reflections on Trusting Trust"

ACM, September 1995]

march 2009 14BR - trusting the trust

Page 15: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Reflections on trusting trust

• Self reproducing code• “Learning” program• Create trojaned compilercompile a “bug” versionwhen detecta pattern

QuickTime™ and a decompressor

are needed to see this picture.

QuickTime™ and a decompressor

are needed to see this picture.

QuickTime™ and a decompressor

are needed to see this picture.

Page 16: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

meaning … skill is important

[awareness too]

march 2009 16BR - trusting the trust

Page 17: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Reducing Risks

• Anti virus, • 2 factors authentication, • …

march 2009 BR - trusting the trust 17

Page 18: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Reducing Risks

• But … really …

• people, process, & technology

Page 19: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Reducing Risks

• Review periodically by

independent, trusted 3rd party

• How do you trust your partner?

Page 20: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Thank you fortrusting me :)

Budi [email protected]

Page 21: Trusting the Trust Budi Rahardjo budi@indocisc.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

Seminar Budi

Raspberry Pi Workshop inixindo

software security introcybersecurity.cbn.net.id/files/seminar/Budi Rahardjo - Software Security.pdfMengapa Software Penting? • Berbagai perangkat / layanan bergantung pada software

Healthy Ageing Policy and Program in Indonesia · Healthy Ageing Policy and Program in Indonesia Tri Budi W. Rahardjo, Maliki, Erna Mulan, Tri Suratmi, Susiana Nugraha and Dinni Agustin

Humidity and Moisture Sensors Panca Mudji Rahardjo, ST.MT. Electrical Engineering - UB

komputer grafik budi

Budi Proposal

Islam Progresif dalam Gerakan Sosial Dawam Rahardjo (1942

BUDI-2S FIST › assets › budi-2s-fist_data_sheet2.pdfBUDI-2S FIST Building distribution enclosure What is BUDI? BUDI is a product range of compact wall mountable fiber enclosures

Intan Muchtadi, Budi Rahardjo Marisa Paryasto, Tomy ... · Intan Muchtadi, Budi Rahardjo Marisa Paryasto, Tomy Ardiansyah, Sa’aadah Sajjana Carita Faculty of Maths and Natural Sciences

TENAGA PEMASAR PT PANIN DAI-ICHILIFE As of 14 January … file30 adi rahardjo gunawan,b.th,spd. 69 agung setiawan cahaya putra 31 adi sih kris winarto 70 agung setyo budi kurniawan

Budi Indra Setiawan - achamad.staff.ipb.ac.idachamad.staff.ipb.ac.id/wp-content/plugins/as-pdf/Budi Indra...Budi Indra Setiawan | Administrative Copyright Budi Setiawan [email protected]

BUDI-2S - Samm Teknoloji Iletisim San ve Tic. A.S. · BUDI-2S Building distribution enclosure What is BUDI? BUDI is a product range of compact wall mountable fiber enclosures for

I crypt, You crypt Budi Rahardjo Institut Teknologi Bandung [email protected]@paume.itb.ac.id – ://budi.insan.co.id Invited

New Pricelist Inixindo

BUDI-2S - tedaka.co.za · BUDI-2S Building distribution enclosure What is BUDI? BUDI is a product range of compact wall mountable fiber enclosures for indoor and outdoor use. The

Analisisww Film Budi

SOFT SOILS Preloading & VD (Paulus Rahardjo - Sesi 6)

Budi odgovoran

Arlinah imam rahardjo Introduction to Human Information Behavior 4 December 2001

The Road Ahead Budi Rahardjo Teknik Elektro ITB Bandung 2001-2002 Presented – 18 August 2001 before the new ITB EE students 16 March 2002 – Kapita Selekta

Capital Budgeting Budi

BUDI Splice with FIST Product Sheet - 6X International...BUDI Splice with FIST Building Distribution Enclosure for Splice Applications Dimensions A B D C Size BUDI-2SBUDI-S BUDI-MBUDI-1S

Workshop Membaca Foto Konvensioinal MSK_REVIEW_Paulus Rahardjo

BUDI-1S - samm.com › userfiles › product_files_shared › BUDI-1S_DataSheet.pdfWhat is BUDI? BUDI is a product range of compact wall mountable fiber enclosures for indoor and outdoor

TRAINING PATH - Inixindo

Hukum Progresif dari Satjipto Rahardjo: Riwayat, Urgensi

Speak Up Your Mind and Share: Blogging with Budi Rahardjo

Consumer Staples: Stock Recommendations Robert Blake Jason Ebbing Rica Rahardjo

Novelties On The Internet Technology and Services Budi Rahardjo Institut Teknologi Bandung

personal.its.ac.idpersonal.its.ac.id/files/pub/4775-isyearieshantiskom-JURNAL ILMU... · Marisa Paryasto, Budi Rahardjo, Intan Muchtadi-Alamsyah, Kuspriyanto Simple and Universal

A Bridge Between Engineering and Mathematics Budi Rahardjo Sekolah Teknik Elektro dan Informatika [email protected] 2007

Yustina Henny Tali (26407075) Advisers: Arlinah Imam Rahardjo , SIP., M. Lis

Curriculum Vitae - inixindo.co.idinixindo.co.id/download/CV-Andrian.pdfPT Inixindo Widya Iswara Nusantara Inixindo is the market leader of professional IT training in Indonesia with

Program Tautan Budi