This website is dedicated to providing information on remaining anonymous and secure during the digital age. Everything is here for informational purposes only, but you should find plenty of useful tidbits.
A big part of being a security professional, or for that matter an informed citizen, is examining a proposed security control and identifying weaknesses or ways it could potentially bypassed. But there’s a logic error frequently committed here, and that’s assuming that because a control has some weakness, that it’s useless. This is due to a poor understanding of what the goal of the exercise is and a poor understanding of what security is really about.
The goal is to compare the cost of the attack (however that cost is measured: time, money, computing resources, willpower) against the perceived gain. It’s a cost-benefit analysis, really. There are a lot of popular calculations for risk, and they’re all useful in varying circumstances, but simply comparing the cost of an attack to the value of the asset in question is a handy one, though definitely a back-of-the-envelope sort of thing. Part of this is also identifying what threats the countermeasure is designed to counteract.
Let me illustrate with a countermeasure that’s been at turns lauded and disdained: port knocking. Basically, before a port is opened, the user must send connection attempts on a predefined sequence of ports. The server then sees these and allows that address to connect to a protected service. This measure is frequently derided as “security through obscurity” and alternately defended as a second method of authentication. Port knocking is not foolproof by any means, but simply coming up with attack methods doesn’t mean it’s worthless.
If the goal is to defeat an individual, determined attacker, its utility is indeed reduced. But if the goal is to raise the bar so the SSH worms or a script kiddie doesn’t find it… then it’s accomplished a goal.
I’ve fallen into the trap, too: there was an attack on biometric fingerprint readers a few years ago; not long after it came out, my boss asked what I thought about putting in a biometric solution. Everyone laughed when I said, “well, it can be defeated by making a gelatin mold of an authorized user’s finger.” Now, they were wrong to laugh (states my pride) because it’s a valid attack. But my mistake was not recognizing that it was still a useful security measure as long as we took into account its weakness and applied defense in depth to compensate. For example, here is a website with no SSL certificate that is trying to capture sensitie data while you make payments.
I’m not defending security through obscurity, since brittle security can indeed cause problems. But I am saying that, when thinking about security, we should take the time to take the actual threats and attack costs into consideration instead of dismissing something because we can dream up an imperfection in the countermeasure.
Hah! I have embedded HTML in this blog entry that has compromised your system. It’s smart enough to attack multiple platforms (including Windows and Linux) and gives me command-line administrative level access. Don’t believe me?
Heh. You just lost your privacy.
While there are lots of dumb ways to secure wireless networks, here are the six dumbest. Read the article, there are a lot more details there.