Podcast: Crypto-Gram 15 September 2007: Catastrophic points of failure
from the Sep 15, 2007 Crypto-Gram Newsletter
by Bruce Schneier
* Basketball Referees and Single Points of Failure
Of all major sports, basketball is the most vulnerable to manipulation. There are only five players on the court per team, fewer than in other professional team sports; thus, a single player can have a much greater effect on a basketball game than he can in the other sports.
It's not just that basketball referees are single points of failure, it's that they're both trusted insiders and single points of catastrophic failure.
The best way to catch corrupt trusted insiders is through audit. The particular components of a system that have the greatest influence on the performance of that system need to be monitored and audited, even if the probability of compromise is low.
Most companies focus the bulk of their IT-security monitoring on external threats, but they should be paying more attention to internal threats.
All systems have trusted insiders. All systems have catastrophic points of failure. The key is recognizing them, and building monitoring and audit systems to secure them.
* Home Users: A Public Health Problem?
The only possible way to solve this problem is to force the ISPs to become IT departments. There's no reason why they can't provide home users with the same level of support my IT department provides me with. There's no reason why they can't provide "clean pipe" service to the home. Yes, it will cost home users more. Yes, it will require changes in the law to make this mandatory. But what's the alternative?
* Stupidest Terrorist Overreaction?
We screwed up, and we want someone to pay for our mistake.
* Getting Free Food at a Fast-Food Drive-In
Fast Foood synchronization attack. By exploiting the limited information flow between the two windows, you can insert yourself into the pay-receive queue.
Fast-food restaurant with two drive-through windows: one where you order and pay, and the other where you receive your food. Wait until there is someone behind you and someone in front of you. Don't order anything at the first window. Tell the clerk that you forgot your money and didn't order anything. Then drive to the second window, and take the food that the person behind you ordered.
length: 23:15
PS: this is my cheat sheet of Bruce Schneier's Podcast:
http://www.schneier.com/crypto-gram-0709.html
by Bruce Schneier
* Basketball Referees and Single Points of Failure
Of all major sports, basketball is the most vulnerable to manipulation. There are only five players on the court per team, fewer than in other professional team sports; thus, a single player can have a much greater effect on a basketball game than he can in the other sports.
It's not just that basketball referees are single points of failure, it's that they're both trusted insiders and single points of catastrophic failure.
The best way to catch corrupt trusted insiders is through audit. The particular components of a system that have the greatest influence on the performance of that system need to be monitored and audited, even if the probability of compromise is low.
Most companies focus the bulk of their IT-security monitoring on external threats, but they should be paying more attention to internal threats.
All systems have trusted insiders. All systems have catastrophic points of failure. The key is recognizing them, and building monitoring and audit systems to secure them.
* Home Users: A Public Health Problem?
The only possible way to solve this problem is to force the ISPs to become IT departments. There's no reason why they can't provide home users with the same level of support my IT department provides me with. There's no reason why they can't provide "clean pipe" service to the home. Yes, it will cost home users more. Yes, it will require changes in the law to make this mandatory. But what's the alternative?
* Stupidest Terrorist Overreaction?
We screwed up, and we want someone to pay for our mistake.
* Getting Free Food at a Fast-Food Drive-In
Fast Foood synchronization attack. By exploiting the limited information flow between the two windows, you can insert yourself into the pay-receive queue.
Fast-food restaurant with two drive-through windows: one where you order and pay, and the other where you receive your food. Wait until there is someone behind you and someone in front of you. Don't order anything at the first window. Tell the clerk that you forgot your money and didn't order anything. Then drive to the second window, and take the food that the person behind you ordered.
length: 23:15
PS: this is my cheat sheet of Bruce Schneier's Podcast:
http://www.schneier.com/crypto-gram-0709.html
posted by omarg at
6:00 PM
0 Comments:
Post a Comment
<< Home