Macrocosmic Technologies

Proper vulnerability analysis is critical to delivering secure software. It is equally important if you find yourself in the middle of a major motion picture too. Consider the following:

• If you only had one single vulnerability, wouldn’t you commit pretty much any and all resources you had available toward ensuring that said vulnerability was impossible to exploit? Sauron let his top soldiers, the Nazgul, run all over Middle Earth, getting involved in what amounted to turf battles. A smarter strategy would have been to completely fortify Mount Doom, and THEN start worrying about taking over the rest of Middle Earth. Having a firewall is not sufficient. You need to record and monitor activities at both the perimeter of a network and close to its most-valuable assets.
• If you have an application that hosts valuable data from an attacker’s perspective, you need to ensure that all inputs are validated and appropriately sanitized. The most comprehensive physical security out there can be rendered irrelevant by failing to perform validation on even one input. You need look no further than “Snatch” and its diamond heist as proof of this. Criminals, posing as buyers, bypass the security by posing as expected input and are not screened completely.
• Sandboxes, whether for virtual servers or VM’s for code, need to be completely isolated from the host operating system. If someone can leave the sandbox and touch the underlying host, it is possible for the host to be compromised. In “The Matrix”, Neo broke out of the sandbox, rooted the host, and then corrupted the processes running in the sandbox.
• If you must have a trusted subsystem that is allowed to perform low-level actions against high-value assets in an unauthenticated manner, then you need to make sure that authentication and authorization to your trusted subsystem is extremely strong. Having an authorized process share its authorization token with a malicious process will allow the malicious process to access the assets. In “Brazil”, Minister Helpmann shares his password with Sam, who then uses it to access the master systems and “delete” all records of the existence of an individual.
• When mapping out the security roles in an application, always consider following the principle of least privilege. If a user doesn’t need access to an action or asset to perform their authorized duties, they shouldn’t be allowed access. If a system is improperly modeled, and a user can access low-level or administrative functionality, it can be used to exploit an application. In Star Trek’s “Best of Both Worlds”, Data issued the “Sleep” command to all members of the collective, forcing them to go to sleep. Clearly, this command should only have been made available to a small set of super-users or administrators.

In response to November 2007’s loss of some seven million individuals’ banking information, Top Gear host Jeremy Clarkson wrote

“Back in November, the Government lost two computer discs containing half the population’s bank details,” he said. “Everyone worked themselves into a right old lather about the mistake but I argued we should all calm down because the details in question are to be found on every cheque we hand out every day to every Tom, Dick and cash and carry.

Jeremy then proceeded to publish his banking details, as well as information about the car he drives and where to find his address. In a thoroughly unsurprising turn of events, he found himself the victim of identity theft, donating £500 through a non-signature debit to the British Diabetic Association.

Now, with the pain of identity theft having been personalized, he has changed his tune.

“Contrary to what I said at the time, we must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy.”

I presented a few days ago at Cleveland’s Information Security Summit. My topic was originally to be about Threat Modeling, using a system-centric approach to analyzing the threats, assets, and vulnerabilities of an application. Because there was another session being presented on threat modeling, I wanted to offer something unique. To that end, I reworked the presentation to include a section about the Security Development Lifecycle and how threat modeling fits within it.

While the slide deck won’t give you all the information from the session, it will provide you with the highlights. The PDF version can be found here.

Remember that prescreening frequent fliers could subject themselves to which would allow them to breeze through airport checkpoints? It turns out the data for some 33,000 travelers may have been exposed after the laptop was misplaced in San Francisco’s airport.

The thing is, the laptop was lost, and subsequently found, in the same locked room in which it had been left. They are now claiming, contrary to initial reports, that the data is secured by two levels of password protection. Now, if those levels are BIOS password and Windows login, yes, it is protected by two levels of protections, both of which are easily circumvented.