Re: [Full-disclosure] Re: choice-point screw-up and secure hashes
Valdis.Kletnieks_at_vt.edu
Date: 03/20/05
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-disclosure] Re: choice-point screw-up and secure hashes"
- Maybe in reply to: Jason Coombs: "[Full-disclosure] Re: choice-point screw-up and secure hashes"
- Next in thread: Atom Smasher: "Re: [Full-disclosure] Re: choice-point screw-up and secure hashes"
- Reply: Atom Smasher: "Re: [Full-disclosure] Re: choice-point screw-up and secure hashes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Atom Smasher <atom@smasher.org> Date: Sat, 19 Mar 2005 19:05:51 -0500
On Sat, 19 Mar 2005 18:18:46 EST, Atom Smasher said:
> some companies have a legitimate need to ask that question. they should be
> subject to more stringent checks than our recent bad guys. FTMP, however,
> that question is of very little use... if you want to know the SSN of
> "john smith", born 1976-07-04 you're likely to come up with several
> matches.
Exactly. That's why the SSN ends up being the key for the database rather
than name/DOB.
> the solution i've described is not meant to protect servers. it's meant to
> protect data that people subscribe to. the fact that people subscribed to
> the data indicates that the servers are well protected, or at least a
> harder target than opening an account.
Note that in general, the people who are subscribed to the data are not the
people who's data is being subscribed to. It's *my* data on store at <insert
data warehouse>, but it's the bank or utility or car dealership that's paying
for access to the data, and it's yet some *other* place that was the *source*
of the data.
> the real issue, again, is that we are talking about a SYSTEM. each
> component of that system has different threat models and needs to be
> protected in different ways. what protects the data may not help the
> servers... that protects the servers might not protect dead hard drives...
> what protects dead hard drives might not protect the network... for a
> group of security professionals i'm disappointed that so many people are
> looking for a single "magic bullet" that will just "secure" every part of
> a complicated system. it doesn't work like that in the real world.
Notice that your "hash the SSN" defense would have done exactly *ZIP*
to defend against the ChoicePoint debacle that started this thread, and
doesn't really provide very heavy protection against a compromise of the
database itself. We're not looking for a magic bullet that would secure
it all - but it would be nice if proposals to secure a part of it did in
fact add significant security to that part....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- application/pgp-signature attachment: stored
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-disclosure] Re: choice-point screw-up and secure hashes"
- Maybe in reply to: Jason Coombs: "[Full-disclosure] Re: choice-point screw-up and secure hashes"
- Next in thread: Atom Smasher: "Re: [Full-disclosure] Re: choice-point screw-up and secure hashes"
- Reply: Atom Smasher: "Re: [Full-disclosure] Re: choice-point screw-up and secure hashes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
