Firewall Wizards mailing list archives
RE: Transitive Trust: 40 million credit cards hack'd
From: "Paul D. Robertson" <paul () compuwar net>
Date: Sat, 18 Jun 2005 21:23:42 -0400 (EDT)
On Sat, 18 Jun 2005, Bill Royds wrote:
The problem is that people have never truly analysed trust in a systematic mathematical way.
Sure they have- and they've analyzed security and security models that way too- there's the issue-- it's never made it to the field outside of the old Orange/Red book systems that nobody ever bought.
http://security.dstc.edu.au/staff/ajosang/papers/algcert.pdf for example) but little of it has filtered into actual practice. Yet we are building whole
Little of anything good has filtered into actual practice except in bite-sized chunks or esoteric systems. For instance, I really like MAC compartments, but to date, the TrustedBSD folk haven't got their MAC stuff up to the level of the jails FBSD already has.
financial edifices on completely flawed understanding of how to use distributed trust. We need to at least develop some systems that do it right so developers have some way of learning how to create viable systems that can have distributed security.
We need to have some sort of system that ensures that folks who call themselves "security practitioners" have at least looked at a representative sample of "things thought through" and "things done well" before they go read the marketing blurb for the latest "deep stateful analytic predictive autonomous modeling prevention cure-o-matic." I'm willing to start work on a "Good stuff 101-301" area on my Web site, if folks want to contribute. I think these links and the stuff Marcus is providing are good enough reading that they should go to the list. I'd argue that most postings of useful publications should be on-list, since there's half-a-chance that someone with a bored moment might learn something valuable- but if folks want to send me links off-list, I'll start on a page-o-links now and try to gather some cohesiveness over time. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Transitive Trust: 40 million credit cards hack'd, (continued)
- Re: Transitive Trust: 40 million credit cards hack'd Vin McLellan (Jun 18)
- Re: Transitive Trust: 40 million credit cards hack'd George Capehart (Jun 18)
- RE: Transitive Trust: 40 million credit cards hack'd Bill Royds (Jun 18)
- RE: Transitive Trust: 40 million credit cards hack'd Marcus J. Ranum (Jun 18)
- RE: Transitive Trust: 40 million credit cards hack'd Brian Loe (Jun 19)
- RE: Transitive Trust: 40 million credit cards hack'd Marcus J. Ranum (Jun 19)
- RE: Transitive Trust: 40 million credit cards hack'd David Lang (Jun 19)
- RE: Transitive Trust: 40 million credit cards hack'd Marcus J. Ranum (Jun 19)
- Re: Transitive Trust: 40 million credit cards hack'd Darren Reed (Jun 20)
- Re: Transitive Trust: 40 million credit cards hack'd Marcus J. Ranum (Jun 20)
- RE: Transitive Trust: 40 million credit cards hack'd Paul D. Robertson (Jun 19)
- Re: Transitive Trust: 40 million credit cards hack'd ArkanoiD (Jun 29)
- Re: Transitive Trust: 40 million credit cards hack'd Paul D. Robertson (Jun 30)
- RE: Transitive Trust: 40 million credit cards hack'd Paul Melson (Jun 21)
- Re: Host based vs network firewall in datacenter sin (Jun 30)
- Re: Host based vs network firewall in datacenter Kevin (Jun 16)