Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: a war on all fronts is a war on none

From: H D Moore <hdm-daily-dave () digitaloffense net>
Date: Thu, 1 Jul 2004 16:00:21 -0500
I remember reading that exact statement in Howard's latest book[1], which 
besides being a product of Microsoft Press, is actually a decent read. 
The value in the book is not so much the techniques it shows, but the 
commentary behind why those techniques are important and the subtle hints 
as to what applications were hosed because of it. The section on token 
management was especially insightful when taking a harder look at some of 
the network services in Windows 2000. Even if you despise everything 
coming from that company, the view from the other side is always 
interesting :)


1. http://www.microsoft.com/MSPress/books/5957.asp

On Thursday 01 July 2004 15:52, dave wrote:

The following is a really good point, and one the Windows 2003 team
fubared up.
-dave


http://blogs.msdn.com/michael_howard/archive/2004/06/27/167367.aspx

Perhaps this one will be a little less controversial than my previous
post!

When I review threat models, I often target it on the mitigations,
making sure they are good, solid and well thought out. One mitigation
type that worries me is when a team mitigates a threat by asking the
user/admin to make a trust decision. As a rule of thumb, this is not
the best mitigation. Sometimes you must ask the user, I understand
that, but fewer trust dialog boxes is often safer.

Case in point is IE in XPSP2 - have you noticed a number of dialog
asking users to make security decisions have “gone away”? Rather the
browser simply enforces a default security policy and tells you what it
just did (in a bar above the HTML content.) For example blocking
ActiveX controls, or blocking pop-ups and so on. If you want to change
the policy then go ahead, but the default is not to prompt the user.

Net net: We've found that constantly asking users to make trust
decisions is generally not a good thing. Invariably, people will see
the dialog, and to them it'll read, “Do you want to get your job done”
and they'll hit 'yes' with little or no regard for the consequences.

So now, we just enforce a default security policy.

Simple, really.



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: