Re: Transitive Trust: 40 million credit cards hack'd

[George Capehart <capegeo () opengroup org>]

Marcus J. Ranum wrote:
> 40M credit cards hacked
> Breach at third party payment processor affects 22 million Visa cards and 14 million MasterCards.
> http://money.cnn.com/2005/06/17/news/master_card/index.htm?cnn=yes
>
> This sounds like (yet another) classical example of "transitive trust gone wrong."
> Visa/MasterCard trusted a 3rd party to hold their data and - oops - the trust
> was misplaced.
>
> I figure Paul and I and the other "security graybeards" can let this kind of
> thing keep happening for a few months more and then we can start turning
> on the big, blinking neon lights that say "We Told You So."     Transitive
> trust is a *HARD* problem in security. Always has been, always will be.
> But today's businesses convinced themselves that they could basically
> ignore it - mostly because the obvious stuff like patching and vulnerability
> management was more obvious and accessible.
>
> The shift away from mainframe computing to departmental and distributed
> in the 80's resulted in a massive dissemination of data. Instead of data
> being held in one place in the enterprise, it's available for anyone with a
> password who can open an SQL session and make a local table to
> play with in Excel/Access. So private and sensitive data was scattered
> to - essentially everyone with a password. Now that the horse has left
> the barn, and trotted a few miles down the road, a great deal of attention
> is being paid to the latch on the barn door. To make matters worse, the
> "permissive 90's" and the "outsourcing of 2001" dramatically expanded
> both the vulnerability footprint of most enterprises at the same time as
> their trust boundaries balooned toward the effectively infinite.

> Here's a position to ponder: it's probably too late to secure enterprise
> data, in all practical senses of the term "secure."  What's "Plan B"?
> Is there a "Plan B"?
>
> "We told you so."

Heh.  Just wait until Web services get widely deployed . . .  No one is
even thinking multiple trust boundaries yet . . . much less how to make
systems operate across them.  All the lessons we learned from the DCE,
CORBA, Kerberos, SESAME, et al. (about what happens when one crosses
trust boundaries (/*within* the organization*/) are about to be learned
all over again, but with a much larger population . . . It's going to be
a mess . . . And there will be no Plan B because no one has a clue what
they're getting into . . .  I gave a talk at OWASP last year that
touched on this and, out of an audience of a couple of hundred people,
only a handful showed that they'd understood the magnitude of the problem.

Cheers,

/g

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards