ec2-34-239-158-223.compute-1.amazonaws.com | ToothyWiki | RecentChanges | Login | Webcomic

I find a flaw in your security system. I publish my findings, and make it trivial for anyone to exploit the flaw in any instance of the system.

Compare with: I find a flaw in your security system. I publish my findings, but I can make it no easier for anyone to exploit any instance of the system that isn't the one I broke - they'd have to do all the same work I did to break theirs.

TODO: examples of both.

Here's one, then.  The CSS system (RPC2) on DVDs is a key exchange mechanism.  The host authenticates itself to the drive, establishing a two part key for data exchange.  Using that, it then reads the title key, underwhich the actual film is encrypted.  It is pretty easy, given an bus analyser, to snoop the title key from the bus and then enter that into another application and play DVDs without having authenticated them.  Doing that is a motivated attack - it needs domain knowledge and specialised tools.  But when someone publishes a method for automating breaking the bus key (it's a fairly trivial search due to bugs in the protocol making the space much smaller - or you can just use a key pulled out of any other bit of software) then playing a dvd becomes 'download decss.  run it' - a trivial attack.

A counter example would be me managing to get a copy of your one time pad.  I can now read that one message from you.  And if I do whatever I did to get the copy in the first place again, I can view more messages.  But getting the first message doesn't make it any easier for less committed attackers to get your messages.

An illustration might be:  If I work out how to get around your complicated algorithm (by, for example, putting a pen mark on the edge of the CD) then everyone can do it to every CD.  If, instead, I take an electron microscope and pull out the secret key of your ultra secure chip, then I have bypassed the security on that chip.  But I can't do anything about any other chip without doing it again.  And you'd probably notice that.

Should probably also mention the classes of attacker.  Casual, Motivated, Competitive and 'oh my god the entire spy force of another country' I think, but I don't have my security notes handy.  --Vitenka (A ClassBreak, as I understand it, is when one class of attacker allows a system to be attacked by a lower class.  Usually seen in the wild as "Motivated" passing breaks down to "Casual" attackers (ie. someone with some skills creates a tool that even a ScriptKiddie can use)  The general rule of thumb is that no matter what you do, it can be broken if the other superpower gets motivated to try.)

This is heading fast towards the ScriptKiddie hacker question (yes, clarifiesd the above). Your original instance isnt quite enough, its one thing working out how to break into something and publishing it - it still takes some brain to work out how to perform the operation, it takes another to just click a few buttons to do the same. Can you catagories hackers so casually into class groups? (Yes) Can you catagorise people that easily? (Yes) People can be gifted but not know the syntax. The next question would be, should you find a security flaw, make it public that you can do this, but the procedure is one that only you understand, or you decide not to release it, and I, some wealthy person who wishes to use this flaw, convince you to perform the operations for me? Isnt that an entirely new class of people? or is it just in the Motivated (by money/not having their balls blown off)? J
The classes are just a rule of thumb for "How well do I want to protect my system" - there's a difference between protecting it from the average honest person ("Hey, you know you left your door unlocked, right?") The average criminal ("Cool, unlocked door") The average syndicate ("Your door is locked, but we stole a key") and the average enemy state ("We blew up your house")  The levels of protection you need depend upon who your enbemy is likely to be and what kind of stuff you are guarding.  If your security had a ClassBreak flaw then you are in trouble, because the number of capable attackers just went up exponentially.
And yes, this is very like script automation of attacks.  Typically accepted protocol is to tell the vendor, then release 'there is a flaw' details publically, then release the actual demonstration code - each time waiting for a patch to appear.  There's no class difference though - your syndicate is a syndicate because they can find or bring pressure onto those who can break your system.  The person doing the breakin would be considered part of the syndicates class then.  --Vitenka


ec2-34-239-158-223.compute-1.amazonaws.com | ToothyWiki | RecentChanges | Login | Webcomic
Edit this page | View other revisions | Recently used referrers
Last edited April 8, 2004 9:56 am (viewing revision 10, which is the newest) (diff)