Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??
I recently ran across an interesting article on how Passport security works, and what some of the flaws with it are, including a construction of an exploit (now fixed). As noted, while there is now a road-block for that specific exploit, the underlying problems are still there, and a motivated observer could readily construct another.

I am not bringing up this article because I think that Microsoft has done an unduly horrible job in constructing their Passport service. I am bringing it up because I think they haven't. Oh don't get me wrong. I am not saying that Microsoft did a good job of getting it right because they didn't. I am saying that I wouldn't expect to see someone else doing a better job.

What is their real mistake? That they have a consistent pattern of small oversights, which make it easy for a determined exploiter to find their way forward. They have cross-site scripting holes. Congratulations, most people do. They have attempted to filter out known dangerous constructs rather than forcing known valid input. Congratulations, even though that is ass-backwards if you want security, that is the common immediate response. They have focussed on features over security. They and (much chest beating notwithstanding) everyone else.

As has come up in past discussions, this site does little better. (Visit tye's home page.) It would be a sucker bet to predict that many of the people here have worked with corporate code-bases that do substantially worse things. In fact many still do. And if you haven't had the displeasure, your turn will probably come.

So re-read it. Not with an eye towards, "Microsoft sucks!" but with an eye towards, "Would I know to do better?" Because as the oft-regurgitated but seldom understood mantra goes, security is a process. It is a process that we get wrong, over and over again. People have fundamental misunderstandings that are guaranteed to lead to problems. And that means that the process which is security needs some debugging.

And so I finish by reminding people of the fundamental point that you should avoid parsing (re-read again, seeing how that theme applies) and with an inspirational story from the Space Shuttle about what debugging a process can look like. (Before everyone jumps up and down and says that that cannot be done, stop. It can be done. It may not be worth going to that extreme all of the time, but IMNSHO people can and should habitually do more that way than they do now.)

In reply to Passport Security by tilly

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others learning in the Monastery: (8)
As of 2024-04-20 00:21 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found