book

Beautiful Security

by Andy Oram, John Viega

April 2009

Intermediate to advanced

302 pages

11h 18m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Beautiful Security
SPECIAL OFFER: Upgrade this ebook with O’Reilly
Preface
Why Security Is Beautiful
Audience for This Book
Donation
Organization of the Material
Conventions Used in This Book
Using Code Examples
Safari® Books Online
How to Contact Us

1. Psychological Security Traps
Learned Helplessness and NaïvetéA Real-Life Example: How Microsoft Enabled L0phtCrackPassword and Authentication Security Could Have Been Better from the StartNaïveté As the Client Counterpart to Learned Helplessness
Confirmation Traps
An Introduction to the ConceptThe Analyst Confirmation TrapStale Threat ModelingRationalizing Away Capabilities
Functional Fixation
Vulnerability in Place of SecuritySunk Costs Versus Future Profits: An ISP ExampleSunk Costs Versus Future Profits: An Energy Example
Summary
2. Wireless Networking: Fertile Ground for Social Engineering
Easy MoneySetting Up the AttackA Cornucopia of Personal DataA Fundamental Flaw in Web Security: Not Trusting the Trust SystemEstablishing Wireless TrustAdapting a Proven Solution
Wireless Gone Wild
Wireless As a Side ChannelWhat About the Wireless Access Point Itself?
Still, Wireless Is the Future
3. Beautiful Security Metrics
Security Metrics by Analogy: HealthUnreasonable ExpectationsData TransparencyReasonable Metrics
Security Metrics by Example
Barings Bank: Insider BreachThe playersHow it happenedWhat went wrongBarings: “What if...”Barings: Some security metricsTJX: Outsider BreachThe playersHow it happenedWhat went wrongTJX: “What if...”TJX: Some security metricsGlobal metricsLocal metricsMore Public Data Sources
Summary
4. The Underground Economy of Security Breaches
The Makeup and Infrastructure of the Cyber UndergroundThe Underground Communication InfrastructureThe Attack Infrastructure
The Payoff
The Data ExchangeInformation SourcesAttack VectorsExploiting website vulnerabilitiesMalwarePhishing, facilitated by social-engineering spamThe Money-Laundering Game
How Can We Combat This Growing Underground Economy?
Devalue DataSeparate Permission from InformationInstitute an Incentive/Reward StructureEstablish a Social Metric and Reputation System for Data Responsibility
Summary
5. Beautiful Trade: Rethinking E-Commerce Security
Deconstructing CommerceAnalyzing the Security Context
Weak Amelioration Attempts
3-D Secure3-D Secure transactionsEvaluation of 3-D SecureSecure Electronic TransactionSET transactionsEvaluation of SETSingle-Use and Multiple-Use Virtual CardsHow virtual cards workBroken IncentivesConsumerMerchant and service providerAcquiring and issuing banksCard associationHe who controls the spice
E-Commerce Redone: A New Security Model
Requirement 1: The Consumer Must Be AuthenticatedRequirement 2: The Merchant Must Be AuthenticatedRequirement 3: The Transaction Must Be AuthorizedRequirement 4: Authentication Data Should Not Be Shared Outside of Authenticator and AuthenticatedRequirement 5: The Process Must Not Rely Solely on Shared SecretsRequirement 6: Authentication Should Be Portable (Not Tied to Hardware or Protocols)Requirement 7: The Confidentiality and Integrity of Data and Transactions Must Be Maintained
The New Model
6. Securing Online Advertising: Rustlers and Sheriffs in the New Wild West
Attacks on UsersExploit-Laden Banner AdsMalvertisementsDeceptive Advertisements
Advertisers As Victims
False ImpressionsEscaping Fraud-Prone CPM AdvertisingGaming CPC advertisingInflating CPA costsWhy Don’t Advertisers Fight Harder?Lessons from Other Procurement Contexts: The Special Challenges of Online Procurement
Creating Accountability in Online Advertising
7. The Evolution of PGP’s Web of Trust
PGP and OpenPGP
Trust, Validity, and Authority
Direct TrustHierarchical TrustCumulative TrustThe Basic PGP Web of TrustRough Edges in the Original Web of TrustSupervalidityThe social implications of signing keys
PGP and Crypto History
Early PGPPatent and Export ProblemsThe Crypto WarsFrom PGP 3 to OpenPGP
Enhancements to the Original Web of Trust Model
RevocationThe basic model for revocationKey revocation and expirationDesignated revokersFreshnessReasons for revocationScaling IssuesExtended introducersAuthoritative keysSignature Bloat and HarassmentExportable signaturesKey-editing policiesIn-Certificate PreferencesThe PGP Global DirectoryVariable Trust Ratings
Interesting Areas for Further Research
SupervaliditySocial Networks and Traffic Analysis
References
8. Open Source Honeyclient: Proactive Detection of Client-Side Exploits
Enter Honeyclients
Introducing the World’s First Open Source Honeyclient
Second-Generation Honeyclients
Honeyclient Operational Results
Transparent Activity from Windows XPStoring and Correlating Honeyclient Data
Analysis of Exploits
Limitations of the Current Honeyclient Implementation
Related Work
The Future of Honeyclients
9. Tomorrow’s Security Cogs and Levers
Cloud Computing and Web Services: The Single Machine Is HereBuilders Versus BreakersClouds and Web Services to the RescueA New Dawn
Connecting People, Process, and Technology: The Potential for Business Process Management
Diffuse Security in a Diffuse WorldBPM As a Guide to Multisite Security
Social Networking: When People Start Communicating, Big Things Change
The State of the Art and the Potential in Social NetworkingSocial Networking for the Security IndustrySecurity in Numbers
Information Security Economics: Supercrunching and the New Rules of the Grid
Platforms of the Long-Tail Variety: Why the Future Will Be Different for Us All
Democratization of Tools for ProductionDemocratization of Channels for DistributionConnection of Supply and Demand
Conclusion
Acknowledgments
10. Security by Design
Metrics with No Meaning
Time to Market or Time to Quality?
How a Disciplined System Development Lifecycle Can Help
Conclusion: Beautiful Security Is an Attribute of Beautiful Systems
11. Forcing Firms to Focus: Is Secure Software in Your Future?
Implicit Requirements Can Still Be Powerful
How One Firm Came to Demand Secure Software
How I Put a Security Plan in PlaceChoosing a focus and winning over managementSetting up formal quality processes for securityDeveloper trainingWhen the security process really took holdFixing the ProblemsExtending Our Security Initiative to Outsourcing
Enforcing Security in Off-the-Shelf Software
Analysis: How to Make the World’s Software More Secure
The Best Software Developers Create Code with VulnerabilitiesMicrosoft Leading the WaySoftware Vendors Give Us What We Want but Not What We Need
12. Oh No, Here Come the Infosecurity Lawyers!
Culture
Balance
The Digital Signature GuidelinesThe California Data Privacy LawSecurity’s Return on Investment
Communication
How Geeks Need LawyersSuccess Driven from the Top, Carried Out Through CollaborationA Data Breach Tiger Team
Doing the Right Thing
13. Beautiful Log Handling
Logs in Security Laws and Standards
Focus on Logs
When Logs Are Invaluable
Challenges with Logs
Case Study: Behind a Trashed Server
Architecture and Context for the IncidentThe Observed EventThe Investigation StartsBringing Data Back from the DeadSummary
Future Logging
A Proliferation of SourcesLog Analysis and Management Tools of the Future
Conclusions
14. Incident Detection: Finding the Other 68%
A Common Starting Point
Improving Detection with Context
Improving Coverage with Traffic AnalysisCorrelating with Watch Lists
Improving Perspective with Host Logging
Building a Resilient Detection Model
Summary
15. Doing Real Work Without Real Data
How Data Translucency Works
A Real-Life Example
Personal Data Stored As a Convenience
Trade-offs
Going Deeper
References
16. Casting Spells: PC Security Theater
Growing Attacks, Defenses in RetreatOn the Conveyor Belt of the InternetRewards for MisbehaviorA Mob Response
The Illusion Revealed
Strict Scrutiny: Traditional and Updated Anti-Virus ScanningThe evolution of the blacklist methodThe whitelist alternativeHost-based Intrusion Prevention SystemsApplying artificial intelligenceSandboxing and Virtualization: The New Silver BulletsVirtual machines, host and guestSecurity-specific virtualizationSecurity of saved files in Returnil
Better Practices for Desktop Security
Conclusion
A. Contributors
Index
About the Authors
Colophon
SPECIAL OFFER: Upgrade this ebook with O’Reilly

Content preview from Beautiful Security

Chapter 7. The Evolution of PGP’s Web of Trust

Phil Zimmermann

Jon Callas

When Pretty Good Privacy (PGP) first arrived in 1991, it was the first time ordinary people could use strong encryption that was previously available only to major governments.

PGP led to new opportunities for human rights organizations and other users concerned with privacy around the world, along with some oft-misunderstood legal issues that we’ll touch on later.

One of the most influential aspects of PGP is its solution to the problem of connecting people who have never met and therefore never had a chance to exchange secure keys. This solution quickly earned the moniker “Web of Trust,” which describes the way the system operates about as accurately as any phrase.

The trust mechanism in PGP has evolved a lot since the early releases. It’s worth examining the reasons for the trust model and the way PGP has evolved to provide more robustness.

The Web of Trust also offers an interesting historical angle because it was an early peer-to-peer design, and arguably one of the first social networks.

Much has been written about PGP and practical public key cryptography, but to our dismay, we’ve found that much of what is written contains substantial inaccuracies. It is our goal in this chapter to describe the PGP trust model, as well as its implementation, standardization, and use. We also will put it in its historic and political context.

PGP and OpenPGP

PGP is software; OpenPGP is a standard and a protocol. PGP is also ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780596801786Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Beautiful Security

by Andy Oram, John Viega