Trusting the Trust

1
Trusting the Trust

• Budi Rahardjobudi_at_indocisc.com
  http//rahard.wordpress.comInixindo Security
  Day SeminarThe Executive Club, Jakarta, 19 March
  2009

2
Trust vs. Securityno 100 secure system
3
Security vs.

• Convenience
• Performance
• Business Requirement

4
Failing the trust

• Malicious software virus, worm,
• Malicious users crackers, attackers,
• Fraud disgruntled employees,
• Indentity theft unauthenticated users,

5
identity theft facebook, friendster, social
networksdo you trust your friends?
march 2009
5
BR - trusting the trust
6
On the internet, nobody knows youre a dog
7
Authentication

• Authentication factors
• What you have (card, token)
• What you know (password, pin, id)
• What you are (biometrics)
• Electronic transaction requirement
• 2 factor-authentication

8
Do you trust your bank?
9
borrowed slides on skimmer attached on an ATM
machine of a local bank. Sorry, I cannot add the
slides here since I dont know the owner of the
slides to ask/acknowledge.
march 2009
9
BR - trusting the trust
10
Do you trust your e-government?election jokes,
e-gov, e-proc
march 2009
10
BR - trusting the trust
11
Examples of bad 2009 election campaign posters
are available at http//janganbikinmalu2009.com
march 2009
11
BR - trusting the trust
12
Can you trust your code?
march 2009
12
BR - trusting the trust
13
Open Source is better, IF
14
you play with your coderead Ken Thompson,
"Reflections on Trusting Trust" ACM, September
1995
15
Reflections on trusting trust

• Self reproducing code
• Learning program
• Create trojaned compilercompile a bug
  versionwhen detecta pattern

16
meaning skill is important awareness too
17
Reducing Risks

• Anti virus,
• 2 factors authentication,

18
Reducing Risks

• But really
• people, process, technology

19
Reducing Risks

• Review periodically by independent, trusted 3rd
  party
• How do you trust your partner?

20
Thank you fortrusting me )

• Budi Rahardjobudi_at_indocisc.com

21
(No Transcript)