In security, you need to stop the root mistake

November 29, 2009

Here is something that I have become more and more convinced of: if you want to actually solve a security problem, you need to stop the root mistake.

Many security problems have various surface issues that you can target, and then they have one (or more) root mistakes. It is tempting and easy to target surface issues, but if you do so you are not really solving the problem; you are simply causing the attackers to find another way to create the circumstances where the root mistake will be committed again.

As an example, let us consider phishing. In phishing, the root mistake is entering your username and password into the wrong site. However, there is a long history of anti-phishing precautions that try to get people not to go to the wrong site (persuasion, blocking access to bad sites, blocking ways of directly linking to sites, etc etc). Since these solutions are only targeting the surface issue, they have predictably failed any time attackers can figure out a new way to slide past the precautions.

So, to really fix the security problem you need to target the root mistake, and ideally make it not just more difficult but outright impossible to make that root mistake.

(If you merely make the root mistake more difficult, it just lowers the frequency of the security problem. And even that's not a sure thing.)

Written on 29 November 2009.
« 'Conditional restart' in init.d scripts can be dangerous
Poking around the OpenSolaris codebase (for sysadmins) »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Nov 29 00:55:43 2009
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.