Flutterby™! : detaint(<world>)

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

detaint(<world>)

2008-06-19 19:55:19.996466+00 by meuon 5 comments

I'm going through what is essentially a payment system and it's various interfaces, web, e-mail, text, SMS/text... getting ready for a production install that will get hammered by the general population as well as those with "intent and intelligence". I'm realizing that about 50% of the code in the entire system is dedicated to detainting and logging inputs from humans as well as "trusted systems" it interfaces to. Including writing out logs of any "deleted" data.

I want a detaint(<world>) function. Not just for code and systems... but for the world. There would be a lot less people, I wonder which regex(s) I would get nailed by. Which is part of what I am running into. In truly paranoid mode, not much works nicely. You have to back it down a few notches and trust some people.. just a little. Then we'll have to slap a few hands.. and we'll learn some new things.

[ related topics: Spam Invention and Design Theater & Plays Writing Work, productivity and environment Mathematics Sports ]

comments in ascending chronological order (reverse):

#Comment Re: made: 2008-06-19 20:24:32.586406+00 by: ebradway

My advisor gets huffy whenever she has to deal with security issues. She's had her web server hacked a few times. But she persists in refusing to let me install Linux. I did manage to get her to switch from XP Home to XP Pro.

The real reason she gets so upset is that she is genuinely disappointed that there are people out there who interfere with her work for rather childish reasons (p0wning a server).

It sure would be nice if we could have a world where everyone was so caught up in their own interests that they didn't have the time or desire to screw up someone else's! It would be nice if you could architect a system that only allowed "productive" work. Unfortunately, in the process of defining "productive", you'd have to start disabling things that some people rely on. The people defining "productive" aren't the people who have to use it!

In the end, you have to have a system that is open to tainting because one person's taint is another persons productive effort.

#Comment Re: made: 2008-06-19 22:36:16.19347+00 by: Dan Lyke

Remember how our notions of security hardened as COL evolved? Those halcyon days of the early net when security was calling up an admin at UTC and saying "hey, would you go look over the shoulder of the folks in your lab and scare the guy who's probing us?" to that time when Caladan got hacked and we got (for the time) totally paranoid?

Even then, I think we still had an open SMTP relay for quite a while, spam was still a "those Cantor & Siegel assholes" factor, NNTP security was a matter of kicking a connection when we saw one we didn't recognize.

Damn, those were halcyon days.

#Comment Re: made: 2008-06-20 12:29:19.599624+00 by: meuon [edit history]

Dan, You missed the truly paranoid days... but that was the beginning. For a while we hosted DShield and Sans.org and we learned a lot.

I've now learned that just having a form on a website that has inputs named 'ccnum' or 'cardnumber' will get your system aggressively probed, poked, crowbared and hammered at levels different that any other page on the system.

And on personal computers, watched peoples machines get hacked and "quickbooks" files copied elsewhere at incredible levels.

My nightmare: Somewhere in "Chinafrikastan" is a big database of all the "borrowed" information from all of these hacks.. logins, passwords, account numbers, secrets, account balances.. and they are being queued up for a massive attack on the USA/World.

My other nightmare: It's already happened, and the banks and CC companies have covered it up to hide how unsecure the world is, how the actual amount of money in "float" is much larger that "governments" have minted/printed, and how the actual value of a "dollar" really is merely the combined perspective of millions of the value of a "dollar".

And then I fight the urge to buy a bunch more ammo..

#Comment Re: made: 2008-06-20 12:54:14.324107+00 by: Dan Lyke

I can't speak to ccnum and cardnumber, but the search box on Flutterby has gotten a steady stream of automated URLs and spam-links, presumably there's someone who thinks that search history gets published somewhere and it's worthwhile to nail as much crap into it as possible. I haven't checked in a while, but there's a bunch of heuristics there to try to only return search results to humans.

And similarly, there's a steady stream of names and passwords flowing into the login pages. I think some of that has slowed down a bit in the days since rel="nofollow", but, yeah, there are portions of the net that appear to be self-aware.

Speaking of which, Charlene and I just changed a whole bunch of accounts to auto-bill from a different bank account, and in the process made a big list of names and passwords. We should change those, or at least the ones that duplicate anything.

#Comment Re: made: 2008-06-23 14:01:28.957925+00 by: ebradway

In my new Government job at USGS, I have about a dozen different systems I have to log into on a regular basis. They all require "strong" passwords that have to be changed every 90 days. But the requirements are bizarre, like one that requires the password to be 12 characters or more with mixed case. Another that requires a number as the second character.

The result: I have to keep a written log of what my passwords are. Which, of course, is one of the biggest security holes one can create!