Trusting The Trust

699 views

Published on

Who do you trust? It's a security awareness presentation in the era of social network

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
699
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Trusting The Trust

  1. 1. Trusting the Trust Budi Rahardjo budi@indocisc.com http://rahard.wordpress.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009
  2. 2. Trust vs. Security [no 100% secure system] march 2009 BR - trusting the trust
  3. 3. Security vs. … <ul><li>Convenience </li></ul><ul><li>Performance </li></ul><ul><li>Business Requirement </li></ul>
  4. 4. Failing the trust <ul><li>Malicious software ; virus, worm, … </li></ul><ul><li>Malicious users ; crackers, attackers, … </li></ul><ul><li>Fraud ; disgruntled employees, … </li></ul><ul><li>Indentity theft ; unauthenticated users, … </li></ul>march 2009 BR - trusting the trust
  5. 5. identity theft [facebook, friendster, … social networks do you trust your “ friends ”?] march 2009 BR - trusting the trust
  6. 6. “On the internet, nobody knows you’re a dog”
  7. 7. Authentication <ul><li>Authentication factors </li></ul><ul><ul><li>What you have (card, token) </li></ul></ul><ul><ul><li>What you know (password, pin, id) </li></ul></ul><ul><ul><li>What you are (biometrics) </li></ul></ul><ul><li>Electronic transaction requirement </li></ul><ul><ul><li>2 factor-authentication </li></ul></ul>
  8. 8. Do you trust your bank? march 2009 BR - trusting the trust
  9. 9. [“borrowed” slides on skimmer attached on an ATM machine of a local bank. Sorry, I cannot add the slides here since I don’t know the owner of the slides to ask/acknowledge.] march 2009 BR - trusting the trust
  10. 10. Do you trust your e-government? [election jokes, e-gov, e-proc] march 2009 BR - trusting the trust
  11. 11. [Examples of bad 2009 election campaign posters are available at http://janganbikinmalu2009.com] march 2009 BR - trusting the trust
  12. 12. Can you trust your code ? march 2009 BR - trusting the trust
  13. 13. Open Source is better, IF … march 2009 BR - trusting the trust
  14. 14. you play with your code [read Ken Thompson, &quot;Reflections on Trusting Trust&quot; ACM , September 1995] march 2009 BR - trusting the trust
  15. 15. Reflections on trusting trust <ul><li>Self reproducing code </li></ul><ul><li>“Learning” program </li></ul><ul><li>Create trojaned compiler compile a “bug” version when detect a pattern </li></ul>
  16. 16. meaning … skill is important [awareness too] march 2009 BR - trusting the trust
  17. 17. Reducing Risks <ul><li>Anti virus, </li></ul><ul><li>2 factors authentication, </li></ul><ul><li>… </li></ul>march 2009 BR - trusting the trust
  18. 18. Reducing Risks <ul><li>But … really … </li></ul><ul><li>people , process , & technology </li></ul>
  19. 19. Reducing Risks <ul><li>Review periodically by independent , trusted 3 rd party </li></ul><ul><li>How do you trust your partner? </li></ul>
  20. 20. Thank you for trusting me :) Budi Rahardjo [email_address]

×