[1352] in WWW Security List Archive
Re: caching protected documents
daemon@ATHENA.MIT.EDU (Michael Brennen)
Sun Dec 24 04:14:10 1995
Date: Sun, 24 Dec 1995 00:58:30 -0600 (CST)
From: Michael Brennen <mbrennen@fni.com>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
This is not an antagonistic response, Jeff. In fact, I offer apology for
the sarcasm in my response about a week ago about not trusting Netscape to
have thought through the issues of stashing passwords on disk. I'll eat
some crow on that one. I have been in various software departments, from
tiny to large, over the past 20 years, and I get too cynical at times
about what actually went on behind the scene and what is presented to the
clients/public. Lots of uh-ohs get glossed over that way.
On Thu, 21 Dec 1995, Jeff Weinstein wrote:
> I would strongly suggest that if you care about the security of your
> information that you don't ever type your password into someone elses
> machine, or a public lab machine that you don't control or know to be
> safe.
^^^^
KNOW to be safe or BELIEVE to be safe? The difference is important and
non trivial.
The statement above sounds good in theory, but it is very difficult to
practice that in life. You have a system of trust for various private
information about yourself that you have established based on history and
a complex evaluation system about how well that history may apply today.
You have machines that you put your CC PIN numbers in. You trust them
because you believe there are controls and accountability put in place to
keep that info private, NOT because you have personally thoroughly
examined every person, process and machine that will see the PIN.
If the clerk that manages the machine misuses your PIN and your card is
used fraudulently, is it your fault that you put your private info into
the system? Or is the clerk's fault for taking advantage of your trust to
work some personal gain?
When you give your CC to a waiter in a restaurant, who disappears with it
for 5 minutes, what are they doing with it? How do you know they are
absolutely trustworthy? When they bring the receipt back and you sign it
and leave the signature and number with them, they have everything they
need to effective forge transactions that will be very hard to prove are
not yours legitimately.
You don't know that much knowledge in every case that you hand sensitive
or potentially risky info over to another. At some point you have to
choose to trust others not to goof up -- either because they genuinely
care or because the fear of consequences keeps the abuse from happening.
Granted, I am very careful about my root password going over the Internet
in the clear. I think the actual risk of it being picked off is so slight
as to be non measureable, but I still won't do it. Even that bit of risk
is too much.
By the weight of much history we develop patterns of trust, valid or not,
where we are willing to divulge certain information about ourselves where
it could be abused by someone else. We weigh out the risk (even very
subconsciously) and then either do it or not.
************** Slight change in topic, though related **************
As a matter of general principle, if Netscape (or anyone else) stores info
on my local disk (cache or otherwise) that has the potential of
compromising sensitive information that I use, AND DOES NOT FULLY AND
EFFECTIVELY INFORM ME ABOUT SUCH ACTION, ITS POSSIBLE CONSEQUENCES, AND
CONFIGURATION ISSUES THAT AFFECT IT, I consider the liability is yours,
not mine. If you take the action, you have the responsibility to inform
me of it so I can make intelligent choices.
I don't consider this an abdication of personal responsibility at all.
Tell me clearly what you have done, then I can take responsibility for my
actions taken on what you told me.
Michael
---------------------------------------------------------------------
Michael Brennen, President / / mbrennen@fni.com
FishNet, Inc. / Internet / http://www.fni.com/
P.O. Box 940451 / Services / (214) 783-2553 (vox/fax)
Plano, TX 75094-0451 / / finger me for PGP public key
