The web for me is a hobby where standards and best practices are daily bread. Security is a concern that everybody must be aware of its details for IT in general, and the web in particular, to be a safer place. My life, on the other hand, is that of a regular Lebanese citizen where politics and social issues are discussed on a daily basis. I hope you enjoy reading my blog and make sure to drop me a comment about any topic you find interesting.
Bird Flu Abuse: A Broken Trust Chain Problem
Printable Versionvictor | 10 February, 2006 19:20
This message is of two parts:
The first is humanitarian and simply asks you NOT to open the door to anyone who claims to be from the Ministry of Health in Lebanon to give you Bird Flu vacancies. These people simply drug victims and rob appartments!
The second part is related to security and serves as a valid up-to-date example of how a broken trust-chain can be misused by criminals. In this type of security attacks, criminals are pretending to be from the Ministry of Health. People, driven by the search for being safe of this lethal disease, simply forget to ask for a proof of authenticity. The "doctor" simply goes in, takes out a needle, puts some "trojaned-drug" in it, and "vaccinates" the victim. Trojaned because the drug that is supposed to protect from Bird Flu is actually putting the victim into a deep sleep.
In this simple example, while taking into consideration how tragic the result can be, we find a simple proof of how broken trust chains can be easily used to bypass authenticity.
A lesson to the Lebanese Government, in general, and to the Ministry of Health, in particular, from this fact is that the minimum required proof of authenticity is to have an identity card (Yes a simple card similar to the ones that the Police use in Western Movies, it is that simple I know ;). This identity card must show the picture, name and job title of the person working for the ministry. A stamp, as well, must be provided as a proof of trust.
Security |
Permalink |
Comments (2) |
Trackbacks (0)
Firefox Replies Back
victor | 02 February, 2006 10:44
To check these in sequence, do the following:
In Internet Explorer: type About:Mozilla in the Address Bar and you will get the blue screen.
In Mozilla Firefox: type About:Mozilla and you will get a verse from the book of Mozilla.
The cold war is back ;)
General |
Permalink |
Comments (1) |
Trackbacks (0)
Menu
Search
Calendar
| « | February 2006 | » | ||||
|---|---|---|---|---|---|---|
| Mo | Tu | We | Th | Fr | Sa | Su |
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | |||||
Who am I?
I am experienced in Internet technologies, Web Services and Online Interactive solutions. I am very interested in challenges related to web services engineering especially complex and hybrid online solutions (Intranet, Extranet, e-Commerce, etc.) and algorithms (search engines, security, etc.)
I am experienced in security as well. My expertise is mainly in network and Internet security. I am also experienced in the fields of cryptography, security assessment techniques, security design (policies, profiles, architectures, etc.) as well as security auditing and ethical hacking.
I am a Linux fan (by nature :). Period.
Poll
Recently...
- Alfa Statement Roaming Charges
- Google Analytics vs Log File Based Statistics
- Ziad Baroud Spamming?
- A Couple of Amazing Tricks!
- A New Speed Radar That You Cannot Fool!
- Standard Chartered Email & Website Phishing
- Huge Lighters Security Alert
- Few Blog Updates to Share
- NetDesignPlus in Kuwait
- Hidden Fees with Malev Hungarian Airlines Online Booking System
- IEEE High Availability Database Workshop
- Halloween 2009
- One-Million Dolar Picture
- Google Wave: Social Networking or Cloud Computing?
- How To Recover Your Hotmail / MSN / Live Passport Account?
- Beirut: CNN's Best Party City
- The Future of Web Programming
- Ecosystem Virtual Implementation
- The 45 Lessons of Life
- Lynn's Birth