(Looking for WHAT-WG?)
An intriguing article: What's Your Threat Model? (via).
... Here comes the first key point:Then later:First, it's assumed that the actual end systems that the protocol is being executed on are secure....(And then some testing of that claim. To round this out, let's skip to the next paragraph:)... we assume that the attacker has more or less complete control of the communications channel between any two machines.Ladies and Gentlemen, there you have it. The Internet Threat Model (ITM), in a nutshell, or, two nutshells, if we are using those earlier two sentance models. It's a strong model: the end nodes are secure and the middle is not. It's clean, it's simple, and we just happen to have a solution for it. Problem is, it's also wrong. The end systems are not secure, and the comms in the middle is actually remarkably safe.
A threat model looks at the application - at what we are trying to protect. In this case, we know that the actual threat that SSL was built for was the sniffer of credit card numbers. But, he, the sniffer, is not considered, what's replaced his role is some theoretical bogey man. The bogey man can do anything that we know how to protect against, and not the things we can't protect against.Unfortunately, it doesn't suggest what the Internet Threat Model should be, but that's a more complex topic. I have a feeling it would involve much more psychology and less math.
s/Thread Model/Threat Model/
Been doing a little too much COM programming lately by any chance? :)
Oops, corrected. Never actually done any COM programming, but thread does just roll off the fingers.# Ian Bicking
Talking about phishing attacks, I recall a newspaper article about criminals in an European country installing fake ATM machines and reads off the magnetic stripes on the bank cards.
HEH! That was the albanian mafia in Greece! If anyone's interested I have scanned several newspaper articles that cover this story (all are in greek though).# want_disease