Forgot your password?
typodupeerror
Crime Encryption NASA Security

Whom Must You Trust? 120

Posted by Soulskill
from the mainly-just-late-night-infomercial-spokepeople dept.
CowboyRobot writes: 'In ACM's Queue, Thomas Wadlow argues that "Whom you trust, what you trust them with, and how much you trust them are at the center of the Internet today." He gives a checklist of what to look for when evaluating any system for trustworthiness, chock full of fascinating historical examples. These include NASA opting for a simpler, but more reliable chip; the Terry Childs case; and even an 18th century "semaphore telegraph" that was a very early example of steganographic cryptography. From the article: "Detecting an anomaly is one thing, but following up on what you've detected is at least as important. In the early days of the Internet, Cliff Stoll, then a graduate student at Lawrence Berkeley Laboratories in California, noticed a 75-cent accounting error on some computer systems he was managing. Many would have ignored it, but it bothered him enough to track it down. That investigation led, step by step, to the discovery of an attacker named Markus Hess, who was arrested, tried, and convicted of espionage and selling information to the Soviet KGB."'
This discussion has been archived. No new comments can be posted.

Whom Must You Trust?

Comments Filter:
  • Why 'must' I trust? (Score:2, Interesting)

    by jkrise (535370) on Friday June 06, 2014 @01:00PM (#47180841) Journal

    The headline indicates a necessity to trust anybody or any entity. There is no necessity to trust anyone. Least of all myself, because time plays tricks with me and I keep changing all the while.

  • by Mark P Neyer (3659539) on Friday June 06, 2014 @01:20PM (#47180989)

    imagine something like linkedin's 'how are you connected to this person' - except instead of 'we worked together' the edges are all of the form 'i trust this person to this extent.'

    you take a bunch of statements of this form (node X trusts node Y with level 0.4), all signed by private keys. if you meet someone else, you can see all of the trust paths from you to them, to decide how much you trust them, and to what extent.

    then, instead of having to personally know someone else personally, i can say 'there are 300 paths from me to this woman. 250 of them are strictly positive with trust levels over 0.7 which is my default threshold for comfort. all of the negative ones turn negative over two hops from me, and only three are intensely negative. i already had weak trust levels for intermediary nodes between myself and the negative inbound edges to her. she's fine, and i have more confidence in my negative assessment of those intermediary nodes.'

    this could be huge. it would let us have more trust in strangers, and it would let us do things like this:

    • 'this lawyer has 50 inbound links from people i'm relatively close to, that all rated him as an asshole. i wont work with him'
    • 'this guy i'm serving at the restaurant has 30 level-4 links out who've said he helped them when they didn't offer anythign in return. i'll service him better than this other guy over where who's been rated as rude and elitist by some closer level links to me'
    • lets look at the yelp reviews of these restaurants, weighted by the trust scores i give users who've left the reviews. hmm, all of these reviews are from identities i only have a few paths to, with all of those paths passing through my SEO friend, who i thought might be black hat. drop this guy's trust level to negative and mark all of those reviews as untrusted by me. don't want my friends to waste their time with that.
  • by Cliff Stoll (242915) on Friday June 06, 2014 @02:21PM (#47181593) Homepage

    It's been a quarter century since I chased down those hackers. Hard to think back that far: 2400 baud modems were rarities, BSD Unix was uncommon, and almost nobody had a pocket pager. As an astronomy postdoc (not a grad student), I ran a few Unix boxes at Lawrence Berkeley Labs. When the accounting system crashed, my reaction was curiosity: How come this isn't working? It's an attitude you get from physics -- when you don't understand something, it's a chance to do research. And oh, where it led...

    Today, of course, everything's changed: Almost nobody has a pocket pager, 2400 baud modems are a rarity, and Berkeley Unix is, uh, uncommon. What started out as a weirdness hiding in our etc/passwd file has become a multi-billion dollar business. So many stories to tell ...

    I've since tiptoed away from computer security; I now make Klein bottles and work alongside some amazing programmers at Newfield Wireless in Berkeley. Much fun debugging code and occasionally uncorking stories from when Unix was young.

    Warm cheers to m'slashdot friends,
    -Cliff

UNIX is many things to many people, but it's never been everything to anybody.

Working...