When you manage large scale platforms across multiple operating systems (browsers are mini OS’es IMHO), you really have to have a fanatical interest in their road maps and have plans for your support to change right along with them. Why? Your platform inherits and exposes the flaws of the underlying operating system and it is our job to keep up with what those flaws are and ensure we are ready to protect the users. Remember that cool scene in Matrix Reloaded:
The Keymaker: ...inside this building there is a level where no elevator can go, and no stair can reach. This level is filled with doors, these doors lead to many places, hidden places. But one door is special, one door leads to the source. This building is protected by a very secure system, every alarm triggers the bomb ... but like all systems it has a weakness. The system is based on the rules of a building, one system built on another.
Morpheus: Electricity.
The Keymaker: If one fails so must the other.
Good engineers are always looking for code defects, great engineers are also thinking about system defects that could render them vulnerable to attack. For example how much time do we think about how certificates are created, I mean mathematically and practically? Is the process trustworthy? For example, both Google and Microsoft have long since declared plans to do away with SHA-1 certificate support, but how many of these certs still exist? Details of how Microsoft in particular will plan to deprecate the cert has only recently become available:
Starting with the Windows 10 Anniversary Update, Microsoft Edge and Internet Explorer will no longer consider websites protected with a SHA-1 certificate as secure and will remove the address bar lock icon for these sites. These sites will continue to work, but will not be considered secure … February 2017, both Microsoft Edge and Internet Explorer will block SHA-1 signed TLS certificates.
It is clear that is not enough to trust that HTTPS shows up in the browser bar or that you have configured secure endpoints in your web.config file. One system is built on another, if one fails they all fail. Your secure conversation is only as reliable as the algorithm it is based on, so get to know which are still viable and which are not, our customers are relying on us.
Comments are closed.