We do checksums, so we are secure



  • I have written preciously that I have a mishonor to work on a product which is so ridden with WTFs that if I wrote a story about each one of them, they all would make a hefty book which would be totally possible to break someone's cranium with. I even suspect I know whose cranium it would break first.

    Here's one gem I came across recently.

    Imagine your software has to read in and process documents prepared by different companies. Also, there are rules by which all those documents are entered into the software by a trusted third party. The documents come enveloped, sealed, with a CD-R next to a printout of the same document. The thing is to make sure the documents cannot be seen by other companies until the time comes. And when the time comes, they are being entered into our system, and here the WTF begins.

    Of course when you have data that sensitive, you should make sure the thing in the envelope and the CD-R was made by whoever claims it was made by. For paper documents, you make it with old good seals and signatures, on CD you would expect a verifiable cryptographic signature (say, with a certificate or whatnot). No. We can do better. We can do checksums!

    The checksum is a MD5 (which has been proven to be a WTF in itself for quite a while now), but the funniest part is that only first 4 octets of that MD5 are ever taken into account. The reason? The checksum is printed on that document, in hex (8 characters), and the operator needs to type it into a form along with uploading the file with that document (and typing in the whole MD5s, dozens of them, can make brave men cry in despair). The software will proceed if that typed checksum matches the checksum embedded into the file and that embedded checksum is the same as the one calculated from the data payload on the fly.

    The document file is a PDF which has the same content as the printed thing, and is actually the original which is printed out. Two extra blobs are attached to it, the one with machine-readable data payload, and the one with the checksum. The best thing about it is that while the data payload has a half-arse protection with a quarter of a message digest, the rest of the PDF is not. Also, there is no proof whatsoever that the envelope is really from the company that is written on it: anyone could swap it for another one, and it would sneak unsuspected while the checksums on paper and in the file match the real thing.

    To add some extra pain, our client-side software that is used to make those PDFs, an atrocity written in C# for Silverlight, once in a blue moon does really weird things, like calculating a wrong checksum (which has been proven next to impossible to reproduce). This is unnoticed until the PDF upload failure due to a wrong checksum. The practical outcome is that the unlucky company doesn't get a chance to win a contract for a hefty sum, which makes its top people very, very sad.

    Proper security and digital signatures? What? Never heard of those.



  • @shimon said:

    I have written preciously that I have a mishonor to work on a product which is so ridden with WTFs that if I wrote a story about each one of them, they all would make a hefty book which would be totally possible to break someone's cranium with. I even suspect I know whose cranium it would break first.

    Your copy-editor's? Ziing!



  • @shimon said:

    The practical outcome is that the unlucky company doesn't get a chance to win a contract for a hefty sum, which makes its top people very, very sad.

    The actual practical outcome isn't that your company is sued into oblivion due to the heavy punitive damages awarded for that kind of negligence?



  • @Rhywden said:

    @shimon said:

    The practical outcome is that the unlucky company doesn't get a chance to win a contract for a hefty sum, which makes its top people very, very sad.

    The actual practical outcome isn't that your company is sued into oblivion due to the heavy punitive damages awarded for that kind of negligence?

    You seem to be under the impression that the point of our legal system is to punish bad behavior and not drive good people out of business for frivolous reasons.



  • @morbiuswilters said:

    @Rhywden said:
    @shimon said:

    The practical outcome is that the unlucky company doesn't get a chance to win a contract for a hefty sum, which makes its top people very, very sad.

    The actual practical outcome isn't that your company is sued into oblivion due to the heavy punitive damages awarded for that kind of negligence?

    You seem to be under the impression that the point of our legal system is to punish bad behavior and not drive good people out of business for frivolous reasons.

    Over here, such behaviour really does result in one of two outcomes: a) hefty fines for such shenanigans or, if caught early on, b) a completely new call for tenders.



  • @Rhywden said:

    @morbiuswilters said:
    @Rhywden said:
    @shimon said:

    The practical outcome is that the unlucky company doesn't get a chance to win a contract for a hefty sum, which makes its top people very, very sad.

    The actual practical outcome isn't that your company is sued into oblivion due to the heavy punitive damages awarded for that kind of negligence?

    You seem to be under the impression that the point of our legal system is to punish bad behavior and not drive good people out of business for frivolous reasons.

    Over here, such behaviour really does result in one of two outcomes: a) hefty fines for such shenanigans or, if caught early on, b) a completely new call for tenders.



  • @Ben L. said:

    shenanigans

    I see we're still trying to break cs.



  • @Rhywden said:

    Over here, such behaviour really does result in one of two outcomes: a) hefty fines for such shenanigans

    Where is "over here"? Also, please show me the fines that have been collected due to poor security. I used to do a lot of work with this exact thing (civil and criminal penalties for security breaches) and the European cases were about on-par with the US ones, particularly because the EU considers the biggest threat to IT security M$ bundling IE (still, in this day and age, they haven't let this shit drop.)



  • @Rhywden said:

    The actual practical outcome isn't that your company is sued into oblivion due to the heavy punitive damages awarded for that kind of negligence?

    It is, too, as a direct consequence of some people becoming very, very sad.

     



  • @morbiuswilters said:

    the EU considers the biggest threat to IT security M$ bundling IE (still, in this day and age, they haven't let this shit drop.)
     

     They never considered that a threat to security, but hey fact are too boring to be let in the way of a good story !

     (I have seen fines and market annulations for such carelessness in EU, but only when the one owning the firm weren't friend enough with the high places. Also, it was human carelessness directly, not throught any kind of software)



  • For public facing bodies, sure, but not for private companies. If you're a private company (and as long as you don't fall foul of the anti-corruption legislation) then you can make your own rules up.
    Don't want to buy from a company whose name begins with "I"? No probs.
    Don't want to buy from a different company cos the sales guy is a dick? Also no probs.
    Can't accept a document from a company cos your shitty software can't calculate an MD5? Dumb, but not a civil or legal problem.



  • @TheLazyHase said:

    They never considered that a threat to security...

    You're right, they considered it a threat to innovation in the red-hot browser market. I mean, if Firefox and Opera weren't allowed to gain market share, we never would have had AJAX or CSS.

    So the actual reason was stupider than "threat to security". There's a lesson in there: when Morbs lets you off easy, you should just take it and shut your mouth.



  • @skotl said:

    Don't want to buy from a company whose name begins with "I"? No probs.
    Don't want to buy from a different company cos the sales guy is a dick? Also no probs.

    Yeah, obviously.

    @skotl said:

    Can't accept a document from a company cos your shitty software can't calculate an MD5? Dumb, but not a civil or legal problem.

    I don't think he was suggesting it was a problem of features, but a security problem, which could definitely land you in trouble.



  • @shimon said:

    It is, too, as a direct consequence of some people becoming very, very sad.
     

    Litigation is exclusively caused by people first becoming very, very sad.

    And then angry.



  • @dhromed said:

    Litigation is exclusively caused by people first becoming very, very sad.

    And then angry.

    And then greedy.

    And then horny.

    And then very, very sticky. So sticky.


    Wait.. what were we talking about again?



  • @morbiuswilters said:

    Wait.. what were we talking about again?
     

    Sueing one's ass off.


Log in to reply