Marcus J. Ranum, chief of security for Tenable Security, addressed a packed conference room of computer security experts at the Sheraton Wall Centre in Vancouver today at the CanSecWest conference. His talk, called “Internet Nails”, covered how bad software design and architecture can have disastrous consequences. Tiny mistakes in software can lead to huge monetary losses.
Ranum said that in the beginning of time (aka the 1970s) the FTP protocol was the way to move blocks of data around the DARPAnet network. By 1976, the NCP protocol (precursor to TCP) created the network layer that eventually became the internet.
Eventually it was necessary to make these file transfers secure, leading to the introduction of firewalls in 1991 saw a new emphasis on security, and from that point firewall technology has blossomed into a billion dollar industry.
But “it would have taken a good programmer 2 hours to fix FTP in 1975. Hundreds of millions of dollars were spent on firewalls between 1991 and 2009. The problem is still there...and so is FTP.”
Another example of a small screw up writ large was that in 1995 some UNIX connections would crash and burn if they got too many connections. Around the same time the World Wide Web exploded. TO avoid the “overloaded socket table problem”, Web inventor Tim Berners Lee made the HTTP protocol stateless, in effect making each request a a separate connection. Short lived connections were slow, so browser coders made connections in parallel. Browsing got faster, but the tradeoff was higher load on the server and network.
Today’s web has various aspects that keep a “state” going, such as shopping carts, logins, SSL and websites tracking where you’ve been. So in effect, TCP is designed to have state, the workaround (never changed) makes the browser stateless, but various codes at the state back. So in effect there are workarounds of workarounds, rather than just designing the system properly in the first place.
“It’s like having a Lamborghini, putting a trailer hitch on it, and then going 4X4ing with it.” Ranum said. The bottom line is that we waste hundreds of thousands of coder hours, and spend millions of dollars on load balancers we didn’t need in the first place. And all this has huge consequences for security, because every bug is a potential security flaw and the more complicated a system is, the easier it is to hack.
Software is becoming more and more important in most things human build, Ramun said, and its getting to the point that the glue shouldn’t be more costly than the components it holds together. We should be less concerned with backwards compatibility and need to be more aware of the downstream consequences of “small” design decisions, he said.