Jump to content

Bradford Mint

  • Content Count

  • Joined

  • Last visited

Community Reputation

194 Excellent

1 Follower

About Bradford Mint

  • Rank
    Advanced Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Just to be pedantic, data encryption doesn't make data theft impossible. The data is in two forms, either at rest or in motion. In the case of encrypted data which is sitting on a disk which is not being powered, then it's at rest and generally pretty secure (depending on the security of the key), however, that won't be the case with a database which is being accessed all the time. In this case, the data will be accessed and a running process will have a copy of the block cipher key in memory and the data when it is decrypted will be in a clear text state in memory. The general concern is for a "database" being physically stolen where it is considered that the data is secure due to the attacker not having knowledge of the key. However, the astute attacker isn't interested in trying to brute force the encryption, that's not feasible but rather the attack is to either obtain the data in a decrypted state, i.e. while it's in that state in memory, although this is also largely pointless because the attackers view would only be of that portion of data presently being accessed. So, the attacker is really interested in getting hold of a copy of that block cipher key while it's in memory. With that and the static database then they're good to go. It would also be expected that the database is not necessarily entirely encrypted with the same key but in blocks, however each key is derived in some way from the previous one thus overall knowledge of this is where the fun happens. Anyway, the above does require an advanced attack. I'm still more curious as to whether LL will be storing the PII which is being submitted because once the user has been validated, the only thing they need to keep is the status which indicates as much. Will they be storing PII in the form of government documents which have been scanned and if so why? Overall, i'm not really fussed one way or another, just curious.
  2. Well there's not really going to be much in there that's not pretty much industry standard, that is to say there's a database of our data, enciphered with an appropriate symmetric cryptographic algorithm (Likely AES256), where the key is protected by an asymmetric key pair of a modern algorithm (probably an elliptic curve), where the private key was generated in an HSM (Hardware Security Module), where the HSM may or may not be FIPS-140-2 (or now possibly even level 3) validated. All of this is pretty run of the mill for military, government, financial services. Access to the data centre itself should be mandating multifactor authentication and likewise they mention logical system access via multifactor tokens and also a large part of the overall security will be implemented not only by technical constraints but also by policy and procedure. Again, all standard operating practice for this sort of scenario. So just to throw some darts at the board... "Our engineers created a new “personal information vault” project. This vault uses modern algorithms to encrypt sensitive information in a way that would require both enormous computing power and an enormous amount of memory for an attacker to crack… if they could even get a copy of the encrypted data." We're using standard AES256 cipher for block encryption and Elliptic Curve cipher for the Asymmetric key. Private key marked as non exportable and held in an HSM. "And all of this new encryption is wrapped around the encryption we already used - encryption which was the industry standard at the time." Yeah, that's the "We already encrypted the database with standard ciphers such as AES256 but in SL we only stored the key in software". "These are entire new layers using encryption technologies which didn’t exist when Second Life was new. " Well hmm... https://en.wikipedia.org/wiki/Elliptic-curve_cryptography History The use of elliptic curves in cryptography was suggested independently by Neal Koblitz[7] and Victor S. Miller[8] in 1985. Elliptic curve cryptography algorithms entered wide use in 2004 to 2005. "Even after all of these changes, the old protection remains in place at the bottom of that stack. Figuratively speaking, we locked the old vault inside a bigger, stronger vault. We chose an approach where we didn’t need to decrypt information in order to enhance your protection. " This is consistent in my mind as to "vault within a vault" being an encrypted database with a better protection for the block cipher key. No need to decrypt what was already there, just provide stronger key protection, the symmetric block cipher key remained the same. "There is another key part of this project: Our storage mechanisms for sensitive customer information are now isolated from Second Life. The information isn’t stored at the same physical location anymore, and hasn’t been for a while. But the difference is more than physical. " Means "We had to buy a bigger USB stick to throw it across the room" "Second Life’s servers do not have direct access to Tilia information that isn’t required for daily Second Life usage. Even developers who have worked at the company for a dozen years - developers who have full access to every last Second Life server - do not have access to the servers that store and protect the most sensitive information. A policy of least privilege means fewer opportunities for mistakes. " Did those developers EVER have full access to our data and if so why? That should never have been a requirement. Even in the case of development, that should be on a development environment without live data, the live data shouldn't ever be accessible - period! "This means that compromising one database inside of Tilia is insufficient to decrypt and correlate sensitive data without compromising a different service." A segmented architecture, multiple databases, each with its own symmetric key, protected by own key pair thus would require compromise of multiple keys/systems, yes normal stuff here. "We have deployed numerous commercial products which help monitor for access, abuse, or data copying attempts for data that is made available to Tillia employees. This means that even an attacker with all employee access credentials, access to employee multifactor authentication tokens, and all Tilia access permissions would still face some challenges in avoiding early detection. " We've installed Splunk because it's free! Joking aside, they've deployed one or more SIEMs (Security Information and Event Management software) and some IDS (Intrusion Detection System) software to monitor along with probably some agent based software to monitor PC behaviour and possibly thrown in some CASB (Cloud Access Security Broker) software just for fun. What I haven't seen is any mention of how they'd handle the situation where a family member or two is kidnapped and the attackers have set up a live feed of the electric drill being held to the eyeball of the staff members youngest child. Which when the prize is rich enough is the upgraded version of:- Overall, what Soft Linden describes and what I believe (I also believe in aliens), is distilable to pretty much standard good operating practice for the service being operated. There are also existing services which allow a user to scan government documents, take a selfie, have that validated and a confidence factor returned to the calling service. No data is stored, there's no need once the ID result is validated. I'd be curious to know why LL hasn't gone down this route. I note that Soft Linden didn't explicity call out blockchain anywhere but they may or may not be playing with that too, because some people feel it's trendy! All of the above is based upon supposition and interpretation of the end user facing blurb posted below and I have no further insight other than the ability to read and interpret based upon experience.
  3. Absolutely nothing will change due to Brexit. Each EU member state implements the EU Directives in local legislation. The UK implemented GDPR when it enacted the Data Protection Act 2018. In other words, the essence of GDPR is already and will remain UK legislation. What LL has failed to do, is describe in plain English and not legalese, the privacy terms it would seem. This is a requirement of GDPR compliance.
  4. They will, so they'll probably just not even bother to thank you for your interest in the service, sad to see you go etc. You won't get that but if you want to be able to perform the services that they require verification for, you won't be able to use those or SL at all if compliant with the new TOS is enforced pre login. LL says "Bye"
  5. Nowhere does it mention photographic ID, nor for UK or EU users. The started requirement is for "government issued ID" When you recently had the opportunity to vote, some areas were required to take ID. The voting form described what was acceptable in the case of no passport, no driving licence. It's not rocket science.
  6. Nope, as previously stated by someone else, LL could just act as an identity provider. There's no reason to transfer or create anything.
  7. Not the case at all. Edit: Fionalein, adding a laugh reaction doesn't make you any more correct. Data sovereignty and data handling are not the same thing.
  8. Ok seriously, create a JIRA to ask for this as a new feature. That's how things get done around here. Might have to wait a decade or so and even then it still won't get done but that's the process.
  9. Right, that's it! No Valentine's Day card for you either.
  10. You're welcome, you wouldn't be here without our contribution.
  11. Remind me to go and report every other thread that goes off topic. I'll expect all off topic posts to be removed from those too! Precedent set.
  12. The bottom line is that it is more likely that the LL staff member didn't bother checking or activating a brain cell because as you rightly suggest, few people would complain about extra permissions and especially for a demo.
  13. Go to any of the role play sims, they'll tell you how it's done
  14. In which case the entirely factual answer would be yes.
  • Create New...