Everything is broken

by
in security on (#3MW)
Journalist Quinn Norton writes on the broken culture of computer security. From complex software flawed with 0-days to human error and general culture prone to feeling powerless, she explains how security is currently just a mirage.

Is computer security really just a wishful dream?
Reply 7 comments

Not anymore broken than real world security (Score: 5, Insightful)

by skarjak@pipedot.org on 2014-05-24 17:21 (#1WG)

Most of us have only a simple, easy to pick door lock standing between any would-be thief and our stuff. The real use of these things is merely to act as a deterrent, so people have to be serious if they want to get your stuff. But if they are serious, no amount of security will keep you completely safe. We generally seem to be ok with that situation.

I think the situation is relatively the same for computers. If someone really wants your digital stuff, they'll get it. You can't really prevent that. But you can control what information you allow to be digitally stored.

Re: Not anymore broken than real world security (Score: 2, Insightful)

by Anonymous Coward on 2014-05-24 18:03 (#1WH)

Damn, you said everything I was getting ready to say. :)

Only real difference is there are many more brands it virtual locks, each with its own idiosyncrasies.

The speed and mutability of electronic "attack surfaces" and the ease of attack, sheer number of criminals, and immunity from consequences are all vastly greater online though.

Re: Not anymore broken than real world security (Score: 3, Informative)

by zafiro17@pipedot.org on 2014-05-24 18:48 (#1WJ)

Of course, there's the idea of reducing your attack-surface, too. Stay off social networking sites, don't use "free" web-based email, don't use cloud services, and so on - most of the things your ordinary modern Netizen doesn't do at all. Cloud storage is another, as evidenced by just some of the posts on Pipedot, for example. Guess cloud backup is right out.

If they want it, they'll get it, sure, but you can certainly reduce the points of entry.

Re: Not anymore broken than real world security (Score: 1, Interesting)

by Anonymous Coward on 2014-05-24 19:22 (#1WM)

Sounds like me. :)

And of course, ironically and fittingly enough, I have nothing of value to steal and nothing really to hide.

Some people care about privacy, and only a small subset of us are both guiltless and somewhere near normal.

As you say, the vast majority don't give a shit. Which is why Zuckerberg is so incredibly rich.

Re: Not anymore broken than real world security (Score: 3, Insightful)

by hyper@pipedot.org on 2014-05-25 03:09 (#1WP)

Good analogy.

We could all buy steel reinforced doors, industrial strength security glass but we don't.
Same for software. The time and expense is not seen worthwhile.

Re: Not anymore broken than real world security (Score: 2, Insightful)

by ploling@pipedot.org on 2014-05-25 06:42 (#1WQ)

Computer security being broken is not really the big issue, nor is it about the lack of control, nor is it that computing and its results can't be trusted or taken at face value. Security, control, and trust are to a very large extent delusional notions and computers didn't change that. These things are water under the bridge.

The big issue is the amount of effort and resources spent on not only actively removing such of your (imagined or not) "property rights" (security, control, and trust of the tools you own) but on doing the same to everyones entire "objective" existence past, present, and future and doing it continuously, simultanously, efficiently, scalably, eternally, and tied to the accelerating technological improvement and how they were nearly done completing the rudimentary working prototype of this setup two years ago .

That is what Snowden revealed even if he perhaps did not realize it. It is the sum total and the conclusion and it doesn't matter the slightest whether this meta-tool was intentional or not: it is going to be used and improved upon.

Learn from nature (Score: 1)

by gerty@pipedot.org on 2014-05-25 10:49 (#1WS)

Accidentally, an article in this week's Economist addresses the first issue, i.e. software implementation. If software can be ensured to be functionally equivalent with differences in underlying code, that would potentially restrict mass-targeted attacks.