It’s funny how much effort we put into building redundant and reliable systems (e.g.: “cloud computing”) that scale and replicate well – yet they are subject to the simplest of attacks that can disable them.
Stderr
All the unbuffered error messages
It’s funny how much effort we put into building redundant and reliable systems (e.g.: “cloud computing”) that scale and replicate well – yet they are subject to the simplest of attacks that can disable them.
If you asked Jackson Pollock to do a painting representing government computer security, it would look just like every other Jackson Pollock painting.
Now that I’m retired, I try hard not to be the guy who stands in the back of the room and shouts “You kids get offa my lawn!” but I have to admit that I often feel that computer security (as a field, in general) has gone horribly out of control and is thumping through the rough terrain and weeds while the driver, who lacks vision, keeps grasping for simple solutions to what is really a complex problem involving strategy, economics, and skepticism.
I suspect this is not the first such incident, but it’s the first that anyone has been willing to cop to. I also suspect that, somewhere, a lawyer is screaming, “NO SHUT UP YOU IDIOT!”
US president Donald Trump has gone to the edge of the cliff defending his right to privacy, although he would never phrase it that way. For Trump, it’s all couched in the language of “executive privilege” – i.e.: the right of the rich and powerful to do whatever they want (especially if it means getting richer and more powerful).
In computer security, we talk about “I&A” – Identification (or Authentication) and Authorization. It’s one of the fundamental problems that makes everything work or not work, accordingly.
Computer security is a new(ish) field, so we get to make up names for things. That’s an advantage and a disadvantage – it means that marketing people can come up with new-sounding names for old stuff, and sometimes customers get all excited and buy it because it sounds so new!
Internet security is complicated and there are lots of dependencies – usually if you ask an internet security practitioner “is ${this thing} safe?” they’ll tell you “if you’re trying to do ${this} or ${that} then…” and carry on for a half an hour in that vein.
Cyberwar is the Department of Stone Throwing, promoting the increased use of stone projectiles, from the safety of its offices – which are in the Department of Glass Houses.
Other than “don’t use the internet”* the best thing you can do is: your backups. I’ve covered that elsewhere. The second best thing you can do is to get out of the password business. The third best thing you can do is segregate some of your computing.