security

The weakest link

Submitted by Davide on 2 February 2009 - 23:09

Unfortunately, people sometimes do not seriously think about which is really the weakest link in a security system. And there is also a more subtle issue: strengthening a link may cause the attacker to change his strategy, with undesirable consequences. I remember a story about some car anti-theft devices being "too" secure in making hot-wiring difficult, so that they actually caused an increase in carjackings. It is probably better (as well as much safer) to discover that one's car has been stolen when returning to the car park...

xkcd - security

(comic from xkcd)

Imagination, scepticism, and sense of humour

Submitted by Davide on 22 January 2009 - 22:54

People lacking imagination, scepticism, and a sense of humour should not work in the security field.

– Anonymous

These things happen...

Submitted by Davide on 3 January 2008 - 11:43

...when one is drunk (from xkcd).

xkcd - responsible behaviour

Random numbers

Submitted by Davide on 16 February 2007 - 22:57

I am afraid that, sometimes, this is not so far from being true...

Random number generation

(from xkcd).

Who is a hacker?

Submitted by Davide on 14 September 2006 - 22:02

The word hacker is usually related to computers and computer networks, and it even appears in the Internet Users' Glossary (RFC 1983) with the following definition:

hacker: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. The term is often misused in a pejorative context, where "cracker" would be the correct term.

Computers and computer networks are explicitly mentioned, but "in particular" and not as the only possibility. Bruce Schneier goes beyond this, giving a more general definition, with no reference to that specific field:

A hacker is someone who thinks outside the box. It's someone who discards conventional wisdom, and does something else instead. It's someone who looks at the edge and wonders what's beyond. It's someone who sees a set of rules and wonders what happens if you don't follow them. A hacker is someone who experiments with the limitations of systems for intellectual curiosity.

This is maybe a bit provocative (as Schneier says in his article, which I recommend, Galileo was a hacker!), but I think it gets the point: it is not just a matter of technical skills, it is most of all a mindset. I recommend another reading: The Hacker Ethic and the Spirit of the Information Age by Pekka Himanen.

The good Internet times gone by

Submitted by Davide on 16 July 2006 - 21:07

Until a few years ago, you could connect to the Internet and be in contact with hundreds of millions of other nodes, without giving even a thought to security. The Internet in the '90s was like sex in the '60s. It was great while it lasted, but it was inherently unhealthy and was destined to end badly. I'm just glad I didn't miss out again this time.

— Charlie Kaufman

And security is neglected…

Submitted by Davide on 4 May 2006 - 21:35

The wire protocol guys don't worry about security because that's really a network protocol problem. The network protocol guys don't worry about it because, really, it's an application problem. The application guys don't worry about it because, after all, they can just use the IP address and trust the network.

— Marcus J. Ranum

Unfortunately this happens...

Security is a mindset

Submitted by Davide on 31 October 2005 - 19:11

In an interview, Bruce Schneier says:

Security is a mindset, and the best security experts come by the profession naturally. They constantly go about the world looking at how to get around security: how to vote twice, how to shoplift, how to sneak in and out. They probably won't do any of these things, but they're always thinking about them.

I agree: I think that security is first of all a mindset, which is also a reason why many people do not understand it.

Syndicate content