How much cyber security is really there?
in [Cryptography]
|
From: bmearns on 31 Mar 2010 08:31 On Mar 30, 8:42 pm, Richard Outerbridge <ou...(a)interlog.com> wrote: > In article > <1b1c5b7f-6f6b-48e5-adcc-d30b9c59b...(a)b30g2000yqd.googlegroups.com>, > > > > bmearns <mearn...(a)gmail.com> wrote: > > > Rather like steam boilers, automobiles, and rifles, eh? > > From an operational perspective, all of those things are significantly > > less complex than a computer. I'm not talking about the underlying > > mechanisms, I'm referring to the complexity of actually using it. You > > pull a trigger, push some buttons, etc., and they pretty much do what > > you expect them to, though I'll grant you that modern autos can be > > operationally pretty complex as well. But that isolation between the > > underlying mechanisms and the operational behavior is not as distinct > > on computers, and in particular with network application. > > > One way of describing it might be to say that a rifle, a steam boiler, > > and a microwave are essentially black boxes, where as a computer is > > more like a white/transparent box. When you pull the trigger, you know > > what's going to happen: the bullets going to fire. You may not know > > exactly what's going on "behind the scenes", but you really don't care > > because it's pretty much entirely encapsulated. When you submit a > > password to log in to a website, you know what's going to happen, too: > > you're going to be granted access to the web service. But in this > > case, the "behind the scenes" is not remotely encapsulated, and an > > ignorance of what happens back there is a serious security risk. > > Recently I inherited an obsolete rifle that was subject to a safety > recall 30 years ago. Who would have thought that if you pulled the > trigger while the safety was on, and the gun had a chambered round, > when you released the safety the gun might go off? > > Who knows what might have happened had I instead inherited a Toyota? > > My point is that steam boilers, automobiles and rifles are black boxes > because they have evolved into technology that can be handled by idiots. > Your point is, if I may speak for you, that computers aren't there yet. Yes, that is my point, and well phrased, thank you =). > > So why do we continue to sell computers to idiots if they are becoming > as dangerous as unlicensed steam boilers, automobiles and rifles have > proven to be in the hands of idiots, without any of the idiot-proofing? See, I assumed you were being sarcastic about operator licenses for computers. Personally, I'm not a fan of too much government regulation to protect people from themselves, and I think that's a major difference: guns and cars used irresponsibly can hurt other people. Using a computer without knowing what you're doing will likely only harm yourself. Yes, there is a certain non-zero chance that you could hurt someone else because you didn't know what you were doing on the computer, but the same can be said for pretty much anything. > > outer -Brian
From: Mok-Kong Shen on 1 Apr 2010 06:50 bmearns wrote: > Richard Outerbridge wrote: >> So why do we continue to sell computers to idiots if they are becoming >> as dangerous as unlicensed steam boilers, automobiles and rifles have >> proven to be in the hands of idiots, without any of the idiot-proofing? > > See, I assumed you were being sarcastic about operator licenses for > computers. Personally, I'm not a fan of too much government regulation > to protect people from themselves, and I think that's a major > difference: guns and cars used irresponsibly can hurt other people. > Using a computer without knowing what you're doing will likely only > harm yourself. Yes, there is a certain non-zero chance that you could > hurt someone else because you didn't know what you were doing on the > computer, but the same can be said for pretty much anything. Leaving first the special case of computer aside and considering the general issue of protecting people from themselves, I suppose the strong need of government regulations stems at least in essential part from the non-existence of (or 'practical' difficulty of obtaining) the knowledge of the dangers on the part of the normal people. That's why e.g. certain medicaments can (in most countries) only be obtained with doctor's prescription. In a certain sense the governments play the role of parents with respect to their kids here in my humble view. M. K. Shen
From: WTShaw on 1 Apr 2010 07:27 On Mar 30, 10:51 am, bmearns <mearn...(a)gmail.com> wrote: > On Mar 30, 10:13 am, Richard Outerbridge <ou...(a)interlog.com> wrote: > > > > > In article > > <3fbc3277-ac9b-4e5c-beed-bb9dccfd3...(a)33g2000yqj.googlegroups.com>, > > > bmearns <mearn...(a)gmail.com> wrote: > > > If there's blame to be assigned, (and I'm not entirely convinced that > > > there is) I think a significant portion should belong to the companies > > > who have marketed computers and the Internet as an appliance. That's > > > simply not the case; you can't just buy a computer, plug it in, and > > > expect everything to work correctly and safely. There's a non-trivial > > > amount of uncommon knowledge necessary to really appreciate the > > > implications of what you're doing and what others are having you do. > > > Ah, but that's the end-use case we're dealing with: why is my computer > > any different than my microwave? Or maybe we need to require computer > > operator licenses, like driver's licenses and (in Canada) gun licenses? > > > outer > > Why is a computer different than a microwave? Why is a raven different > than a writing desk? They're just different things and this whole > cultural expectation that they be the same is just wishful thinking. > Worse, it puts people in the wrong frame of mind when dealing with > them, and leads people to assume that it is safe by default and one > would have to go out of one's way to use it dangerously, rather than > the other way around. > > I'm really not trying to suggest that anybody has any particular > obligation to make it otherwise, I'm just making an observation about > why so many people suffer from bad security. A complex technology has > been developed and, through the strange and subtle events of history, > has made its way into everyday society. Its an odd and somewhat > unfortunate anomaly in our civilization, but I really don't think > anyone is to blame for it, nor should anybody be held responsible for > it. I do think the computer companies exacerbate the problem somewhat > with their appliance-driven marketing, but I didn't mean to suggest > that they're especially guilty of any wrong doing. > > -Brian Gates never really understood security and designed with truth is him as the only virtue. Then he hired people that agreed with him, made transparency a goal, and sold out to abusive interests in various ways. It was probably the same with the original designers of the internet that they lacked vision in that area. However, they did actually do something as misguided as it was at times. Vested interests still want control but there are things you can do about that.
From: WTShaw on 1 Apr 2010 07:32 On Mar 30, 12:33 pm, bmearns <mearn...(a)gmail.com> wrote: > On Mar 30, 12:09 pm, Richard Outerbridge <ou...(a)interlog.com> wrote: > > > > > In article > > <087e6dbe-f673-4084-b86f-a7a8da0da...(a)z11g2000yqz.googlegroups.com>, > > > bmearns <mearn...(a)gmail.com> wrote: > > > > Ah, but that's the end-use case we're dealing with: why is my computer > > > > any different than my microwave? Or maybe we need to require computer > > > > operator licenses, like driver's licenses and (in Canada) gun licenses? > > > > Why is a computer different than a microwave? Why is a raven different > > > than a writing desk? > > > I gather then that you've seen Alice :-)? > > > > They're just different things and this whole > > > cultural expectation that they be the same is just wishful thinking. > > > Worse, it puts people in the wrong frame of mind when dealing with > > > them, and leads people to assume that it is safe by default and one > > > would have to go out of one's way to use it dangerously, rather than > > > the other way around. > > > > I'm really not trying to suggest that anybody has any particular > > > obligation to make it otherwise, > > > I humbly suggest that any security professional does, and must. > > Security professionals have an obligation to make the systems they > work on safe, and to educate their users. I don't think it falls on > their shoulders to educate the entire population of web users. > > > > > > I'm just making an observation about > > > why so many people suffer from bad security. A complex technology has > > > been developed and, through the strange and subtle events of history, > > > has made its way into everyday society. > > > Rather like steam boilers, automobiles, and rifles, eh? > > > Let alone microwaves. > > > outer > > From an operational perspective, all of those things are significantly > less complex than a computer. I'm not talking about the underlying > mechanisms, I'm referring to the complexity of actually using it. You > pull a trigger, push some buttons, etc., and they pretty much do what > you expect them to, though I'll grant you that modern autos can be > operationally pretty complex as well. But that isolation between the > underlying mechanisms and the operational behavior is not as distinct > on computers, and in particular with network application. > > One way of describing it might be to say that a rifle, a steam boiler, > and a microwave are essentially black boxes, where as a computer is > more like a white/transparent box. When you pull the trigger, you know > what's going to happen: the bullets going to fire. You may not know > exactly what's going on "behind the scenes", but you really don't care > because it's pretty much entirely encapsulated. When you submit a > password to log in to a website, you know what's going to happen, too: > you're going to be granted access to the web service. But in this > case, the "behind the scenes" is not remotely encapsulated, and an > ignorance of what happens back there is a serious security risk. > > -Brian In my ongoing project to make crypto easy to use via JavaScript, I find that it is true that the most inane algorithms to the most complicated-esoteric can also be made simple to use. It is good to know what is what and in clear measures. BTW, The Encapsulated Man is a good read.
From: WTShaw on 1 Apr 2010 07:41
On Apr 1, 5:50 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > bmearns wrote: > > Richard Outerbridge wrote: > >> So why do we continue to sell computers to idiots if they are becoming > >> as dangerous as unlicensed steam boilers, automobiles and rifles have > >> proven to be in the hands of idiots, without any of the idiot-proofing? > > > See, I assumed you were being sarcastic about operator licenses for > > computers. Personally, I'm not a fan of too much government regulation > > to protect people from themselves, and I think that's a major > > difference: guns and cars used irresponsibly can hurt other people. > > Using a computer without knowing what you're doing will likely only > > harm yourself. Yes, there is a certain non-zero chance that you could > > hurt someone else because you didn't know what you were doing on the > > computer, but the same can be said for pretty much anything. > > Leaving first the special case of computer aside and considering > the general issue of protecting people from themselves, I suppose > the strong need of government regulations stems at least in > essential part from the non-existence of (or 'practical' difficulty of > obtaining) the knowledge of the dangers on the part of the normal > people. That's why e.g. certain medicaments can (in most countries) > only be obtained with doctor's prescription. In a certain sense the > governments play the role of parents with respect to their kids here > in my humble view. > > M. K. Shen In some areas, government is crooked, breaks all sorts of state and federal laws, even does the most dire things for corrupt reasons. Retired Texas Ranger Clete Buckaloo is on the case of crooked cops. Do not assume that any officials are straight with the people when means to remove obvious abusers is trashed. Texas Governor Perry is a sociopath that inspires others to office for mercenary purposes...Shrub Bush also fit the mold. Texas is a mess!! |