Monday, June 13, 2011

You got no stinkin' security

Get over it:
So far the "hacker group" has penetrated systems owned by Sony, PBS, the "FBI affiliate site" Infragard, security company (hah!) Unveillance and Nintendo, among others.

They're bringing back Tupac and Biggie. They're advising Nintendo on more secure httpd configurations. And they're issuing funny press releases via Twitter and Pastebin.
Pwnage.  It's what's for dinner.  And breakfast.
So for the last ten years I've been working in media, trying to raise awareness of the idea that maybe, just maybe, using insecure computers to hold your secrets, conduct your commerce and run your infrastructure is a shitty idea.

No one who mattered listened. Executives think it's FUD. They honestly think that if they keep paying their annual AV subscriptions they'll be shielded by Mr. Norton's magic cloak.

Security types like LulzSec because they're proving what a mess we're in. They're pointing at the elephant in the room and saying "LOOK AT THE GIGANTIC FUCKING ELEPHANT IN THE ROOM ZOMG WHY CAN'T YOU SEE IT??? ITS TRUNK IS IN YR COFFEE FFS!!!"

There is no security, there will be no security.

 At this point, I need to point out that I work in Internet Security, and have done so professionally since 1990 or so.  I can't write something like this, at least not if I don't want people to start looking at me funny.  But this is a very interesting article indeed.  The world has become a very interesting place.

The goal of the techie community in 1990 was to create universal connectivity, where anybody could connect to anybody, all over the world.  The goal of every CEO in the 1990s and the 2000s was to "go 'e'" - get their most strategic business processes Internet enabled.  We succeeded.

Lord, forgive us.

Via an email from reader Derek, who has an eye for this sort of thing.


Katabasis said...

Out of interest have you read Jonathan Zittrain's 'The Future of the Internet' and/or Evegny Morozov's 'The Net Delusion'?

I'd be interested to find out what you think of either/both.

Angus McThag said...

I wonder if my grandkids will ask if it was odd to see computers rise from toys, become useful, indispensable tools then return to toys again all in the small space of my lifetime; before they were born.

Dave H said...

The goal of the techie community in 1990 was to create universal connectivity

But the problem with the techie community is they think everybody else is a techie. They think the jocks and bullies they put up with in school have grown up.

Reminds me of something the paramedic teaching the first aid class I took over the weekend said: "Do you know why I use rubber gloves? Anybody?" (silence) "Because I don't know any of you f***ers!"

BenC said...

I think the problem is you are expecting the suits to act logically to this. Security professionals be scared instead of happy because instead of reacting logically and saying "there is no such thing foolproof security we should be more careful with our data" they are going to say "you failed at the job I paid you to do so your FIRED!" and it won't matter that that you have been telling them about the problem for years because they don't care about fixing the problem just the blame.

Ian Argent said...

(To the tune of The Wall part 2)

We don't need no antivirus
We don't need access control
No deep inspection at the boundary
Security, leave the 'net alone

Apologies to Pink Floyd...

Borepatch said...

Ian Argent wins the Internets!

Ian Argent said...

You're too kind. I sometimes wish I had the talent to do an entire song like that...

Somewhere around my hard drive I have an effort to redo "Signey Mallory" in honor of Honor.