"Microsoft vs Computer Security"
"Microsoft vs Computer Security"
Follow us:WhatsappFacebookTwitterTelegram.cls-1{fill:#4d4d4d;}.cls-2{fill:#fff;}Google News"Why the software giant still can't get it right"

The headline and the tag above are both from the best article on the Internet today. According to aldaily.com and me ... It's on Slate ... go read it here.

Continuing in the same vein .. here's my take, from a far more geeky perspective.

The big secret (that everyone knows about) is that the biggest threat to data security comes from trusted employees, NOT pimply faced teenagers who think lack of sleep is a fashion statement. Which means everything you do to keep unwanted outsiders outside, is fairly pointless.

Yesterday evening I was speaking to a gentleman who's trying to keep companies safe from their own employees (or recent ex-employees). . Before you think guards in blue uniforms let me add that he's into security of a completely different sort. He helps people install software that basically tracks every employee's activity by a) auditing all activity and b) ensuring nobody has access to anything outside their clearly defined roles.

I guess it makes sense to some people. Personally, if I was put into a system like this, I would run for the hills.

I also think that security is pointless if it's an afterthought. Especially when building software. More importantly, secure softare and secret software simply aren't the same thing. Secret software is like hiding a key under the mat when you leave home. All a person has to do is look under the mat to enter your house. When you find a lock that cannot be opened is when you have a secure lock. Knowing how the lock is built doesn't mean you get a special insight in knowing how to open it.

A great example in the world of software is encryption technology Pretty Good Privacy or PGP. How it works is not a secret. How to build it isn't a secret either. In fact, theoretically, even how to circumvent it isn't a secret. So what you're left with is a secure system that helps you hide data .. not a secret system that you hope hides your data.

Sometimes, it seems like a lot of people treat security like an article of faith. It's something you have to believe in .. almost blindly.

"THIS SYSTEM IS SECURE," says Big Brother.
"AYE!"
"IT'S GOT XYZ@123 TECHNOLOGY," proclaims Big Brother.
"AAYYEE!"
"IT'S MORE SECURE THAN EVER BEFORE," screams Big Brother.
"ALL HAIL XYZ@123! ALL HAIL XYZ@123!"

There's a moral to this fable: What you build and what you sell are usually completely different things ...first published:January 11, 2006, 17:56 ISTlast updated:January 11, 2006, 17:56 IST
window._taboola = window._taboola || [];_taboola.push({mode: 'thumbnails-mid-article',container: 'taboola-mid-article-thumbnails',placement: 'Mid Article Thumbnails',target_type: 'mix'});
let eventFire = false;
window.addEventListener('scroll', () => {
if (window.taboolaInt && !eventFire) {
setTimeout(() => {
ga('send', 'event', 'Mid Article Thumbnails', 'PV');
ga('set', 'dimension22', "Taboola Yes");
}, 4000);
eventFire = true;
}
});
 
window._taboola = window._taboola || [];_taboola.push({mode: 'thumbnails-a', container: 'taboola-below-article-thumbnails', placement: 'Below Article Thumbnails', target_type: 'mix' });Latest News

"Why the software giant still can't get it right"

The headline and the tag above are both from the best article on the Internet today. According to aldaily.com and me ... It's on Slate ... go read it here.

Continuing in the same vein .. here's my take, from a far more geeky perspective.

The big secret (that everyone knows about) is that the biggest threat to data security comes from trusted employees, NOT pimply faced teenagers who think lack of sleep is a fashion statement. Which means everything you do to keep unwanted outsiders outside, is fairly pointless.

Yesterday evening I was speaking to a gentleman who's trying to keep companies safe from their own employees (or recent ex-employees). . Before you think guards in blue uniforms let me add that he's into security of a completely different sort. He helps people install software that basically tracks every employee's activity by a) auditing all activity and b) ensuring nobody has access to anything outside their clearly defined roles.

I guess it makes sense to some people. Personally, if I was put into a system like this, I would run for the hills.

I also think that security is pointless if it's an afterthought. Especially when building software. More importantly, secure softare and secret software simply aren't the same thing. Secret software is like hiding a key under the mat when you leave home. All a person has to do is look under the mat to enter your house. When you find a lock that cannot be opened is when you have a secure lock. Knowing how the lock is built doesn't mean you get a special insight in knowing how to open it.

A great example in the world of software is encryption technology Pretty Good Privacy or PGP. How it works is not a secret. How to build it isn't a secret either. In fact, theoretically, even how to circumvent it isn't a secret. So what you're left with is a secure system that helps you hide data .. not a secret system that you hope hides your data.

Sometimes, it seems like a lot of people treat security like an article of faith. It's something you have to believe in .. almost blindly.

"THIS SYSTEM IS SECURE," says Big Brother.

"AYE!"

"IT'S GOT XYZ@123 TECHNOLOGY," proclaims Big Brother.

"AAYYEE!"

"IT'S MORE SECURE THAN EVER BEFORE," screams Big Brother.

"ALL HAIL XYZ@123! ALL HAIL XYZ@123!"

There's a moral to this fable: What you build and what you sell are usually completely different things ...

What's your reaction?

Comments

https://umorina.info/assets/images/user-avatar-s.jpg

0 comment

Write the first comment for this!