Thursday, March 31, 2011
Monday, March 28, 2011
Well-known security researcher Peter Gutmann has a draft of his book on Engineering Security available on his web page. He has a lot of good commentary about challenges that the security community is facing. So far, my favorite passage challenges the common mentality that security has to be 100% or it's just not worth having.
Engineering an effective security solution in the presence of security geeks is an extremely difficult problem... Consider as an example of this a world where no-one ever locks their front door when they leave the house, and someone suggests that fitting locks and actually using them might help in dealing with the spate of burglaries that have occurred recently. This would be totally unworkable. If you lost your key you’d be unable to get into your own house. Conversely, anyone who found it or stole it could now get in. For a house with multiple occupants you’d need to get a new key cut for everyone in the house, including any temporary guests who were staying for a few days. If a neighbour dropped by to return an item that they’d borrowed they wouldn’t be able to get in. If there was a fire then emergency services wouldn’t be able to get into the house to look for people who might be trapped there. Door locks are obviously completely unworkable, and therefore not even worth trying. Better to leave theburglars a free hand than to even attempt a flawed security mechanism of this type.
Thursday, March 17, 2011
Anything that is in the world when you're born is normal and ordinary and is just a natural part of the way the world works. Anything that's invented between when you're fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it. Anything invented after you're thirty-five is against the natural order of things.
The scary thing is that things are starting to be against the natural order for me now.