Re: No .1 Security Problem in the World

From: Ali-Reza Anghaie (usenet.ali@packetknife.com)
Date: 06/24/02

  • Next message: Jem Berkes: "Re: No .1 Security Problem in the World" 

    From: Ali-Reza Anghaie <usenet.ali@packetknife.com>
Date: Mon, 24 Jun 2002 15:12:33 -0400

    Mr Unza wrote:
    > I'm interested to know from people that consider themselve security
    > experts, what they consider to be the most important Problems in the
    > realm of Computer Security. What is the most crucial area that needs
    > to be addressed? Do you think there is one (software) solution that
    > can be made (theoretically) but is a practical impossibility?

    People. No matter what else we do, we'll be the weakest link. A favorite
    quote of mine is:

    Humans are incapable of securely storing high-quality cryptographic
    keys, and they have unacceptable speed and accuracy when performing
    cryptographic operations. (They are also large, expensive to
    maintain, difficult to manage, and they pollute the environment.)
    -- 'Network Security', Kaufman, Perlman, and Speciner

    We write secure software, or produce languages that make it hard not too...
    we secure facilities, biometrics, armed guards, force three-factor
    authentication, and flog you publically when you screw up...

    Still.... 'Johny I Don't Care' will just print out the design plans of the
    next uber-Jet and leave them in his trunk. 'Max SysAdmin' will fall for the
    beautiful girl from <insert_enemy_country_here>. ;-)

    ~Something~ will always happen. We're the weakest link.

    Besides humans? I think Computer Engineering as a whole still has a lot of
    poor practices. Software Engineering (or lack there-of) having gaping holes
    resulting (IMO) from lack of accountability (in some ~reasonable~ fashion).

    Cheers, -Ali 

    -- 
OpenPGP Key: 030E44E6
--
By the time they had diminished from 50 to 8, the other dwarves
began to suspect 'Hungry'... -- 'The Far Side', Gary Larson

    Relevant Pages

    • Re: Ten least secure programs
      ... it's probably better you leave the topic alone ... I said I do not have security issues with the programs I code. ... I didn't realize you were a Linux user, ... > the most widely used and secure UNIX flavors? ...
      (Security-Basics)
    • "An Asp.Net accident waiting to happen" - Draft article
      ... In a time where Security ... in shared hosting environments. ... technologies that allow the creation and deployment of secure ... IIS 6 web server and windows 2003 also provide some tools to deploy ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • RE: Why Easy To Use Software Is Putting You At Risk
      ... I do agree that the additions and changes to Solarius will make it more secure and that this is good. ... Why Easy To Use Software Is Putting You At Risk ... instead I would say that the view that security is ... Four Construction Workers Died after Crane Collapse in Toledo, ...
      (Security-Basics)
    • Why Easy To Use Software Is Putting You At Risk
      ... Anyone who has been working with computers for a long time will have noticed ... because DNS does not configure properly or security permissions are relaxed ... Is It Also Secure ... guarantee that no one really knows for sure, not even Microsoft developers. ...
      (Security-Basics)
    • RE: Why Easy To Use Software Is Putting You At Risk
      ... making the base product more secure. ... instead I would say that the view that security is ... Cost and Accounting. ... Four Construction Workers Died after Crane Collapse in Toledo, ...
      (Security-Basics)