Pages, some stolen, some original

Monday, March 1, 2021

Network Security

Our Digital Electronic World

Bruce Schneier has a post up today about the current abysmal state of computer security. He recommends more government to alleviate the problem. I doubt more government will fix the problem. It might make some improvements, but the cost for those improvements will be disportionately high.

What we need is a network protocol that would securely identify the machine you are communicating with. I liken it to the way we make phone calls. You dial a number and you are connected to another phone and another person. But is that person the one you want to talk to? You call your girlfriend Elsa and a deep, gruff voice answers 'Elsa here' and immediately you are going to suspect that that is not your girlfriend on the other end of the wire. Even if the voice is passable, any number of comments made during your conversation may indicate that you are not talking to the person you think you are.

This might be the problem all these network certificates are trying to address. However, that seems to be kind of haphazard. I've had security warnings popup on sites that I think should be up to date on the latest security stuff, but I've also seen them on obscure sites that no one but I ever visit.

Even if you can be sure of who you are talking to, there is no telling if they are still loyal or whether they have been corrupted by the dark lord and are simply faking their affection for you so they can steal all your secrets.

So, yeah, security is a problem and maybe a little government intervention is in order, because you can be sure that the dark lords who run the corporations that make our life easy (or are ruining the country, depending on the kind of glasses you are wearing) don't care a whit about anything but making money. A little carrot and stick action might be appropriate.

Acronym of the moment: SaaS - Software as a Service


No comments:

Post a Comment