SwiftOnSecurity on cyber security

Swiftonsecurity is a twitter account with gems about easy to understand for non technical people. One example of such a gem can be found here. This is a transcribe of this tweet .

“Locks only keep an honest person honest”. We all know this is true, but don’t think much more beyond gradeschool wisdom. All our houses are designed with the implicit understanding that they present only a facade of security, a hurdle of trouble, to dissuade all but the most determined, and reckless. But why do cheap wooden doors prevent theft, when billion dollar company networks are ripe for plundering. Because the cheap wooden door requires a personal, physical investment to break down. It is risk.

Same thin with locks. A common side-hobby of computer security professions is lockpicking. Fully embracing the understanding that technical mechanisms can be defeated is a central understanding of the craft. All security can be broken. Every time they open that lock without the key, they hold in their hands to reminder that security is not about locks, it is about the social contract in what they everyone who sees it.

It is the social contract that is core. A door doesn’t stop a good kick. A lock doesn’t stop someone with a minute of time to pick it. What gives us true security is society’s incentive strcture against violating it.

This is all completely broken in cyber security

In cyber security, I can try to kick a door thousands of times, and probably no one will hear it. I can spend months on a lock used by millions of other people, and still no one will probably ever see me. Not only is risk to the attacker taken away, the actions are so abstracted that they get lost in the noise. They become invisible.

Its critical to communicate to the public why they’re vulnerable. Why the old assumptions don’t work. Why a cheap wooden door they never think about with a lock that can be picket with a BIC pen is good enough for their house. But a changing password and all the tech in the world isn’t enough for their online accounts.

That’s part one of the trifecta: Why nothing works like it should anymore.

 

“Ik heb niets te verbergen op internet”

Op dit moment is PRISM leak van Edward Snowden erg in het nieuws. De kritische mensen die zich bezig houden met privacy en internet waren niet echt verbaast dat het gebeurde, al waren ze wel wat verrast op welke schaal het gebeurt. Natuurlijk ontkent diverse partijen dat het niet zo erg is of dat alleen een specifieke ‘doelgroep’ word bespioneerd, maar in de praktijk denk ik dat iedereen wel van uit moet gaan dat ze het risico lopen om in de gaten gehouden worden.

De meeste mensen reageren onverschillig met “ik heb niks te verbergen”. Dit is wel heel onverschillige en zelfs gevaarlijke reactie en ik zal hier aangeven waarom iedereen wel wat te verbergen heeft. Continue reading