Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Security: Where Do We Stand

Posted by Hemos on from the reviewing-the-situation dept.

buxton writes "The Economist is running an interesting story which overviews the current global situation on internet security in hackers, terrorism, worms & virii, Microsoft's 'monoculture', and a bunch of other interesting points. Some nice suggestions made by big names in the software industry have been included, such as creating more easily traceable methods of people (i.e. trying to eliminate online anonimity) as a method of preventing hackers. One suggestion which I thought was partictularly interesting involved a bounty system whereby a price would be put on 'hacker's heads', incentivating other hackers to go after them and bring them forward."

12 of 219 comments (clear)

  1. Anonimity necessary by Telex4 · · Score: 4, Insightful

    These ideas of eliminating online anonimity need to be offset against the benefits this anonimity brings. It has been a huge boon for political activists in countries with "overbearing" governments, for whistleblowers in all nations, and for all sorts of other reasons.

    To quote an article I wrote on this some time ago:

    "During the Kosovo conflict in 1999, a sixteen-year old ethnic Albanian girl, nicknamed "Adona", began an e-mail correspondence with a junior at Berkeley High School, America. She wrote of Serbian forces holding her village to ransom, killing journalists and community leaders, raping women, and finally of her friends and family deserting the village
    ...
    Because of the anarchistic, anonymous nature of the Internet, the Serbian authorities could do nothing to stop this flow of information between its citizens and the outside world, which meant that it could no longer censor all information. This not only gave the people of Kosovo who had some access to these Internet organisations hope and a sense of purpose during the conflict, but helped the international community better understand the circumstances in Kosovo during and after the conflict.
    "

    1. Re:Anonimity necessary by jkrise · · Score: 4, Insightful

      I think anonymity is used as a tool by so called 'security firms' to plead helplessness in detecting the source of security breaches. If Microsodft was really sincere in preventing security attacks on it's systems, it should've supporrted the earlier bill - not the present spammer-friendly version.

      In short, the problem is not the anonymity of these cyber-terrorists, it's the accountability-phobia of software firms, at the root cause of these breaches. If we had a law that a 'supplier' of software is bound to fix security breaches and vulns free of cost in his code, we'll suddenly see MS rewriting Windows from scratch for LongHorn.

      The current law is like an alsatian without teeth.

      -

      --
      If you keep throwing chairs, one day you'll break windows....
    2. Re:Anonimity necessary by lurvdrum · · Score: 5, Insightful

      Such a law would need to go further and make the software supplier liable for consequential losses incurred from using their software. THEN you would see Windows getting a proper rewrite.

  2. Don't no the right word to use? Make one up! by MrSelfDestruct · · Score: 4, Insightful

    "incentivating"

    --
    Some mornings it just doesn't seem worth it to gnaw through the leather straps. -- Emo Phillips
  3. Why don't we just implement more security? by Jerk+City+Troll · · Score: 5, Insightful
    One suggestion which I thought was partictularly interesting involved a bounty system whereby a price would be put on 'hacker's heads', incentivating other hackers to go after them and bring them forward.

    No clever ideas like this are, were, or ever will be a suitable substitute for implementing real security. People need to wake up and realize that "hackers" are successful because peole still prefer convenience above all else.

    For one, we still have this serious problem of people using software that is fundamentally insecure (Outlook, IE, ISS, Windows, etc). Nobody seems to be getting the point that Microsoft products fail utterly at meeting any of Microsoft's promises about security.

    Of course, I would venture that is not even the biggest problem. People refuse to use strong passwords (or at least change them regularly). Software is not kept updated on servers (I recognize that free and open software like Linux is insecure if you're behind the times). Services are kept wide open so that nobody has to go searching for access (think file shares). Nobody uses encryption (viruses and spam would cease if company mail servers required valid PGP signatures from employees on emails before they got delivered),

    There's so much that needs to be done. The above is hardly an exhaustive list (nor was I making an attempt to create one), but nobody seems interested in taking a crack at what really matters. Instead most seem to be more interested in silly ideas like "hacker bounties" which would be utterly ineffective against a group of people which do not seem to fear consequences for their actions.

    Cure the sickness; don't treat the symptoms.

    --
    Join Tor today!
  4. Eliminating online anonimity by pubjames · · Score: 4, Insightful


    Isn't eliminating online anonimity practically impossible? What about cybercafes, for instance? (Although not big in the USA, cybercafes are one of the main ways to access the internet in many poorer countries)

    Secondly, supposing you did manage it by imposing some kind of draconian laws i.e. you have to log on at all cybercafes with some universal ID. Then wouldn't identity theft become an even bigger problem - i.e. hackers would pinch other peoples identities to hack.

  5. Security will never be achieved by pvt_medic · · Score: 5, Insightful

    While total security will never be achieved, I feel that there are efforts that can be made to minimize the effects of hackers.

    The internet will never have total security. There will always be ways around any programing that was made. There will always be bugs, loop-holes, etc. We are not perfect in our ability to program, and subsequently are coding is not perfect.

    But with this being said that doesnt mean that we cant do anything to help protect ourselves. We can make effective practices of protecting systems by physical methods. If you dont want people to hack your system dont connect it up to the internet. While I know that those nuclear technicians love to surf the web while at work, but that doesnt have to be the same system that runs the reactor.

    Virus writers will always exist, just like music sharing, and ads. The key is just how you will negate their effects.

    --
    30% Troll, 50% Underrated, 10% Interesting
    Score:5, Troll
  6. Re:Anonimity versus security by droleary · · Score: 4, Insightful

    It is one or the other. It is impossible to increase security without reducing anonimity.

    Rubbish. Anonymity comes within a context. If you give all your friends keys to your apartment, that doesn't necessarily tell you which individual was nice enough to drop off your mail and water your plants while you were on vacation. Similarly, if you sent me a key in the mail, you will have extended your web of trust, but completely anonymously; neither you or your friends know who I am seen in your apartment.

    For example, there is not yet a possibility to only receive email from people that have revealed their identity with a trusted third party. I am affraid that is mainly a problem of legacy that a secure email protocol has not been deployed yet.

    I'd say you're wrong here, too. SPEWS and other blocklists are examples of exactly that kind of trust issues being applied to current mail systems.

  7. Babies and Bathwater by Anonymous Coward · · Score: 5, Insightful

    "I'm kind of a fan of eliminating anonymity," says Alan Nugent, the chief technologist at Novell, a software company, "if that is the price for security."

    On the surface, this is a sensible statement, but this is the kind of thinking which must be debunked at all costs. What is needed are systems which allow anonymity where it is valuable and eliminate it where it is not.

    Just as in the real world, we have the option of using our credit cards to buy groceries, and cash to buy or anti-government literature, the internet needs security where security is important and must still provide anonymity where users judge it to be important to them. To say it is impossible to provide both shows a failure of imagination on the part of the commentator.

    Enforcing security by exposing everybody to scrutiny denies us freedom. Don't let it happen. Chose the right to be an anonymous coward, if that's what your subject demands.

  8. Re:Cliches by AllUsernamesAreGone · · Score: 4, Insightful

    Actually, it will make the situation worse. think about it - right now you have a (fairly small) group of serious crackers who know that the best way to keep on doing what they do is to STFU and make sure nobody else finds out about them, and you have the much larger group of wannabes and s'kiddies who try to inflate their own ego by public boasts. Now, what happens when you put out a bounty? Well, the vocal one start to get caught or they learn to keep their gob shut. Some of them will stop and move to something else, but some will stay and increase the size of the silent cracker group... and before you know it you wind up in the same situation as modern medicine and antibiotics: your miracle cure has made the problem worse by encouraging the growth of resistant strains of cracker....

  9. Re:Hackers by pirhana · · Score: 4, Insightful

    >if 90% of the people use the terms "incorrectly", maybe you should reconsider your own views on what is correct and what is incorrect?

    Ofcourse not! Media can herd 90% of the people(or even more) in to thinking whatever they want. That doesnt mean that you should change your views to synchronize with it.

    --
    http://www.nasirudheen.blogspot/
  10. Re:How about we encourage people to use IPTables? by Maestro4k · · Score: 5, Insightful
    • Isn't teaching people how to defend themselves using free open source software better than talking about the best way to start up a posse? With just IPTables and SpamCop configured properly most of these security problems disappear.
    The problem is most people don't want to deal with OSS if that means using Linux. They want to be able to use most of the software that they can find in most stores, share it with friends, etc. As much as I like Linux, I use Windows XP on my main system because I prefer a lot of windows-based tools to linux-based ones. (And this includes free/shareware, not just commercial software.)

    Before someone says it, WINE isn't the answer, not yet anyway. I'm an expert user, and I have troubles with getting things to work under WINE, or at least things I _want_, not just things that will. This is the deal-breaker for your average joes, they won't deal with it.

    Besides, OSS software can be harder to secure right if you don't know what you're doing fully. I think the best approach all around is to hold companies responsible for glaring defeciences. If you have a bug/security hole found every once in a while it's one thing. When you have them found weekly, if not daily, and you have a closed-source product, then there's really no excuse for it.