Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security in Ten Years

Posted by ScuttleMonkey on from the wild-world-of-conjecture dept.

Schneier has posted a conversation between himself and Marcus Ranum, Chief Security Officer for Tenable Network Security, Inc. looking at where security is headed. "[...] at a meta-level, the problems are going to stay the same. What's shocking and disappointing to me is that our responses to those problems also remain the same, in spite of the obvious fact that they aren't effective."

3 of 154 comments (clear)

  1. Re:Creativity by Kadin2048 · · Score: 5, Interesting

    yeah wow so creative at cable box makers/companys have been trying the same nonsense for the better part of 10 years and look how well it's worked for them - it's spawned a legion of hackers all trying to out do each other at the speed they can create hacked cable cards. Yeah, and how many people do you know who have hacked cable boxes? I don't know any, and I have some pretty geeky friends.

    The point isn't what a few elites can do, it's what regular people can do. That's the benefit of technology, because it's what drives social change. (Incidentally, I think it's what a lot of geeks don't "get" sometimes.) History books will write about the Internet as a 1990s phenomenon, even though it existed long before, because only in the 1990s could most people use it. And it was only when lots of people started using it that it started to have effects that could be felt everywhere; that's when it started to change everything.

    Dismissive hand-waving about hackers misses the point: when you limit the number of people who can effectively use a technology to a small number of hackers or hobbyists, you hobble the technology and you sharply reduce the effect that it could have had.

    It's a pernicious problem because it's difficult to quantify the loss due to technology that the masses either never get, or never get in a form that's useful to them. How do you quantify the social benefits of a CableCard or DVR standard that doesn't suck royally? (The ability for everyone to do what I can do on a MythTV box: pause a program on one TV, walk away, and resume it from another one in a different part of the house an hour later?) It's not something that's easy to measure, but there's obviously some benefit there, even if it's not exactly a cure for cancer. Every time a company locks a product up and makes it difficult for a user to really take full advantage of its capabilities, we all lose a little. Or rather, we just fail to get something that we could have.
    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  2. I said it before... by MichaelCrawford · · Score: 3, Interesting
    From I Don't Know What This New Internet Will Look Like, which began life as a Slashdot comment:

    ... but I am as confident as I am that the Sun will rise tomorrow that it will be safe from terrorists. After all, we have the children to think about.

    July 12, 2005

    Copyright © 2005 Michael David Crawford.

    This work is licensed under a Creative Commons Attribution-NoDerivs 2.5 License.

    It seems that David Clark, who led the development of the Internet way back in the '70's - did you know there even was a '70's? - wants to create a whole new Internet that will fix many of the problems the current Internet is plagued with. The New Internet's engineers will be much more careful this time around to make sure it works better than the first one did.

    I'm afraid, though, that the engineers are not the only ones who will be deciding how our New Internet will work.

    If one is able to find any privacy or anonymity in this New Internet, it will be because of some undiscovered security hole, which will be quickly repaired, rather than any kind of conscious design decision. Probably one reason they are accepting proposals before rolling it out is to avoid the sort of accidental security holes that enable pr0n, peer-to-peer filesharing and left-wing political activism.

    Microsoft, a leading contributor both to this nation's technology base and to the campaign coffers of its leaders, will embrace this new technology and extend it in such a way that the development and dissemination of Open Source software will be, if not mathematically and physically impossible, at least as intractible as factoring a 2048-bit public key.

    Imagine, if you will, Trusted Computing implemented at the router level, in such a way that any packets that go farther than one hop are certified not only to support protocols whose patent licenses are fully paid-up and on file with the legal department in Redmond, but whose content is compliant with the Windows standard. The faintest whisp of a Public License, GNU or otherwise, will result in the dropping not only of the individual packet, not only in the cancellation of the entire file transmission, but, within microseconds, the reporting of the physical location of the offending server to responsible law enforcement personnel. The identities of its rogue administrators will be fetched instantly from the database maintained by the Department of Homeland Security. (You will have to submit fingerprints and DNA samples to obtain a Windows server license, as after all, Internet servers can be used to disseminate explosives r

    --
    Request your free CD of my piano music.
  3. Security by KinakeM · · Score: 3, Interesting

    I admire Schneier for his work over all these years. I think everyone should... it's required reading for some of us ;-P

    I think what I most agree with is Schneier's contention that security is really about people or services. And therefore, the consequences of having poorly trained and educated people is in kind; regardless of how sophisticated or brilliant the math is. (SIDE: I cant stand the mathematicians. I am a physicist. We score more e.g. Schrodinger, Einstein, Feynman... were all pimps. Newton died a virgin. Turing was gay. Godel was emaciated and his wife just had to be cheating on him.)

    What bothers me most about a security craze is the trade-offs one has to accept. Kind of like laws in physics i.e. momentum and position or energy and time. In my opinion, it looks like functionality and security are the two factors we need to juggle. But with the service-side being pushed, it's apparent how much functionality is really strained with more than just security but also competence. You all know this anytime you try to get support.

    Anyhow, just putting in my two cents. Cheap as it is. I understand that the mark of our civilization as commonly encountered is all this technology, but I am starting to get the feeling that maybe all the technological progress is so short-sighted because we just are not capable of being civilized. Therefore... we get these half-measures, "band-aids" and "patches."

    --
    All science is either physics or stamp-collecting.