Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security in Ten Years

Posted by ScuttleMonkey on from the wild-world-of-conjecture dept.

Schneier has posted a conversation between himself and Marcus Ranum, Chief Security Officer for Tenable Network Security, Inc. looking at where security is headed. "[...] at a meta-level, the problems are going to stay the same. What's shocking and disappointing to me is that our responses to those problems also remain the same, in spite of the obvious fact that they aren't effective."

3 of 154 comments (clear)

  1. Software Freedom. by Erris · · Score: 5, Insightful

    Software Freedom is never mentioned. Instead the authors depressingly assume a complete triumph of ISPs and software owners. No wonder their outlook for "security" is so bleak. Real security comes from freedom. Every step away from freedom hands someone else a tool to hurt you. Their future is too bad to let happen and it won't because it will be too expensive.

    --
    DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
  2. Re:Creativity by Kadin2048 · · Score: 5, Interesting

    yeah wow so creative at cable box makers/companys have been trying the same nonsense for the better part of 10 years and look how well it's worked for them - it's spawned a legion of hackers all trying to out do each other at the speed they can create hacked cable cards. Yeah, and how many people do you know who have hacked cable boxes? I don't know any, and I have some pretty geeky friends.

    The point isn't what a few elites can do, it's what regular people can do. That's the benefit of technology, because it's what drives social change. (Incidentally, I think it's what a lot of geeks don't "get" sometimes.) History books will write about the Internet as a 1990s phenomenon, even though it existed long before, because only in the 1990s could most people use it. And it was only when lots of people started using it that it started to have effects that could be felt everywhere; that's when it started to change everything.

    Dismissive hand-waving about hackers misses the point: when you limit the number of people who can effectively use a technology to a small number of hackers or hobbyists, you hobble the technology and you sharply reduce the effect that it could have had.

    It's a pernicious problem because it's difficult to quantify the loss due to technology that the masses either never get, or never get in a form that's useful to them. How do you quantify the social benefits of a CableCard or DVR standard that doesn't suck royally? (The ability for everyone to do what I can do on a MythTV box: pause a program on one TV, walk away, and resume it from another one in a different part of the house an hour later?) It's not something that's easy to measure, but there's obviously some benefit there, even if it's not exactly a cure for cancer. Every time a company locks a product up and makes it difficult for a user to really take full advantage of its capabilities, we all lose a little. Or rather, we just fail to get something that we could have.
    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  3. My prediction... by Spy+der+Mann · · Score: 5, Funny

    In 10 years Windows will be over. There will be native Linux versions (still proprietary binaries) of Photoshop and productivity software, but a few people will see the newborn open source alternatives and try them out. Perhaps there will be price-fixing lawsuits against free software by proprietary software makers, and, in the worst case, patent lawsuits (depending on whether software patents are abolished by then or not).

    Most people will run old versions of Windows (probably XP SP3, maybe SP4 - or perhaps Windows 7, but Vista will be another WinME) or ReactOS 1.x (it'll be too early for 2.x) in a virtualized PC running Linux. Unixphobes will run ReactOS (around 60 to 70%) or Windows (the rest) natively. Probably Microsoft will retreat from the OS business and stick with consoles or Office software, and Google will absorb the MSN messenger network.

    I really hope that the Windows^H^H^H^H^H^H^H^HReactOS and similar OSs' security model will be revamped, with sandboxed registries and directories. Passwords will be asked for installations, unless software is ran by only one user.
    Botnets will be rarer (and therefore much more expensive to rent than they are now), but they'll still exist due to user stupidity ("this game needs to run with root privileges"). They'll run in Anonymous P2P nets.

    About Anonymous P2P, they'll be the norm for file sharing, but they'll be definitely banned by draconian governments - whether or not the US goes that way, is up to your imagination. Perhaps we'll see a struggle between anonymous P2P and content providers/law enforcement agencies, similar to what happened with Napster a few years ago.

    However, website security will face more or less the same problems we're facing now, due to negligence to patch existing webservers. Botnets and phishers will use infected servers to keep stealing identities, and let's not forget about inside jobs and "user account info gone missing". These will go on. Hackers will be government sponsored - to hack into other countries' machines. Buffer overflows will be the favorite vulnerability, while hacker websites will run in anonymous P2P networks.

    Let's put this post in a time capsule and see how well it fares in 2018.