Usability and security are not at loggerheads. I mean, take for example recompiling the whole of Windows again with a compiler that magically fixes buffer overflows.
That would considerably raise the security of the entire internet.
The consider the fact that the role that most people want to use their computers for like Word Processing Games, Web Browser, E-mail, Music etc.. don't require the administrator privileges to be useful then the real problem becomes apparent.
I have a windows box down stairs that is highly usable for my customers (my family) yet is highly internet hardened without any great loss in functionality..
Windows insecurity is a configuration problem as much as it's it's also a bad software development problem.
The bad guys are becoming a corporate force (due to the requirement for Spam Bots)..
Now we have a choice of making security testing products that might be used by the bad guys to break into other people's networks or we can let the bad guys develop these tools anyway and leave ourselves with a harder job in testing security.
quote [
but who's to say offhand that Triple-DES or
AES are better than Blowfish or plain DES ]
No-one does. There is no proof that for any algorithms we've thought up yet that there isn't a way to recover the encrypted text faster than brute force.
It is possible DES is more secure than AES or Blowfish.. we just don't know..
So like most things business, it's a risk management issue. The chances are that encryption is your strongest link. You need to insure you've got your weaker links covered: namely, the two primary points being the users and the OS.
Computer security sucks.. yes.. but that's a risk of doing business.. and most of us have our jobs because that risk pays off:)
I'm not all that worried about faking..
Security is as strong as the weakest link.. all we have to worry about is making faking harding than breaking the system some other way.
I mean, what if it costs $50 to forge a single biometric but it only costs $20 to bribe the person who makes the real thing to create a card that gives you access to their account?
Slashdot Mirror
"The internet often breeds individuation and solipsism" Yes.. let's blame the internet for every social evil! Si.
Usability and security are not at loggerheads.
I mean, take for example recompiling the whole of Windows again with a compiler that magically fixes buffer overflows.
That would considerably raise the security of the entire internet.
The consider the fact that the role that most people want to use their computers for like Word Processing Games, Web Browser, E-mail, Music etc.. don't require the administrator privileges to be useful then the real problem becomes apparent.
I have a windows box down stairs that is highly usable for my customers (my family) yet is highly internet hardened without any great loss in functionality..
Windows insecurity is a configuration problem as much as it's it's also a bad software development problem.
Simon.
If it works for that it'd be well cool and would give speeds close to a wired network...
Simon.
The bad guys are becoming a corporate force (due to the requirement for Spam Bots)..
Now we have a choice of making security testing products that might be used by the bad guys to break into other people's networks or we can let the bad guys develop these tools anyway and leave ourselves with a harder job in testing security.
I think the tradeoff is worth it.
Simon.
quote
:)
[
but who's to say offhand that Triple-DES or
AES are better than Blowfish or plain DES
]
No-one does. There is no proof that for any algorithms we've thought up yet that there isn't a way to recover the encrypted text faster than brute force.
It is possible DES is more secure than AES or Blowfish.. we just don't know..
So like most things business, it's a risk management issue. The chances are that encryption is your strongest link. You need to insure you've got your weaker links covered: namely, the two primary points being the users and the OS.
Computer security sucks.. yes.. but that's a risk of doing business.. and most of us have our jobs because that risk pays off
Simon.
I'm not all that worried about faking.. Security is as strong as the weakest link.. all we have to worry about is making faking harding than breaking the system some other way.
I mean, what if it costs $50 to forge a single biometric but it only costs $20 to bribe the person who makes the real thing to create a card that gives you access to their account?
Simon.