How Developers Can Rebuild Trust On the Internet 65
snydeq writes: Public keys, trusted hardware, block chains — InfoWorld's Peter Wayner discusses tech tools developers should be investigating to help secure the Internet for all. 'The Internet is a pit of epistemological chaos. As Peter Steiner posited — and millions of chuckles peer-reviewed — in his famous New Yorker cartoon, there's no way to know if you're swapping packets with a dog or the bank that claims to safeguard your money,' Wayner writes. 'We may not be able to wave a wand and make the Internet perfect, but we can certainly add features to improve trust on the Internet. To that end, we offer the following nine ideas for bolstering a stronger sense of assurance that our data, privacy, and communications are secure.'
Easy trumps security (Score:5, Interesting)
As long as "easy" takes precedence, the internet will never be secure. It is absolutely impossible to have security between 2 parties when a 3rd is involved (CA's). It was done that way because it allows people who don't know anything to have SOME trust. But if there are people involved trust will be broken. 2 party authentication is the only way to solve the problems. If people don't know how to get secure credentials between themselves and another party then maybe they need the internet that still has training wheels and padded helmets.
Re: (Score:2)
>As long as "easy" takes precedence,
Heck, getting it to work in the first place takes precedence over both. There are so many chunks of code were written in the fashion of "This should work, but it doesn't so I'll do it this wrong insecure fashion. 10 hours of messing around and it still doesn't work in the secure fashion, and gets put on the back burner. A year later someone else looks at the code and the original guy goes "oh crap, I forgot about that".
Re: (Score:3)
I'm afraid that the appearance of working is all that people really care about.
You can sell "pretty" over functional any day, and "quick" over both, with "cheap" trumping all.
Developers cannot fix this. Not unless they get far more organized than they are now. As long as developers do what management tells them and management's values are as previously described, insecurity and unreliability are going to be the hallmarks of software.
And unreliable software is almost guaranteed to be insecure, so kiss all yo
Re: (Score:2)
I think that this is an area where open source software can do better though. If you or I find problem
Re: (Score:2)
It's a vicious cycle though, because on the other end you have users that don't really care about security or taking the time to educate themselves to use technology responsibly. Management could push having a robust and secure product, but by the time its built, someone else will have grabbed most of the market or the market will have changed enough that your product has no where near as much potential.
A popular myth that justifies being hasty and sloppy.
Which product defined the PDA? Apple's Newton or the later-arriving and more realistically-designed (for the limitations of the day) Palm Pilot?
How about tablets? Microsoft was doing a tablet years before Apple.
Anyone remember those big-name forums that predated Facebook? I don't.
If you are lucky, being first-to-market will gain you some income, but somebody better can come along and sink you like a stone. You'll get some nice cash for a short period, the
Re: (Score:2)
Why do you hate America?
The point of for-profit capitalist companies is to make profit. You make more profit by reducing your costs and increasing your revenue. Building more-secure software increases costs and has no straight-line effect on revenues. Simply put, there's no market value in making secure products, because your average m
Re: (Score:1)
Re: (Score:2)
The trouble is, as I've also stated below, that it's very hard (read: expensive) to have both. Try to implement two-factor authentication and listen to your users howl. Require the use of a VPN in a corporate environment and listen to your CEO threaten you with termination if you don't make an exception for him. Make PGP keys available and watch nobody at all use the service. Require passwords to be updated every 90 days and prepare for your help desk to
Re: (Score:1)
1. Stop trying to grab every last scrap of information from your 'user'. Stick with only what you actually need to provide the service.
2. Stop routing all the data through your servers. Keep it on the user's cell phone.
Re: (Score:1)
Uploading the data to your company's server so you can sell the data is entirely different from backing up the data to iCloud.
Hell, Fitbit doesn't work with HealthKit because...they demand that you pay them EXTRA to gain access to your raw data.
Re: (Score:2)
No. Secure, convenient: pick one.
It's not impossible to have both, just extremely expensive. Since there's no perceived benefit to improved security, and doing something (anything) is a pain in the ass, that money will not be spent.
Re: (Score:3)
Our current methods of using encryption are so broken than when encryption break, it breaks all the underlying layers too. Heartbleed for example.
Re: (Score:3)
Well, actually, it's the old thing. SSL is broken. You're supposed to be using TLS.
Re:Public keys, trusted hardware, block chains (Score:4, Insightful)
The way the economy is going, I agree that we need to create more jobs. But if those jobs blow, nobody will want them.
How developers can lock down the internet. (Score:1)
Seriously, most of the problem is education. Encryption and not doing stupid things is the key. That and preventing users from booting Linux.
Re: (Score:2)
Seriously, most of the problem is education. Encryption and not doing stupid things is the key. That and preventing users from NOTbooting Linux.
There fixed that for you.
Seriously, Mac and Windows are far more security issues than even the most lax Linux distro.
And homogenous environments, while in some ways easier to manage, are also a security nightmare simply because at attack at one point will equally work at another. In this respect, Linux is awesome - just mix up the hardware (PPC, x86-64, ARM, MIPS, Power, etc) between everything; you can keep a user homogenous environment while creating a very heterogeneous environment for attackers. N
Re: (Score:2)
"That and preventing users from NOTbooting Linux."
Oh, they mean the users trust.
UK Government will oppose it (Score:2)
Re:UK Government will oppose it (Score:5, Funny)
With all the "Think of the terrorists" and "Think of the children" crap we keep reading about, how about launching "Think of the terrorist children"? That'll throw a wrench into their insane ideas.
Re: (Score:2)
Every day we have stories about children travelling to the Middle East to be child brides to terrorists. Just think of the orgasms news editors get from this one! (Sorry).
Re: (Score:2)
I can't tell if this is parody or not.
Re: (Score:3)
So, you want open source software everywhere...
But a lot of open source projects don't "belong" to any company.
So ban handheld video games (Score:2)
Ban closed source software on portable devices, ie. devices that someone may carry near other people without their decision.
You do know this would ban Game & Watch, Game Boy, Game Gear, Lynx, Nintendo DS, PSP, and PlayStation Vita, right? Or do you believe handheld video games ought never to have existed?
Nada (Score:5, Funny)
Sorry, we're too busy training our replacements. Perhaps they can help you....
Stop trusting third parties? (Score:3)
As much as Google, Microsoft, Apple, Facebook and everyone using the word "cloud" would like to convince you otherwise, you're handing over your data to third parties who you really got no control over how they'll use or secure your data. Or if they in turn have been compromised by hackers or the NSA or whatever. While there's certainly a few issues with direct communication too like how do you exchange keys safely they're much more limited in scope. But my impression is it's not about "How can we secure data?" it's "How can we still make you put all your data online in a post-Snowden world?" because that's how they make money...
ball-bearings, tire spikes, sand, and debris (Score:4, Interesting)
I'm becoming more and more disappointed with my techie breathren for things like this. No part of life is anywhere near as safe, or secure, as the current internet already is.
And yet, we trust all of it, every day, with things far more precious than our communication and finances.
We even trust these things despite countless and routine and frequent demonstrations of catastrophic failures.
We have political systems that squander money on a global level. And yet, we still elect leaders through campaigns of obvious horse-shit. Alex ran for student-body president 20 years ago on the basis of getting rid of homework.
We also have roads. We have highways where anyone from across the planet can show up, 'accidentally' drop sand and ball bearings and tire spikes and chunks of metal.
There is NOTHING that stops my car from flying off the highway at 140kph and falling 2'000 feet off the mountain.
But good news! There is something stopping my car from slamming into an on-coming car -- at an impart speed of 280 kph, by the way -- there's a two-inch strip of yellow paint; sometimes two.
And, as discussed earlier, every single day there're another many traffic collisions. And every single day, multiple people die in those collisions. It's so continuous, that the city actually pays for tow-trucks to sit at the edge of the highway in order to clear away accidents that much faster.
So, my e-mails to my grandmother, and to my clients, my banking transactions and my phone bills, while all important, pale in comparison to the vitality of the many other things in my life.
Oh yeah, and my front door, to my house, where I keep virtually all of my stuff, every one of my posessions, and many of my loved-ones -- some not able to protect themselves from a flood, let alone an intruder -- is protected by a very-easy-to-pick lock. Which wouldn't benefit from sophistimication because next to the door, is a big glass window.
Oh yeah, and the alarm wouldn't cause police to show for about 10 minutes anyway. Oh yeah, and the house is mostly wood.
Oh yeah, and my beautiful grass lawn, can be totally destroyed by anyone casually dropping a handful of dandilion seeds.
Nothing we do is secured for trust. That's what the word trust actually means, by the way -- if things were proven secure, you wouldn't be trusting them.
The internet is good enough as-is. Try focusing on the roads please. How about we trust hospitals to not screw up during surgery. How about we work on having enough water next year, or food during droughts, or maybe we could work on not killing people with military super-powers.
These techies are stuck in the wrong rut. They (we) were supposed to be using technology -- like the internet -- as tools to solve real-life problems. This article discusses uses tools to solve problems with other tools. That doesn't help anything.
Scratch that. Improving the security of tools does do one very significant thing. It's called one-upmanship, and it creates better criminals.
Solve the global food problem. Not because people far away from me are starving -- I'm not responsible for them, I've got my own problems. Solve the global food problem so that I don't need to have my yummy cooking show show me a gorgeous sizzling steak, and then break to commercial to see starving children in africa, who've been starving for fifty years now. It does nothing more than to put me off my dinner, and ruin the cooking show..
Re: (Score:2)
Hey, keep your sane thinking to yourself. This is the Internet, buddy!
Re: (Score:2)
Coward.
Doorknob (Score:2)
People have their lives stolen. It's not the same as dying but it's serious.
Re: (Score:1)
Developer signatures (Score:3)
Publish a list of all developers who worked on a project, those who signed off on its security, and those who refused to sign off on its security. Also the names of anyone who has authority over the developers.
Re: (Score:1)
Ah man, I wish I wasn't such a coward about sharing my name on the internets, because this should be modded up to nose bleed levels.
Done is better than perfect, right? Make management happy and get a nice bonus/stock options and screw the customers.
I've been the IT Ops manager telling the developers that they have vulnerable code facing the public, even going so far once as to show the dev manager a post on a script kiddie website about our servers being open to SQL injection, and begging for a fix, and I'
The Nine Things (Score:3)
Here are "the nine ideas [for securing] our data, privacy, and communications"
(for those of us too lazy to RTFA)
Details on what each of those thing actually MEAN are in TFA, of course
Re: (Score:3)
The repeated references to block chains and Merkle trees sound like someone has read the description of the Bitcoin protocol, is using the primitives described therein as a hammer, and sees Internet security as a nail. I'll explain some of them:
"Add public keys to major services" means give people a means to publish PGP keys through services that most end users already trust.
"Expanded trusted hardware" means personal handheld HSMs (hardware security modules).
"Add Merkle trees to the file system" means file
Re: (Score:2)
- Add public keys to major services
Public Key doesn't really get you much. Theoretically it means you're using a Certificate Authority (CA) to validate both sides; however, a centralized CA is still vulnerable and problematic. A Web-of-Trust system is harder to manage but can be more secure. In both cases everyone has to implement best practices and keep good key sets, which is often not the case.
With PGP/GPG people tend to keep relatively short life-spans on their keys, even then that can be between 1 and 5 years. Still, this is better t
Can I have another option? (Score:3)
there's no way to know if you're swapping packets with a dog or the bank that claims to safeguard your money
Those are my choices? I'm going with the dog.
Security (Score:3, Informative)
Give me, your customer, a unique, self-signed cert.
Let me, your customer, give you a unique, self-signed cert.
Let us both agree not to trust any party claiming to represent either of us without first encrypting communication with those respective certificates.
Let us both agree to a secure method for updating certificates that doesn't rely on any 3rd party or the internet. Perhaps we could meet in person at some sort of structure designed for the officiating of such business.
DONE.
Certs work if you cut out the governments and "trusted" root authorities by SELF-SIGNING, and NEVER perform initial certificate exchange over the very channel you cannot trust. Everything is encrypted and no one can fuck with it without compromising BOTH keys or breaking the encryption algorithm altogether.
Yes, this is less convenient. Yes, you have to maintain unique certs for every account. Yes, it's worth it.
Travel industry (Score:2)
Perhaps we could meet in person at some sort of structure designed for the officiating of such business.
So if you're buying from a business in another city or another country, perhaps you'd prefer to pay the travel industry to be your intermediary. Long-distance travel has always been the limiting factor of key-signing parties.
Re: (Score:1)
If the cost of securing communication isn't worth a trip, then that's your issue.
Regular mail, land lines, and trusted (and legally accountable) services (escrow, lawyers, etc.) can be an intermediary if you so choose.
Re: (Score:2)
Yes, this is less convenient. Yes, you have to maintain unique certs for every account.
Less convenient, but it could still be fantastically convenient now that everyone is carrying a pocket computer.
1. Walk into your bank.
2. Take out your phone.
3. Take a picture of the QR code of your bank's public key that's posted next to every teller window, using key management software designed for the purpose.
4. Show your phone to the teller, which is now displaying your personal public key.
5. Teller performs a similar process with a bank camera, along with verifying your identity to the bank's satisfac
We need to make it more complicated (Score:2)
Add lots and lots more features. Lots of redundant crap. Make it so complex that the hackers will never be able to figure it out. (That appears to be the current strategy.)
Secure Remote Password (Score:2)
One technology that kills Phishing attacks is SRP
https://en.wikipedia.org/wiki/... [wikipedia.org]
It does not rely on the PKI mess. But we will never see it because there is no money in it.
Some of the list (Score:2)
The security services just use their own or find others or find the users.
2. Build better random number generators
Yet strange limits seem to be added to many public and private crypto like products efforts every decade. From banking to what shipped with personal computers.
3. Expand trusted hardware
That gets found and upgraded during while in the safe hands of the trusted global postage or delivery services. (supply-chain interdiction/Tailored Access Operations
Fingerprint (Score:2)
Why can I not go to the local branch of my bank and verify the fingerprint of the certificate used for its online banking website?
96:4F:59:F0:D9:3E:DE:00:4F:76:50:5B:33:17:CB:11:4C:65:F4:6B:92:F3:CF:49:4F:6F:1E:2E:FF:AF:35:6D
That way I know for sure I am not asking a dog to transfer my money. Unless of course the dog's pawprint matches the fingerprint of the certificate.
Re: (Score:2)
You might want to get out a bit more, sonny.
Can't be done (Score:1)