Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

The myth of cyber-security

  • 08-04-2017 8:09pm
    #1
    Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭


    An English 'newspaper', The Economist, has an article this week on the illusion of cyber-security. http://www.economist.com/news/leaders/21720279-incentives-software-firms-take-security-seriously-are-too-weak-how-manage

    To me this implies that payment cards and everything else that relies on computer networks can't be relied on.

    Visa had a 3 day outage a week or so ago. Fortunately this did not affect the authorization system. But next time it could. And people could be left in RBS land which affected Ulster Bank last year.

    eg stuck at a hotel check-in in Casablanca with no ability to pay the bill, unless they had the local cash.

    I put up a test Drupal website a few weeks ago, with nothing more than a 'test page' and within a day it was getting hundreds of hits - from bots with 2743342xdeggge type names seeking to register. Presumably hoping to post links to other sites. The solution seems easy to me - prohibit comments. Equally I hate having to go through photo verification sites, as used by boards, going through pages of images to recognize cars or street signs.

    Anything to do with the internet is broken. And a working internet without comment facility largely defeats the purpose.


Comments

  • Registered Users, Registered Users 2 Posts: 1,835 ✭✭✭BoB_BoT


    Impetus wrote: »
    An English 'newspaper', The Economist, has an article this week on the illusion of cyber-security. http://www.economist.com/news/leaders/21720279-incentives-software-firms-take-security-seriously-are-too-weak-how-manage

    To me this implies that payment cards and everything else that relies on computer networks can't be relied on.

    Visa had a 3 day outage a week or so ago. Fortunately this did not affect the authorization system. But next time it could. And people could be left in RBS land which affected Ulster Bank last year.

    eg stuck at a hotel check-in in Casablanca with no ability to pay the bill, unless they had the local cash.

    I put up a test Drupal website a few weeks ago, with nothing more than a 'test page' and within a day it was getting hundreds of hits - from bots with 2743342xdeggge type names seeking to register. Presumably hoping to post links to other sites. The solution seems easy to me - prohibit comments. Equally I hate having to go through photo verification sites, as used by boards, going through pages of images to recognize cars or street signs.

    Anything to do with the internet is broken. And a working internet without comment facility largely defeats the purpose.

    And.....?

    The internet isn't broken, it can be abused, nothing new there.

    A wheel breaks on a wheelbarrow, by the above logic, all wheelbarrows are broken, lets just drag the box of bricks to where it needs to go instead.


  • Registered Users, Registered Users 2 Posts: 4,719 ✭✭✭Bacchus


    To boil this down... you think cyber-security is a myth because comments sections on websites are difficult to manage and VISA had an outage? Is that the point you're trying to make?

    If it is a myth, long may it continue... unemployment in cyber security is forecasted to remain at 0% over the next 5 years.

    To get to at what I think you are trying to say... technology is evolving at an incredible rate and the businesses driving that growth look at their money graph with arrows pointing up and plough on ahead. Then, in the aftermath there are the inevitable security vulnerabilities appear and you get outages and new attacks which require new defences and patches to be developed and deployed. And on and on it goes. Just look where we've gone in the last 5 years with Cloud and IoT. It's a whole new cyber world and it's ripe for exploitation. It doesn't mean anything is broken or that it's a myth, it just means that there is a race to keep security up with new technologies, markets and services.


  • Registered Users, Registered Users 2 Posts: 134 ✭✭ishotjr2


    I humbly suggest we are at the equivalent of the "Model-T" stage. That is the internet is at the equivalent stage of where the automotive industry was when the "Model-T" was released. The questions entrepreneurs & engineers have changed from how pervasive will the technology become to we need to be more secure, more user friendly. Hence the two most popular job sectors in development are security and UX. I keep thinking we are at equivalent stage where they decided to have starter keys, doors, metal roofs & better gear shifts. Like the explosion in REST APIs (OpenAPI) where we are saying it would be great if stuff worked together.

    I think many aspects of software/internet security needs vast improvement. Stepping back from it and seeing attacks like DDOS and Email Phishing are trivial. No to mention it is still possible in this day and age on modern operating systems to do trampolining. I regularly wonder what in 10, 20, 50 years time will engineers look back on and laugh at.


  • Registered Users, Registered Users 2 Posts: 4,188 ✭✭✭wil


    ishotjr2 wrote: »
    I humbly suggest we are at the equivalent of the "Model-T" stage. That is the internet is at the equivalent stage of where the automotive industry was when the "Model-T" was released. The questions entrepreneurs & engineers have changed from how pervasive will the technology become to we need to be more secure, more user friendly. Hence the two most popular job sectors in development are security and UX. I keep thinking we are at equivalent stage where they decided to have starter keys, doors, metal roofs & better gear shifts. Like the explosion in REST APIs (OpenAPI) where we are saying it would be great if stuff worked together.

    I think many aspects of software/internet security needs vast improvement. Stepping back from it and seeing attacks like DDOS and Email Phishing are trivial. No to mention it is still possible in this day and age on modern operating systems to do trampolining. I regularly wonder what in 10, 20, 50 years time will engineers look back on and laugh at.
    To follow the same analogy, we've built the car, paved the roads, made billions producing go faster stripes, detailing and valeting, but we've a long way to go on rules of the road, etiquette, driving licences, car tax, emissions and pollution, fines and penalties.


  • Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭Impetus


    Bacchus wrote: »
    To boil this down... you think cyber-security is a myth because comments sections on websites are difficult to manage and VISA had an outage? Is that the point you're trying to make?

    If it is a myth, long may it continue... unemployment in cyber security is forecasted to remain at 0% over the next 5 years.

    To get to at what I think you are trying to say... technology is evolving at an incredible rate and the businesses driving that growth look at their money graph with arrows pointing up and plough on ahead. Then, in the aftermath there are the inevitable security vulnerabilities appear and you get outages and new attacks which require new defences and patches to be developed and deployed. And on and on it goes. Just look where we've gone in the last 5 years with Cloud and IoT. It's a whole new cyber world and it's ripe for exploitation. It doesn't mean anything is broken or that it's a myth, it just means that there is a race to keep security up with new technologies, markets and services.

    Marketing-spiel for the IT security industry. If software developers were banned from using exclusion clauses in relation to product quality, we would have far fewer problems.

    eg In France, a doctor who messes up a diagnosis of an ill patient can find him/herself in prison for 10 years, under FR civil law. As a result French medical care is pretty good. Perhaps it leads to over use of medication - I don't know. But the service one gets from a French doctor/hospital (and medical care in most of the rest of Europe - where civil law is the norm) is 1000% better than one receives in Ireland or GB where common law prevails, where trolley queues are the norm and as we see today a system run in GB using obsolete operating systems. This has forced operations to be cancelled, and patients to be moved to other hospitals.

    Moving to another topic - if a newspaper libels somebody in a civil law country, the fine might be 20k or so. The police investigate and deal with the matter. In common law countries such as Ireland and GB rich entities can sue in libel cases for millions. Common law libel prevents full disclosure in newspapers and electronic media.

    The IT industry is absolving itself from behaving in a competent manner as a result of 'shrink wrap agreements' and their online equivalent.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭Impetus


    ishotjr2 wrote: »
    I humbly suggest we are at the equivalent of the "Model-T" stage. That is the internet is at the equivalent stage of where the automotive industry was when the "Model-T" was released. The questions entrepreneurs & engineers have changed from how pervasive will the technology become to we need to be more secure, more user friendly. Hence the two most popular job sectors in development are security and UX. I keep thinking we are at equivalent stage where they decided to have starter keys, doors, metal roofs & better gear shifts. Like the explosion in REST APIs (OpenAPI) where we are saying it would be great if stuff worked together.

    I think many aspects of software/internet security needs vast improvement. Stepping back from it and seeing attacks like DDOS and Email Phishing are trivial. No to mention it is still possible in this day and age on modern operating systems to do trampolining. I regularly wonder what in 10, 20, 50 years time will engineers look back on and laugh at.

    I pay for the latest updates to Windows/Office - because I have no choice - it is a monopoly, made in USA. Monopolies are illegal in the EU. Despite my diligent updating, the same bugs and inconsistencies appear in each version - aside from a few cosmetic changes.

    eg in Microsoft Excel - if you do a sort of a column, the Microsoft default keeps fighting you with 'small to large' even though in the last 99 cases of use of this software one has selected 'large to small'. The same applies to choice of folder (directory). I find myself constantly fighting with Microsoft software. If Microsoft was a German, French or Swiss company I have no doubt but that the software would look at the users' prior selections and default to those - until the user changed the selection.

    Companies such as Mercedes-Benz constantly search user needs to customize a vehicle to the needs of the user and the environment. eg if you sit in the car the seats and steering wheel and temperature move to the desired positions of you, and if somebody else drives the same car - they can store their preferences.

    Microsoft & cie and the security industry are the Trabant of the IT world. And the corrupt EU and co let them get away with it in monopoly mode.

    Ireland is trying to impose a license on computer users. Go fix the corrupt system first, and the people might consider paying you.

    Most things Anglo-Saxon or Oirish are semi third world in their design/operation. That is why the US and GB have a balance of payments deficit every year. IRL's balance of payments surplus is artificial.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    You love to have something to be outraged against dont ya Impetus.


  • Registered Users, Registered Users 2 Posts: 4,719 ✭✭✭Bacchus


    Impetus wrote: »
    Marketing-spiel for the IT security industry. If software developers were banned from using exclusion clauses in relation to product quality, we would have far fewer problems.

    eg In France, a doctor who messes up a diagnosis of an ill patient can find him/herself in prison for 10 years, under FR civil law. As a result French medical care is pretty good. Perhaps it leads to over use of medication - I don't know. But the service one gets from a French doctor/hospital (and medical care in most of the rest of Europe - where civil law is the norm) is 1000% better than one receives in Ireland or GB where common law prevails, where trolley queues are the norm and as we see today a system run in GB using obsolete operating systems. This has forced operations to be cancelled, and patients to be moved to other hospitals.

    Moving to another topic - if a newspaper libels somebody in a civil law country, the fine might be 20k or so. The police investigate and deal with the matter. In common law countries such as Ireland and GB rich entities can sue in libel cases for millions. Common law libel prevents full disclosure in newspapers and electronic media.

    The IT industry is absolving itself from behaving in a competent manner as a result of 'shrink wrap agreements' and their online equivalent.

    What the actual? What has any of that got to do with cyber-security? That looks like a whole lot of deflection and noise without actually responding to the topic.


  • Registered Users, Registered Users 2 Posts: 4,719 ✭✭✭Bacchus


    Impetus wrote: »
    I pay for the latest updates to Windows/Office - because I have no choice - it is a monopoly, made in USA. Monopolies are illegal in the EU. Despite my diligent updating, the same bugs and inconsistencies appear in each version - aside from a few cosmetic changes.

    Because the ONLY option is Microsoft :rolleyes:

    I do agree that there are elements of monopolization that exist between Microsoft, Google and Apple but there is choice available to you. Don't forget Linux options such as Ubuntu that are completely free.
    Impetus wrote: »
    eg in Microsoft Excel - if you do a sort of a column, the Microsoft default keeps fighting you with 'small to large' even though in the last 99 cases of use of this software one has selected 'large to small'. The same applies to choice of folder (directory). I find myself constantly fighting with Microsoft software. If Microsoft was a German, French or Swiss company I have no doubt but that the software would look at the users' prior selections and default to those - until the user changed the selection.

    Companies such as Mercedes-Benz constantly search user needs to customize a vehicle to the needs of the user and the environment. eg if you sit in the car the seats and steering wheel and temperature move to the desired positions of you, and if somebody else drives the same car - they can store their preferences.

    Microsoft & cie and the security industry are the Trabant of the IT world. And the corrupt EU and co let them get away with it in monopoly mode.

    Ireland is trying to impose a license on computer users. Go fix the corrupt system first, and the people might consider paying you.

    Most things Anglo-Saxon or Oirish are semi third world in their design/operation. That is why the US and GB have a balance of payments deficit every year. IRL's balance of payments surplus is artificial.

    Again what has any of this got to do with cyber-security and this supposed myth around its existence. Utter nonsense. What is your actual point? Is there one? Have you just simply moved on to some sort of IT monopoly rant?


  • Registered Users, Registered Users 2 Posts: 134 ✭✭ishotjr2


    Impetus wrote: »
    Marketing-spiel for the IT security industry. If software developers were banned from using exclusion clauses in relation to product quality, we would have far fewer problems.

    eg In France, a doctor who messes up a diagnosis of an ill patient can find him/herself in prison for 10 years, under FR civil law. As a result French medical care is pretty good. Perhaps it leads to over use of medication - I don't know. But the service one gets from a French doctor/hospital (and medical care in most of the rest of Europe - where civil law is the norm) is 1000% better than one receives in Ireland or GB where common law prevails, where trolley queues are the norm and as we see today a system run in GB using obsolete operating systems. This has forced operations to be cancelled, and patients to be moved to other hospitals.

    Moving to another topic - if a newspaper libels somebody in a civil law country, the fine might be 20k or so. The police investigate and deal with the matter. In common law countries such as Ireland and GB rich entities can sue in libel cases for millions. Common law libel prevents full disclosure in newspapers and electronic media.

    The IT industry is absolving itself from behaving in a competent manner as a result of 'shrink wrap agreements' and their online equivalent.


    The proliferation of bureaucracy and concise legal frameworks is a feature in maturing technologies. Understanding we are dealing with multiple technology adoption waves mainframe to PC, PC to internet, online commerce, wireless/3G, social media, cloud, the familiarity of contemporary societal norms or comforts establishment has not been prioritized above innovation.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 134 ✭✭ishotjr2


    Impetus wrote: »
    I pay for the latest updates to Windows/Office - because I have no choice - it is a monopoly, made in USA. Monopolies are illegal in the EU. Despite my diligent updating, the same bugs and inconsistencies appear in each version - aside from a few cosmetic changes.

    eg in Microsoft Excel - if you do a sort of a column, the Microsoft default keeps fighting you with 'small to large' even though in the last 99 cases of use of this software one has selected 'large to small'. The same applies to choice of folder (directory). I find myself constantly fighting with Microsoft software. If Microsoft was a German, French or Swiss company I have no doubt but that the software would look at the users' prior selections and default to those - until the user changed the selection.

    Companies such as Mercedes-Benz constantly search user needs to customize a vehicle to the needs of the user and the environment. eg if you sit in the car the seats and steering wheel and temperature move to the desired positions of you, and if somebody else drives the same car - they can store their preferences.

    Microsoft & cie and the security industry are the Trabant of the IT world. And the corrupt EU and co let them get away with it in monopoly mode.

    Ireland is trying to impose a license on computer users. Go fix the corrupt system first, and the people might consider paying you.

    Most things Anglo-Saxon or Oirish are semi third world in their design/operation. That is why the US and GB have a balance of payments deficit every year. IRL's balance of payments surplus is artificial.

    I think familiarizing yourself with less contemporary alternatives may enrich your perspective. To name three.

    https://www.linuxmint.com/
    https://www.freebsd.org/
    https://www.qubes-os.org/


  • Registered Users, Registered Users 2 Posts: 46 nate.drake


    I can tell you as someone who makes a living from cybersecurity, I'm never short of work.

    In any case if this is the way you truly feel, why waste your time in the 'Information Security' section of boards? :)


  • Registered Users, Registered Users 2 Posts: 4,719 ✭✭✭Bacchus


    nate.drake wrote: »
    I can tell you as someone who makes a living from cybersecurity, I'm never short of work.

    And it's not going to get any quieter either...

    https://www.schneier.com/blog/archives/2017/05/the_future_of_r.html


  • Registered Users, Registered Users 2 Posts: 46 nate.drake


    I remember the Samsung Smart Fridge being hacked - it came with Windows 10. I kept wondering if maybe it burst into your home, threw out your existing fridge and forced you to use it for food storage. :-)


  • Registered Users, Registered Users 2 Posts: 8,788 ✭✭✭Worztron


    The Internet Of Stings is a disaster waiting to happen. Poorly secured devices with severely outdated software.

    Mitch Hedberg: "Rice is great if you're really hungry and want to eat two thousand of something."



  • Registered Users, Registered Users 2 Posts: 2,974 ✭✭✭garra


    Impetus wrote: »
    An English 'newspaper', The Economist, has an article this week on the illusion of cyber-security. http://www.economist.com/news/leaders/21720279-incentives-software-firms-take-security-seriously-are-too-weak-how-manage

    To me this implies that payment cards and everything else that relies on computer networks can't be relied on.

    Visa had a 3 day outage a week or so ago. Fortunately this did not affect the authorization system. But next time it could. And people could be left in RBS land which affected Ulster Bank last year.

    eg stuck at a hotel check-in in Casablanca with no ability to pay the bill, unless they had the local cash.

    I put up a test Drupal website a few weeks ago, with nothing more than a 'test page' and within a day it was getting hundreds of hits - from bots with 2743342xdeggge type names seeking to register. Presumably hoping to post links to other sites. The solution seems easy to me - prohibit comments. Equally I hate having to go through photo verification sites, as used by boards, going through pages of images to recognize cars or street signs.

    Anything to do with the internet is broken. And a working internet without comment facility largely defeats the purpose.

    Legal compliance and security will always lag behind innovation in Western nations. There may be other regions of the world where 100% security, operability and compliance of distributed systems are prioritized ahead of user-desired innovation, but we cannot be sure as they have not agreed an SLA for their PSTN network.


Advertisement