News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Martin McKeay's picture
Martin McKeay

Security Matters

More posts | Read bio

May 9, 2006 - 1:00 P.M.

Is it really that bad? Probably

3 comments

I've been arguing that we're losing the battle against hackers for a while, but Noam Eppel argues that we, the security community, have already suffered a 'complete, unquestionable and total failure of information security'.  While I don't agree with the severity of the judgement that Noam puts forth in the article, I do agree that we are losing ground and are one major vulnerability away from an Internet meltdown. 

I disagree with the assumption that we, as security professionals, don't know the trouble we're in.  He uses the old urban legend of  "boiling frog syndrome" to illustrate how things are getting worse and no one is noticing.   Anyone who's been in security for long knows that the cybercriminals are innovating at an incredible rate.  All a hacker has to do is find a single new vulnerability.  Security professionals have to protect against every known vulnerability as well as anticipating new vulnerabilitiies.  We have to defend every system, all a cybercriminal has to do is find one vulnerable system.

What I wish Noam had done is offer up some possible fixes.  (Correction:  Noam will be offering up some solutions in a second article in the near future.)  But the problem is, there aren't any quick fixes.  The real solution to issues like spam and hackers would be to change the nature of the Internet to make these sort of attacks impossible.  Unluckily, no one can agree on the nature of the changes that would need to be made.  Everyone is, rightly, afraid that either the government or big business would take over the Internet in the process.  A good example is AOL's recent push to change the nature of email that comes through their systems.  And no one wants to hand the current open Internet structure to government to manage.

I think we know we're losing the battle against cybercriminals.  Our awareness of the issues is not the problem; it's the fact that we would need to make major changes to the Internet to do any real good.  And no one wants to make those changes.  We can feel the water tempature rising, but do we want to jump out of the water and into fire?

What People Are Saying

Add new comment

While I agree that changes

Submitted by Jay Burke on May 10, 2006 - 10:35 P.M.

While I agree that changes should be made; I also agree that the internet should not be turned over to gov't or big business because in the end it would be the people who could benefit the most who would most likely benefit the least.
I do not think at the moment there is any big solution to solve the risks associated with using technology. Just like there is no big solution to ensure safety when operating a vehicle. Cars are much safer today than they were in the beginning but bad things still happen; people still use them to do harm. However, through some gov't involvement, consumer demands, and business competition - vehicles continue to evolve and become safer. But there are still risks in using a vehicle and we take them everyday without a second thought or major outcry for change, well except for the price of gas depending on where you live in the world.
The same can be said for technology. It is a slow, multi-pronged approach involving many entities to continue to improve security. No one group can be held accountable for security, nor is there any one big change that will make technology safe - it is in the end up to all of us remain vigilant, aware, and educated.
I’ll ask you – How much does society lose in dollars each day due to car accidents or cars used in committing crimes or conduct illegal activities. Does that mean we shouldn’t use cars or turn over complete control to the gov’t and/or big business? Is it really that bad? It could be better… But it could be a lot worse.
I say we stop saying how bad it could be and focus on the many things we can do to make technology safer. There are things we can do today that are not hard; we just chose not to do them. We have to crawl, before we can walk and sometimes we have to fall before we learn to walk so we don’t fall.
It's really not that bad; except to the person or company currently picking themselves up from a fall - let's help them but that person or company is us at some point in life.

Report this comment

"What I wish Noam had done

Submitted by Anonymous on May 10, 2006 - 10:45 A.M.

"What I wish Noam had done is offer up some possible fixes."

The article mentions that Part Two will contain some possible fixes.

The author writes, "Part Two of this article will contain a list of what we must do to address our current failure. It will incorporate your comments and feedback."

Report this comment

I have to say that major

Submitted by Michael R. Farnum on May 9, 2006 - 5:47 P.M.

I have to say that major changes scare me too. But those changes definitely have to be made. One issue that you don't mention is the possibility that many of the organizations that provide security related products DON'T WANT it to change, and they are using their influence in some way to slow down major change. If there are major changes to the Internet, and we have much higher security, then what happens to their revenue stream? Many of those people are smart enough to change with it, but I would say that they see an ever-growing market right now. Maybe the conspiracy theorist is coming out in me, but I think it deserves to be looked at.

Report this comment

Related Posts

Google Dashboard: Convenient, useful, but no big deal
Web filtering internationally, part 1: China
The fobbit
Unlock/jailbreak new iPhone 3G software with #blackra1n app

Today's Top Stories

Droid launch draws tech-savvy crowd
AMD graphics chip shortage hits PC vendors
Android smartphone pioneer hits turbulence in Q3
Yahoo follows Google onto China's porn offense list
Intel readies 2.3GHz, 3.5GHz WiMax support with Kilmer Peak
First iPhone worm spreads Rick Astley wallpaper
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.