Internet security is broken, and nobody seems to know quite how to fix it.
The commission's report catalogues incidents afflicting financial institutions, large corporations, and government agencies, including some first detailed publicly over the last year in various BusinessWeek articles. In an ominous note for the private sector, the commission notes that "senior representatives from the intelligence community told us they had conclusive evidence covertly obtained from foreign sources that U.S. companies have lost billions in intellectual property."
I take a lot of precautions, but these articles make me nervous about using the internet sometimes. The NY times article mentions a program to detect malware patterns (at http://www.bothunter.net/) which I may try out. I already use other anti-malware programs and I use Google Chrome for its security sandboxing. But it's a scary online world for us Windows users.
1 comments:
I generally find these sorts of articles to be alarmist and over the top. While it's certainly the case that there are very nasty things out there, to say that "internet security is broken" is wildly inaccurate.
The internet was not designed with security in mind. For that matter, the internet wasn't even very well designed for interaction with end-users. The internet was designed to show static content to completely unauthenticated users.
That having been said, very good security exists on top of this infrastructure. SSL, which is very commonly found on the internet and relatively easy to implement, is very good at securely getting information from your computer to the web site you think it's going to, without anyone being able to snoop on it or send it again as though it came from you.
Most of what these articles like to talk about are the gaffes companies make once the data gets to them, or the mistakes that end-users make with inputting their own data. Both of these are very hard for software to deal with. At some point in the process, a user with sensitive information is involved, and this is almost always the weakest link in the security chain.
Post a Comment