The Futility of Secrets
|
|
Crickets and Termites
All software has bugs. Some are obvious-I call these crickets. Even when you don't see them, you hear them. Some are very hard to detect and don't surface for years. I call these termites. Just as Carol and I tune out the crickets living outside our bedroom window when we turn in for the night, most people work around the obvious bugs in their software. Windows crashes, you reboot. I'm very careful typing the letter 'A,' because some knucklehead years ago defined the control sequence 'Control-A' as 'select everything in the current document,' and the Ctrl key is right next to the A key. One clumsy finger can bridge them and press them both. Select the whole document, and the next key you type destroys it. (Try it! At least, try it if you have an 'Undo' option in your menu…)
The innocuous nature of crickets can make us a little blasé about bugs in general, so when the termites surface in a piece of software, we don't always pay attention. There is a whole class of network security bugs in modern software that have been with us for many years, and mostly ignored. These 'buffer overflow' bugs come from careless use of programming languages like C. They are common because they usually don't cause problems-and also (if you'll allow me an opinion) because programmers are rarely fired for writing buggy code, and software companies can't be sued for selling it. Unfortunately, what we took to be crickets became termites once hackers discovered that overflowing certain buffers on purpose could give them control of the entire computer.
Eek! Who'd have thought it? (Alas, one can't spray for careless programmers the way one can for termites.)
Several years after the Wi-Fi standard was first implemented, a family of really obnoxious bugs was discovered in Wi-Fi's poor beleaguered security mechanism, WEP. Suddenly, WEP couldn't be trusted anymore. With tens of millions of Wi-Fi access points out there, fixing bugs in WEP isn't easy. In the near future (with some luck) new security features will be added to the Wi-Fi standard. Will there be bugs? Of course. Will these be crickets or termites? We won't know until we're there. And until that time, trusting Wi-Fi security will remain a touchy proposition.
|
|
EAN: 2147483647
Pages: 181
- The Second Wave ERP Market: An Australian Viewpoint
- The Effects of an Enterprise Resource Planning System (ERP) Implementation on Job Characteristics – A Study using the Hackman and Oldham Job Characteristics Model
- Distributed Data Warehouse for Geo-spatial Services
- Data Mining for Business Process Reengineering
- Relevance and Micro-Relevance for the Professional as Determinants of IT-Diffusion and IT-Use in Healthcare
- Telecommunications and Network Security
- Business Continuity Planning and Disaster Recovery Planning
- Legal, Regulations, Compliance, and Investigations
- Appendix D The Information System Security Engineering Professional (ISSEP) Certification
- Appendix E The Information System Security Management Professional (ISSMP) Certification