Saturday, August 22, 2015

It's not the Snowden effect, either.

John Robb suspects that Edward Snowden is indirectly responsible for the continuing breakdown of "cyber security" because he's still alive, proving the US impotent. While I can understand the conclusion he's drawn, I believe he's quite wrong.

Snowden merely proved what many in the world already suspected... that the US is spying on everyone, all the time. The credibility of the US in terms of morals took a small hit, but there is a far larger supply of suppressed hypocrisy hidden all over the internet waiting to be tapped... it's just beginning.

The root cause of the wave of insecure computing isn't the users, or the internet, or evil hackers, or lack of "defense".  It is the continued use of a security model suitable for the 1970s University Computer Science department, in the age of always on worldwide networking. Back then you were worried about users doing the wrong thing, and the system was set up to protect itself from them, in a fairly straightforward way.

Unfortunately, to the contrary of the opinions of many a system administrator, the users really aren't the problem. It is squarely the fault of the operating systems that we all choose to use on a daily basis. They simply aren't designed to cope.

The ONLY effective solution is going to be to replace the operating systems we all use... which is going to be annoying, and cost a bit, but can definitely be accomplished.

When your operating system trusts every program you run, you have a problem.

No comments: