Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Fri, Mar 23, 2001 at 08:31:49PM -0500, Derek D. Martin wrote: > On Fri, Mar 23, 2001 at 06:31:12PM -0500, Kenneth E. Lussier wrote: > > Schneier said it best when he said " Anyone who believes that > > reactionary security measures are sufficient is either ignorant, blind, > > or management". > > This is both humerous and well-said, but belies the real problem. Since I made this comment, and the rest of what I said had basically nothing to do with it, I ought to expound upon that... I didn't initially for somewhat of a lack of an explanation for what the problem *IS*. I'm having trouble putting the idea into words... But I'll give it a shot. The problem is not that management is stupid; they are NOT stupid. The problem is not that management is ignorant, or that users are ignorant, of the security issues involved with running a network, even though that may be true. This does, however, begin to touch upon the heart of the matter. The PROBLEM, as much as I can get my brain around it, and convey to you, is that technology is cool. No, seriously. We are all so impressed with ourselves, and our ability to create new and exciting stuff that didn't exist before we created it, that we're in WAY too much of a hurry to USE our cool new technology, before any real consideration is given to what the RAMIFICATIONS of using it are. This, I think, can be seen in lots of areas, especially in computer science and electrical engineering fields. But another example that comes to mind is the biotech industry. How long is that super-cool new flu vaccine tested before it's given out en masse? Do you, as the consumer of that flu vaccine, really have any idea that 5 years down the road, it won't cause you to become seriously ill and die? Is the risk worth avoiding a little cold? Similarly, is the risk of having every computer on the planet connected worth the benefits? How can you make an informed judgement about the answer to that question, if you do not fully understand what those risks are? Or if you don't even know that there are risks? And yet, millions of people have connected themselves to the Internet, oblivious to the possibilities of such evils as credit card fraud, personal record falsification, and identity theft, which are the most serious (and quite real) threats to average computer users that I can think of at the moment. Just because you CAN do something, doesn't mean you should. The TCP/IP protocols were not really designed with security in mind. Even if you practice "safe e-commerce" and only use sites that have strong SSL, you are still very much at risk. Were you one of the millions of credit card numbers stolen by Russian hackers? How would you even know? Now, before you label me a doomsdayer (if you haven't already), I'm not saying that we should never use all this cool technology that we're developing. I do think, however, that we need to be a little more conscious of how we use new technology, and what the likely outcomes of using that technology are. I think we need to question what the benefits and risks of using new technologies are, rather than simply accept on blind faith that those developing these new technologies have your well-being in mind, and wouldn't hurt a fly, as seems to be the prevailing attitude. I also think that those responsible for bringing us this new technology need to be more concientious about informing their customers what the risks are, and that we need to hold those technology companies responsible when their new baby goes horribly wrong. There's a lot more to this too, like the effects that this would have on the economy, etc... but it's too late to trouble my head with all that right now. :) -- Somebody set up us the bomb. All your base are belong to us. Take off every zig for great justice. --------------------------------------------------- Derek Martin | Unix/Linux geek ddm at pizzashack.org | GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |