So much money are being poured into firewalls development and maintenance that other aspects of keeping data safe are suffering big time. He gave a concrete example. Some grocery chain in BC (was not specified) lost a great deal of customers' credit card info to some smart villain. The chain had good network security but the computer with all data was located in unprotected area. So instead of spending time in front of laptop, hacker contracted some drug addict for amount of $400 to break in and steal hard drive. Operation was success and grocery chain faced unpleasant reality to deal with army of not too happy customers.
The bottom line in Internet security though is that it is simply impossible to eliminate security risk completely - it can only be mitigated to a point. The best strategy here is to appear fortified enough so villains would move to softer targets. It is almost evolutionary thinking, a type of hi-tech Darwinism - survival of the fittest in security sense in the wild environment of cyberspace. It is kind of weird but hackers are the main driving force of that evolution. They are pretty valuable in that regard when looking at the big picture. They ensure progress.
Also, Microsoft highly recommends not to invent your own cryptographic algorithms. At least not for production use (they don't mind if you do that for fun). They want you to use the developed ones on the market. It is hard to argue with that statement. There is so much heavy duty math behind commercial cryptography nowadays one can spend years to learn just that. Programming cryptography implementation can be pain in the butt. But what can you do? Security and ease of use are opposite polars of any software development project. To serve both is like riding bicycle while joggling - some of us manage to do that but for a vanishingly short period of time.
No comments:
Post a Comment