The Evolution of security - Security & Cryptography
Users browsing this thread: 2 Guest(s)
|
|||
Hello *nixer,
I am going to post something that I posted on HF before and on my blog (which is more or less dead but has 12k views daily). I would like to have your opinion. Moreover, this is a subject that's interesting because it concerns philosophy and technology at the same time. Extract: Quote:Hello Dear blog followers, I'd like to add that this is purely guessing or trying to suppose for a near future. See ya! |
|||
|
|||
No-comments to your comment (LOL infinity loop!). It was suppose to provoke some reactions.
Thanks for replying. |
|||
|
|||
I think that there shouldn't be a permanent security protocol or technology. Or rather, can't be. At least not one implemented on a mass scale.
Perhaps in the future we will have super-duper advanced 'learning' security systems that could lengthen the time period between updating, or creating completely new security systems. According to my knowledge, many contemporary anti-virus softwares already have this type of paradigm implemented. It's, as always, just a matter of refactoring. On the topic of the increasing number of new digital devices to be created in the future becoming interlinked: All I can say is that it's going to be interesting. Many companies are already using existing technologies like Wifi and Bluetooth to link digital devices together. And if not through conventional means, they tend to make that 'extra connector accessory thingy' irrexchangable and exclusive to their closed-source designs. (My parents just bought a new 'Smart' television. When I opened the darn thing I couldn't even figure out where the internal memory unit was located. Heck, everything but the physical ports and the wires looked like Greek to me. Talk about exclusive, irrexchangable closed-source hardware!) As for hack-ability, I think that as everything gets simpler and more automated, the true hacker will be much more of a rare bird. When things 'just work', people don't have to think about how they work. I won't go as far to list the pros and cons of this development, but one can reasonably predict the repercussions. More easy/closed-source exclusive library based programming languages being used(ex. the ".Net" languages) + Moore's Law(hardware getting more awesome) = Less low/er level programming languages needed to be used Less low/er level programming languages needed to be used = Less lower level language programmers Less lower level language programmers = More less-educated programmers More less-educated programmers = Less hackers Less hackers = Less incidents of proprietary technology being teabagged/hacked And that just, well, sucks. :( As for the rest of your post: It's 1:14 in the morning, and I'm too darn tired to type anymore. Sorry. :( Mah eyes! Dey brun!!! It's all your fault.... :sniff: :sniff:
"Willful ignorance is a crime"
|
|||
|
|||
Thank you Dritz for your reply.
I also think that there's less real hackers because of the same reasons you mentioned. However, concerning security there will always be breaches and people trying to get into things that do not belong to them. These past year anti-viruses and IS are inefficient and not to mention all the 0-days that come out everyday. Like the old wizard once said: Extract from 1996, which is extremely true and will be until a major change. Quote:New viruses come out at the rate of about 8 per day now. NO scanner can This is really interesting! |
|||
|
|||
You always have to prepare for the worst case scenario so proactive measures are my preference.
* Redundantly mirrored backups performed often. * Public Key Encryption of all sensitive data. * Regular software updates. * Etc. Security cannot remain static, it must evolve with every addition to every system. The alternative is the loss of online anonymity. BSD is what you get when a bunch of Unix hackers sit down to try to port a Unix system to the PC.
Linux is what you get when a bunch of PC hackers sit down and try to write a Unix system for the PC. |
|||
|
|||
Glad that the **sec** guy reply to my thread!
The 3 things you mentioned are the best way to keep data safe. But, there's also ton of alternatives to it. Backup your important data and it will save you a lot of time. |
|||
|
|||
TBH, security is always dependent on the user later the programmer.. Like take for example Microsoft... It just tries to improve the looks and ease of use of a program for the user and so doesn't usually take into consideration the security factors. One more thing is, I remember seeing a graph about "Security to ease of use".. If you want something very secure, you have to know that you wont be getting the same ease while using that specific thing (a UNIX system probably), and if you want something easy to use, you wont get Secure applications/OS programmed (Windows). Now usually what people would do is just stay at the center of the graph.. Security + Ease of use.. So, there's reduced security which results into breaches. And truth is, laziness is the only thing that makes programmers code with both the things(Sec and Ease) rather that one..
Programmers are after all humans, and till the day humans are lazy, security will be overlooked and only ease of use will be taken into consideration... Btw, there are paranoids like us who least bother how easy something is to use... Its kinda late here and am quite sleepy so probably I might have messed up while typing.. |
|||
|
|||
It's 2015 and I'm bumping my thread.
Security is still a mess and even more than before with the "Internet Of Things". http://blog.kaspersky.com/internet-of-crappy-things/ Before writing that post there was no NSA breach, no nothing. Here we are 2015 wondering about what is going to happen next. |
|||
|
|||
Thanks for bumping this thread! Now that 3 years have passed, a few things have changed. People are way more concerned by privacy/security due to Snowden's declaration. And it's a huge step forward into security.
There are more and more auto-encrypted services, meant for the lambda end-user, like telegram, tor, alpine mails, tox, ... Encryption have never been so easy to use, you don't even need to know what PGP, RSA or AES is to have your messages encrypted, and feel secure. More and more services are now using the two-factor authentification too, which is way harder to break then the single old login/password auth system. But based on a few articles I've read recently, i think the biggest problem is not to secure ourselves. The problem lies in the fact that all your data is exposed to the world, and social engineering makes it fairly easy to break. The days where hackers used to brute force passwords or keys is now gone, and any encrypted data can now be considered "safe" (as long as you're not giving your private keys everywhere...). But as long as there will be data available online, there will always be people to hack their way to it, using social engineering, or lying to your service providers to request a new access. Your personnal/sensitive data should remain personnal or encrypted, and in this case, your private keys should not be available anywhere online. tl;dr if you don't want to see your data stolen, do not expose it. And never trust anyone, not even you. Edit: a few links http://www.thoughtcrime.org/blog/gpg-and-me/ http://swiftonsecurity.tumblr.com/post/9...ut-jessica http://www.theverge.com/a/anatomy-of-a-hack https://dirk.to/blog/2015/03/05/internet...urity.html |
|||
|
|||
Great thread!
|
|||
|
|||
Bumping with a very recent conference video by the author of the SET (Social Engineering Toolkit), Dave Kennedy:
Abstract: Quote:It seems that businesses are truly struggling with how to handle the threats we face as organizations when it comes to information security. From breach to breach, the techniques seem similar yet they completely rip through everything we’ve tried to protect against. As an industry, we’re fighting to define ourselves in a manner where we can actively combat the different demographics we see from attackers. This presentation will walk through what we face as organizations, both politically as well as an industry. Information security isn’t a technology problem – it’s a social issue. Until we recognize that, we will continue to see the continued breaches year after year as we continue to battle (and lose) the same types of attacks. There’s a lot of talk inside the industry on technical controls, products, adversarial simulation, and more for strengthening our defenses. These couldn’t be further away from what we really need to combat these types of attacks. This talk will also be demonstrating effective measures to combat some of the main techniques attackers use in order to attack an organization.link to video https://youtu.be/-XJiG2hA6zk |
|||
|
|||
My prediction was right. With the advancement of AI we're going to see that "self-morphing" intrusion-detection/antivirus happening soon.
Just take a look at what DARPA is working on Cyber Grand Challenge. I'm also preparing a very long post about this topic. |
|||
|
|||
(16-03-2016, 04:14 AM)venam Wrote: My prediction was right. With the advancement of AI we're going to see that "self-morphing" intrusion-detection/antivirus happening soon.i was just reading about CGC, very interesting stuff. |
|||
|
|||
Quote:My prediction was right. With the advancement of AI we're going to see that "self-morphing" intrusion-detection/antivirus happening soon.We will, and security will still be shit. Thanks humans. |
|||