[WEB SECURITY] RE: How to stop hackers at the root cause

[jeremiah at inertialbit.net (Jeremiah Heller)]

On Apr 14, 2010, at 11:19 AM, Wall, Kevin wrote:

> Jeremiah Heller writes...
>
> > do security professionals really want to wipe hacking
> > activity from the planet? sounds like poor job security to me.
>
> Even though I've been involved in software security for the
> past dozen years or so, I still think this is a laudable goal,
> albeit a completely unrealistic one. I for one, would be completely
> happy to go back to software development / systems programming if
> all the security issues completely disappeared. But unfortunately,
> I don't think we ever have to worry about this happening.

Indeed, I'm in the happy position of developing with an eye on security. Without the excellent work done by the 'good 
hackers' (and 'bad' alike, come to that) I have no doubt my job would be much more difficult. My comment was more 
playful than thoughtful but it is an interesting paradox... for any job. Luckily there's a lot left to learn!

> > the drive for survival seems key. i think that when the
> > survival of many is perceived as threatened, then 'bad
> > hacking' will be addressed on a scale which will contain it
> > to the point that slavery is contained today... after all
> > don't hackers simply 'enslave' other computers? j/k
>
> And of course, that is a good thing. After all, once the
> first sentient AI takes control of all the world's computers
> to subjugate all humanity, we have to have a way to fight back.
> Evil h4><0rs to the rescue! ;-)

Hmmm, maybe I should switch fields...

> > until then it seems that educating people on how these things
> > /work/ is the best strategy. eventually we will reach the
> > point where firewalls and trojan-hunting are as common as
> > changing your oil and painting a house.
>
> I agree. Even though one risks ending up with smarter criminals,
> by and large if one addresses the poverty issues most people
> ultimately seem to make the right decisions in the best interests
> of society. I think for many, once their curiosity is satisfied
> and the novelty wears off they put these skills to good use. At
> least it seems to me a risk worth taking.

I agree that the risk of educating all is one worth taking. I like to think that objective education (if possible) 
would drive people over time to work toward ends that benefit society as a whole. At the same time it seems that this 
would ultimately require people to come from similar backgrounds/experiences or to at least draw similar conclusions 
from those, however varied. Perhaps a good thing but then could any thinking 'outside the box' really occur?

> > first we should probably unravel the electron... and perhaps
> > the biological effects of all of these radio waves bouncing
> > around our tiny globe... don't get me wrong, i like my
> > microwaves, they give me warm fuzzy feelings:)o
>
> Jeremiah, you do know that you're not supposed to stick your *head*
> in the microwave, don't you? No wonder you're getting the warm
> fuzzies. :)

Ahh! That explains it! I suppose I should stop drooling over that warming cup of coffee:)

What I find interesting (as a commentary about human behavior) is that the microwave was inspired by early work on 
radar and yet we took this idea and applied it to all sorts of technologies and currently blanket the earth with a 
wide-spectrum of waves of which we barely understand the broader implications of; furthermore very little research (to 
my knowledge) has been done to explore any side-effects. Is it simply too profitable/beneficial an enterprise to 
consider the risks? It took over 100 years to consider that burning fossil-fuels might have some negative impacts, both 
to our immediate health and environment.

My dad related an interesting story to me recently about my grandfather who, while working at Boeing on a radar 
project, met a couple of radar techs who would keep their coffee warm by balancing it on the radar console between 
them. They also experienced what eventually became severe knee pain but each only in one knee and as they always sat in 
the same spot, it was in the knee next to the console. I'm not sure what the final diagnosis was but initially it was 
believed they were simply cooking their joints!

Something to consider as we sit typing/reading and bathe in our lovely wifi & cell networks (not to mention digital tv, 
which always seems to go on the fritz when I've got my head... er, coffee in the microwave:)

> From http://www.gallawa.com/microtech/history.html
==
Like many of today's great inventions, the microwave oven was a by-product of another technology. It was during a 
radar-related research project around 1946 that Dr. Percy Spencer, a self-taught engineer with the Raytheon 
Corporation, noticed  something very unusual.
...
==

Sorry to get off-topic like this, but at the same time general considerations about humanities' approach to risk 
management may have implications useful in the security field, who knows. Thanks for the fun discussion!

- jeremiah