Educause Security Discussion mailing list archives

Re: New Internet for Security

From: "Jeffrey I. Schiller" <jis () MIT EDU>
Date: Sun, 15 Feb 2009 12:56:09 -0500

The Internet isn't the problem, and neither are its users. I decided
to write:

http://qyv.net/jisblog/2009/02/15/we-dont-need-a-new-internet/

The Internet is just a highway system and people are people. We cannot
change human nature, so we aren't going to change the way people behave
on the macro scale. The Internet is just supposed to be a bunch of pipes.
Imagine a highway system if at every intersection you had to present
ID to cross, or worse give the crossing guard an identical copy of your
drivers license that they could then use to impersonate you!

We need computers (aka an OS) that is not only secure, but remains
secure in the presence of human operators who are not and never will be
security experts. We need to get rid of passwords, badly! In fact
most of the problems we face with all of the various breaches have
been about the compromise of secret values (SSN's, credit card numbers)
that we have to share in order to use! This is just nuts. Think about
it. Why do all of our credit card transactions have to carry around
sufficient information to permit impersonation?

The problem isn't that we have to figure out how to protect all these
terrabytes of sensitive information which are stored all over the place
(which is what the Payment Card Security Standards [PCIDSS] is all about,
I know, I have been living that pain as well). We need to figure out
how to conduct business without having to handle sensitive information.

                        -Jeff

----- "Gene Spafford" <spaf () CERIAS PURDUE EDU> wrote:

The following link is to a blog entry someone wrote about John
Markoff's piece in the NY Times yesterday.  Not surprisingly, I agree

with it:
http://davidakin.blogware.com/blog/_archives/2009/2/14/4093378.html



--
 =======================================================================
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue  Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis () mit edu
 =======================================================================

Current thread:

New Internet for Security Theresa Rowe (Feb 15)
- <Possible follow-ups>
- Re: New Internet for Security Marty Manjak (Feb 15)
- Re: New Internet for Security Gene Spafford (Feb 15)
- Re: New Internet for Security Tracy Mitrano (Feb 15)
- Re: New Internet for Security David Shettler (Feb 15)
- Re: New Internet for Security Jeffrey I. Schiller (Feb 15)
- Re: New Internet for Security John Bambenek (Feb 15)
- Re: New Internet for Security Leo Song (Feb 15)
- Re: New Internet for Security Dennis Meharchand (Feb 15)
- Re: New Internet for Security Kevin Shalla (Feb 16)
- Re: New Internet for Security Hugh Burley (Feb 16)
- Re: New Internet for Security Keith Schoenefeld (Feb 16)
- Re: New Internet for Security Valdis Kletnieks (Feb 17)
- Re: New Internet for Security Valdis Kletnieks (Feb 17)