Forgot your password?
typodupeerror
Privacy Security IT

Father of SSH Says Security Is 'Getting Worse' 132

Posted by Unknown Lamer
from the living-in-the-pupil-of-1000-eyes dept.
alphadogg writes with an excerpt from an interview with the designer of SSH-1: "Tatu Ylönen has garnered fame in technology circles as the inventor of Secure Shell (SSH), the widely used protocol to protect data communications. The CEO of SSH Communications Security — whose crypto-based technology invented in 1995 continues to be used in hundreds of millions of computers, routers and servers — recently spoke with Network World on a variety of security topics, including the disappearance of consumer privacy and the plight of SSL. (At the Black Hat Conference this week, his company is also announcing CryptoAuditor.)"
This discussion has been archived. No new comments can be posted.

Father of SSH Says Security Is 'Getting Worse'

Comments Filter:
  • ssh (Score:4, Funny)

    by Anonymous Coward on Wednesday July 25, 2012 @12:47PM (#40765997)

    - But what if anything could replace the SSL certificate infrastructure?
    - For consumers in the short term, no. But SSH is an option, especially for automation. It would require an extension to SSH. I actively proposed it to replace SSL 15 years ago but I was basically railroaded at the IETF by Microsoft and Sun!

    "...Imagine all the people
    browsing through SSH, uh uh u-uh uh"

    • Re:ssh (Score:5, Informative)

      by garyisabusyguy (732330) on Wednesday July 25, 2012 @12:53PM (#40766079)

      implementation and usage are the weakest links in any security plan

      any given encryption tool can be made weak in implementation by using short keys or failing to salt the encryption

      any security infrastructure can be made weak by users who send email in clear text, directly exchange passwords in the same medium the password is used for, continue to use telnet or ftp when ssh and sftp are available

      It makes me happy to think about a completely secure computer system with NO USERS since that is the only way that you could possibly make a system secure

      • Re:ssh (Score:5, Funny)

        by Anonymous Coward on Wednesday July 25, 2012 @01:11PM (#40766383)

        It makes me happy to think about a completely secure computer system with NO USERS since that is the only way that you could possibly make a system secure

        Then you should be pleased to know that RIM has been making great strides on their implementation of this idea. It might even be finished within the next year.

      • any security infrastructure can be made weak by users who...continue to use telnet or ftp when ssh and sftp are available...

        Where I work, we still use telnet in a few applications because, even though the hardware vendor includes an SSH implementation on some of our gear, it is so horribly broken that it is essentially unusable (for example, dropped characters up to 50% while typing commands because the processor can't keep up). The equipment works well otherwise so we keep using it, but I would certainly like to see them beef up the hardware so that we could use SSH instead. As far as FTP, I prefer to use SCP on any device th

      • a completely secure computer system with NO USERS since that is the only way that you could possibly make a system secure

        I think that users on BOTH ENDS have to care about security (and know enough to do something about it) if a link is going to be secure, otherwise somebody is always going to get sloppy.

      • Re:ssh (Score:4, Interesting)

        by hairyfeet (841228) <bassbeast1968@NOsPAM.gmail.com> on Wednesday July 25, 2012 @06:44PM (#40770683) Journal

        But don't forget the flip side of that argument, the BOFHs that make things so much of a PITA either the users are gridlocked and can't get dick done or they actively go out of their way to break the security just so they can work.

        I'll never forget an old programmer friend of mine who told me about taking some of the students he was teaching over to check out this big corporate software firm. on and on and on the BOFH giving the tour talked about how incredibly secure his place was, with crazy password rules and just one nasty thing after another until mike said "You give me 15 minutes in this place and I bet you $100 and a steak dinner i CAN get into your systems".

        Well sure enough the BOFH took him up on it and let him loose for 15 minutes while he took over the tour. In 10 he was back with a dozen working username/password combos, including one for one of the higher level guys that would have pretty much given him the keys to the kingdom. When the BOFH demanded he show him how he did it, know what he did? he just went and started flipping keyboards and there were the passwords because nobody could keep up with them thanks to his crazy rules.

        So its always a balancing act between making a secure system and making an unusable one. After all you could make a corp the most secure system in the world by simply cutting the power to the PCs and locking them in a vault but they wouldn't be doing the workers much good then, will they?

        • Kind of a shaggy dog story there, the alternative shaggy dog story to yours is that (as of 1999, I'm old) the only way to make a Windows NT server meet B2 security requirements was to remove the network card, keyboard and monitor and keep the machine in a locked room with no physical access.

          In context to the story, the thing that slays your dragon (complex passwords, etc) is a token system like openid, which is aided in great length by integrated private key exchanges

          The push back that you will get at this

          • by hairyfeet (841228)

            But you just wrote why you are a hell of a lot more likely to run into what Mike saw than a sensible work environment (hint: OpenID is EXPENSIVE) so instead of coming up with a sensible plan they will instead let the BOFH use what he already has (the ability to be a prick about passwords) which frankly is worse than no security at all.

            The scary part is how many systems are wide open thanks to stupid BOFH tricks. I used to do some work on the side for a guy that did a lot of subcontracted work for hospitals,

    • Re:ssh (Score:5, Insightful)

      by QuantumRiff (120817) on Wednesday July 25, 2012 @01:02PM (#40766239)

      There is nothing wrong with SSL.. it works well to encrypt traffic between sites. its the way we manage the certificates that is ugly, and prone to lots of attacks and hacks. (How many Root CA's are automatically trusted by a browser?)

      Just using DNSSEC to store the public keys for SSL would be a huge step up. No more trusting a company in the netherlands that signed your key for gmail.com. Just look it up in DNS. (yes, people could I guess hijack DNS), but that should be detected pretty quickly by comparing the keys between different computers in different regions.

      Most people just want to encrypt the traffic between themselves and www.$x.com, and that the server that claims to be www.$x.com is the same one in DNS. I could really care less that www.$x.com is actually the company residing at a verified address, with letterhead, etc. Basically, domain validated certificates (which are pretty common for SSL now) shouldn't use a CA anymore.

      • by Anonymous Coward

        Yup, and that was the point.

        It's not about the protocol, but about the fake "security feeling" that a couple of "CA's" can create...

      • The full SSL specification also states that both parties have an trusted certificate. Its a 20-something step handshake. only two of those are sending user data. This is not used in todays web
      • Re:ssh (Score:5, Insightful)

        by vlm (69642) on Wednesday July 25, 2012 @01:32PM (#40766617)

        Most people just want to encrypt the traffic between themselves and www.$x.com, and that the server that claims to be www.$x.com is the same one in DNS. I could really care less that www.$x.com is actually the company residing at a verified address, with letterhead, etc.

        Well, somebody's outed as not being able to answer "What a man in the middle attack?"

        • by Anonymous Coward

          Nope, you misread that. There is a technical MITM attack, but SSL with DNSSEC-hosted keys protects against that. And then there's talking to the wrong server at the wrong domain.

          Suppose you want to download Firefox and type the name into Google, which gives you an ad for www.totallylegitfirefoxdownloads.com, which has an SSL certificate from a Chinese CA. If you click on that, you won't get a warning. You'll get owned instead. That's not a MITM attack. You're simply talking to the wrong server, which is wha

          • Exactly.. And since with a full DNSSEC implementation, everything should be signed by walking the tree... you could see that the root was signed. then the ORG subdomain was signed. then the mozilla.org subdomain was signed.

          • by lewiscr (3314)
            If I can MITM the HTTPS connection, I can MITM the DNS query. Or just target users that already have DNSChanger.
      • Re:ssh (Score:5, Interesting)

        by mlts (1038732) * on Wednesday July 25, 2012 @02:50PM (#40767683)

        SSL by itself is secure. However, it would be nice to have it allow to be implemented in a WoT fashion similar to PGP/gpg.

        This way, I go to my banks's site. I'm 100% sure that the key is genuine because that is what shows up, and that the bank prints the fingerprint of the key for people to see when visting a branch. So, I sign the bank's key.

        I go to another site. The key for the server is unknown, but I have 2-3 semi-trusted CAs all agree that the key is whom it is supposed to be. The threshold I set allows the SSL transaction.

        I go to a third site, one CA says the key is OK, but nobody has zero clue about it. The threshold set will warn the connection is encrypted, but untrusted. Since it is just the listings for when the local vomitorium is open, the risk is acceptable.

        The fourth site, a friend signed the key, but completely distrusting it. The Web browser refuses to go to the site, or if allowed to, shows that anything from there is suspect. A link leads to a discussion on this. After several people mention this on another forum, the owners of the site with the bad cert find that their DNS server was compromised as well as the CA they were using.

        I wish SSL had this functionality in it. Since it is a superset of having root keys and a CA hierarchy, existing stuff would work. A compromised CA's damage would be greatly limited.

    • by Junta (36770)

      SSL certs conceptually contain SSH host keys as a strict subset of functionality. The strategy with respect to all-powerful CAs without limited authority domain is the big problem in x509 implementations. More sophisticated mechanisms to limit the scope of CAs and more carefully manage trust of CAs would go far to address the real-world problems of SSL.

      I often find myself wishing ssh did have SSL mechanisms for user and client keys, but all ssh entities by default trust *no* CA and treat the keys like the

    • by jonwil (467024)

      Replacing SSL as an encryption standard is not necessary. (at least if you don't use the variants vulnerable to that BEAST attack)
      What is necessary is to replace the system of certificates with a new way to validate that the computer you are connecting to is the one you think you are connecting to, one that doesn't have the costs usually associated with SSL certificates and one that isn't vulnerable to compromise of a single CA ala DigiNotar.

    • by Anonymous Coward

      Not as it stands. SSH has no viable *authentication* infrastructure for personal keys, and no key expiration or revocation for host or personal keys. And all, I mean *all* of the clients and key management tools enable and support passphrase free local keys by default. Given the horrible security most internal networks have because they "trust the people they work with" and the prevalence of rootkitted laptops going into and out of those "trusted" environments, and the prevalence of admins who rely on perso

  • by colin_faber (1083673) on Wednesday July 25, 2012 @12:49PM (#40766019)

    If you think about it, the issues with key infrastructure are nothing new, they've been there since day 1, and in fact the same can be said about the micro-controllers which are now being regularly exploited by big brother.

    User/Device security is no more or less "secure" than it was back in 1995, actually I'd argue that it's getting better as it's more widely adopted (when was the last time you used rsh?). In general it's always an evolving process.

    We still don't have a practical way of breaking high bit crypto, and in general I feel plenty safe with my 1024 bit ssh connections to my LAN machines =)

    • by mpfife (655916) on Wednesday July 25, 2012 @01:19PM (#40766481)
      | User/Device security is no more or less "secure" than it was back in 1995,

      I disagree. The amount of compute time rises dramatically each year (Moore's law), it is not good enough to simply 'tread water' and just upping the key length are sufficient. New techniques and systems are constantly being built to attack these methods. While I'm not saying SSH is bad or outdated, I'm saying that cryptanalysis and raw compute has not stopped chipping away at the corners and weak spots. What if at 51200 bit security, we find an aweful and damnin patter appears in the math? We still cannot prove that any of these particular methods for cryptography today couldn't be completely broken wide open with a numerical discovery tomorrow (while we are pretty sure it can't).

      We mustn't fall into the trap of thinking that what is good enough today is good forever. Have as many irons in the fire being tested and competing is the best way for your protection today and tomorrow.
      • by colin_faber (1083673) on Wednesday July 25, 2012 @01:29PM (#40766593)

        Right but we're no where near that point. Even 128 bit keys are huge mountains to climb with the most powerful systems on the planet.

        I don't think anyone is saying that security research in the realm of computer science is settled, but saying the sky is falling and security hasn't kept up with improvements in overall compute power is false.

        Just like today, back in 1995 if keys were stolen then you have a chance of being exploited some how. Is there a better method to prevent such problems? Probably, but it's a MINOR issue.

        In most cases attackers don't bother with crypto systems, in favor of much lower hanging fruit (such as insecure web servers, sql injection exploits, etc).

      • by vlm (69642)

        We still cannot prove that any of these particular methods for cryptography today couldn't be completely broken wide open with a numerical discovery tomorrow

        I think there's some pretty impressive proofs that prove breaking factoring would have some pretty wild implications across mathematics. You could keep it secret for awhile, but math advances have a way of sneaking out and being detected in applied sciences. Maybe rephrased it would be hard to break all of modern crypto without making life extremely exciting for most mathematicians, not just cypherpunks.

        For a good, kind of sci-fi far out laugh, maybe not realistic, but would be cool if it worked out that

        • Factoring is not believed to be NP-complete so it would not have the kind of widespread implications you are talking about. Not that it wouldn't be an important discovery, but it would not prove P=NP or anything like that. It is one of a few candidates for the complexity class NP-intermediate. There were originally more of these that were eventually found to be in P, so I don't think it would be earth shattering (from a pure mathematics perspective) if factoring were also found to be in P.
      • by Hatta (162192)

        The amount of compute time rises dramatically each year (Moore's law), it is not good enough to simply 'tread water' and just upping the key length are sufficient.

        There's a limited amount of energy in the universe, and a lower limit on how little energy you can use to do a calculation. Even the most optimistic estimate will show that brute forcing AES-256 will consume all the energy in the visible universe.

        I'm saying that cryptanalysis and raw compute has not stopped chipping away at the corners and weak s

    • by Sloppy (14984)

      If you think about it, the issues with key infrastructure are nothing new, they've been there since day 1

      And that's why PRZ started trying to address it, many years before ssh existed. But for some reason in 1995 people decided to not build upon the current (1988-1990, roughly) state of the art in establishing key trust, or the lack thereof, or the realistic acknowledgment of degrees of trust that exist in between "I'm sure" and "I have no idea."

      People wanted it dumbed down into incorrectly telling users "

  • by Anonymous Coward on Wednesday July 25, 2012 @12:50PM (#40766035)

    I try to get my college buddies to send me encrypted email, and it's the same story, "Dude, just use Facebook like everybody else". I have a Facebook but stopped using it because I don't want FB snooping all my communications!

    Privacy disappears because people don't value it. If they did, they wouldn't be using Facebook for all their communications. If they cared, they'd be using encrypted point-to-point VOIP for voice, not Skype. If they cared, they would be using OTR and Pidgin for chat.

    Slashdot peoples care, but outside that crowd, people value convenience, not security or privacy. That's the only way so many privacy-violating services have become so huge when there are alternatives that preserve your privacy.

    98% of people in the 22-29 year old age bracket now use Facebook. Most of those use it as their primary means of communicating with friends, and you're now considered "abnormal" if you don't have a Facebook. Even if you explain it to them the pitfalls of FB they don't care.

    Until people start to care about their security and privacy, they won't have any. You have to vote with your actions.

    • by Vellmont (569020) on Wednesday July 25, 2012 @01:37PM (#40766681)

      Don't worry. Eventually there will be a huge FB breach of privacy story where FB starts selling all your info to the highest bidder. People will be outraged, FB will try to spin it into a non-story. Then another one will happen. Eventually people will over-react and FB will become the new Microsoft, with large amounts of people openly hating them. But unlike Microsoft the don't really have any powerful monopoly on anything where people can't just use something else. Eventually it'll suddenly become cool to NOT have a FB account, and people will turn to some other form of socialization online.

      • by NatasRevol (731260) on Wednesday July 25, 2012 @02:12PM (#40767135) Journal

        The names will change.

        I doubt the security level will.

      • Eventually it'll suddenly become cool to NOT have a FB account, and people will turn to some other form of socialization online

        i thought that happened when your mom and grandma started signing up for facebook.

        one of the reasons facebook originally won people over from myspace because it was more exclusive, you had to have a .edu email address to signup. now they let anyone in.

      • Yeah like /. and the names will be changed to protect the guilty. Damn it ain't no fun waiting around to be a millionaire.

      • by Hatta (162192)

        Eventually there will be a huge FB breach of privacy story where FB starts selling all your info to the highest bidder. People will be outraged

        How will it be different from all the other times that FB has commited a huge breach of privacy, and people kept using it? If this were likely to happen, wouldn't it already have happened?

    • by Yvanhoe (564877)
      I scared a group of doctors telling them "I guess that you have some facebook friends who are former patients. I am sure that the list of your friends that are not health professionals is worth something to insurance companies."
      "but they would not! It would be illegal!"
      "In your country it is (we were in Japan) but which jurisdiction is Facebook operating in? Are you sure it is illegal there? Do you even know how Facebook makes its profits?"
      When I had this discussion I was already thinking I should just
      • There is a group of lawyers I know here in the US that requires its lawyers to conduct research on their facebook friends. The post fake updates and try to provoke responses from they're friends to see what kinds of arguments work on people of various backgrounds.

        When I learned of this, from a lawyer involved, I contacted the FTC and the EFF, but never heard back. Apparently its legal, or no one reall cares enough.
    • Privacy disappears because people don't value it. If they did, they wouldn't be using Facebook for all their communications. If they cared, they'd be using encrypted point-to-point VOIP for voice, not Skype. If they cared, they would be using OTR and Pidgin for chat.

      WHAT alternatives? Where's a one-stop "download client (available for all major desktop/mobile platforms, of course), punch in your buddies' pseudonyms, and start an encrypted point-to-point VOIP conference" alternative to Skype? Where's Diaspora? (I know, perpetual beta) Where's crypto-twitter?

      Until people start to care about their security and privacy, they won't have any. You have to vote with your actions.

      There's a slight problem with that: network effects mean that the value of a communication channel scales with some power of the number of people who use it. Kim Kardashian (thanks to her huge twitter following) pr

    • Privacy disappears because people don't value it. If they did, they wouldn't be using Facebook for all their communications. If they cared, they'd be using encrypted point-to-point VOIP for voice, not Skype. If they cared, they would be using OTR and Pidgin for chat.

      It's all very well sitting there talking about people not caring, but people have other things to do, and frankly it's not unreasonable to want methods of communication to be as easy as possible. Skype became popular because it worked behind firewalls without configuration when all other VOIP needed ports forwarding and other fiddling. Facebook took over messaging because it is similarly much easier to find and keep track of people without managing your own address book for hundreds of changable addresses.

      • by tlhIngan (30335)

        We as an industry haven't given people easy ways to do these things. It is *our* fault, not theirs.

        Exactly. Even in the geek world this is true.

        Want to know why SSH is the premier protocol for remotely doing stuff? Because it does it all so easily. If you used rsh, or telnet, forwarding an X session was fraught with danger and extremely tricky, having ot mess with xhost or other xauth crap.

        With SSH, you just add -X. Done. Easy.

        Ditto with proxying - SSH supports SOCKS or manual port forwarding. The other pro

    • by ethanms (319039)

      I don't value it because I have nothing to say via email/chat/etc that *needs* to be secure or protected typically. The information is either public, unimportant, or otherwise reasonably obscured.

    • You're typically irrational about privacy, but focusing on Facebook.

      In fact, it makes little difference whether Facebook snoops on your E-mail in order to show you ads; there's little they can do to you, and if they harm you, you can recover damages.

      What should concern you is that governments and law enforcement get ever increasing access to your data, and the false positive rate for their data mining techniques is doubtlessly high. And when they drag you away in some pre-crime effort, you have little reco

      • What should concern you is that governments and law enforcement get ever increasing access to your data, and the false positive rate for their data mining techniques is doubtlessly high. And when they drag you away in some pre-crime effort, you have little recourse.

        I think you give them (the governments and law enforcement) too much credit. Where were these crack investigators when James Holmes was stockpiling massive amounts of ammunition, tactical gear, and bomb-making chemicals? He bought them openly on the internet and had them shipped right to his home. He even sent a notebook full of details about his plans, including drawings and illustrations of the planned massacre to a psychologist who worked at the University he just dropped out of.

        Security "theater" is j

        • I think you give them (the governments and law enforcement) too much credit.

          I pointed out that data mining by police has a false positive rate that is too high. That says nothing about the false negative rate, which is even higher. So, I'm not "giving them credit" for anything in particular. If you want to be a privacy advocate, you need to understand these concepts.

          Furthermore, the US has much stronger privacy protections than Europe when it comes to the government; unfortunately, post 9/11 these are be

    • by bcrowell (177657)

      I try to get my college buddies to send me encrypted email, and it's the same story, "Dude, just use Facebook like everybody else".

      Your friends are perfectly sane not to bother with encrypted email. There are two serious problems with encrypted email: (1) poor ease of use, and (2) network effects (i.e., it's not useful unless lots of people use it, but people won't use it because it's not useful).

      #1 is actually not easy to fix, because it's inherently difficult to manage a public/private key infrastructure.

    • by MightyYar (622222)

      Privacy disappears because people don't value it.

      This makes sense - humans did not evolve with privacy, it is a modern concept. As such, even if it had a tangible value, people would do a terrible job assigning a value to it.

      • Oh, it certainly exists in other species. Even unsophisticated animals have dens or hunting grounds, turf that they protect from members of their own species and try to conceal both from other members of that species.

        • by MightyYar (622222)

          I never said it didn't exist in other species, though I'd characterize your examples (dens and hunting grounds) as a physical protection mechanism and scarcity coping mechanism, respectively. The concept of "privacy" as we know it today simply couldn't exist in a nomadic culture with small populations... everyone is going to know everything about everyone else.

          • I've no idea where you get the idea that in a nomadic culture, "everyone is going to know everything about everyone else". Even in a small family or among roommates, some personally owned space and possessions is vital. It's reflected in other species, so it's certainly part of how we evolved, socially if not physically. To say that a nomadic group "knows everything about everyone else" is as strange a concept as to say that nomadic groups "live in tune with nature". It's not borne out by observation, or by

            • by MightyYar (622222)

              .I've no idea where you get the idea that in a nomadic culture, "everyone is going to know everything about everyone else".

              Think about it. You are a nomadic tribesman. Everything you own has to be portable enough for you to carry. You will live in a group with a few dozen people, all who know you by name. They see all of your possessions, as you are always packing them up, carrying them around, and unpacking them. They know exactly when you go to sleep, and who you sleep with. They know what you eat at every meal. Sure, you might occasionally sneak off into the woods and have a liaison with someone, people probably went behind

    • by Inda (580031)
      "you're now considered "abnormal" if you don't have a Facebook."

      I disagree.

      My very non-geek friends don't use it. They're old school and prefer the phone and knocking on doors. My not using Facebook is seen as normal to them.

      The middle ground associates, who think everyone is on Facebook, often look puzzled when I tell them I don't use it. You can see the thought process going on: Inda doesn't use it, and he's Mr Geek, why doesn't he use it? Is there something better? No one asks though. They've learnt not
  • by gurps_npc (621217) on Wednesday July 25, 2012 @12:53PM (#40766089) Homepage
    Let's start with a basic, real world example.

    I have a home. On this home there is a lock.

    Now, an ignorant fool might think the lock is there to keep other people out. Nope, they are wrong. You see, in addition to my lock, I have windows, doors, a roof and floors, and walls. None of them are made of unobatanium.

    An intelligent 5 year old child, with no training whatsoever can break my window and climb into my house.

    My lock is there fore two distinct purposes:

    1. It tells the world that this place is private - that the owner does not want anyone to enter it and will try to punish those that violate it's privacy. It's a sign.

    2. It lets me get into my house easily, while making it much more difficult for anyone else to get in without leaving clear and obvious signs that they have trespassed (i.e. a broken window.)

    That's what the locks on my home do - notify the world of my privacy and create traceable evidence of a violation of that privacy.

    We need to start using IT security for the same purpose. Among other things, that means that when you log on to any website, it should list the last time you logged, and from where (using either an IP address and/or a cookie to identify the device used).

    I don't want, nor do I need, an unbreakable password. I want to know when I've had a trespasser.

    • by Anonymous Coward

      Doors are the most convenient way of entering a house, locks make it less convenient. The other options left to you attract attention.

      This is also why alarms exist, to attract attention.

      Nothing is 100% secure, but something can be made into an extremely inconvenient target, which compared to a neighbouring house (or system) protects you.

      Survival of the fittest.

    • by Anonymous Coward

      I don't want, nor do I need, an unbreakable password. I want to know when I've had a trespasser.

      That's all well and good - until someones changes your lock; You know you've had a trespasser, but you can't do anything about it.

      • by gurps_npc (621217)
        Like I said before, an intelligent 5 year old child can break into my window and climb in.

        I am older than 5, and I'm pretty smart, so changing the lock doesn't do much. Maybe if they tried to get my title revoked, that would be a different thing.

        But if you want an IT It's really not that hard to set up security to a) notify you of an attempt to change the lock immediately and b) ensure that the old password works for a period of 1 week after you changed it - as long as it came from any approved compute

        • So somebody breaks in, changes your password, and you change it back from the computer you used last week.
          The computer used to break in was used only a few days before, so it's on the approved list to log in with the old password.
          You see where I'm going with this?

          Under this system, the attacker would gain permanent access to your account, as long as they logged in once a week.

          If this is your idea of a "good method" to prevent an attacker from changing your password, I'd suggest the subject line of this thre

      • by DeeEff (2370332)

        I'm going to try this right now. I'm going to break into my neighbour's house, and change all the locks on all their doors and windows. Each one will require a different key. It may be expensive, but it'll be interesting.

        I suppose I could booby trap the home and steal the TV remote for good measure, but I'd like to see how they cope. I'll leave a key to each room hidden somewhere and they can start with a key that I'll tape to their back door. They have to unlock every single door in order to solve the fina

      • by ethanms (319039)

        I don't want, nor do I need, an unbreakable password. I want to know when I've had a trespasser.

        That's all well and good - until someones changes your lock; You know you've had a trespasser, but you can't do anything about it.

        Or they break in and take your cash and other valuables. Great, I know they stole those things, now what? I'd prefer to keep out thanks.

    • by vlm (69642)

      Good analogy but you're missing the wallet/pocket analogy which is much better.

      My wallet is easy to grab out of my pocket, but you have to invade my personal space to do it, so its incredibly inconvenient and each attempt is painfully obvious to me and only a few people in the world at any given instant, all of whom must be hyper-local and in my legal jurisdiction, can stick their hand in my pocket to fish around for my wallet, at any given time. Sure, a Russian gangster can get my wallet... but he has to

    • by amorsen (7485)

      2. It lets me get into my house easily, while making it much more difficult for anyone else to get in without leaving clear and obvious signs that they have trespassed (i.e. a broken window.)

      A small minority of locks fulfill that purpose today. The majority can be opened quickly and easily. If you are lucky, an expert can detect that the lock was forced.

      For some, the convenience of being able to call a locksmith and get in easily if you lose your keys outweigh the risk of having to try to prove to an insurance company that you did not leave the door unlocked.

    • by Vellmont (569020) on Wednesday July 25, 2012 @01:46PM (#40766789)

      The problem with your analogy is that your house doesn't need to be super-dupe-secure because nobody has invented anonymous, instantly replicable robots that roam the countryside looking for open windows, and equipped with high speed glass cutters, valuable item detectors, and phone-home capabilities to alert a human when further action is warranted. This is routing on the internet.

      This is the threat to you email address or bank account has to deal with. In your home you merely have to deal with the people around you who might rob you, and the occasional opportunistic criminal. On the internet, everyone is basically the same distance from everyone else, automation is cheap, and anonymity is common. Think that might lead to the need for more security than easily breakable glass windows? If all my shit is gone from my house, but my window is broken, I'm still not terribly happy that the thief was kind enough to let me know through the broken window.

      • by guruevi (827432)

        The difference however is that if someone breaks into your house and steals your stuff, you are deprived of the use of these items. If somebody 'breaks in' to your *book, my* or i* they merely duplicate what you already have and usually leave your stuff alone.

        I wouldn't mind if an automated robot came into my house and quantum-cloned my car for my neighbor to have one too.

        I think in the future we will evolve to go either towards a completely closed society where nothing is connected and everyone keeps every

        • If someone breaks into your email account and starts spamming with it, you may be deprieved of its use (since every server will starting flagging your address), though.

    • Yes!!! Something like this:
      :~$ ssh localhost
      ${UsernameMunged}@localhost's password:
      Last login: Tue Jul 24 08:43:58 2012 from ${HostnameMunged}
      :~$

      ...would be great. I've always appreciated the "last" output with SSH; it never occurred to me to include it in web sites as well <embarrassed>
    • by ethanms (319039)

      Love the analogy.

      You cannot duplicate a house with no evidence of the duplication, so the evidence of entry is preserved. How do you accomplish this with a digital object that can be trivially duplicated? You're talking about revamping everything we have to treat packets (let's just focus at that level I guess) as unique objects which cannot be duplicated (or at least not with modifying the original such that someone will know it was duplicated).

      The other issue with your analogy... when/if your house is v

    • by Shompol (1690084)
      And this is how your home would look some 200 years ago [gutenberg.org], when security was a bigger issue. This is a typical home in Costa Rica today. [tripadvisor.com] And this is how a web server looked 200 years ago [arrakeen.ch], It could withstand an attack from an army of 5 year olds! Just because you outsourced home security to the local police dept does not make your analogy a good one.
    • --I want to know when I've had a trespasser.--

      Damn straight. I wanna know that more than being able to completely block everyone.

    • by Rich0 (548339)

      The problem is that once you detect an intrusion, what do you do about it?

      With your home you can call the police, who will pursue the burglar and potentially catch them. Breaking into a house is a high-risk activity - if somebody spots them the police will be on the way quickly. Break into enough houses and you're likely to get caught - and your haul is just whatever is lying around and easily carried off. If you find a ton of jewelry maybe you'll do OK (though it has limited resale value), but hauling o

  • And here's an example: I remember when, a few years ago, a new version of a supposedly secure communications tool would let a person connect to a valid account by using any two letters as the password...

  • by mpfife (655916) on Wednesday July 25, 2012 @01:04PM (#40766279)
    I would largely agree. Unfortunately, I believe it is because real security - cryptography and end-to-end security and privacy - are very difficult, and hence, very expensive to develop, implement, and test. My experience with such coding is that it's every bit, if not more, rigorous as code written for medical devices or flight control software. It simply has to be bulletproof. Any one hole in the theory, algorithm, or implementation - and the whole thing comes apart. Learning about all those possible holes and plugging them is a herculean task. One can point to the near constant stream of security patches for every browser, app, and OS on the market. And these are the best-funded commercial enterprises around.

    Another huge problem is the 'meh' attitude people have towards their personal information. We throw our data around so willy-nilly on smart phones and social networks. We check in places that tell everyone where we are (or are not http://pleaserobme.com/ [pleaserobme.com] ), publicly publish our most intimate family and friend relationships, report where we live and work, we even identify people to image recognition software. One expert I heard said that he could not imagine a more dastardly personal information monitoring system than Facebook. And we WILLINGLY give that information away. Google reads your emails and all the documents you upload to their 'free' services. Websites use everything they can to target ads at you, etc.

    The unfortunate part, as my CS security professor pointed out, is that by the time it crosses an ethical line - it's nearly impossible to stop. Even worse, what if the company you gave all that info too gets sold to a very un-scrupulous person in a country with no protections? What if your government is taken over and they raid these databases for information about dissenters? All of these things are real, happen today, and yet we consider it more important to be able to brag to our friends and family what we had for dinner last night than protect ourselves.
  • Tatu Ylönen has garnered fame in technology circles as ... the dick who tried to trademark the term SSH [wikipedia.org] in a move to try to shut down OpenSSH as a free alternative to their commercial product.

    • "SSH" is definitely worthy of a design patent. Look at those "curved corners" of the "S" . . . artistically contrasted against the sharp corners of the "H".

      A lot of creative intellectual property work went into that, and the creator should be rewarded with all rights to that.

      The estate of the late Heinrich Himmler has challenged this in court, however.

  • No one cares about security. They cover everything with contract language but only to the extent that they could be hit with fines. Beyond that, customers literally do not give a fuck about security anymore. Not if it costs a nickel. And when it does, 4.9999 cents of that nickel goes into excruciatingly dense reporting which no one, NO ONE, ever reads.

    Once the IT industry was taken over my lawyers and accountants, it's been downhill into a pool of shit since.

  • There have been several incidents where someone has stolen from the certificate authorities.
    Let's see, who would want that that much to do the breakins? NSA, FSB, RIAA, MPAA, Chinese state sec...
  • ...and left out the word "says" in my mind. I thought, "Oh no! I hope he'll be okay!"

"Marriage is low down, but you spend the rest of your life paying for it." -- Baskins

Working...