Friday, December 7, 2007

Bringing a toothpick to a knife fight


This is another example of Attacker 3.0
exploiting features devised by Developer
2.5 while Security 1.0 is still thinking
about how great it is no big worms have
hit since 2005.

Another dork post I am afraid. It has been quite a while since I have have written anything - between work, family and a research paper due, there has been no time to wax philosophical about the strange world around me.

Thankfully I can count the number of readers on one hand, so I doubt that anybody noticed.

Some time ago, I made some comments about the quality of hostile actor that I have had the pleasure of interacting with. The time has come to ponder the other side of the coin. Having just finished a graduate course in "Privacy and Security Enhancing Technologies" and dabbling in the actual day to day myself, there are some interesting things that I have noticed. The quote that on the top of the page (which is not my own) has caused more turbulence for my fellow co-workers than you might imagine.

We interact with computers, networking systems and the internet through windows of our own making. Since this is a strange combination of physical (little burps of electrons and photons crashing into semiconductors and doing Fermi-Dirac things) and mathematical (routing tables, state engines and statistical distributions) we have no way of really seeing what is happening around us on the many different levels that stuff is going on.

Ok. So what?

To process the huge amount of information that must be sifted through, we have whole sacks of tools and generalizations. With the most short term useful of these, one sees what you expect to and little else. There is, unfortunately, a whole universe of other things that slip by.

Ready for a little irony? The same environmental changes that are leaving many of the small classical hackers out in the cold are doing the same for the security community. There is a sea change taking place within the arena of computer security and quite a few people refuse to notice. Too busy watching internet worms to notice Cthulhu sneaking up behind them.

And the other graduate students? While I might have issues with "kids these days" not being able to do math without the aid of a graphing calculator it was a real pleasure to see some really cool out of the box work being done. Not practical stuff from an operational perspective, but at least it keeps me looking over my shoulder.

No comments: