This website uses cookies to ensure you have the best experience. Learn more

Security You're Still Doing It Wrong

1620 words - 7 pages

With all the hype and hooplah surrounding the US government's tapping of everything under the sun, I have seen an influx of articles related to security. "This is how you encrypt!", "this is how you secure!", "this is how... You're doing it wrong." Having been around security for much longer than I care to admit nowadays, I often see many confuse the "concept of security," with the technological capabilities, and application of security. Meaning: actually securing communications. Be it via way of system level encryption (disk based), and network based encryption (SSL, TLS, VPNs), many in the industry are missing the fundamentals. Horribly at that. This confusion is beginning to worry me, because I have been seeing some well known, and respected security professionals, evangelists, and "experts" making the same mistakes repeatedly. Not only via way of the processes involved with security, but pounding the pulpit with "this is how you secure your data/network/traffic."

While I don't want this to be a technical write up filled with Visio diagrams, RFC references, I need to add some to clarify my statement - "You're doing it wrong... still!" Let's begin with the fundamentals of disk based encryption, which WILL include message encryption. Message encryption could be anything you choose, PGP, steganography, it could be Pig Latin. The gist is, encrypting (scrambling) data before it leaves your computer, or is stored on your computer, so that the message cannot be understood by anyone else, who doesn't have a "key", "password", or any other means to decrypt the message. Forget Alice and Bob nonsense, its ancient.

Encryption caveman style: You create a "key" and encrypt a message using someone else's "key" only they can read it.

Five Deadly Venoms of Encryption

1) You chose / recipient chose a weak password (PGP, SSL, TLS, Truecrypt, etc)
2) Your key is compromised (PGP, SSL, TLS, Truecrypt, etc)
3) The recipient's key is compromised (PGP, SSL, TLS, Truecrypt, etc)
4) Your operating system is compromised
5) Recipient's operating system is compromised

"You chose / recipient chose a weak password" and now with the influx of millions of passwords that were stolen [1], attackers have created wordlists which can crack your password in seconds. PEBKAC fail.

"Your key is compromised." With the current state of malware, viruses, and worms, do not think for a second, an adversary is not capable of obtaining your private key. As someone who has reverse engineered malware professionally, and as a hobby, I cannot tell you how many keys and certificates I have come across.

"The recipient's key is compromised." So you jumped through hoops and hurdles to ensure your key was secure. Doesn't mean the recipient did the same. It is simple as day and night.

"Your operating system is compromised." This statement is a loaded gun. From the onset, you would likely assume I meant: "a hacker got on your system somehow..." and you would be wrong. History has shown that...

Find Another Essay On Security - You're Still Doing it Wrong

video games the positives Essay

667 words - 3 pages can help improve concentration alot. But first i'll tell you how if you still don't believe me. Its called Hyperfocus people with ADHD cant concentrate on something boring because its not holding our focus like a video game. The hyper focus is something that happens when your so in tune with what you're doing you become oblivious to the world around you and you only focus on that one thing. If only our teachers could do that. that and when you're

Individual Rights Vs. National Security Essay

878 words - 4 pages - violating the rights of innocents in war/taking prisoners of war. The impact is that denying worth w/in borders is wrong because it defeats the purpose you're fighting for, and denying worth outside of borders is wrong b/c it's hypocritical. The government no longer serves its role as a protector of the people, but rather a big brother like institute that dictates to its people their own moral codes. Finally, security loses its worth if not

Is one naturally born a good citizen?

539 words - 2 pages citizen or not. When you are born you can't decide these paths. Once you are born you don't even know what all of these choices mean. The people you watch as you grow up help you decide. Your parents, the president, famous people on television have huge effects on you as a person. Everyone wants to follow what the popular people are doing. It might be the wrong thing but most people end up doing it. As you take in all your surroundings you have to

Social Networking Do's and Don'ts

668 words - 3 pages only uses HTTP for login credentials only. Whenever possible, organize contacts into "categories". Most of us do this between friends and family anyway, but from a security standpoint it might also make sense to separate "best friends" from "person I met yesterday afternoon" DO Verify friend/follower requests. Don't accept just anyone. Most scams start by someone bluffing their way onto your friends list. KNOW who you're sharing your

Non Conformity in "The Wave" by Morton Rhue and "Dead Poet's Society", directed by Peter Reis

1034 words - 4 pages sing about not wanting to dress like other people. By all means, be my guest. But do not proclaim to the world that you are an individual, because you're all damn conformists! So unless you are the Son of God, or an ancient Greek philosopher, I suggest you be quiet and concentrate on being the best conformist you can possibly be.Since individualism isn't by any means about what you wear, it is hence how you think. And in that case, still no one is

Crime and Punishment: Do you agree with the moral "crime does not pay"? Refer to at least two texts in your answer

618 words - 2 pages in organised crime depends just as much on who you know as on what you're prepared to do or what talents you might have.It's all very well knowing that you can buy a kilo of cocaine in Colombia for £2,000 and sell it in London for nearer £40,000 but unless you have the connections to buy the stuff and bring it into the country, it's a business idea that will never get off the ground. So at aged under 30 most criminals are still doing


895 words - 4 pages you're tired and still struggling. You need to deliver results, even when making excuses is easier. - NO shortcuts. NO quick fixes. NO blaming others. NO "I'll do it tomorrows." NO MORE EXCUSES! Just get started. Quit talking and begin doing! Laziness may appear attractive, but work leads to happiness. You need to make mistakes and look like a fool sometimes. - Quite often, the successful people who act the happiest are the ones who have overcome

The best

895 words - 4 pages you're tired and still struggling. You need to deliver results, even when making excuses is easier. - NO shortcuts. NO quick fixes. NO blaming others. NO "I'll do it tomorrows." NO MORE EXCUSES! Just get started. Quit talking and begin doing! Laziness may appear attractive, but work leads to happiness. You need to make mistakes and look like a fool sometimes. - Quite often, the successful people who act the happiest are the ones who have overcome

"Jesus Christ Superstar"- A Complete Statistical Assesment

1652 words - 7 pages reluctant but still goes through with it; this alludes to what he says at the last supper. At The last supper, Jesus says "The end... Is just a little harder when brought about by friends. For all you care, this wine could be my blood. For all you care, this bread could be my body. The end! This is my blood you drink. This is my body you eat. If you would remember me when you eat and drink. I must be mad thinking I'll be remembered. Yes, I must be

God, is he really exist?

508 words - 2 pages two of all the animals and insects in the world into a boat if they stuffed them with a junkyard trash compactor. We still haven't found certain species, so how did Noah do it?If God is perfect he wouldn't need to test us. He's perfect! If you're perfect you already know what you're doing and don't need to test anything.Finally, God is the manufacturer of every conceivable thing that is wrong with the world, because he is the one who made this world.

Is Studying Abroad Beneficial?

2186 words - 9 pages in school, you’re still learning while you're just enjoying your off time. While you're studying abroad you're constantly learning, even if you're not trying to. By studying abroad, you can learn research methods and ethics. You can do research out in the field and learn all about good ethics. You'll learn what’s right and wrong while doing real studies on real people, not just looking things up on the internet or in books or having people tell

Similar Essays

Democratic Election: America, You’re Doing It Wrong

2029 words - 8 pages their party’s wishes (“Faithless Electors”). This seems like it wouldn’t be much of an issue, correct? Wrong: it has happened a total of one hundred fifty-seven times in the past. While this hasn’t swayed an election to the point that the winner has lost yet, the situation has occurred before for a different, but related, reason. Four times in the past—between Jackson and Adams; Harrison and Cleveland; Tilden and Hayes; and the (in)famous Gore

How Effective Is Modern Security? Essay

1029 words - 5 pages ) Forgetting the security protocol is one of the worst things that can happen. A physically unfit guard can still follow the directions given to him even though he may not be able to substantially contribute or resolve a hostile situation, although he might still be able to articulate to others what to do and bring in help. But if a physically able man forgets protocol everything could go wrong. He wouldn’t know what to do in any given event and might

Brisa Najera Essay

847 words - 4 pages home what goes on in it does not concern the watchers if we get robbed do they help us? If someone gets murdered or butchered do the help us? No so why watch us if you're just going to see and not do anything about it. Schneier talks about how privacy is a good thing and how we are always under surveillance and how we are being watched. Cillizza talks about security and privacy and how security always wins which in my opinion it's not true

Are You Ready For Sex? A Health Article Regarding The Issue Of Teenagers Engaging In Sex. The Pros, Cons, And Possible Consequences

628 words - 3 pages inevitable that we begin to think about it: what's it like and weather or not to try it.Three dates, four weeks, three months, or a year? Just how long should couples wait before having sex? Plenty of people date and never have sex. They decide before they get physical that they just aren't right for each other. But what if you really like someone and you're thinking about sex? Is there a magic moment when sex is OK? It really depends.First of all