Here’s why the Director of Public Prosecutions (for American readers, read: District Attorney’s office) dropped the charges against The Chaser crew for their APEC security-breach stunt.
You are currently browsing articles tagged security.
News has just come through that charges against The Chaser team for their APEC security breach stunt have been dropped. Good, someone has a brain. Yes, they did enter the APEC security zone — but you, dear police and security forces, stood back and saluted as you waved them through the checkpoints.
I should also post a link to Bruce Schneier’s magnificent essay The Psychology of Security. A fantastic read. For similar material, check out his keynote speech at LinuxConf Australia last week.
When it comes to security, every desktop computer operating system is fundamentally flawed. Why? Because any software you run has the same permissions that you do. Anything you can do, they can do too — whether you want that or not.
Speaking at the AusCERT conference on Monday, Ivan Krstic, director of security architecture for the One Laptop per Child project, says the computing industry relies on “utterly obsolete concepts and assumptions” and has “massively failed when it comes to desktop security”.
The way modern desktop security works is by relying on the user to make informed and sensible choices on things they don’t understand.
The early personal firewall software was a classic example:
A dialogue would pop up and say ‘Hi, we’ve intercepted this packet with this TCP sequence number and these flags set, and SYN and FIN are both on, and here are the destination ports and the source ports and here is a hex dump of the packet. Allow or deny? What do you think?’. Who is that protecting? It’s protecting me, but I don’t need that kind of protection in the first place.
The Apple Blog was sarcastic when they reported Krstic’s speech — I suspect because arrogant OS X users think security issues don’t apply to them — so I posted a response…
My friend Richard will disagree, but if phone salesman Harraj Mann was singing along to The Clash’s _London Calling_ then I think he _deserves_ to be “hauled off and questioned”:http://news.bbc.co.uk/1/hi/england/4879918.stm.
“Safety is paramount and we respond to concerns from members of the public in the way they would expect us to,” said a Durham Police spokeswoman. Too right.
The Sydney Morning Herald report that a NSW Police security glitch exposed “email passwords” is misleading. But it provides useful lessons in password choice — hackers, relax, you’ve got it easy! — website security and media management.
Recent Comments