Web 2.0: Internet Too Dangerous For Normal People - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

CIO Insights & Innovation
Security & Risk Strategy
Team Building & Staffing
IT Strategy
Digital Business
Project Management
Programming Languages
Dr. Dobb's
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
Network Security
Careers & People
Threat Intelligence
IoT
Attacks & Breaches
Application Security
Cloud Security
Endpoint Security
Mobile Security
Perimeter Security
Risk Management
Operations Security
Analytics
Vulnerabilities & Threats
Security & Risk Strategy
Infrastructure as a Service
Platform as a Service
Software as a Service
Cloud Storage
Data Centers
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
AI/Machine Learning
Big Data Analytics
Hardware/Architectures
Software Platforms
IoT
Networking
Wireless Infrastructure
Data Centers
Cloud Infrastructure
Careers and Certifications
Network Security
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
Industries
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
IT Life
Careers
Mobile
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
Software
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
Government // Cybersecurity
News
4/1/2009
05:37 PM
Thomas Claburn
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
0 comments
Comment Now
50%
50%

Web 2.0: Internet Too Dangerous For Normal People

After decades of computer security work, one researcher questions current Internet safety procedures and the vendors assigned to protect the average user.

He also urged programmers to stop writing in unsafe languages like C and C++ unless they're coding an operating system. "Most people are not smart enough to write secure C code," he said.

Some companies get it, he said, praising the security processes at companies like Adobe, Google, Microsoft, Oracle, IBM, and Mozilla. But most software, he said, is written for internal corporate use, without sufficiently rigorous security processes.

"The software that's getting better only reflects a small fraction of the ecosystem," he said.

Noting that something like only 40% of computers running Windows XP have the most current patches applied, he said the computer industry should do what Google does with Google Desktop: force updates on users.

Judging by the news coming out of Washington on Wednesday, Stamos isn’t alone in his concern. The Washington Post is reporting that Senate lawmakers are advancing legislation to create mandatory computer security standards for the government and the private sector for operators of critical infrastructure. Federal security requirements wouldn't be necessary if the current system were working.

After rattling off recent security flaws found in core Internet systems and protocols like DNS, BGP, SSL, and new attack techniques like JavaScript heap spraying, Flash attacks, and clickjacking, Stamos offered a dark forecast for the future.

He predicted that Heartland Payment Systems would collapse under the weight of lawsuits over its massive data breach earlier this year, that SHA-1 encryption will soon be defeated, and that location awareness will lead to a stalker tragedy.

He also said that the information available on social networks would make two-factor authentication unworkable, because cybercriminals will be able to find information like your mother's maiden name, the city where you were born, and so on.

Get ready for the post-privacy, post-security society, he advised.

"It's a good time to be paranoid," he concluded. "They are out to get you."


2009 marks the 12th year that InformationWeek will be monitoring changes in security practices through our annual research survey. Find out more, and take part.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Webcasts
More Webcasts
White Papers
More White Papers
Reports
More Reports
Editors' Choice
News
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
Commentary
Graph-Based AI Enters the Enterprise Mainstream
James Kobielus, Tech Analyst, Consultant and Author,  2/16/2021
Slideshows
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Download This Issue!
Slideshows
Flash Poll