Web 2.0: Internet Too Dangerous For Normal People - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
05:37 PM
Connect Directly

Web 2.0: Internet Too Dangerous For Normal People

After decades of computer security work, one researcher questions current Internet safety procedures and the vendors assigned to protect the average user.

He also urged programmers to stop writing in unsafe languages like C and C++ unless they're coding an operating system. "Most people are not smart enough to write secure C code," he said.

Some companies get it, he said, praising the security processes at companies like Adobe, Google, Microsoft, Oracle, IBM, and Mozilla. But most software, he said, is written for internal corporate use, without sufficiently rigorous security processes.

"The software that's getting better only reflects a small fraction of the ecosystem," he said.

Noting that something like only 40% of computers running Windows XP have the most current patches applied, he said the computer industry should do what Google does with Google Desktop: force updates on users.

Judging by the news coming out of Washington on Wednesday, Stamos isn’t alone in his concern. The Washington Post is reporting that Senate lawmakers are advancing legislation to create mandatory computer security standards for the government and the private sector for operators of critical infrastructure. Federal security requirements wouldn't be necessary if the current system were working.

After rattling off recent security flaws found in core Internet systems and protocols like DNS, BGP, SSL, and new attack techniques like JavaScript heap spraying, Flash attacks, and clickjacking, Stamos offered a dark forecast for the future.

He predicted that Heartland Payment Systems would collapse under the weight of lawsuits over its massive data breach earlier this year, that SHA-1 encryption will soon be defeated, and that location awareness will lead to a stalker tragedy.

He also said that the information available on social networks would make two-factor authentication unworkable, because cybercriminals will be able to find information like your mother's maiden name, the city where you were born, and so on.

Get ready for the post-privacy, post-security society, he advised.

"It's a good time to be paranoid," he concluded. "They are out to get you."

2009 marks the 12th year that InformationWeek will be monitoring changes in security practices through our annual research survey. Find out more, and take part.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 2
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll