Archive for June 13, 2010

Why the current computer security paradigm is analogous to fixing a leaky dam

June 13, 2010 6 comments

I’m always trying to find new and innovate ways to explain the realities of computer security and hacking to people. It’s not that easy. Many people’s perspective and ideas are “hard coded” into their minds, so they are very resistant to accepting new ways of looking at the problem.  I hope you’re not one of those people.

I’m sure everyone recognizes that a leaky dam is a problem. When a hole appears, it needs to be fixed. The people maintaining the dam will come up with innovate ways to prevent leaks, such as self-sealing coatings or reinforcing certain weak spots. But water is very powerful and sometimes a hole appears despite these measures. Those maintaining the dam will implement a special leak detection system and hire a staff to monitor the system 24 x 7, so they can respond to leaks in an expeditious manner, to prevent a leak from getting bigger. But the bottom line is that leaks are still developing.  Countless time, money and effort will be spent trying to prevent, detect and fix leaks, but does anyone ever stop and think that perhaps they are going about solving the leak problem in the wrong way?

Read more…