Security Issues in Software

Systems getting hacked. Ransomware. (Computer) viruses. Why are these so commonplace? Marc Goodman has a pretty good answer(s) in his book, Future Crimes. A lifetime ago, computers weren’t everywhere; nor was the Internet. While all that has changed, the Westphalian system of sovereignty hasn’t. What’s that? It was a treaty signed in 1648 that agreed that (Western) countries were “sovereign in their territory, with no role for outside authorities to meddle in a nation’s domestic affairs”.

“(It) was preserved through a system of borders, armies, guards, gates, and guns.”

(It’s the de facto standard for all countries today).

 

But today?

“Bits and bytes flow freely from one country to the next without any border guards, immigration controls, or customs declarations…”

A (digital) crime’s victim may be in one country, the perpetrator in a second, and the money transferred to a third. Who exactly has jurisdiction in such cases? And most countries don’t cooperate with others on criminal matters anyway. The digital world is also a borderless world.

 

Another reason is that when a company gets hacked, it has no incentive to admit a breach. Why not? A company perceived to be unsafe loses business. If credit card data was lost, replacing those cards is costly. Cyber-insurance premiums increase. The stock price falls. This unwillingness to report the crime means that others don’t get to know of any risks or backdoors, which means the software products with those flaws (OS’s, MS Office, PDF, apps) don’t get fixed.

 

While we might replace our phones frequently, the same isn’t true for our laptops or all the even more ancient computers used to control dams, electricity grids and other key infrastructure. Ergo, they use software that was not only not designed for Internet based risks, but even worse, use software for which support has expired (i.e., patches and bug fixes are no longer created).

 

Now that software does everything imaginable, it has also become increasingly complex and big. Inevitably then, the number of bugs and errors has increased in proportion, making all systems even more vulnerable.

 

Then there’s the severe asymmetry in the money one gets by reporting a software security flaw to its manufacturer (Microsoft, Google, Apple, WhatsApp) v/s selling it to online criminals. While companies pay a pittance, organized crime (and yes, governments) pay in proportion to the benefits they reap.

 

And last but not least, remember those EUA (end user agreements) we sign when we install any software? Among its unreadable, incomprehensible content, we agree that the company isn’t liable for any security issues in the software. So there you have it – all the reasons security issues in software won’t go away.

Comments

Post a Comment

Popular posts from this blog

Why we Deceive Ourselves

In their book, The Elephant in the Brain , the authors describe this weird aspect of deception that we practice: deceiving ourselves! That is so weird: “If our minds contain maps of our worlds, what good comes from having an inaccurate version of these maps?” The Sigmund Freud school of thought treats self-deception as a defense mechanism, “a way for the ego to protect itself”. The mind seeks to protect itself from anxiety and other negative emotions. Many object to this reasoning: since accurate information is so critical to our survival, surely distorting information would be dangerous. Wouldn’t the goal of protecting our self-esteem have been better achieved by making the brain’s self-esteem mechanism stronger instead? The new school of thought explains self-deception as “primarily outward-facing, manipulative, and ultimately self-serving”. This is based on Thomas Schelling’s work on game theory: “In a variety of scenarios, limiting or sabotaging yourself is the winn...
Read more

Europe #3 - Innsbruck

The last city we visited in Europe was Innsbruck in the Austrian Alps. After the cold and windy experience (at times) of Paris and Netherlands, Innsbruck was a wonderful change – it didn’t feel that cold, it was not windy all of which made it easy to walk around. Something absolutely necessary given how scenic the place is.   Since the hotel check-in time was much later in the day, we left the baggage and went to the Swarovski HQ-cum-museum about an hour by bus from Innsbruck. The crystal exhibits were brilliant – colorful, bright, shiny. Jewellery aside, it was a display of what one can do with crystals. While my wife and daughter loved the jewellery, I liked the superhero themed exhibits of Batman, Spiderman, the Hulk, and Star Wars. We didn’t buy anything there, though we did buy stuff in the Swarovski store in Innsbruck – jewellery, not the superhero stuff.   Innsbruck is a major tourist attraction during the skiing season but now in summer, we saw many groups of ...
Read more

The Thrill of the Chase

So many people complain about the difficulty in making decisions while shopping. Do you buy Brand X that gives 20% extra free? Or Brand Y that has 10% off? Or Brand Z that gives something else free with it? Do you buy that flat screen TV today or wait for the sale at Diwali? Now since the customer is king, shouldn’t companies be simplifying pricing choices? Like maybe offering consistently low prices all the time? Not so fast, as the US store, JC Penney discovered to its cost. Turns out that while people do complain about pricing choices, they are irrational. Also, they enjoy the thrill of the chase. Huh? The word “sale” acts like a siren call for many people: it lures them in to make that purchase. Consistently low prices don’t do the same. Besides, if a competitor lowers their prices just one time of the year, and Poof! Suddenly that low price claim becomes suspect in shoppers’ eyes. Then there are those sites that offer coupons: have lunch at Restaurant A on Wedne...
Read more