Security Issues in Software

Systems getting hacked. Ransomware. (Computer) viruses. Why are these so commonplace? Marc Goodman has a pretty good answer(s) in his book, Future Crimes. A lifetime ago, computers weren’t everywhere; nor was the Internet. While all that has changed, the Westphalian system of sovereignty hasn’t. What’s that? It was a treaty signed in 1648 that agreed that (Western) countries were “sovereign in their territory, with no role for outside authorities to meddle in a nation’s domestic affairs”.

“(It) was preserved through a system of borders, armies, guards, gates, and guns.”

(It’s the de facto standard for all countries today).

 

But today?

“Bits and bytes flow freely from one country to the next without any border guards, immigration controls, or customs declarations…”

A (digital) crime’s victim may be in one country, the perpetrator in a second, and the money transferred to a third. Who exactly has jurisdiction in such cases? And most countries don’t cooperate with others on criminal matters anyway. The digital world is also a borderless world.

 

Another reason is that when a company gets hacked, it has no incentive to admit a breach. Why not? A company perceived to be unsafe loses business. If credit card data was lost, replacing those cards is costly. Cyber-insurance premiums increase. The stock price falls. This unwillingness to report the crime means that others don’t get to know of any risks or backdoors, which means the software products with those flaws (OS’s, MS Office, PDF, apps) don’t get fixed.

 

While we might replace our phones frequently, the same isn’t true for our laptops or all the even more ancient computers used to control dams, electricity grids and other key infrastructure. Ergo, they use software that was not only not designed for Internet based risks, but even worse, use software for which support has expired (i.e., patches and bug fixes are no longer created).

 

Now that software does everything imaginable, it has also become increasingly complex and big. Inevitably then, the number of bugs and errors has increased in proportion, making all systems even more vulnerable.

 

Then there’s the severe asymmetry in the money one gets by reporting a software security flaw to its manufacturer (Microsoft, Google, Apple, WhatsApp) v/s selling it to online criminals. While companies pay a pittance, organized crime (and yes, governments) pay in proportion to the benefits they reap.

 

And last but not least, remember those EUA (end user agreements) we sign when we install any software? Among its unreadable, incomprehensible content, we agree that the company isn’t liable for any security issues in the software. So there you have it – all the reasons security issues in software won’t go away.

Comments

Post a Comment

Popular posts from this blog

Student of the Year

Image
As a toddler, my daughter loved Alia Bhatt’s songs, esp. the ones from Student of the Year . (That movie did have many good songs and well-choreographed dances). Fast forward to present day, when she is 12 yo. She rarely watches Hindi movies now, but one of the few ones she likes of late, Raja aur Rani ki Prem Kahani has, yes, Alia Bhatt.   If I had any hopes that there was anything to be read in the name of her toddler-time favorite ( Student of the Year ), they have been dashed. Our conversations come exam time are perfectly captured by this photo and its caption: In fact, the pic below captures how she and I look at her answer sheets – me intently, she with an expression of “It’s over, so why are you even looking at it?”   Of late, we pull her leg and tell her that she isn’t showing any signs of academic prowess, she’d better find a rich guy to marry. Some time later, she showed us this meme on the Internet: “Me No Study, Me No Care Me Go Marry Millionaire If He Die
Read more

Animal Senses #7: Touch and Remote Touch

Instinctively, we think touch is based on contact. Not entirely true, explains Ed Yong in Immense World – there’s a more important aspect than contact: “These incredible feats are possible through movement. If you rest a fingertip upon a surface, you can get only a limited idea of its features. But as soon you’re allowed to move, everything changes. Hardness becomes apparent with a press. Textures resolve at a stroke.” As you run your fingers over a surface, they hit the tiny peaks and troughs and set off vibrations in the mechanoreceptors at their tips.   At the tip of its snout, the star-nosed mole has many pairs of hairless appendages. It uses them to touch things around itself. Alive or dead? Food or ignore? It does these movements at an insane speed. In the time it takes to blink our eyes, the star-nosed mole can probe, identify and swallow its food. “Light may be the fastest thing in the universe, but light sensors have their limits, and the star-nosed mole’s sense of
Read more

The Retort of the "Luxury Person"

Image
Coming up with biting and witty retorts. It’s something we dream of, but rarely manage to pull off. Worse, the more we stew over the offending remark, the more likely we are to come up with that dream retort, as Calvin ruefully points out: During our last holiday at the Taj Resort, seeing my wife carrying towels to our poolside chairs, one of the kids there mistook her for a member of the staff and asked for a towel. When my wife narrated this to us, I did not imagine that my 8 yo daughter would come up with her own retort. But a day later, my daughter recapped the incident, an incident that didn’t even involve her in the first place , and said, “You know what I’d have told that kid who asked for the towel?”. And without waiting for an answer, she told us anyway: “I don’t work here. I too am a luxury person who is living at this resort. Go get your own towel.” We were highly amused by the phrase she had coined: “luxury person”. It certainly captures the kind of holid
Read more