Blog article
See all stories »

Bumometrics - Hackers, Privacy And The Way The Web Works

1. There are hackers and always will be. They will always be 'smarter' than everyone else.

2. No average user can ever hope to 'secure' their personal data.

3. No corporation can secure data which can be accessed via a network, they can only secure some of it, some of the time, from some of the people.

4. We have created an internet which is unsafe. Users must either accept their money and data being stolen or not spend and lie when giving personal information on the web to protect themselves.

5. If your personal or financial information is out there it will be/has been stolen from someone who has it, and perhaps the smartest thief just steals it from the other thieves, so you'll never even see them.

6. Almost all of your activities and personal information is legitimately for sale to anyone who wants to buy it, from credit agencies, websites or even google.

7. Trust is absent, only hope exists.

This doesn't mean we should do nothing, but most of what we currently do is wasting time and money on poorly designed processes, but at least they employ people and certainly spread the wealth around. Recognising that is the first step. Many have known this for some time. Saying that no amount of user education can change that is almost right, unless we turn everyone into the smartest hacker and that just isn't possible.

Many corporations employ pick-a-box security experts and what do they get out of the box? Pick a box of placebo's. Unless you have an army of IT security experts running live 24/7 there is little hope of protecting your systems or even detecting an attack, let alone preventing one. As for the average user they may just as well spend their money on happy pills.

The last ditch effort of those without a plot is biometrics which will/have been be defeated as fast as they are/were rolled out. The latest is sending a picture of my eye. Where do we go from there? My ass (a CSI episode on TV suggested everyones bum is different and at least they are generally covered from view so perhaps there is some hope for biometrics - call it 'bumometrics'). I could spend my time telling everyone how these things can be defeated, but it is a waste of time, and doesn't really help.

Perhaps it would be easier to change the processes by which we do things rather than try and turn us all into internet security smarties,  snake-oil placebo addicts or candidates for retinal/rectal photography, it hasn't worked so far, has it?

p.s. My wife says I am mean, but unfortunately it is the truth.

2888

Comments: (2)

A Finextra member
A Finextra member 06 April, 2009, 21:45Be the first to give this comment the thumbs up 0 likes

Interestingly we offer these details over the telephone without thinking twice but can fear the internet because it leaks !  A well observed blog

A Finextra member
A Finextra member 11 April, 2009, 08:08Be the first to give this comment the thumbs up 0 likes

I have always found it important to have a Plan B, a definite neccesity if you have a B-grade planto start with (biometrics). After all the expense, if the 'system' is compromised, where do you go from there?

I am not saying that biometric identifiers have no place in identity ever, because confirming who you are( or that someone knows who you are) in a face to face meeting using a photograph for instance may be useful, but any approach which provides only one party with access to the identity 'kingdom' is bound to end in tears.

The current approaches rely on ever increasing amounts of personal data being transmitted via absolutely insecure systems. Simply replacing the personal data with other data like non-renewable biometric identity data is pointless.

I am astounded by the undeserved labels like 'security expert' which gets attached to people who promote clearly flawed and virtually 'snake-oil' solutions. It seems that banking isn't the only area with a distinct absense of ethics and honesty.

Remember last year with all the new fangled gadgets and gimmicks like the 'green browser bar' and other bulldust peddeld as security? The deafening silence from the security companies on the issues of DNS spoofing, BGP re-routing and other simple forms of defeating the snake-oil?

The claims that internet banking was safe. We only need to read one of Mr Siciliano's blogs to realise that there is no security on the net, just that same as there was none last year or any other year if you have read my comments on the internet.

The security companies are completely behind the 8-ball and are unlikely to ever catch up. They don't even understand the issues generally and many obviously have little idea of how the internet and networks work, otherwise they could hardly promote the rubbish we have seen and the totally false claims they made.

The only relevance of this is that customers are a wake-up even if bankers are not. That's ok by me, it seems it's easier for a security expert with a real solution to become a banker than for a banker to find a real security expert with any solution.

 

Retired Member

Member since

19 Mar 2009

Location

Blog posts

6,023

Comments

6,224

This post is from a series of posts in the group:

Whatever...

A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.


See all