21st century hackers, transported to '86, would have a heyday. Openness and trust is the '86 that Stoll paints in his book, The Cockoos Egg. It is a world of hackers. Stoll spent a year repainting this world: he is the MVP of tight security, correcting his generation's loose computers. I wonder if generation Y has learned from generation X's follies. Or are today's security problems identical
In '86, software updates traveled dirt roads, but 20XX paved those roads. It hurt me to learn that Stoll fought for six months for security patches before government agencies perked up. It would be another six months before catching the hacker. Today, however, attack reporting is streamlined. There are clear avenues for reporting problems. If you find security holes, you issue bug reports directly to the software company. Then, the company fixes the bugs and automatically updates your software. Gone are the days of mailing patches via tapes. Software companies in '86 stayed quiet about security flaws because the news would motivate hackers. Today, thanks to instant updates, this problem is eliminated. What surprised me most is that government agencies knew about security holes in Unix for years, but they never reported the problems. We are better off today: such government disregard will not fly with today's technology.
Generation Y learned from the past: they designed safer computers and systems. Look at BYU's CS accounts: users must use non-dictionary words for passwords. If Stoll's hacker tried his password guessing attack today, he would get nowhere. By design, security today is stronger, and we have Stoll to thank for his lessons on security. Also, in '86 a higher percent of computers had an open door, and it was usually some obvious entrance. I am amazed to hear how mismanaged systems were back then, with guest accounts and built in default accounts open to hackers.
'86 had no Norton AntiVirus. Today, anti-virus programs give computers a sixth sense about viruses. Bob Morris's son would be hard-pressed to overrun one of today's networks.
However, today's attack surface is an ocean, not a pond. Hackers are more rampant and malicious, but networks are much more closed. In '86, the Internet was a seed. Now a redwood, internet users must assume that every user is malicious. This is the difference between Cliff's day and ours: trust. There is less trust today because of hackers. Safety has increased substantially to reestablish trust, but threat count has increased too.
What is the next step? The problem with security is the user. Systems need good system managers. And secure user accounts require smart users. So informing people about good security practices is the next step. Informing users was the intractable problem of '86, and still is the main problem today.
This comment has been removed by the author.
ReplyDeleteI would argue that overall computer security is worse today than it was in '86. One reason as you said is that the attack surface is an ocean (most people don't know what computer security is). Another reason is that there are numerous malicious hackers. In '86 very few malicious hackers existed and computers connected to a network had at least 1 system administrator that knew a little about computer security.
ReplyDelete