User Tools

Site Tools


ci2010:team1_theinternet_security

The threat of being hacked and exploited faces nearly every internet-centric service or program. Unfortunately, it seems impossible to make a program completely “hack proof.” Therefore, we simply must do our best to stay ahead of hackers. Many security researchers have decided that the best way to stay ahead of hackers is to hack programs themselves and subsequently post the exploits to the internet for all to see. According to professor Comer, this is a bad thing. Our team does not necessarily unanimously agree on this topic, but I certainly disagree with professor Comer. I believe that purposefully exploiting programs and then making the holes public is indeed the best way to stay ahead of hackers. Imagine a hacker that manages to mine personal information from a “secure” web service offered by company A and then uses this information to spam company A's customers or otherwise abuse the information he has gathered. Even if company A finds out about the exploit, they may drag their feet in their efforts to fix the problem because their customers are unaware that the information allowing them to get spammed is being mined from company A, and therefore company A's profits are not affected. The only way to force a company to fix weak spots in its services ASAP is by publicizing the problems. Also, assuming the researcher discovered the loophole first, hackers will never get the chance to exploit it because a smart hacker would never bother with an exploit everyone knows about.

Yet another dilemma the internet introduces is the problem of international data policing. As professor Comer stated, it is nearly impossible to enforce any sort of laws across borders because the data in question passes between two entirely separate jurisdictions. Many of us have probably seen the guys with black briefcases selling pirated movies illegally on the streets. Of course, as soon as an officer catches him red-handed, the scam is over. However, imagine the dude with the briefcase was standing in Denmark tossing movies across the Atlantic to customers in the U.S. without physically being in the U.S. If that were possible, even if authorities watched the movies fly across the ocean first hand, they wouldn't be able to stop the guy throwing them because he is out of their jurisdiction. With the advent of the internet (and especially now with high-bandwidth connections), this scenario is commonplace, and there is hardly a thing the government can do about it. Yet. Eventually the laws will adapt to the internet and its capabilities, but for now everything goes. Like professor Comer said, the internet is still in it's “wild west” phase.

ci2010/team1_theinternet_security.txt · Last modified: 2010/02/09 10:03 (external edit)