The Naked Scientists
  • Login
  • Register
  • Podcasts
      • The Naked Scientists
      • eLife
      • Naked Genetics
      • Naked Astronomy
      • In short
      • Naked Neuroscience
      • Ask! The Naked Scientists
      • Question of the Week
      • Archive
      • Video
      • SUBSCRIBE to our Podcasts
  • Articles
      • Science News
      • Features
      • Interviews
      • Answers to Science Questions
  • Get Naked
      • Donate
      • Do an Experiment
      • Science Forum
      • Ask a Question
  • About
      • Meet the team
      • Our Sponsors
      • Site Map
      • Contact us

User menu

  • Login
  • Register
  • Home
  • Help
  • Search
  • Tags
  • Member Map
  • Recent Topics
  • Login
  • Register
  1. Naked Science Forum
  2. Non Life Sciences
  3. Technology
  4. Are we Thinking About Cybersecurity All Wrong?
« previous next »
  • Print
Pages: [1]   Go Down

Are we Thinking About Cybersecurity All Wrong?

  • 9 Replies
  • 3287 Views
  • 0 Tags

0 Members and 1 Guest are viewing this topic.

Offline AndroidNeox (OP)

  • Sr. Member
  • ****
  • 292
  • Activity:
    0%
  • Thanked: 2 times
    • View Profile
Are we Thinking About Cybersecurity All Wrong?
« on: 09/12/2016 07:22:23 »
Listening to a podcast about cybersecurity, today, I yelled at my iPhone, "You're totally on the wrong track!"

The experts were talking about how some industries are good at it and others not. That's goofy. It's not the job of bankers or hospitals or schools to all master the intricacies of security. The features should be built in, by default.

There is a standard 7-layer model for computing, from the hardware layer (e.g. ethernet card) up to the presentation layer that handles the user interface. When some layer communicates with another computer, each layer establishes some form of link with the corresponding layer in the other computer. When exchanging data, each intervening layer takes the data and packages it for delivery to the corresponding layer in the other computer. There is no reason that every time the message goes into a new envelope, the contents shouldn't be encrypted.

Before the data I type in this window on my screen leaves my computer, the text should be encrypted half a dozen times by independent computing processes.

All of the technology exists within the public domain. I can see no excuse for not requiring it.
« Last Edit: 09/12/2016 08:04:58 by chris »
Logged
 



Offline evan_au

  • Global Moderator
  • Naked Science Forum King!
  • ********
  • 8967
  • Activity:
    75%
  • Thanked: 882 times
    • View Profile
Re: Are we Thinking About Cybersecurity All Wrong?
« Reply #1 on: 09/12/2016 09:38:17 »
Quote from: AndroidNeox
the text should be encrypted half a dozen times
There is processing and communications overhead in multiple encryption. The TOR browser does this, and apparently it is fairly slow.

There is also the question of how much security you need for text which will be displayed unencrypted on a public discussion forum, vs the password for your bank account.

One goal of security is to increase the availability of your data to yourself, and whoever else you choose to allow access.
- If the security is inadequate, you can't access your data because the hard disk has been encrypted by malware, or you can't access a website because it is suffering a Denial of Service attack.
- Or perhaps some unauthorized people get their hands on your credit card details
- But if the security is too good, you can't access your data because you keep mistyping your 50-character password, or you have to retype your password every 5 minutes, or you have to remember 5 different passwords to purchase a book online. Or even if the bank suspends payment because you made a purchase from a company you haven't used before...

But I agree that security should be a basic design consideration in all applications.
Logged
 

Offline tkadm30

  • Naked Science Forum King!
  • ******
  • 2439
  • Activity:
    0%
  • Thanked: 34 times
  • Breaking the box...
    • View Profile
    • IsotopeResearch
Re: Are we Thinking About Cybersecurity All Wrong?
« Reply #2 on: 09/12/2016 10:52:52 »
Quote from: AndroidNeox
Are we Thinking About Cybersecurity All Wrong?

Yes. In my opinion, cybersecurity should include defensive technology for resisting human-assisted neural devices
weaponization and remote neural monitoring. The technology of remote neural monitoring should be publicly disclosed to avoid cybernetic influences and surveillance of the minds of targeted victims.
Logged
Not all who wander are lost...
 

Offline Bored chemist

  • Naked Science Forum GOD!
  • *******
  • 21155
  • Activity:
    100%
  • Thanked: 485 times
    • View Profile
Re: Are we Thinking About Cybersecurity All Wrong?
« Reply #3 on: 11/12/2016 16:37:26 »
Quote from: tkadm30 on 09/12/2016 10:52:52
Quote from: AndroidNeox
Are we Thinking About Cybersecurity All Wrong?

Yes. In my opinion, cybersecurity should include defensive technology for resisting human-assisted neural devices
weaponization and remote neural monitoring. The technology of remote neural monitoring should be publicly disclosed to avoid cybernetic influences and surveillance of the minds of targeted victims.

Don't you think it would be better to employ resources to counter threats that are real, rather than ones yo seem to have invented and have no evidence for?
Logged
Please disregard all previous signatures.
 

Offline syhprum

  • Naked Science Forum King!
  • ******
  • 5061
  • Activity:
    8.5%
  • Thanked: 64 times
    • View Profile
Re: Are we Thinking About Cybersecurity All Wrong?
« Reply #4 on: 11/12/2016 20:24:58 »
To  much security can be counter productive, if a communication channel demands a 20 random character password and locks you out for a day if you get it wrong, what do you do the best solution is write it on a note that you pin to your monitor or leave it in a file on your desk top.
That why the wonder encryption machine Enigma failed because it required idiot proof operators 
Logged
syhprum
 



Offline puppypower

  • Naked Science Forum King!
  • ******
  • 1316
  • Activity:
    9.5%
  • Thanked: 95 times
    • View Profile
Re: Are we Thinking About Cybersecurity All Wrong?
« Reply #5 on: 12/12/2016 12:36:50 »
Instead of being defensive, couldn't security be offensive. If someone tries to hack computer, a silent assassin program could be released that will create havoc for the perpetrator; release the dog. It should not be about the good guys figuring out how to survive an assault. It should be about the goods guy putting hurt on the bad guys, if they are bad. This is how you teach the bad guys good behavior. If they wish to gain illegal access, they will need too make portal back to themselves, which will become the portal for mad dog-ware.
Logged
 

Offline tkadm30

  • Naked Science Forum King!
  • ******
  • 2439
  • Activity:
    0%
  • Thanked: 34 times
  • Breaking the box...
    • View Profile
    • IsotopeResearch
Re: Are we Thinking About Cybersecurity All Wrong?
« Reply #6 on: 12/12/2016 13:25:20 »
Quote from: Bored chemist on 11/12/2016 16:37:26
Don't you think it would be better to employ resources to counter threats that are real, rather than ones yo seem to have invented and have no evidence for?

Neural networks security is real and can be attacked by hackers using human-assisted neural devices to trigger neural responses.

Logged
Not all who wander are lost...
 

Offline tkadm30

  • Naked Science Forum King!
  • ******
  • 2439
  • Activity:
    0%
  • Thanked: 34 times
  • Breaking the box...
    • View Profile
    • IsotopeResearch
Re: Are we Thinking About Cybersecurity All Wrong?
« Reply #7 on: 14/12/2016 11:40:12 »
EEG Identification Can Steal Your Most Closely Held Secrets: http://spectrum.ieee.org/the-human-os/biomedical/devices/eeg-identification-can-steal-your-most-private-secrets

Who controls your private EEG data collected from your "smart" phone ?
Logged
Not all who wander are lost...
 

Offline AndroidNeox (OP)

  • Sr. Member
  • ****
  • 292
  • Activity:
    0%
  • Thanked: 2 times
    • View Profile
Re: Are we Thinking About Cybersecurity All Wrong?
« Reply #8 on: 15/12/2016 22:45:17 »
Quote from: evan_au on 09/12/2016 09:38:17
There is processing and communications overhead in multiple encryption. The TOR browser does this, and apparently it is fairly slow.
TOR routes through different servers to hide the identity of the user. Traffic is routed between random servers, often in different countries. This isn't necessary for normal security. All that's needed is for the contents of traffic to be secure. Encryption isn't necessarily slow or require large overhead. The problem is that companies don't bother because customers don't insist.

Quote from: evan_au on 09/12/2016 09:38:17
There is also the question of how much security you need for text which will be displayed unencrypted on a public discussion forum, vs the password for your bank account.

How much security the user needs is total. Do you want your public forum identity used to present statements you didn't make? There's no reason for any of the traffic, except for routing information necessary for the active protocol, to be unencrypted. Maybe even that should be protected in private sessions between nodes and routers.

Quote from: evan_au on 09/12/2016 09:38:17
One goal of security is to increase the availability of your data to yourself, and whoever else you choose to allow access.

No, the goal of security is to ensure that nobody can access the data except those who are entitled to it. Minimizing overhead and inconvenience is a design goal but not a goal of security. You don't put locks on your door so that people can enter your home... you put locks on so nobody without a key can enter. You accept the inconvenience in return for the security.

Quote from: evan_au on 09/12/2016 09:38:17

- But if the security is too good, you can't access your data because you keep mistyping your 50-character password, or you have to retype your password every 5 minutes, or you have to remember 5 different passwords to purchase a book online. Or even if the bank suspends payment because you made a purchase from a company you haven't used before...


This is a strawman argument. Nowhere here have I suggested anything so stupid as a 50 character password. I do suggest dual authentications for certain operations.

The extra security should be invisible to the users. All of the technology exists in the public domain. Engineers know how to implement it. The problem is with the business majors and accountants that run companies and customers not demanding security.

Governments will find that their negligence in legislating security requirements has left our global economy wide open.
Logged
 



Offline AndroidNeox (OP)

  • Sr. Member
  • ****
  • 292
  • Activity:
    0%
  • Thanked: 2 times
    • View Profile
Re: Are we Thinking About Cybersecurity All Wrong?
« Reply #9 on: 19/09/2018 16:28:08 »
Quote from: evan_au on 09/12/2016 09:38:17
The TOR browser does this, and apparently it is fairly slow.
Encryption doesn't have to be slow. The overhead of TOR isn't local, it's due to routing connections through multiple servers.
Logged
 



  • Print
Pages: [1]   Go Up
« previous next »
Tags:
 

Similar topics (5)

why is babies poo the "wrong" colour?

Started by paul.frBoard Physiology & Medicine

Replies: 18
Views: 14521
Last post 26/11/2018 19:04:47
by syhprum
"Simple" Rocket Science: Where have I gone wrong?

Started by harrogate22Board General Science

Replies: 2
Views: 7095
Last post 06/01/2008 16:33:26
by lyner
The Big Bang Theory has been discredited and the Red Shift theory is wrong?

Started by Joe L. OganBoard Physics, Astronomy & Cosmology

Replies: 9
Views: 9274
Last post 08/02/2010 13:54:26
by PhysBang
QotW - 13.04.25 - Why do some people "get out of bed on the wrong side"?

Started by thedocBoard Question of the Week

Replies: 1
Views: 5700
Last post 29/04/2013 13:20:07
by thedoc
Where did Clooney and Bullock get gravity "wrong" in their recent film?

Started by evan_auBoard Physics, Astronomy & Cosmology

Replies: 5
Views: 3750
Last post 26/10/2013 12:21:16
by evan_au
There was an error while thanking
Thanking...
  • SMF 2.0.15 | SMF © 2017, Simple Machines
    Privacy Policy
    SMFAds for Free Forums
  • Naked Science Forum ©

Page created in 1.723 seconds with 59 queries.

  • Podcasts
  • Articles
  • Get Naked
  • About
  • Contact us
  • Advertise
  • Privacy Policy
  • Subscribe to newsletter
  • We love feedback

Follow us

cambridge_logo_footer.png

©The Naked Scientists® 2000–2017 | The Naked Scientists® and Naked Science® are registered trademarks created by Dr Chris Smith. Information presented on this website is the opinion of the individual contributors and does not reflect the general views of the administrators, editors, moderators, sponsors, Cambridge University or the public at large.