And while I'm on a bit of a rant rampage, Joanna Rutkowska is hitting the news again with her BlackHat Federal talk. Without going into details, I'm unconvinced of the efficacy of Blue Pill, I read her slides for her Chaos Computer Congress talk and was unimpressed at the actual New Stuff there (although her classifications for malware are interesting), and basically I wonder at the raving hordes of fanbois she seems to attract. All that being said, a recent Slashdot posting caught my eye and got me thinking. She said "[m]aybe we should rethink the design of our computer systems so they they are somehow verifiable."
I'll go her one further: maybe we should instead be rethinking the design of our infrastructure and how much trust we put into computers (and the people who operate them) instead of worrying about the computers themselves.
This is not to say that computer and network security is not important. It is. However, many of the issues surrounding computer security are not technical at heart; they're social. I assert that it is impossible to solve a social problem with technology, and any attempt to do so is not only doomed to abject failure, such failure may result in conditions worse than those they were trying to ameliorate.
At this point it would be fair to ask what remedy I suggest. I don't. Not now, maybe not ever: this may not be a solvable problem, it could just be that we will have to accept the fact that computers are ruling our lives, and attempt to make it as difficult as possible for people to cause that to happen to us as individuals. (Keep your money in a sock and only spend cash, I don't know. Don't make or comment on blog postings.)
Sure, all that computer stuff is important, but I don't care that TJ Maxx or whoever gets compromised and my credit card info is sold to Russian Mafia types. I care that it's there in the first place.