The Secret Of The Net One Big Buggy Beta

Most people look at me surprised when I tell them the internet is still in beta, but it's true,

 

Vint Cerf, the father of the Internet said so himself. He was quoted in the book Fatal System Error: "My thought at the time, thirty-five years ago, was not to build an ultra-secure system, because I could not tell if even the basic ideas would work. We never got to do the production engineering."

 

If you know software development jargon, that means it remained in beta... and -has- been up to now. The protocols they built at the time focused on fault tolerance, they simply were not built for security and the net is one big buggy beta. Unfortunately, the bad guys know this full well, and are exploiting it to the limit.

What this all means is that Web security is fundamentally broken.

If the owner of a website wants to know who you are, where you live, and much much more, they can get that information easily. With that in mind, lets look at some realities regarding websites and web browsers. It is possible to defend a website against a malicious browser. Takes a lot of work, but it is achievable.

 

However, the other way around is impossible. If you visit a malicious website using your browser, you cannot to defend against that site, which explains the incredible success of the Exploit Kits. Your browser is a paradise for the hacker as they can make it do all kinds of things, and anonymous browsing is simply not something you can count on.

 

But don't take it from me, see Jeremiah Grossman, Founder and CTO of WhiteHat Security, in a recent presentation where he shows you can easily de-anonymize site visitors:

The upshot of all of this that you need to THINK BEFORE YOU CLICK, and step through some good quality security awareness training.