Join the Community

21,703

Expert opinions

43,989

Total members

483

New members (last 30 days)

185

New opinions (last 30 days)

28,596

Total comments

Join Sign in

Bumometrics - Hackers, Privacy And The Way The Web Works

04 April 2009 Be the first to comment

Retired member

1. There are hackers and always will be. They will always be 'smarter' than everyone else.

2. No average user can ever hope to 'secure' their personal data.

3. No corporation can secure data which can be accessed via a network, they can only secure some of it, some of the time, from some of the people.

4. We have created an internet which is unsafe. Users must either accept their money and data being stolen or not spend and lie when giving personal information on the web to protect themselves.

5. If your personal or financial information is out there it will be/has been stolen from someone who has it, and perhaps the smartest thief just steals it from the other thieves, so you'll never even see them.

6. Almost all of your activities and personal information is legitimately for sale to anyone who wants to buy it, from credit agencies, websites or even google.

7. Trust is absent, only hope exists.

This doesn't mean we should do nothing, but most of what we currently do is wasting time and money on poorly designed processes, but at least they employ people and certainly spread the wealth around. Recognising that is the first step. Many have known this for some time. Saying that no amount of user education can change that is almost right, unless we turn everyone into the smartest hacker and that just isn't possible.

Many corporations employ pick-a-box security experts and what do they get out of the box? Pick a box of placebo's. Unless you have an army of IT security experts running live 24/7 there is little hope of protecting your systems or even detecting an attack, let alone preventing one. As for the average user they may just as well spend their money on happy pills.

The last ditch effort of those without a plot is biometrics which will/have been be defeated as fast as they are/were rolled out. The latest is sending a picture of my eye. Where do we go from there? My ass (a CSI episode on TV suggested everyones bum is different and at least they are generally covered from view so perhaps there is some hope for biometrics - call it 'bumometrics'). I could spend my time telling everyone how these things can be defeated, but it is a waste of time, and doesn't really help.

Perhaps it would be easier to change the processes by which we do things rather than try and turn us all into internet security smarties, snake-oil placebo addicts or candidates for retinal/rectal photography, it hasn't worked so far, has it?

p.s. My wife says I am mean, but unfortunately it is the truth.

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

3233

Report

Whatever...

A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.

Join group

480 opinions 23 members 13 March 2023

Comments: (2)

A Finextra member

06 April 2009

Interestingly we offer these details over the telephone without thinking twice but can fear the internet because it leaks ! A well observed blog

Report

A Finextra member

11 April 2009

I have always found it important to have a Plan B, a definite neccesity if you have a B-grade planto start with (biometrics). After all the expense, if the 'system' is compromised, where do you go from there?

I am not saying that biometric identifiers have no place in identity ever, because confirming who you are( or that someone knows who you are) in a face to face meeting using a photograph for instance may be useful, but any approach which provides only one party with access to the identity 'kingdom' is bound to end in tears.

The current approaches rely on ever increasing amounts of personal data being transmitted via absolutely insecure systems. Simply replacing the personal data with other data like non-renewable biometric identity data is pointless.

I am astounded by the undeserved labels like 'security expert' which gets attached to people who promote clearly flawed and virtually 'snake-oil' solutions. It seems that banking isn't the only area with a distinct absense of ethics and honesty.

Remember last year with all the new fangled gadgets and gimmicks like the 'green browser bar' and other bulldust peddeld as security? The deafening silence from the security companies on the issues of DNS spoofing, BGP re-routing and other simple forms of defeating the snake-oil?

The claims that internet banking was safe. We only need to read one of Mr Siciliano's blogs to realise that there is no security on the net, just that same as there was none last year or any other year if you have read my comments on the internet.

The security companies are completely behind the 8-ball and are unlikely to ever catch up. They don't even understand the issues generally and many obviously have little idea of how the internet and networks work, otherwise they could hardly promote the rubbish we have seen and the totally false claims they made.

The only relevance of this is that customers are a wake-up even if bankers are not. That's ok by me, it seems it's easier for a security expert with a real solution to become a banker than for a banker to find a real security expert with any solution.

Report