a thoughtful web.
commentspostsbadges
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment
goobster  ·  2369 days ago  ·  link  ·    ·  parent  ·  post: Krack Attacks: Major vulnerability found in WPA2. "If your device supports Wi-Fi, it is most likely affected."

Ah. I see where I was unclear. Thanks for taking the time to explain how you read my post, because I did not mean what you read.

This isn't a problem for the USER to solve. My problem is with the BUSINESS.

It is the BUSINESS that washed their hands of the responsibility for your data, thereby endangering you in the first place.

To take my Target breach example; If Target had their own credit card that they underwrote, issued, and processed, they would be FAR more careful with your data. Because any breach hits them directly in the bottom line.

Instead, they offload the responsibility to a credit card issuer/processor (Visa, MasterCard, etc), who do not have as much skin in the game, and are therefore less interested in maintaining the highest level of security around YOUR data, because YOU are not their customer: Target is. And Target is paying them for TRANSACTIONS, not for fabulous security.

If you think about the tech used in a CC transaction, there are 5 companies handling your data, and only ONE of them has any real motivation to protect you, as an individual. To all 4 of the other intermediaries, you don't even exist: you are just a packet of data within gigabytes of data they transfer every day.

The parallel I tried to draw with email is that we choose offload the responsibility to someone else, when we choose to use a service (Gmail, Hotmail, Yahoo, etc.), instead of configuring our own server. Things were a lot more secure when you had to give a shit and actually understand how all the parts and pieces fit together, from hardware to software. Now it takes 10 seconds to set up an email account, and all you need to do is come up with a 4-letter password. Offloading all the responsibility for the infrastructure and security onto a disinterested third party is the risk we decide to take.

The key place where you took my words off in a new direction, is when you moved away from my conjecture - that services are the problem - and abstracted to armies, cable companies, etc. And yeah... libertarianism to me is the domain of 13-year old keyboard jockeys who have never had to pay rent. It is stupid to its core.

The bone I want to pick is with SaaS, which, incidentally, pays my considerable wages.

Everyone is so quick to invent a new middle-man service, that streamlines a process and takes a half-a-penny per transaction... but every middle-man "service provider" is one more incredibly weak link in the chain.

From the 1500s up to about the 1920s, a business took care of itself. Everyone from the janitor to the CEO worked for the company, and all customer processes were handled in-house.

But that is expensive. Having your own Credit Department that has to research every new application for a credit card is expensive. And it SHOULD be! It is a critical, important, and delicate function of the business.

But then Johnny McStartup shows up and says that he can do all that for you for 1/10th of the price, so you fire all your skilled people and pay McStartup to do all your credit accounts.

Why does McStartup cost less? Because they are less rigorous. Or hire junior-level researchers and analysts. Or whatever. They cut corners. That cuts costs.

But McStartup's customer is the Company, not the Individual. So they keep the Company happy by providing a service that Company used to do in-house, and they do it for a fraction of the price. And hey... if they fuck it up, who cares? It isn't Company that takes the blame! And McStartup is one-step removed from you, Mr Customer, so they are insulated from you as well.

THIS is my problem with the way businesses are structured today, and why it is so easy for hackers to ALWAYS get the data they want, with little effort. There are too many middle-men, with too little respect for the data they handle, and hackers always find a way through. Hell... they don't even need tech to do it... they can just call up Customer Service and social-engineer them, to get the info they want.

Yeah. So, fuck Libertarianism.

And security is ALWAYS going to be a problem, when you create choke-points in the data stream that are lucrative to hack. If every single retailer had to issue their own credit cards, instead of using Visa or MasterCard, there would be little to no reason for hackers to target that data.

And maybe now that we have sorta unlimited bandwidth, RAM, and disk space, maybe widening the choke points is a better way to reduce the tastiness of the data to hackers...


markup tips  ·  0


about
tutorial
faq
rss
tmi
random
privacy & terms
weather
donate
login