Saturday, August 16, 2008

Surfing Security

My eyes were recently opened by an article that my son sent me on the Security of the Internet. Now when Sean sends me this kind of information on the subject of computing, I have to take it seriously. He works as a team leader in support of the server technology for a large banking firm (that I should probably not mention for fear of getting him in trouble)

His knowledge of computers is extensive (he built the one that I am typing this on), his knowledge of the technology of servers and the Internet is extensive, and he works for a financial institution that has him working long hours to help make their sites more secure. (He also plays a mean game of World of Warcraft, and often helps his feeble old man's attempts at such endeavors.)  

It seems that once again, Mankind's reach has exceeded his grasp with respect to the technology that he counts on for his daily existence. Only this time it has to do with the security of the entire Internet that is used for financial transactions of one type or another (Oh yeah, and the fact that they are mostly keeping it a secret). It appears that the Internet was never actually designed to do many of the things that are an everyday part of the lives of us who shop and bank using the World Wide Web (hence the www designation)

The DNS system, invented in 1983, was simply never designed to be secure enough for all of what we are now using it for. I am not talking about the security of the computer that you currently use and attempt to guard through the use of firewalls and virus protection software (though that is still certainly a concern). No, I'm talking about the security of the very web addresses that we send passwords, credit card numbers, and other personal information to on a regular basis. 

In the description of one of the companies making software to fix the problem, we are playing Russian Roulette by putting that information out there. What's more, even the fix that they are currently offering merely takes this to “playing Russian roulette with a gun that has 100 bullet chambers instead of six.” Take heart however. There appears to be a better, and more long term solution is in the works. 

A system known as DNSSEC is not only on the horizon, but has already been adopted by the governments of Sweden and Puerto Rico for their web addresses. It is an encryption based system of site identification that would dramatically improve the confidence that information being sent to a site would go only to that site.  

Meanwhile, there is another version being worked on by a Professor Bernstein at the University of Illinois who claims to have found a system that circumvents the these issues. Neither change however, appears to be imminent. Meanwhile, as in most other things in life "Let the Buyer Beware" (or in this case, the user).  

By the way, though appearances belie it, I am in fact an exiled Liberian prince. If you will only send me $1,000.00 to free capital that is currently tied up in the international banking world, I can promise you a return of 50% interest. If you don't have cash, just send me a credit card and social security number. (Hey, Just Kidding ...)


1 comment:

Roland Hansen said...

Even though I have become accustomed to using the internet, I do not trust its security levels one bit. - Or is that byte??