ASk HN: Did Internet evolution kill all the security models?

1 points by txutxu ↗ HN
I was doing some researching to improve the security on a system right now, and this did come to my mind.

When you design with security in mind, you assume things are going to get compromised.

As such, one of the unix-like systems strategies, is to limit the available resources for compromised "elements" (users, processes, hosts, subnets, etc).

Back in the day, we did "download markup to render rich text".

That is relatively acceptable, even if it implies some trust levels (the server software, the client software, the content processed, the scenario, etc...).

But hey, we're 2013. The browser access to many layers of abstraction and functionalities, the smartphone is not better...

Quality of default configurations of many elements has "evolved" across the years... to the point of demand your work exponentially if you want to follow some minimal security best practices.

Once upon a time, the data was in your computer, and you used e-mail to communicate, and did access to content following html links. But nowadays any security model is broken by default for the average use that people does of internet.

Share everything, locally, remotely, between devices, reuse credentials between providers, crappy software validation processes, code which you cannot audit but your data uses, etc etc etc

Did the internet evolution kill our computers security ?

6 comments

[ 7.9 ms ] story [ 23.0 ms ] thread
Considering that the "internet" was developed with the original purpose to make it easier to transmit information between trusted nodes (researchers), security seems like it was an after-thought[0]…

Even in the next step in evolution to meshnet's, from following forums like this[1], security still remains an after-thought (or not up for thought yet it appears in this case)…

[0]https://en.wikipedia.org/wiki/History_of_the_Internet#From_A...

[1] http://forum.chicagomeshnet.com/

Lot of people, I myself lot of times, by technical ignorance, don't follow balanced practices, comparing what we do on the computer, with what we do in real life.
Agreed, but what I'm saying is that there were no balanced practices to begin with… systems were assumed to be "secure". What people equate to the internet today, was built upon those assumptions. If one were to look back at it and say that the internet killed computer security would be like trying to fit square pegs in round holes…

Now if there were something that we all would equate to being the internet that wasn't built upon those assumptions and failed to provide adequate security for the masses… that would be a different problem.

Well I see your point. Internet is just part of the history of computers as other technologies are too.

But what I'm referring is more to the evolution of internet (lets say since the arrival of colors, images, js, flash, java, ajax, "social", "cloud", ...)

I.E. I don't pay to anybody in my city to save my physical photos, neither I put my photos in the middle of the city so everybody can look at them. But that is what the average internet user has being doing in the last years.

But that is what the average internet user has being doing in the last years.

Personally, I think that the avg internet user has yet to grapple with the terms of the capabilities of technology that renders some of their "protections" on social constructs obsolete from a technical standpoint. In an economic sense, I would call it informational asymmetry.

But more than any point in history (or maybe not if one abstracts enough away), the avg internet user has the capabilities to understand, but for the most part, chooses not to… and how can one insure another's security, when the other chooses not to be actively concerned and mitigate such concerns like some of us do?

Loving your definition "informational asymmetry". Two words which define perfectly a complex concept.

And not liking the technical answers which come to my mind to your question, because they're against the nature and evolution of internet.

So upvoted, and thanks for your thoughts.