Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

WikiLeaks: Lessons – for Everyone

I think we have all by now heard about the rather embarrassing publication of thousands of “secret” government correspondences on WikiLeaks.

Many are/were shocked and surprised, and wondered, “how could this happen?”

Ha. The better question is – how could it not? In fact, you don’t have to know much about network communications, nor data storage, nor databases to know “secure” does not mean secure – not the way you and I think of it. (Secure in computing seems to mean “difficult”, as in in, it’s difficult to access, so it’s secure.)

“WikiLeaks Teaches Us that No Data is Safe.”

Though I harbor no intention of ever becoming a CISSP, I have studied the material (yes, I am that “geeky”) and occasionally take practice tests. For fun, yes, and because we live in the “digital age”. And I am in the front lines of one of the “cyber wars” we have been waging (for over a decade) — the war against “hackers” (they’re really just criminals using computers) and the viruses and spyware they infect us with (“malware” is a much better word).

And I watched tech rise up, and start toddling around.. and I watched all the bright boys say “wouldn’t it be neat if we could get these machine talking to each other?!” And so I understand how cobbled together and makeshift all these “protocols” and “new technologies” are. Because at first, the machines were either non-talkative, or only spoke to similar machines.

And the whole while, I lived right here in the Silicon Valley, and watched people become overnight millionaires just because they rushed something out and got to market first (with a prototype, in “beta” development). (Or worse, just marketed an idea for an alpha prototype.) And a word got invented and it was filled with magical powers — “startup”. It attracted money out of thin air.

But, I digress – back to the CISSP (that’s the ‘competency test” for Information Security types). You know what it teaches, essentially? “Risk Management” (choose what risks are acceptable, and which you should dump money into “shoring up”) and “What To Do After You Have Been Violated”. Nowhere in the curriculum can I find the chapter that says “Do This And Be Safe, Secure, & Bullet-Proof”.

“Cuz there is no such thing. Any security pro could tell you (I believe) that even if there were some way to harden down communications and the machines that use them (and on the current Internet, with our current machines and devices, there is not) all the way to “bullet-proof”, there’s still the humans using the machines.

Do you think it took a super spy like James Bond to obtain those documents? You know.. using some laser in his wristwatch to cut his way into some heavily guarded “commo room”? So he could pocket some super CD? Like in the movies? (the first Mission Impossible, maybe?)

Ha.. I made myself chuckle at that. No, all James would have to do is get a job as a night janitor, and walk from PC to PC typing in “password” until he had full access to any database. ‘Cuz some regular employee surely is using that as their logon, (and some IT type isn’t enforcing the password policy..)

No I wasn’t, and I doubt anyone who really thinks about things would be, surprised by the “leak”. We knew it was coming, because we know the government uses the Internet for communications. And uses PC’s like ours.  (And they want to put more information about us into their databases. Everyday. Great, eh?) Though they should not be. We know of other “breaches” and “thefts” and “leaks”. (Some of us have become kind of numb from seeing so many, month after month.. ) And, know this, our government (typically) tries harder at security than our businesses and corporations (typically) do. (Remember TJMax?)

But this isn’t about me, nor the government, it’s about you. I remind you of the quote higher up, “WikiLeaks Teaches Us that No Data is Safe.” That is the title of a recent article by long time tech writer Lance Ulanoff, who happens to be the current Editor in Chief of PC Magazine. Here’s an excerpt..

“As the press and pundits pore over the thousands of documents (cable communications) released today by WikiLeaks .. I find myself pondering the other lessons this new breach teaches us. The biggest and most obvious is that the digital world is a porous place. What’s put in can and will get out. Our secrets are only safe for as long as we share them with no one, in no fashion.”

and here is the link to the article, WikiLeaks Teaches Us that No Data is Safe. I think it a very good, and very important read. I hope you’ll read it. And I hope you’ll think about it too..

Related links: 7 Practices for Computer Security

Sorta related: (And just one example of why I think “cloud computing” is a fundamentally bad idea.) Operation Payback cripples MasterCard site in revenge for WikiLeaks ban

The websites of the international credit card MasterCard and the Swedish prosecution authority are among the latest to be taken offline (by hackers) in the escalating technological battle over WikiLeaks, web censorship and perceived political pressure.

Co-ordinated attacks by online activists who support the site and its founder Julian Assange – who is in UK custody accused of raping two Swedish women – have seen the websites of the alleged victims’ Swedish lawyer disabled, while commercial and political targets have also been subject to attack by a loose coalition of global hackers.

Cheer up. Some good news: Accused Mega-D botnet operator arrested

Copyright 2007-2010 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.

>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<

Share this post :

December 8, 2010 Posted by | computers, Internet, security | , , , , , , | 13 Comments