Hacker Read

noizejoy · 2024-02-01 16:18:32

> We already assume the network is insecure.

Maybe naively, I wish this assumption became universal.

reply

gbrown_ | karma 8824 | avg karma 8.59 · | 2017-07-05 10:00:34+00:00

> They're not exactly insecure, they're just used for different things, like networks that are already secure.

There is no such thing.

I'd be pedantic and rephrase this to - used for networks which you trust.

reply

sukilot | karma 2382 | avg karma 1.24 · | 2020-08-18 08:03:37

> That is probably based on the idea that any local attack is going to end up being a complete compromise of the end point ... which is not an unreasonable assumption.

It's absolutely unreasonable.

If my endpoint is compromised, should I assume my key is potentially violated, and so change it? Yes

But should I assume that everything in my life is tainted and therefore pre-emptively expose all my secrets to attackers immediately? Of course not.

reply

DanBC | karma 56529 | avg karma 2.13 · | 2014-08-15 16:43:46+00:00

> I don't understand what would make someone think that possibly-compromised security is worse than no security.

False sense of security - you think your communications are secure but they're not.

reply

dane-pgp | karma 8830 | avg karma 2.31 · | 2020-09-11 20:32:37

> Of course security can lead to operational problems.

So can lack of security.

reply

johnchristopher | karma 10080 | avg karma 1.96 · | 2021-11-05 05:58:45

> I'd bet it's secure enough against anything that is not the NSA / equivalent foreign agencies. Now would I bet against those big players? Certainly not.

Which is another shortcut that boils down to saying "nothing is secure".

I have a beef with broad statements like that :].

reply

_greim_ | karma 1926 | avg karma 3.0 · | 2017-03-11 17:13:25

> This does not mean that it's "inherently" insecure.

It's a pretty strong indicator though.

reply

DEADMINCE | karma 296 | avg karma 0.64 · | 2024-05-07 04:14:57

> In practice, nothing is ever secure,

Well that's clearly not true.

reply

3np | karma 7507 | avg karma 2.22 · | 2024-01-04 04:24:52

> All that though is an edge case that probably doesn't apply 99% of the time.

The same could be said for many necessary security measures.

reply

numpad0 | karma 6056 | avg karma 1.35 · | 2022-03-06 09:12:46

> to make networks less safe

Could it be substituted by "to get into a network"? Then it could be argued that they need adversaries to establish reliance on a working network.

reply

the_watcher | karma 4769 | avg karma 2.17 · | 2019-05-28 17:18:03+00:00

> if the communications across the cable are properly secured

I think the history of human communications is an ample demonstration of why this is a poor assumption.

reply

eigenspace | karma 2950 | avg karma 3.48 · | 2023-07-04 14:41:45

> the security argument is moot anyways

Sorry, I’m missing something, what security concerns are you referring to?

reply

zepto | karma 7190 | avg karma 1.03 · | 2021-11-12 18:19:37

> only a small handful of people needs that amount of security

Everyone is vulnerable to fraud, identity theft, blackmail etc. Everyone needs a secure device.

If your argument is that insecure devices are ok for most people, you’ve already lost.

reply

derefr | karma 53572 | avg karma 3.59 · | 2018-08-12 19:17:23+00:00

> Surely those who need that level of security should take the responsibility to enable it

That implies two code paths, one that enables the security and one that doesn't. That is more complicated (and less testable!) than either code-path on its own.

Security costs more than insecurity, but sometimes-security is the worst of all worlds.

reply

gvjddbnvdrbv | karma 541 | avg karma 1.92 · | 2020-08-06 12:34:57

> Security is provided by a firewall.

Right so as I said elsewhere I'll be dropping all packets for incoming connections at the firewall. I was heavily downvoted for that comment... I guess a lot of folk will leave insecure devices open to the world.

reply

wolverine876 | karma 13735 | avg karma 1.72 · | 2022-02-24 21:46:16

> Modern day internet architecture is very secure.

Seriously? That doesn't seem to match the outcomes of regular breeches, 0-days, etc. - many reported right here. The state of security is often considered terrible and unrepairable; experts advise assuming you have been breeched.

reply

sargas | karma 137 | avg karma 1.9 · | 2016-04-08 20:08:46

> we need to always default to secure.

This.

reply

netheril96 | karma 2460 | avg karma 2.23 · | 2018-02-10 03:27:25

> Nobody said it would need to be secure?

Then ignore the security warnings.

reply

gramstrong | karma 290 | avg karma 2.87 · | 2018-03-30 17:47:56+00:00

> inherently secure

Who told you that? I don't think "inherently secure" is a thing in the tech industry.

reply

turminal | karma 1326 | avg karma 2.98 · | 2022-05-25 10:02:46

> People say this about a lot of security things

Unfortunately those people are often correct.

reply