Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Father of SSH Says Security Is 'Getting Worse'

Unknown Lamer posted about 2 years ago | from the living-in-the-pupil-of-1000-eyes dept.

Privacy 132

alphadogg writes with an excerpt from an interview with the designer of SSH-1: "Tatu Ylönen has garnered fame in technology circles as the inventor of Secure Shell (SSH), the widely used protocol to protect data communications. The CEO of SSH Communications Security — whose crypto-based technology invented in 1995 continues to be used in hundreds of millions of computers, routers and servers — recently spoke with Network World on a variety of security topics, including the disappearance of consumer privacy and the plight of SSL. (At the Black Hat Conference this week, his company is also announcing CryptoAuditor.)"

cancel ×

132 comments

Ylönen. (-1)

Anonymous Coward | about 2 years ago | (#40765821)

You mean Ylönen.

Hmmm. (-1, Flamebait)

Anonymous Coward | about 2 years ago | (#40765875)

Why should I care what someone with a funny-sounding name says? He's probably a foreign soy. Send him to Gitmo!

-Typical conservative

ssh (4, Funny)

Anonymous Coward | about 2 years ago | (#40765997)

- But what if anything could replace the SSL certificate infrastructure?
- For consumers in the short term, no. But SSH is an option, especially for automation. It would require an extension to SSH. I actively proposed it to replace SSL 15 years ago but I was basically railroaded at the IETF by Microsoft and Sun!

"...Imagine all the people
browsing through SSH, uh uh u-uh uh"

Re:ssh (5, Informative)

garyisabusyguy (732330) | about 2 years ago | (#40766079)

implementation and usage are the weakest links in any security plan

any given encryption tool can be made weak in implementation by using short keys or failing to salt the encryption

any security infrastructure can be made weak by users who send email in clear text, directly exchange passwords in the same medium the password is used for, continue to use telnet or ftp when ssh and sftp are available

It makes me happy to think about a completely secure computer system with NO USERS since that is the only way that you could possibly make a system secure

Re:ssh (0)

Anonymous Coward | about 2 years ago | (#40766335)

Salt the encryption? Never heard of that.

Re:ssh (0)

Anonymous Coward | about 2 years ago | (#40766883)

Salt the encryption? Never heard of that.

It's not a car analogy but here goes -

You've never caught your roommate pee in the alphabet soup?

Re:ssh (1)

dreamchaser (49529) | about 2 years ago | (#40769591)

Salt the encryption? Never heard of that.

Then read and learn [wikipedia.org] . It's a common term and a good idea to use the methodology in any encryption implementation. It actually refers more to how the passwords are handled and encrypted than the actual encryption itself.

Re:ssh (0)

Anonymous Coward | about 2 years ago | (#40770463)

You salt a cryptographic hash, which is a one-way operation. Encryption typically refers to a two-way operation, or the ability to be decrypted.

GP was being funny/snarky, but technically he's correct.

Re:ssh (2)

pakar (813627) | about 2 years ago | (#40770817)

Yes, the formulas taste much better with a bit of salt.

Re:ssh (5, Funny)

Anonymous Coward | about 2 years ago | (#40766383)

It makes me happy to think about a completely secure computer system with NO USERS since that is the only way that you could possibly make a system secure

Then you should be pleased to know that RIM has been making great strides on their implementation of this idea. It might even be finished within the next year.

Re:ssh (1)

JoeMerchant (803320) | about 2 years ago | (#40767703)

Bell Helicopter had a similar safety plan for their birds: make 'em heavy enough that they won't get off the ground, that way they'll never crash.

Re:ssh--What does Tatu YlÃnen know about this (1)

CrowdedBrainzzzsand9 (2000224) | about 2 years ago | (#40767707)

What does Tatu YlÃnen know about this? It only took 20 years for his security tool to be softened by hackers. It takes almost, um, minutes for a new Apple ios to be jail-broken. Never mind.

Re:ssh (1)

element-o.p. (939033) | about 2 years ago | (#40767019)

any security infrastructure can be made weak by users who...continue to use telnet or ftp when ssh and sftp are available...

Where I work, we still use telnet in a few applications because, even though the hardware vendor includes an SSH implementation on some of our gear, it is so horribly broken that it is essentially unusable (for example, dropped characters up to 50% while typing commands because the processor can't keep up). The equipment works well otherwise so we keep using it, but I would certainly like to see them beef up the hardware so that we could use SSH instead. As far as FTP, I prefer to use SCP on any device that supports it. I've never really used SFTP, though, since pretty much every device I've used that supports SFTP also supports SCP.

Re:ssh (1)

JoeMerchant (803320) | about 2 years ago | (#40767687)

a completely secure computer system with NO USERS since that is the only way that you could possibly make a system secure

I think that users on BOTH ENDS have to care about security (and know enough to do something about it) if a link is going to be secure, otherwise somebody is always going to get sloppy.

Re:ssh (3, Interesting)

hairyfeet (841228) | about 2 years ago | (#40770683)

But don't forget the flip side of that argument, the BOFHs that make things so much of a PITA either the users are gridlocked and can't get dick done or they actively go out of their way to break the security just so they can work.

I'll never forget an old programmer friend of mine who told me about taking some of the students he was teaching over to check out this big corporate software firm. on and on and on the BOFH giving the tour talked about how incredibly secure his place was, with crazy password rules and just one nasty thing after another until mike said "You give me 15 minutes in this place and I bet you $100 and a steak dinner i CAN get into your systems".

Well sure enough the BOFH took him up on it and let him loose for 15 minutes while he took over the tour. In 10 he was back with a dozen working username/password combos, including one for one of the higher level guys that would have pretty much given him the keys to the kingdom. When the BOFH demanded he show him how he did it, know what he did? he just went and started flipping keyboards and there were the passwords because nobody could keep up with them thanks to his crazy rules.

So its always a balancing act between making a secure system and making an unusable one. After all you could make a corp the most secure system in the world by simply cutting the power to the PCs and locking them in a vault but they wouldn't be doing the workers much good then, will they?

Re:ssh (0)

Anonymous Coward | about 2 years ago | (#40766091)

That doesn't make any sense. Ssh uses unverified self signed keys.

Re:ssh (0)

Anonymous Coward | about 2 years ago | (#40766227)

Incorrect. That is how people use it, but that is not how it is most securely implemented. If you absoultely must guarantee the authenticity of a key, you have to meet in person, just like you have to do so in order to absolutely guarantee the security of a GPG key or SSL cert for that matter.

SSL and GPG both offer methods to help you trust a key proffered via CAs and trusted key signing, which helps, but those methods do not facilitate a 100% guarantee of authenticity.

Re:ssh (1)

Anonymous Coward | about 2 years ago | (#40766467)

As someone who has seen mission impossible, meeting someone in person gives no guarantee that he is the person you think he is.
Could be someone in a rubber mask.

Re:ssh (5, Funny)

aix tom (902140) | about 2 years ago | (#40766705)

As someone who as seen Firefly, it isn't even enough to live with a man 40 years. Share his house, his meals. Speak on every subject.

You have to tie him up, and hold him over the volcano's edge. And on that day, you will finally meet the man.

Re:ssh (1)

erp_consultant (2614861) | about 2 years ago | (#40766817)

Then you employ the "half of the jello box" method. Tear it in half. You get one half he gets the other. When you meet, compare them. If they don't match exactly he's not the guy ;-)

Re:ssh (1)

vlm (69642) | about 2 years ago | (#40766733)

Technically incorrect. You don't have to meet in person to transfer individual id_rsa.pub files to be inserted into the .ssh/authorized_keys file, you just have to find a secure way to share a symmetric encryption key with someone and then transfer the mcrypt'd key data at your leisure. In english this more or less describes how a certain script of mine transfers my authorized_keys file around to various machines, there's also a md5 hash to see if the data has been messed with or corrupted, etc.

Also meeting in person, perhaps to examine each other's govt issued identity docs, is only really useful if you're better at detecting fake/falsified identity documents than the opposition is at creating or obtaining them. The opposition theoretically has much more impressive resources than you'll ever have.

Re:ssh (2)

NatasRevol (731260) | about 2 years ago | (#40767037)

How secure is your md5 hash?

Re:ssh (1)

vlm (69642) | about 2 years ago | (#40769205)

How secure is your md5 hash?

LOL not relevant. More than secure enough for this problem. I really only use the last 16 bits or so.. Hmm the file on cluster03 has the last hex digits 1a just like the old version of the file as opposed to the new file which should end in d9... wtf

All you need is to do simultaneously to break my protocol and insert your key into my authorized_keys file as a MITM is:
1) Calculate a rsa pub and priv key (OK no problemo so far)
2) With the minor little criteria that your pub key, after being concatenated or inserted into the keys file and run thru mcrypt (oh wait, you need my mcrypt passphrase too) when pushed thru md5sum hashes to the same value so I don't notice you added it. Well I only look at the last 8 to 16 bits or so visually so...
3) Also wc -l .ssh/authorized_keys would look weird and your MITM attack file would have an unusual length, aside from all the crypto. Yes you don't notice going from 58 lines to 59, but you tend to notice going from 1 line to 2 lines.

Merely saying "md5 isn't secure because it was broken and now only offers 90 bits of security in a given plaintext attack" is a huge leap away from "my system is insecure".

Basically I'm testing file integrity two ways, does it md5 to the same value on both boxes in other words I gave them the correct mcrypted file and does it mcrypt decrypt properly given the verbally provided passphrase in which case its probably not been messed with. Or rephrased its not enough to break md5 or one of the mcrypt protocols, you have to utterly break them both with chosen plaintext attacks.

I could just GPG sign the thing and verify my sigs there and the GPG fingerprint for the signing key matches, if trusted data connectivity were already up, but this is a long story as to why not mostly involving transfer of the mcrypt key being verbal and I'm not about to uuencode my GPG pub key and read it over the phone so they have a copy to verify the sig etc etc. Why? Once you have SSH keys you can ghettovpn via tunneling to set up openvpn to etc etc... So its not a good general solution to secure file transmission, but is an interesting bootstrapping proposal.

Bootstrapping crypto trust is an interesting problem if you start it by voice and don't rely on a trusted 3rd party.

Re:ssh (0)

Anonymous Coward | about 2 years ago | (#40769709)

Bootstrapping crypto trust is an interesting problem if you start it by voice and don't rely on a trusted 3rd party.

give everybody a one time pad written on silk and have them eat the strip with the key on it after they use it ;)

Or at least that was an effective approach in ww2

Re:ssh (1)

lightknight (213164) | about 2 years ago | (#40770501)

Or just use a language that no one outside your country could possibly know.

Re:ssh (4, Insightful)

QuantumRiff (120817) | about 2 years ago | (#40766239)

There is nothing wrong with SSL.. it works well to encrypt traffic between sites. its the way we manage the certificates that is ugly, and prone to lots of attacks and hacks. (How many Root CA's are automatically trusted by a browser?)

Just using DNSSEC to store the public keys for SSL would be a huge step up. No more trusting a company in the netherlands that signed your key for gmail.com. Just look it up in DNS. (yes, people could I guess hijack DNS), but that should be detected pretty quickly by comparing the keys between different computers in different regions.

Most people just want to encrypt the traffic between themselves and www.$x.com, and that the server that claims to be www.$x.com is the same one in DNS. I could really care less that www.$x.com is actually the company residing at a verified address, with letterhead, etc. Basically, domain validated certificates (which are pretty common for SSL now) shouldn't use a CA anymore.

Re:ssh (1)

Anonymous Coward | about 2 years ago | (#40766391)

Yup, and that was the point.

It's not about the protocol, but about the fake "security feeling" that a couple of "CA's" can create...

Re:ssh (2)

EyelessFade (618151) | about 2 years ago | (#40766571)

The full SSL specification also states that both parties have an trusted certificate. Its a 20-something step handshake. only two of those are sending user data. This is not used in todays web

Re:ssh (4, Insightful)

vlm (69642) | about 2 years ago | (#40766617)

Most people just want to encrypt the traffic between themselves and www.$x.com, and that the server that claims to be www.$x.com is the same one in DNS. I could really care less that www.$x.com is actually the company residing at a verified address, with letterhead, etc.

Well, somebody's outed as not being able to answer "What a man in the middle attack?"

Re:ssh (1)

Anonymous Coward | about 2 years ago | (#40766847)

Nope, you misread that. There is a technical MITM attack, but SSL with DNSSEC-hosted keys protects against that. And then there's talking to the wrong server at the wrong domain.

Suppose you want to download Firefox and type the name into Google, which gives you an ad for www.totallylegitfirefoxdownloads.com, which has an SSL certificate from a Chinese CA. If you click on that, you won't get a warning. You'll get owned instead. That's not a MITM attack. You're simply talking to the wrong server, which is what "extended validation" certificates are supposed to prevent, by not only assuring you that you're talking to a server which is authorized or operated by the domain owner, but also telling you with high certainty who that is. That was supposed to be how it works from the very start, and it didn't, so now it's supposed to work with EV certificates, and it won't.

If you go to https://www.mozilla.org and your browser complains that the key is not the one in the signed DNS record for www.mozilla.org, then that is a MITM attack, and you only get owned if you ignore the warning. DNS-hosted SSL keys would be a huge step forward for SSL, by eliminating hundreds of possible but unnecessary trust chains from the root to your certificate. The only remaining trust chain is the one induced by the DNS hierarchy.

Re:ssh (1)

QuantumRiff (120817) | about 2 years ago | (#40767031)

Exactly.. And since with a full DNSSEC implementation, everything should be signed by walking the tree... you could see that the root was signed. then the ORG subdomain was signed. then the mozilla.org subdomain was signed.

Re:ssh (0)

Anonymous Coward | about 2 years ago | (#40768049)

And sometime later your DNS response finally returns and you can then start to connect to the target host.

I mean, have you even looked at the sequence diagram for a single DNSSEC lookup? It's insane and requires non-trivial communication and computation.

The first ten or so hits here [google.com] should help.

Re:ssh (0)

Anonymous Coward | about 2 years ago | (#40768111)

DNS is heavily cached. That's not a problem for the SEC part of DNSSEC, because the records are signed, not encrypted. Validating DNSSEC is neither wizardry nor slow. Get Unbound and see for yourself.

Re:ssh (1)

lewiscr (3314) | about 2 years ago | (#40769479)

If I can MITM the HTTPS connection, I can MITM the DNS query. Or just target users that already have DNSChanger.

Re:ssh (0)

Anonymous Coward | about 2 years ago | (#40769825)

If the host is compromised, all bets are off. Then you could just as well install your own root CA and MITM any SSL connection that uses CA key authentication. If the host isn't compromised, DNSSEC prevents (undetected) MITM attacks on DNS.

Re:ssh (4, Interesting)

mlts (1038732) | about 2 years ago | (#40767683)

SSL by itself is secure. However, it would be nice to have it allow to be implemented in a WoT fashion similar to PGP/gpg.

This way, I go to my banks's site. I'm 100% sure that the key is genuine because that is what shows up, and that the bank prints the fingerprint of the key for people to see when visting a branch. So, I sign the bank's key.

I go to another site. The key for the server is unknown, but I have 2-3 semi-trusted CAs all agree that the key is whom it is supposed to be. The threshold I set allows the SSL transaction.

I go to a third site, one CA says the key is OK, but nobody has zero clue about it. The threshold set will warn the connection is encrypted, but untrusted. Since it is just the listings for when the local vomitorium is open, the risk is acceptable.

The fourth site, a friend signed the key, but completely distrusting it. The Web browser refuses to go to the site, or if allowed to, shows that anything from there is suspect. A link leads to a discussion on this. After several people mention this on another forum, the owners of the site with the bad cert find that their DNS server was compromised as well as the CA they were using.

I wish SSL had this functionality in it. Since it is a superset of having root keys and a CA hierarchy, existing stuff would work. A compromised CA's damage would be greatly limited.

ROFL (0)

Anonymous Coward | about 2 years ago | (#40767365)

im not paying to get some cert
end of story and my users will still enjoy SSL https....

Re:ssh (1)

Junta (36770) | about 2 years ago | (#40768881)

SSL certs conceptually contain SSH host keys as a strict subset of functionality. The strategy with respect to all-powerful CAs without limited authority domain is the big problem in x509 implementations. More sophisticated mechanisms to limit the scope of CAs and more carefully manage trust of CAs would go far to address the real-world problems of SSL.

I often find myself wishing ssh did have SSL mechanisms for user and client keys, but all ssh entities by default trust *no* CA and treat the keys like they treat ssh keypairs today, and normally speaking the admin would have to add one or two CAs pertinent to their organization if they wanted to take advantage of the extras of x509.

How is this quantifiable in any stretch? (5, Informative)

colin_faber (1083673) | about 2 years ago | (#40766019)

If you think about it, the issues with key infrastructure are nothing new, they've been there since day 1, and in fact the same can be said about the micro-controllers which are now being regularly exploited by big brother.

User/Device security is no more or less "secure" than it was back in 1995, actually I'd argue that it's getting better as it's more widely adopted (when was the last time you used rsh?). In general it's always an evolving process.

We still don't have a practical way of breaking high bit crypto, and in general I feel plenty safe with my 1024 bit ssh connections to my LAN machines =)

Re:How is this quantifiable in any stretch? (0)

Anonymous Coward | about 2 years ago | (#40766081)

I guess you safely manage your authorized_keys file then, right?

Re:How is this quantifiable in any stretch? (1)

colin_faber (1083673) | about 2 years ago | (#40766105)

Of course, posted to pastebin and regularly updated for all to see =)

Re:How is this quantifiable in any stretch? (4, Interesting)

mpfife (655916) | about 2 years ago | (#40766481)

| User/Device security is no more or less "secure" than it was back in 1995,

I disagree. The amount of compute time rises dramatically each year (Moore's law), it is not good enough to simply 'tread water' and just upping the key length are sufficient. New techniques and systems are constantly being built to attack these methods. While I'm not saying SSH is bad or outdated, I'm saying that cryptanalysis and raw compute has not stopped chipping away at the corners and weak spots. What if at 51200 bit security, we find an aweful and damnin patter appears in the math? We still cannot prove that any of these particular methods for cryptography today couldn't be completely broken wide open with a numerical discovery tomorrow (while we are pretty sure it can't).

We mustn't fall into the trap of thinking that what is good enough today is good forever. Have as many irons in the fire being tested and competing is the best way for your protection today and tomorrow.

Re:How is this quantifiable in any stretch? (4, Informative)

colin_faber (1083673) | about 2 years ago | (#40766593)

Right but we're no where near that point. Even 128 bit keys are huge mountains to climb with the most powerful systems on the planet.

I don't think anyone is saying that security research in the realm of computer science is settled, but saying the sky is falling and security hasn't kept up with improvements in overall compute power is false.

Just like today, back in 1995 if keys were stolen then you have a chance of being exploited some how. Is there a better method to prevent such problems? Probably, but it's a MINOR issue.

In most cases attackers don't bother with crypto systems, in favor of much lower hanging fruit (such as insecure web servers, sql injection exploits, etc).

Re:How is this quantifiable in any stretch? (1)

vlm (69642) | about 2 years ago | (#40766915)

We still cannot prove that any of these particular methods for cryptography today couldn't be completely broken wide open with a numerical discovery tomorrow

I think there's some pretty impressive proofs that prove breaking factoring would have some pretty wild implications across mathematics. You could keep it secret for awhile, but math advances have a way of sneaking out and being detected in applied sciences. Maybe rephrased it would be hard to break all of modern crypto without making life extremely exciting for most mathematicians, not just cypherpunks.

For a good, kind of sci-fi far out laugh, maybe not realistic, but would be cool if it worked out that way, look at some combinatorial/bit stream physics (which I acknowledge is not entirely mainstream popular in physics). What if broken factoring means the sun collapses into a black hole due to that physics theory, just like 2+2=5 would imply all kinds of whacked out gravitational effects if it were true. It is possible if something provable in a bit stream physics theory had some interesting and measurable quantum effect that depends inherently on factoring not being broken, then you could perform a physics experiment to prove factoring is not broken. But before you get overly excited, this line of reasoning is more than a little sci fi ish. If you hate the idea of bit-stream physics thats OK, substitute in another physics theory where factoring could be an operator. But you insisted its somehow not provable that crypto is unbreakable, and at least in theory there exists a whacked out roadmap to prove factoring is not broken that could be verified by a physics experiment so I felt the need ...

Re:How is this quantifiable in any stretch? (0)

Anonymous Coward | about 2 years ago | (#40767651)

So the rules don't apply until we figure it out?

Is that Acme physics? Run off the cliff in mid air as long as you don't notice, *then* you fall.

So as long as we don't discover anything different, we're safe..... Are you religious?

Re:How is this quantifiable in any stretch? (1)

vlm (69642) | about 2 years ago | (#40769671)

So the rules don't apply until we figure it out?

I'm not even sure what that means in context.

Are you religious?

LOL. Yeah, that's me, the prophet of /. Would you like to worship me?

Re:How is this quantifiable in any stretch? (0)

Anonymous Coward | about 2 years ago | (#40767577)

s. While I'm not saying SSH is bad or outdated, I'm saying that cryptanalysis and raw compute has not stopped chipping away at the corners and weak spots. What if at 51200 bit security, we find an aweful and damnin patter appears in the math? We still cannot prove that any of these particular methods for cryptography today couldn't be completely broken wide open with a numerical discovery tomorrow (while we are pretty sure it can't).

That's why (Open)SSH supports DSA, RSA, and more recently, ECC, for keys. No one is standing still:

  * Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
      and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
      offer better performance than plain DH and DSA at the same equivalent
      symmetric key length, as well as much shorter keys.

      Only the mandatory sections of RFC5656 are implemented, specifically
      the three REQUIRED curves nistp256, nistp384 and nistp521 and only
      ECDH and ECDSA. Point compression (optional in RFC5656) is NOT
      implemented.

      Certificate host and user keys using the new ECDSA key types are
      supported - an ECDSA key may be certified, and an ECDSA key may act
      as a CA to sign certificates.

      ECDH in a 256 bit curve field is the preferred key agreement
      algorithm when both the client and server support it. ECDSA host
      keys are preferred when learning a host's keys for the first time,
      or can be learned using ssh-keyscan(1).

http://www.openssh.com/txt/release-5.7

Ditto for D/TLS: the newer revisions are adding new algorithms.

Re:How is this quantifiable in any stretch? (2)

Hatta (162192) | about 2 years ago | (#40769737)

The amount of compute time rises dramatically each year (Moore's law), it is not good enough to simply 'tread water' and just upping the key length are sufficient.

There's a limited amount of energy in the universe, and a lower limit on how little energy you can use to do a calculation. Even the most optimistic estimate will show that brute forcing AES-256 will consume all the energy in the visible universe.

I'm saying that cryptanalysis and raw compute has not stopped chipping away at the corners and weak spots.

Which is good, there's a lot fewer corners and weak spots now than there was in 1995 because of all that work.

What if at 51200 bit security, we find an aweful and damnin patter appears in the math?

That's no more likely to happen now than it has been in the past.

Re:How is this quantifiable in any stretch? (2)

Sloppy (14984) | about 2 years ago | (#40766989)

If you think about it, the issues with key infrastructure are nothing new, they've been there since day 1

And that's why PRZ started trying to address it, many years before ssh existed. But for some reason in 1995 people decided to not build upon the current (1988-1990, roughly) state of the art in establishing key trust, or the lack thereof, or the realistic acknowledgment of degrees of trust that exist in between "I'm sure" and "I have no idea."

People wanted it dumbed down into incorrectly telling users "be sure" in cases where they would have no reason to actually be sure. And now their shocked that after programming the computer to lie by oversimplifying things, sometimes it does lie by oversimplifying things.

it's because people don't value it. (5, Informative)

Anonymous Coward | about 2 years ago | (#40766035)

I try to get my college buddies to send me encrypted email, and it's the same story, "Dude, just use Facebook like everybody else". I have a Facebook but stopped using it because I don't want FB snooping all my communications!

Privacy disappears because people don't value it. If they did, they wouldn't be using Facebook for all their communications. If they cared, they'd be using encrypted point-to-point VOIP for voice, not Skype. If they cared, they would be using OTR and Pidgin for chat.

Slashdot peoples care, but outside that crowd, people value convenience, not security or privacy. That's the only way so many privacy-violating services have become so huge when there are alternatives that preserve your privacy.

98% of people in the 22-29 year old age bracket now use Facebook. Most of those use it as their primary means of communicating with friends, and you're now considered "abnormal" if you don't have a Facebook. Even if you explain it to them the pitfalls of FB they don't care.

Until people start to care about their security and privacy, they won't have any. You have to vote with your actions.

Re:it's because people don't value it. (0)

Anonymous Coward | about 2 years ago | (#40766113)

Well said. It's unfortunate, but if anyone requires Facebook or something similar to communicate with me, I don't want to communicate with them.

Re:it's because people don't value it. (4, Insightful)

Vellmont (569020) | about 2 years ago | (#40766681)

Don't worry. Eventually there will be a huge FB breach of privacy story where FB starts selling all your info to the highest bidder. People will be outraged, FB will try to spin it into a non-story. Then another one will happen. Eventually people will over-react and FB will become the new Microsoft, with large amounts of people openly hating them. But unlike Microsoft the don't really have any powerful monopoly on anything where people can't just use something else. Eventually it'll suddenly become cool to NOT have a FB account, and people will turn to some other form of socialization online.

Re:it's because people don't value it. (4, Insightful)

NatasRevol (731260) | about 2 years ago | (#40767135)

The names will change.

I doubt the security level will.

Re:it's because people don't value it. (1)

leonardluen (211265) | about 2 years ago | (#40767261)

Eventually it'll suddenly become cool to NOT have a FB account, and people will turn to some other form of socialization online

i thought that happened when your mom and grandma started signing up for facebook.

one of the reasons facebook originally won people over from myspace because it was more exclusive, you had to have a .edu email address to signup. now they let anyone in.

Re:it's because people don't value it. (0)

Anonymous Coward | about 2 years ago | (#40767639)

Yep. Facebook is basically Cartmanland [wikipedia.org]

Re:it's because people don't value it. (0)

Anonymous Coward | about 2 years ago | (#40767583)

See, we've been waiting for years for that to happen. It never does. Sure, there are breaches, and some of them made you think "they've got to see the light now", but they never do. The big one just doesn't happen. There's a reason for that: If almost everybody is affected, the damage must be mitigated. The option of saying "I told you so" and leaving them with their losses just doesn't exist. It's the "they can't put us all into jail" thing. There may be other breaches which screw just a few selected victims really badly, but those breaches obviously don't worry the masses, like very few people worry about being wrongly deported to Guantanamo Bay.

The masses will always be OK.

Re:it's because people don't value it. (1)

EvilBudMan (588716) | about 2 years ago | (#40767689)

Yeah like /. and the names will be changed to protect the guilty. Damn it ain't no fun waiting around to be a millionaire.

Re:it's because people don't value it. (0)

Anonymous Coward | about 2 years ago | (#40769711)

Don't worry. Eventually there will be a huge FB breach of privacy story

No there won't. William Binney already laid out what's going on, and nobody cares. Every telephone conversion you made, every web site you visited, every jpg you downloaded, and every email you sent and who was on the other end of each of those things since 2002 is in storage and perusable by any three-letter agency that wants it and nobody cares. Nobody cares that their information is bought and sold, and nobody cares that their constitutional rights are being violated by the government when it spies on everything and associates personal identifiers with every piece of data it stores. Nobody cares, at least not enough to delete their FB pages or to demand that administration officials and congressional representatives be jailed for the goverment spying.

Re:it's because people don't value it. (1)

Hatta (162192) | about 2 years ago | (#40769779)

Eventually there will be a huge FB breach of privacy story where FB starts selling all your info to the highest bidder. People will be outraged

How will it be different from all the other times that FB has commited a huge breach of privacy, and people kept using it? If this were likely to happen, wouldn't it already have happened?

Re:it's because people don't value it. (0)

Anonymous Coward | about 2 years ago | (#40766871)

Skype is end-to-end encrypted.

Re:it's because people don't value it. (0)

Anonymous Coward | about 2 years ago | (#40768791)

Yep but the skype people have a backdoor, which has been shown to exist, so it's not encrypted from them or anyone they say can listen in.

Re:it's because people don't value it. (2)

Yvanhoe (564877) | about 2 years ago | (#40766881)

I scared a group of doctors telling them "I guess that you have some facebook friends who are former patients. I am sure that the list of your friends that are not health professionals is worth something to insurance companies."
"but they would not! It would be illegal!"
"In your country it is (we were in Japan) but which jurisdiction is Facebook operating in? Are you sure it is illegal there? Do you even know how Facebook makes its profits?"
When I had this discussion I was already thinking I should just surrender, stop clinging to privacy, just stop caring, put my emails on gmail, my personal files in the cloud and vamos...
But one doctor there said that she was very happy that an IT professional gave them these advices and pointed the issues they were not suspecting.
I wonder if we won't see, in the next years, a facebook scandal that will reveal to the world the kind of things that us geeks keep shouting to everyone. Most people are simply not aware of how much they are screwed.

Re:it's because people don't value it. (1)

Bill, Shooter of Bul (629286) | about 2 years ago | (#40769167)

There is a group of lawyers I know here in the US that requires its lawyers to conduct research on their facebook friends. The post fake updates and try to provoke responses from they're friends to see what kinds of arguments work on people of various backgrounds.

When I learned of this, from a lawyer involved, I contacted the FTC and the EFF, but never heard back. Apparently its legal, or no one reall cares enough.

Re:it's because people don't value it. (2)

Cid Highwind (9258) | about 2 years ago | (#40766963)

Privacy disappears because people don't value it. If they did, they wouldn't be using Facebook for all their communications. If they cared, they'd be using encrypted point-to-point VOIP for voice, not Skype. If they cared, they would be using OTR and Pidgin for chat.

WHAT alternatives? Where's a one-stop "download client (available for all major desktop/mobile platforms, of course), punch in your buddies' pseudonyms, and start an encrypted point-to-point VOIP conference" alternative to Skype? Where's Diaspora? (I know, perpetual beta) Where's crypto-twitter?

Until people start to care about their security and privacy, they won't have any. You have to vote with your actions.

There's a slight problem with that: network effects mean that the value of a communication channel scales with some power of the number of people who use it. Kim Kardashian (thanks to her huge twitter following) probably has more "votes" than all of Slahdot put together.

Re:it's because people don't value it. (2)

betterunixthanunix (980855) | about 2 years ago | (#40767167)

There's a slight problem with that: network effects mean that the value of a communication channel scales with some power of the number of people who use it

Which is why standardized protocols are so great. Email is immensely popular, not because Email, Inc. has lots of users, but because anyone can implement email -- there is no monopoly, just a good protocol.

Too bad social networking systems try to divide people by not interoperating.

Re:it's because people don't value it. (4, Funny)

NatasRevol (731260) | about 2 years ago | (#40767173)

Kim Kardashian (thanks to her huge twitter following) probably has more "votes" than all of Slahdot put together.

And she gets laid more often!

Re:it's because people don't value it. (2)

jareth-0205 (525594) | about 2 years ago | (#40767105)

Privacy disappears because people don't value it. If they did, they wouldn't be using Facebook for all their communications. If they cared, they'd be using encrypted point-to-point VOIP for voice, not Skype. If they cared, they would be using OTR and Pidgin for chat.

It's all very well sitting there talking about people not caring, but people have other things to do, and frankly it's not unreasonable to want methods of communication to be as easy as possible. Skype became popular because it worked behind firewalls without configuration when all other VOIP needed ports forwarding and other fiddling. Facebook took over messaging because it is similarly much easier to find and keep track of people without managing your own address book for hundreds of changable addresses. I honestly *still* don't know how to do encrypted email, it's just not clear.

We as an industry haven't given people easy ways to do these things. It is *our* fault, not theirs.

Re:it's because people don't value it. (2)

tlhIngan (30335) | about 2 years ago | (#40769771)

We as an industry haven't given people easy ways to do these things. It is *our* fault, not theirs.

Exactly. Even in the geek world this is true.

Want to know why SSH is the premier protocol for remotely doing stuff? Because it does it all so easily. If you used rsh, or telnet, forwarding an X session was fraught with danger and extremely tricky, having ot mess with xhost or other xauth crap.

With SSH, you just add -X. Done. Easy.

Ditto with proxying - SSH supports SOCKS or manual port forwarding. The other protocols require running programs manually - they can't tunnel traffic through an existing connection (also handy if you're firewalling stuff - it's easy to just open one port for your SSH server rather than many).

When it's easy to do, people will do it.

Re:it's because people don't value it. (1)

ethanms (319039) | about 2 years ago | (#40767371)

I don't value it because I have nothing to say via email/chat/etc that *needs* to be secure or protected typically. The information is either public, unimportant, or otherwise reasonably obscured.

apparently, others are more rational (1)

kenorland (2691677) | about 2 years ago | (#40768175)

You're typically irrational about privacy, but focusing on Facebook.

In fact, it makes little difference whether Facebook snoops on your E-mail in order to show you ads; there's little they can do to you, and if they harm you, you can recover damages.

What should concern you is that governments and law enforcement get ever increasing access to your data, and the false positive rate for their data mining techniques is doubtlessly high. And when they drag you away in some pre-crime effort, you have little recourse. Yet, politicians successfully stoke the fear of companies like Facebook while at the same time creating laws that let government and police intrude ever more into our private lives.

Until people like you actually start getting a clue, acting rationally, and demanding change from politicians, privacy will continue to spiral down the drain.

Re:it's because people don't value it. (0)

Anonymous Coward | about 2 years ago | (#40768743)

Slashdot peoples care, but outside that crowd, people value convenience, not security or privacy

The people who use Facebook as a substitute for email do so precisely because it's public.

Re:it's because people don't value it. (1)

bcrowell (177657) | about 2 years ago | (#40769291)

I try to get my college buddies to send me encrypted email, and it's the same story, "Dude, just use Facebook like everybody else".

Your friends are perfectly sane not to bother with encrypted email. There are two serious problems with encrypted email: (1) poor ease of use, and (2) network effects (i.e., it's not useful unless lots of people use it, but people won't use it because it's not useful).

#1 is actually not easy to fix, because it's inherently difficult to manage a public/private key infrastructure. This inherent difficulty shows up in the fact that the software is much too hard for the typical user.

#2 is also basically impossible to fix.

For these reasons, email is always going to be an insecure medium, just like postcards are always going to be insecure. If you need more security, use snail mail, which is highly legally protected in the US and is not run by telecoms that are only too happy to shit on the constitution.

CEO of Security Company warns of security dangers (0)

Anonymous Coward | about 2 years ago | (#40766037)

CEO of Security Company warns of ever-increasing security dangers ... suggests own company's auditing tool to combat it!

Father? (-1)

ilsaloving (1534307) | about 2 years ago | (#40766043)

Who cares what father says. Maria is going to kill him a few episodes later, anyway.

People don't understand what security is. (5, Insightful)

gurps_npc (621217) | about 2 years ago | (#40766089)

Let's start with a basic, real world example.

I have a home. On this home there is a lock.

Now, an ignorant fool might think the lock is there to keep other people out. Nope, they are wrong. You see, in addition to my lock, I have windows, doors, a roof and floors, and walls. None of them are made of unobatanium.

An intelligent 5 year old child, with no training whatsoever can break my window and climb into my house.

My lock is there fore two distinct purposes:

1. It tells the world that this place is private - that the owner does not want anyone to enter it and will try to punish those that violate it's privacy. It's a sign.

2. It lets me get into my house easily, while making it much more difficult for anyone else to get in without leaving clear and obvious signs that they have trespassed (i.e. a broken window.)

That's what the locks on my home do - notify the world of my privacy and create traceable evidence of a violation of that privacy.

We need to start using IT security for the same purpose. Among other things, that means that when you log on to any website, it should list the last time you logged, and from where (using either an IP address and/or a cookie to identify the device used).

I don't want, nor do I need, an unbreakable password. I want to know when I've had a trespasser.

Re:People don't understand what security is. (1)

Anonymous Coward | about 2 years ago | (#40766165)

Doors are the most convenient way of entering a house, locks make it less convenient. The other options left to you attract attention.

This is also why alarms exist, to attract attention.

Nothing is 100% secure, but something can be made into an extremely inconvenient target, which compared to a neighbouring house (or system) protects you.

Survival of the fittest.

Re:People don't understand what security is. (1)

Anonymous Coward | about 2 years ago | (#40766241)

I don't want, nor do I need, an unbreakable password. I want to know when I've had a trespasser.

That's all well and good - until someones changes your lock; You know you've had a trespasser, but you can't do anything about it.

Re:People don't understand what security is. (1)

gurps_npc (621217) | about 2 years ago | (#40766409)

Like I said before, an intelligent 5 year old child can break into my window and climb in.

I am older than 5, and I'm pretty smart, so changing the lock doesn't do much. Maybe if they tried to get my title revoked, that would be a different thing.

But if you want an IT It's really not that hard to set up security to a) notify you of an attempt to change the lock immediately and b) ensure that the old password works for a period of 1 week after you changed it - as long as it came from any approved computer that you had used at least a month before changing the password.

That's just one way. There are lots of really good ways to prevent passwords being changed by anyone but the person that set it up - particularly if you don't demand a secure password. You could have the account send you an email and a snail mail letter with the new password (to all addresses listed as your current address within the past month.)

Re:People don't understand what security is. (1)

DeeEff (2370332) | about 2 years ago | (#40766459)

I'm going to try this right now. I'm going to break into my neighbour's house, and change all the locks on all their doors and windows. Each one will require a different key. It may be expensive, but it'll be interesting.

I suppose I could booby trap the home and steal the TV remote for good measure, but I'd like to see how they cope. I'll leave a key to each room hidden somewhere and they can start with a key that I'll tape to their back door. They have to unlock every single door in order to solve the final puzzle. Hell, I think I just came up with a way to have endless fun.

All I'll need now is to video stream it using a Raspberry Pi and I can make an entire story on Slashdot about it too!

Re:People don't understand what security is. (1)

ethanms (319039) | about 2 years ago | (#40767591)

I don't want, nor do I need, an unbreakable password. I want to know when I've had a trespasser.

That's all well and good - until someones changes your lock; You know you've had a trespasser, but you can't do anything about it.

Or they break in and take your cash and other valuables. Great, I know they stole those things, now what? I'd prefer to keep out thanks.

Re:People don't understand what security is. (1)

vlm (69642) | about 2 years ago | (#40766591)

Good analogy but you're missing the wallet/pocket analogy which is much better.

My wallet is easy to grab out of my pocket, but you have to invade my personal space to do it, so its incredibly inconvenient and each attempt is painfully obvious to me and only a few people in the world at any given instant, all of whom must be hyper-local and in my legal jurisdiction, can stick their hand in my pocket to fish around for my wallet, at any given time. Sure, a Russian gangster can get my wallet... but he has to travel to me first.

This is the best analogy to the internet, in fact the core technology is oriented purposefully around preventing a situation like this. Sometimes the most obvious solution is hardest to see... a "wallet" and/or "pocket" concept just doesn't work on the internet. Simple, huh?

Its not the techie's problem to find a way to install horse's reins on a starship helm control board.

Re:People don't understand what security is. (1)

amorsen (7485) | about 2 years ago | (#40766671)

2. It lets me get into my house easily, while making it much more difficult for anyone else to get in without leaving clear and obvious signs that they have trespassed (i.e. a broken window.)

A small minority of locks fulfill that purpose today. The majority can be opened quickly and easily. If you are lucky, an expert can detect that the lock was forced.

For some, the convenience of being able to call a locksmith and get in easily if you lose your keys outweigh the risk of having to try to prove to an insurance company that you did not leave the door unlocked.

Re:People don't understand what security is. (5, Insightful)

Vellmont (569020) | about 2 years ago | (#40766789)

The problem with your analogy is that your house doesn't need to be super-dupe-secure because nobody has invented anonymous, instantly replicable robots that roam the countryside looking for open windows, and equipped with high speed glass cutters, valuable item detectors, and phone-home capabilities to alert a human when further action is warranted. This is routing on the internet.

This is the threat to you email address or bank account has to deal with. In your home you merely have to deal with the people around you who might rob you, and the occasional opportunistic criminal. On the internet, everyone is basically the same distance from everyone else, automation is cheap, and anonymity is common. Think that might lead to the need for more security than easily breakable glass windows? If all my shit is gone from my house, but my window is broken, I'm still not terribly happy that the thief was kind enough to let me know through the broken window.

Re:People don't understand what security is. (1)

element-o.p. (939033) | about 2 years ago | (#40767329)

Yes!!! Something like this:
:~$ ssh localhost
${UsernameMunged}@localhost's password:
Last login: Tue Jul 24 08:43:58 2012 from ${HostnameMunged}
:~$

...would be great. I've always appreciated the "last" output with SSH; it never occurred to me to include it in web sites as well <embarrassed>

Re:People don't understand what security is. (1)

ethanms (319039) | about 2 years ago | (#40767547)

Love the analogy.

You cannot duplicate a house with no evidence of the duplication, so the evidence of entry is preserved. How do you accomplish this with a digital object that can be trivially duplicated? You're talking about revamping everything we have to treat packets (let's just focus at that level I guess) as unique objects which cannot be duplicated (or at least not with modifying the original such that someone will know it was duplicated).

The other issue with your analogy... when/if your house is violated it will be a problem for you--documents and other contents may be stolen and used for nefarious purposes. House break-in's are not common, at least most people don't experience multiple break-in's per month, let alone per day or less. If we were transition to your model we may face the equivalent of a house break-in on an hourly or daily basis as our data is intercepted/examined and we are notified.

No... I think it's more accurate to compare data security to an armored car. You build your vehicle to withstand all reasonable attacks it may face.

Re:People don't understand what security is. (0)

Anonymous Coward | about 2 years ago | (#40767787)

Physical and virtual security are different, because someone who breaks into your home has to be there physically. An attack on your email account can be executed from an internet cafe in Bumfuckistan. There is a very real chance that a burglar is caught in the act, but even if you notice an attack on your email account while it's happening, the chance of catching the perpetrator is nil. As if that wasn't bad enough, there are also many devices which can be attacked, but with which you never interact directly: your router, for example.

The current computer security paradigm is very much focused on detection: Anti-virus software detecting drive-by downloads, firewalls blocking intrusion attempts, Google warning users of dangerous web sites. You have what you wish for. Is it working?

Re:People don't understand what security is. (1)

Shompol (1690084) | about 2 years ago | (#40767999)

And this is how your home would look some 200 years ago [gutenberg.org] , when security was a bigger issue. This is a typical home in Costa Rica today. [tripadvisor.com] And this is how a web server looked 200 years ago [arrakeen.ch] , It could withstand an attack from an army of 5 year olds! Just because you outsourced home security to the local police dept does not make your analogy a good one.

Re:People don't understand what security is. (0)

Anonymous Coward | about 2 years ago | (#40768833)

Your argument falls apart with one word. Tor.

Re:People don't understand what security is. (1)

EvilBudMan (588716) | about 2 years ago | (#40768907)

--I want to know when I've had a trespasser.--

Damn straight. I wanna know that more than being able to completely block everyone.

He's right (1)

93 Escort Wagon (326346) | about 2 years ago | (#40766175)

And here's an example: I remember when, a few years ago, a new version of a supposedly secure communications tool would let a person connect to a valid account by using any two letters as the password...

Security getting worse (5, Interesting)

mpfife (655916) | about 2 years ago | (#40766279)

I would largely agree. Unfortunately, I believe it is because real security - cryptography and end-to-end security and privacy - are very difficult, and hence, very expensive to develop, implement, and test. My experience with such coding is that it's every bit, if not more, rigorous as code written for medical devices or flight control software. It simply has to be bulletproof. Any one hole in the theory, algorithm, or implementation - and the whole thing comes apart. Learning about all those possible holes and plugging them is a herculean task. One can point to the near constant stream of security patches for every browser, app, and OS on the market. And these are the best-funded commercial enterprises around.

Another huge problem is the 'meh' attitude people have towards their personal information. We throw our data around so willy-nilly on smart phones and social networks. We check in places that tell everyone where we are (or are not http://pleaserobme.com/ [pleaserobme.com] ), publicly publish our most intimate family and friend relationships, report where we live and work, we even identify people to image recognition software. One expert I heard said that he could not imagine a more dastardly personal information monitoring system than Facebook. And we WILLINGLY give that information away. Google reads your emails and all the documents you upload to their 'free' services. Websites use everything they can to target ads at you, etc.

The unfortunate part, as my CS security professor pointed out, is that by the time it crosses an ethical line - it's nearly impossible to stop. Even worse, what if the company you gave all that info too gets sold to a very un-scrupulous person in a country with no protections? What if your government is taken over and they raid these databases for information about dissenters? All of these things are real, happen today, and yet we consider it more important to be able to brag to our friends and family what we had for dinner last night than protect ourselves.

Tatu Ylönen has garnered fame ... (1)

chad_r (79875) | about 2 years ago | (#40766483)

Tatu Ylönen has garnered fame in technology circles as ... the dick who tried to trademark the term SSH [wikipedia.org] in a move to try to shut down OpenSSH as a free alternative to their commercial product.

Re:Tatu Ylönen has garnered fame ... (2)

PolygamousRanchKid (1290638) | about 2 years ago | (#40766741)

"SSH" is definitely worthy of a design patent. Look at those "curved corners" of the "S" . . . artistically contrasted against the sharp corners of the "H".

A lot of creative intellectual property work went into that, and the creator should be rewarded with all rights to that.

The estate of the late Heinrich Himmler has challenged this in court, however.

Re:Tatu Ylönen has garnered fame ... (0)

Anonymous Coward | about 2 years ago | (#40767079)

Sorry to spoil the joke, but the SS-Runes had no cuves, only straight lines and edges.

Re:Tatu Ylönen has garnered fame ... (0)

Anonymous Coward | about 2 years ago | (#40767231)

no cuves, only straight

Is it, "Wofür die Untergang der Sturmabteilung?"

ssh is the reason for insecurity (0)

Anonymous Coward | about 2 years ago | (#40767139)

If IPsec had been made routine and manageable by mere mortals then *everything* running across the Internet could be secure by now. At first everyone would have supported it as an option, then at some point during one of Microsoft's mad security drives, it would have set "IPsec connections only" as default in one of its new operating systems. Businesses would have rushed to make sure that their systems were compliant.

But geeks promote ssh, which involves a mindset of explicitly setting up a tunnel - something the majority of people won't do. And if, as a service provider, you don't care about your client's security, you'll prefer HTTP rather than HTTPS on CPU usage grounds alone.

It's such a fucking shame that the transition to IPv6 hasn't involved a transition to IPv6sec.

Re:ssh is the reason for insecurity (4, Interesting)

0123456 (636235) | about 2 years ago | (#40767715)

If IPSEC wasn't one of the worst designed-by-committee-throw-in-the-kitchen-sink monstrosities ever produced, it would be more widely adopted.

Just getting two of my Linux boxes to talk IPSEC to each other took a couple of days, because there are about a bazillion different combinations of parameters and if any of them are wrong it doesn't work and doesn't provide any easy means of figuring out why it doesn't work.

It's also a 'security' protocol which allows you to send unencrypted data, so even if you do use it you can't readily prove that you have a secure connection unless you monitor the traffic.

There's a reason why we use SSL and SSH instead.

On the services side (1)

gelfling (6534) | about 2 years ago | (#40767163)

No one cares about security. They cover everything with contract language but only to the extent that they could be hit with fines. Beyond that, customers literally do not give a fuck about security anymore. Not if it costs a nickel. And when it does, 4.9999 cents of that nickel goes into excruciatingly dense reporting which no one, NO ONE, ever reads.

Once the IT industry was taken over my lawyers and accountants, it's been downhill into a pool of shit since.

"several" (1)

harvey the nerd (582806) | about 2 years ago | (#40767613)

There have been several incidents where someone has stolen from the certificate authorities.
Let's see, who would want that that much to do the breakins? NSA, FSB, RIAA, MPAA, Chinese state sec...

I read that headline wrong... (1)

eternaldoctorwho (2563923) | about 2 years ago | (#40767967)

...and left out the word "says" in my mind. I thought, "Oh no! I hope he'll be okay!"

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...