Computer security

Summary: The Ongoing Problem of Computer Security

This is a summary with links to my posts on computer security.

Computer security is important for the same reason as home security – you don’t want bad guys breaking into your house, wrecking it and taking your stuff! Here are brief summaries of the unending computer security problems and how to solve them.

https://www.blackliszt.com/2023/04/how-to-prevent-the-leak-of-confidential-documents.html

https://www.blackliszt.com/2017/05/computer-security-problems-solutions.html

In the invisible world of computers, security is elaborate, expensive and an ongoing nightmare of failure and ineptitude. But computer attacks are largely ignored, while physical security problems often make the news.

https://www.blackliszt.com/2014/09/cyber-security-and-cyber-insecurity.html

Managers treat managing computer security no differently than anything else. Huge mistake.

https://www.blackliszt.com/2015/06/systemic-issues-behind-the-cyber-security-disasters-at-opm-citi-anthem-etc.html

https://www.blackliszt.com/2015/06/what-baseball-can-teach-us-about-opm-anthem-and-other-cyber-thefts.html

Everyone in the physical world realizes that security falls into two entirely distinct categories. First is for places when they’re closed: security is stopping anyone unauthorized from entering. Second is for places when they’re open: keep visitors and employees from stealing things. Computer security focuses almost exclusively on keeping the bad guys out, largely ignoring the cases of visitors and (above all) employees from stealing things.

Here’s the basic idea of applying retail store methods to computer security.

https://www.blackliszt.com/2015/03/methods-for-effective-cybersecurity.html

Libraries too.

https://www.blackliszt.com/2017/03/libraries-are-more-secure-than-computers.html

Here are famous examples of the “insider threat” in the physical and software worlds.

https://www.blackliszt.com/2013/07/edward-snowden-daniel-ellsberg-ineffective-security-then-and-now.html

https://www.blackliszt.com/2013/07/cyber-security-standards-are-ineffective-against-insiders-like-edward-snowden.html

Although largely ignored, there are practical ways to implement insider-threat computer security.

https://www.blackliszt.com/2017/03/lets-fix-cia-cybersecurity-using-machine-learning.html

The government is terrible at cybersecurity.

https://www.blackliszt.com/2017/06/government-cyber-security-tops-the-oxymoron-list.html

https://www.blackliszt.com/2021/07/the-irs-could-have-prevented-the-tax-data-leak.html

And there is general ignorance about basic aspects of it.

https://www.blackliszt.com/2017/10/the-irs-anti-fraud-contract-with-equifax-is-good.html

Government security experts demonstrate deep ignorance in high visibility cases, confusing outside hacking with typical ignorant-user phishing.

https://www.blackliszt.com/2017/01/russia-hacks-dnc-podesta-email-fake-news.html

In spite of its own incompetence, the government produces mountains of regulations that companies are required to follow. The regulations largely ignore insider threats and don’t work for outside attackers.

https://www.blackliszt.com/2014/05/bureaucracy-regulation-and-computer-security.html

https://www.blackliszt.com/2017/05/security-regulations-vs-security.html

One of the many reasons the regulatory approach to security fails is that the “experts” are always fighting the last war.

https://www.blackliszt.com/2014/09/cyber-insecurity-and-the-maginot-line.html

Institutions that are hacked and lose mountains of customer information make a big show of concern, but don’t in fact help their customers.

https://www.blackliszt.com/2015/02/the-anthem-of-cyber-insecurity.html

https://www.blackliszt.com/2015/02/my-anthem-account-was-hacked.html

Some of those giants wait way too long and then lie like crazy to their customers.

https://www.blackliszt.com/2011/04/chase-data-theft-exemplary-handling.html

Smaller tech-oriented companies do the same thing.

https://www.blackliszt.com/2019/01/computer-security-breach-response-excellence.html

Part of why the data theft parade continues is that the people in charge have no real motivation to make security work.

https://www.blackliszt.com/2015/03/how-to-achieve-cybersecurity-motivation.html

Outside hacks succeed in part because unwitting employees open the door and let the bad guys in.

https://www.blackliszt.com/2019/11/cybersecurity-almost-impossible-to-achieve-heres-why.html

https://www.blackliszt.com/2015/04/internet-drivers-licenses-needed-for-users.html

Ransomware is a new way for hackers to profit from security breaches. Not many of the attacks make the news, but there’s an epidemic of it.

https://www.blackliszt.com/2021/06/the-colonial-pipeline-cyber-security-disaster-in-context.html

https://www.blackliszt.com/2022/12/new-york-citys-metropolitan-opera-crippled-cyber-attack.html

Articles about famous ransomware attacks shows the profound ignorance of “experts” on the subject.

https://www.blackliszt.com/2017/05/the-ransomware-hack-attack-lessons-from-the-experts.html

There are proven ways to protect against and recover from ransomware, which are sadly not widely used.

https://www.blackliszt.com/2023/05/how-to-protect-and-recover-from-ransomware.html

Computer security is rife with specialized terminology and abstruse concepts. It can be hard to understand. But the core concepts are easily understood when you compare hack attacks to physical things like car dealerships or gated communities.

https://www.blackliszt.com/2020/02/why-the-equifax-hacking-disaster-wouldnt-happen-at-a-car-dealership.html

https://www.blackliszt.com/2021/06/gated-communities-help-us-understand-the-ongoing-cyber-security-disaster.html

There is a special security case of law enforcement agencies with a legitimate need to look inside a consumer device. Apple does its best to protect the criminals.

https://www.blackliszt.com/2016/03/apple-can-help-fight-crime-while-maintaining-privacy.html

https://www.blackliszt.com/2016/02/apples-cancer-prevention-strategy.html

https://www.blackliszt.com/2016/02/apples-approach-to-privacy-terrorists-and-criminals.html

Until the uniform wisdom and practice of the ruling experts changes, computer security disasters will continue unabated in spite of massive spending to conform to the regulations intended to achieve security.


Categories