Trust me if you dare…



Paranoia : baseless or excessive suspicion of the motives of others


 


What percentage of computers are compromised in some way? No-one knows for sure but there are estimates. Not many servers – but compromises of those tend to be critical. Some of the systems in an managed environment may be compromised by malware of some kind. Many home systems are – if your system connects to many home systems, you are going to have to assume that at least some of them have malware on. Given that some of the boxes are not trustworthy and you can’t tell which, you have to assume that any (which means all) of them are bad.


 


Is this excessive? Maybe. It depends what you are protecting. The cost of the protection should be less than the value of the thing that it is protecting or there is no point. If you are protecting grandma’s tomato soup recipe and your name is not “Heinz” then complex protections are unnecessary but some things have to be protected by law. If your system is protecting the identity of translators in a combat zone, it could be a matter of life and death.


 


In that case, you need to be as certain as you can be that nothing is widening the access to the data. A keylogger could be hardware or software. Something could be sniffing the network. There could even be a hidden camera looking at the screen (no, really, it has happened). In that case, the more control over the environment, the more certain you can be that your environment is clean. In practice, you may only have limited control and that puts you in the world of trying to limit risks. That gets interesting.


 


I will be talking about that in some future blogs


 


Until then, signing off


 


Mark

Comments (1)
  1. Will Pearson says:

    Don’t forget, for extreme paranoia monitors produce light waves and speakers produce sound waves.  If these wave things are travelling through free space, or air to be non-technical, then they will disperse, reflect, and otherwise travel to places that you probably don’t want them to.

    Being blind I have quite a few friends who are also blind, and I phone them up occasionally.  It’s quite amazing how many are still doing things on their computer when I’m talking to them, and as they’re running screen readers the sound waves are travelling straight from their speakers and in to the microphone on the phone.  I’m sure that one day I’ll get some important password, someone’s bank details, or something.

    Thinking about what malware could have got on to a system is a great step but computer systems have two main components: the computer and the user.  Thinking about the user and the interface that connects them to the computer shouldn’t be overlooked if you want to create a really secure system as these can be comprimised too.

Comments are closed.

Skip to main content