Monday, June 01, 2015
Washington Post runs major series on legacy security flaws in Internet's design
Craig Timberg has written a big series for the Washington Post on the “Net of Insecurity”, a book-length series of articles on why the Internet has so many persistent security problems. I note this is still with he Post, not Vox; and it looks like it would make a good e-book for Timberg to sell on Amazon. Illustrations are by Harry Campbell and videos by Jorge Ribas. The videos are heavily animated. Post videos don’t give embed links.
The best article so far is the second one, today, link here. Timberg discusses the 1989 idea of Border Gateway Protocol (BGP) as a “quick and dirty” (in workplace jargon familiar to me from my own 30+ years in IT) solution to a long term problem. That makes the Internet vulnerable to malicious redirection. Timberg gives an example in 2008 of an incident in Pakistan that shut down a lot of Youtube traffic worldwide for two hours. In 2008, a Finnish security guru found a vulnerability in the DNS system that led to an emergency conference at Microsoft in Seattle.
The original focus was on “resistance” rather than actual prevention of a malicious attack. Also, the net was designed with the idea of an honor system (like UVa’s), and with little grasp that users would attack one another.
But users “attack” for two basic reasons. One is “inequality”, which leads to ordinary thievery in the digital world, just as it does to carjacking and burglary in the real world. A second reason is that politicians exploit economic uncertainty. In many countries, especially those associated with Communism, talented teens and young adults can’t find productive work. Policies of governments of Russia and China, especially, seem to encourage crime as a way to make a living off the west. (We’re talking about Vladimir Putin.)