Tuesday 17 March 2015

The lesson of the web? There. Is. No. Such. Thing. As. A. Secure. Website.

There is no such thing as a secure website.

You know that.

You've read the papers, listened to the radio, watched TV and browsed the web. You know Sony were hacked. You know JP Morgan Chase were hacked. And Lockheed Martin and the US State Department.

You know that. They know it and so does everyone else – there is no such thing as a secure website.

Knowing that, if someone offers you a web service and promises that it's secure, how do you react?

It doesn't matter who that someone is, it doesn't matter how often they claim to take security seriously, it doesn't matter if they claim to have learnt the lessons about privacy and confidentiality and security, the promise is suspicious.

Does this someone believe that you can't read or understand the news or draw elementary logical conclusions from the unmistakable evidence?

They must do.

They must think they're marketing to cretins.

It's extraordinary that anyone in the 21st century is still offering security on the web. We all know that it's not available. That's the lesson of the web. There is no such thing as a secure website. If you don't get that, you don't understand the web.

Anyone who takes your intelligence seriously will acknowledge that when they market to you. They will say that they take all due care and they expect you to take all due care but that security breaches are inevitable and that there is a well-oiled compensation scheme in place for when they happen.

Anyone else now, today, in the 21st century, looks like nothing more than an old-fashioned mountebank.

October 2010Unicorns
15.5.13"When it comes to cyber security QinetiQ couldn’t grab their ass with both hands"
22.10.13Hyperinflation hits the unicorn market
16.2.14Some people must think that the British public is a cretin
30.3.14The Scottish on-line security experiment
7.8.14Cloud computing goes up in smoke
24.2.15RIP IDA – "we're building trust by being open"
12.3.15Current and future uses of biometric data and technologies

No comments:

Post a Comment