I wasn't going to add my 2c to the debate rumbling behind the OpenSSL defect, (summarised nicely here) Plenty of knowledgeable folks have raked over those coals already.
But then I came across this story, I don't know how old it is, Hardworking Locksmith In Prisons and it struck me that the OpenSSL problem was essentially the opposite of the locksmiths one.
On the one hand we have a security technology which was compromised because its secrets weren't known and understood well enough, and on the other we have a security technology who's flaw is that it relies to a large extent on practitioners keeping secrets.
So the award goes jointly to the guys who compromised OpenSSL without knowing what they were doing, and the guys who compromise our homes and offices just because they do.
I'm still not sure whether I'm happier to rely on knowledge or ignorance for my security though.
Danny Angus
blog.killerbees.co.uk
Labels
Wednesday, May 21, 2008
Botched Security Lifetime Achievement Award
Further Reading
-
Internet Archive loses their CDL appeal - The Internet Archive's Controlled Digital Lending (CDL) lends out scans of physical books, ensuring that each scan is lent to one person at a time. Publi...2 months ago
-
[ANNOUNCE] Apache NetBeans 18 Released - The Apache NetBeans team is pleased to announce that Apache NetBeans 18 was released on May 30, 2023. What's in the Apache NetBeans 18 release: https://...1 year ago
-
The Security Failures of Online Exam Proctoring - Proctoring an online exam is hard. It’s hard to be sure that the student isn’t cheating, maybe by having reference materials at hand, or maybe by substit...4 years ago
-
ApacheCon@Home 2020 - Myrle Krantz has added a photo to the pool: [image: ApacheCon@Home 2020]4 years ago
-
-
GTID implementation - Oracle vs MariaDB - Oracle MySQL has implemented GTID differently from MariaDB; this article walks through some of the key differences. Before we look at the details, let’s ...6 years ago
-
ApacheCon Seville 2016 – Building a Container Solution on Top of Apache CloudStack- Steve Roles - Building a Container Solution on Top of Apache CloudStack- Steve Roles Cloud native applications running in containerised environments look set to create a...7 years ago
-
Nóirín Plunkett - https://www.flickr.com/photos/robertburrelldonkin/5729816462 smiles and socks retreating in co. wicklow now empty whiskey and secrets bar camping in ox...9 years ago
-
Hello world! - Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!9 years ago
-
Debugging MySQL Slow Queries With Many Joins - This week I encountered an issue that I hadn’t seen in a while. The ORM in a CMS project that I work on automatically joins to many subclass tables, causin...11 years ago
-
You’re invited to help us celebrate an unlikely pairing in open source - We are just days away from reaching a significant milestone for our team and the open source and open standards communities: the first anniversary of Micro...11 years ago
-
Boat For Sale - Boat For Sale: Price: £150 Terms and Conditions Oracle reserve the right to alter the web price of this acticle even after purchase. Price does n...17 years ago
-
-
-
-
I know nothing, I'm not a fortune teller, and you'd be insane to think that I am. This disclaimer was cribbed from an email footer I once received. It is so ridiculous I had to have it for myself.
Statements in this blog that are not purely historical are forward-looking statements including, without limitation, statements regarding my expectations, objectives, anticipations, plans, hopes, beliefs, intentions or strategies regarding the future. Factors that could cause actual results to differ materially from the forward looking statements include risks and uncertainties such as any unforeseen event or any unforeseen system failures, and other risks. It is important to note that actual outcomes could differ materially from those in such forward-looking statements.
Danny Angus Copyright © 2006-2013 (OMG that's seven years of this nonsense)
Comments:
Interesting comparison, but the summary you link to is pretty flawed, for all its succinctness.