Information Security: The End of the Wild West

A while back I wrote an essay about the future of information security. I claimed that things would change soon, and that it would become dramatically more difficult to compromise systems in coming years (3-7). There were a few good parts, I thought. Here’s one:

It may seem that the current balance between information security and attackers represents the natural, permanent equilibrium, but that’s simply not the case. That’s an illusion embraced by those who fail to see that information technology itself is in its absolute infancy. It isn’t as if an effort has even been made to create a secure system; all we’ve done up to this point is attempt to retrofit what was handed to us in the very beginning.

It’s really weird to read this, and it’s somewhat embarrassing that I wrote it just two-and-a-half years ago. -cough- APPSEC -cough- But not really. I’m actually backing myself up on the main premise, i.e. that once we leave our infancy we’ll see major change.

The problem, of course, is that human nature tends to keep us in our infancy. It’s so much easier to do things wrong, and we so often underestimate the inertia of a massive body at rest. To my credit I did acknowledge that in the piece, but I didn’t give it enough weight.

Anyway, its fun to look back and see what kind of immature thoughts you were having in the past. LOL — “an Apache box not being compromised” — alluding, obviously, to the difficulty of executing arbitrary code on the stack of the host. Fine, but what about the applications?

:)

Anyway, here’s the essay, and at the end of it is a link to my GSEC practical paper that was based on the same premise. Enjoy, and try not to be too harsh. :) ::

[ Information Security: The End of the Wild West ]