Excellent article on the overall issue of trust and mis-placed trust. This is really one of those FUNDAMENTALS that seems to be forgotten about, and is more or less assumed by all of us security people without a whole lot of thought.

I see no real solution to it, because lets face it we all must trust the OSs that we run, and the applications that we use, and the web services that we run, and the code running the networked devices which our data runs through. If you had to actually think about all the code that it took for me to just post the single message (boot the OS in a laptop, run a NIC card, connect thru dozens of networked devices to a server running web-apps to display and accept this message, and all the OSs that each of these devices run on, etc. and then consider the problem of unintended interactions to all these separately engineered machines!!!) and all the programmers it took to make that all happen, we are talking about millions of lines of code and hundreds of developers that I (we!) all had to trust.

When it comes down to it, it is really -Its Just a Matter of Trust- --Billy Joel

(and as he hits the SUBMIT button an error message pops up: HTML not accepted because of my attempted use of quotes?? or pick some other error: application not responding; core dumped; 404 error; connection terminated, unknown host try again later -insert your favorite error here-)

(its actually amazing to me that it works most of the time!)

---H. Israel (h.israel at here: comcast.net)

(PS too lazy to run spil-chek B4 sending.)

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/373/32833#32833