Thursday, September 8, 2011


Sometimes I'm quite puzzled when it comes to security. Not because it's hard to implement but because of the unimaginable things people do regarding various security implementations. I mean things like leaving the default password on a company wireless network or having plaintext medical data travel trough a WEP-encrypted(takes maybe a minute or little more crack) network in a hospital. Things like patient history or banking keys should never be allowed to be transmitted without a strong encryption. There are policies forbidding passwords over 8 characters long in a system that holds patient data.

Every time I have questioned the safety of such systems the response has been somewhat the same: "I'ts secure" as if just saying those magic words makes it so. Apparently people just have this tendency to blindly trust people who have made these systems and forward the message of everything being secure down the chain until it reaches the end-user who is so convinced at that point that he/she could believe the sky was falling before there was anything wrong with the security of their systems.

I believe that when people have been using proprietary systems that they have never seen into or do not understand they don't really have a chance to know whether anything wrong. They just "have to trust". What open source has taught me is that I can see the lines of code of the entire program and see for myself if it is secure or not. And so do everyone else. I once belonged to that group of people who "had no choice" because I had no skills to check these things. With much wisdom comes much sorrow, that is the case if you don't change how you do things. And you don't actually have to be an expert in everything in order to be skeptical. There's nothing wrong in questioning things other people take for granted. It is however a sign of a mental condition to blindly believe anything without having at least some process of source criticism.

I know it might sound scary to your life by automatically not trusting anything before verification, but you learn to live with it.

I think it's not politically incorrect to ask does anyone know any skeptic organization in a country with Islam as its main religion?

No comments:

Tip me if you like what you're reading