[not unusual for Ole, by the way.]
Why does security have to be so complicated?
Now knowing Ole as I do, this is of course rhetorical, but it does remind me of two conversations I’ve had. One was a long time ago. A friend of mine was part of a cable start-up team. Some of you will know who this was. He showed up at a conference with his big financial backer, and then told me, “Eliot, I’ve created the perfect parental control system.”
My response was simply, “Are you now – are you now or have you ever a child?” Nearly any child who is motivated enough will get around just about any parental block. Kids are smart.
The same is largely true with security. A former boss of mine once put it succinctly, that it’s either sex or money that motivate people, and that bad guys tend to use the former to get the latter. A great example are the miscreants who give away free porn by typing in CAPTCHA text, so they can get around some site’s security. I think it’s a little more than just those two motivations, but the point is that computers didn’t create crime. Crime has existed since Eve gave Adam the apple. The FaceBook scam occurs every day in the physical world without computers when eldery are taken advantage of in person. Computers simply provide a new attack vector for the same types of crimes.
Bad guys are as smart as good guys, but their best is probably no better than our best.