A while back, I was pointing out to someone that scientists learn to think in a manner the rest of us view as upside-down and backwards. Among other things, scientists aren't trained to try to prove their theories true, but rather to prove them false. And the power of a scientific theory comes not from the number of things it can account for, but from the number of things it rules out.
Non-scientists don't understand this mindset.
Here, Bruce Schneier looks at the mindset of a security professional.
Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was a card that you filled in with your address, and the company would mail you some ants. My friend expressed surprise that you could get ants sent to you in the mail.
I replied: "What's really interesting is that these people will send a tube of live ants to anyone you tell them to."
Security requires a particular mindset. Security professionals -- at least the good ones -- see the world differently. They can't walk into a store without noticing how they might shoplift. They can't use a computer without wondering about the security vulnerabilities. They can't vote without trying to figure out how to vote twice. They just can't help it.
SmartWater is a liquid with a unique identifier linked to a particular owner. "The idea is for me to paint this stuff on my valuables as proof of ownership," I wrote when I first learned about the idea. "I think a better idea would be for me to paint it on your valuables, and then call the police."
It's not that security experts are untrustworthy or that they intend to implement any of the security flaws they find. It's that most people are far more interested in getting any given system to work properly than in breaking it, so they don't see the ways it can be broken.
No comments:
Post a Comment