1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What happens when technology outpaces security?

Discussion in 'Bits & Bytes' started by Biker, May 31, 2015.

  1. Biker

    Biker Administrator Staff Member

    We may find out sooner than we'd like to think.

    Quantum Computing Is About to Overturn Cybersecurity’s Balance of Power - Singularity HUB

    Think about this for a bit. We've all seen the charts and graphs that show us how long it would take to break complex passwords. Here's an example: Password Recovery Speeds

    Now, imagine having a password that would take 631 Billion years to crack using a large scale distributed network. With quantum computing, this could be conceivably be cracked instantaneously.

    In essence, our existing methods of encryption and protection are for naught when it comes to quantum computing. Now, is this something that JQ Public will be able to afford? No, not for quite some time. But companies are already in a rush to be the first to create a scalable system and I'm sure governments are drooling at the prospect of what these systems can do. The cybersecurity aspects alone of having such a system is a spy agency's wet dream in the making.

    While the thought of quantum computing is rather exciting, for the folks on the security side of the house, their nightmare is just beginning.
     
  2. Allene

    Allene Registered User

    Interesting AND scary.
     
  3. Biker

    Biker Administrator Staff Member

    Interesting.

    SHA3-256 is quantum-proof, should last BEELLIONS of years, say boffins

    Reassuring as long as the idiots who are running the servers ensure they upgrade the encryption standards on their machines.
     
  4. Biker

    Biker Administrator Staff Member

    Serious quantum computers are finally here. What are we going to do with them?

    Very interesting article on the challenges of quantum computing and the roadblocks they're having to deal with.
     
    Allene likes this.
  5. Arc

    Arc Full Member

    As long as there are humans involved in using any system including computers and in addition to that there are thumb drives, (and those two factors are just for starters,) there is limited security with conventional computers no matter how many layers or depth of security is involved. Nothing is truly secure.

    But security aside, if practical quantum computers come to be it will certainly change the world.
     
    Last edited: Feb 26, 2018
    Allene likes this.
  6. Susan Addams

    Susan Addams Unregistered User

    Arc you are wrong. It's child's play to zip down a corporate computer where a thumb drive just won't work, nor any other means of getting data out of the computer short of printing it on paper. I learned that in IT school and on the job. Go ahead and ask Biker how easy it is with system policy settings. And what are you going to do when your corporate computer has no plug for that thumb drive? Our sensitive computers are locked up tighter than a frog's ass.

    Arc, have you ever worked in a high security computer system? You are thinking of your home PC when you say that. High security, we do stuff you wouldn't even understand. Good luck running programs we didn't install. Good luck thinking that even if your corporate PC has a USB port that it will load the driver you need to access that thumb drive. We just switch off the ability for regular users to get drivers installed. No driver = no USB thumb drive.

    The only way around it is to print it on paper and hope nobody notices. Oh and don't use that copy machine. You know top end office grade copiers have the ability to remember every sheet of paper that was copied. Remember it until we delete it or look at it.

    I have an advantage on you. I work in a field you are not expert in, unless you neglected to mention your corporate IT experience. I could zip your computer so tight it wouldn't work for anything except reading and posting Global Affairs.

    Oh, and we IT staffers know to password the BIOS too, so that Linux boot CD won't boot. In fact nothing will auto-play in your Blueray/DVD drive. Are you going to unscrew the cover and take the HDD? I'll admit that physical access is the weakest point in the system. Are we going to notice you removing your HDD or printing reams of paper?

    More importantly, would you risk that? The wrong answer lands you in jail without your get out of jail free card. Unless you are HRC of course.
     
  7. Susan Addams

    Susan Addams Unregistered User

    By the way I'm planning a new topic explaining why your personal security just went away, or will be disappearing entirely more quickly than you think.

    It turns out it wasn't the government we had to worry about, but it's a long story and I haven't written it yet. I just read between the lines a couple days ago and haven't had time to type it into this forum.
     
  8. MemphisMark

    MemphisMark Old School Conservative

    The same goes for printing. Between every print job having a record in the print queue, there is also the microprinting on every piece of paper every modern printer puts out. If I get the paper, I can find the printer, then the print job, then the computer that printed it.

    I used to deal with HIPPA files. My company laptop had the CD drive disabled and I could not write to USB drives. If I used my company laptop on the Internet, it had to be on the company VPN, using a security token.
     
  9. Susan Addams

    Susan Addams Unregistered User

    Maybe we worked at the same place. (Not likely.) My employer too was HIPPA. I had to laugh when I pointed out their HIPPA violations. They were writing in Java and their save file was totally plain text. HIPPA requires that local file stashes must be encrypted.

    I thought the Java team were totally clueless, but not my job to make them cool. I never liked Java although I do it when you feed me proper food rewards. Um, had a Margarita tonight, I'll work for cocktail rewards provided I meet a gentleman who wouldn't think of feeding me more than 3. Chick rule: if a guy buys you three cocktails he's trying to get you drunk and disoriented.

    I had my Margarita during happy hour then took my dinner from another place take-out.

    I'm looking forward to tomorrow, a holiday. I'm not sure what holiday it is. Actually I think it's not a holiday and I'm just fantasizing.

    But back to IT department vs employees, we own the machine. You use it. It is our corporate PC and we install whatever we want or cut off your access.

    One of my first IT jobs was zipping up workstations tighter than a frog's ass. I zipped 'em up so tight that if a frog ate beans he'd explode! :laugh-46:
     
  10. Biker

    Biker Administrator Staff Member

    Gimme physical access to any Winderz machine and I can have complete and total access in under 10 minutes, regardless of what you do to secure it (including BIOS passwords).
     
  11. Arc

    Arc Full Member

    For any problem that requires investigating or forensic analysis there are experts that boggle the mind with their skills.

     
  12. Susan Addams

    Susan Addams Unregistered User

    That's the IT rule. If I have physical access to your computer then I own it. If I can run code on your computer then I own it.

    The simplest form of owning a computer if you have physical access to it is to remove the HDD and take it with you. If the corporation has no physical security (guards) in place then nothing will prevent you from taking the HDD and attaching it to another computer at a location of your choice, and extracting all the data.

    A HDD without a computer of its own is just a dumb animal. Mounted on let's say some Linux distro it's just another peripheral device, all its data exposed to any access or manipulation.
     
  13. dsl987

    dsl987 Member

    Given that I work at a Fortune 100 company, I'm always surprised by how "seemingly" lax our computer security is at work. Now I'm sure there is a lot more security behind the scenes than appears at first glance, but it still seems pretty damn lax to me.
     
  14. Biker

    Biker Administrator Staff Member

    It most likely is. Most large corporations give stellar lip service when it comes to securing their networks, but the actual reality is their security programs suck. And it's usually due to the corporate suits wanting easier access and not having to jump through hoops in order to get the info they want.
     
    Allene likes this.
  15. Susan Addams

    Susan Addams Unregistered User

    If you can remove the case cover and see that you could remove the HDD, and you aren't under a camera, then you have no serious security. Like if you could remove the HDD and take it home overnight and reinstall it next morning? You could copy your entire HDD and nobody would ever know.

    I was once looking at a packet sniffer when I suddenly realized I was reading employees logging into our mail server. The passwords were in the clear and I could see them right on my monitor. Did you ever think that your mole is in the IT department? :) Perfect cover, just another geek. (Or geekette.)
     
  16. MemphisMark

    MemphisMark Old School Conservative

    A friend is a network security administrator. His boss had him tighten the security settings (no shopping, social media, pr0n, etc) on everyone EXCEPT HIM. Not an hour later, my friend sees the boss heading to the restroom with his laptop. The friend then pulls up a live report of the boss’s network access. My friend is standing outside the restroom when the boss exits and tell him, “are you going to tell your boss about what you did, or do you want me to tell him?”
     
    Susan Addams likes this.
  17. dsl987

    dsl987 Member

    I remember recently they were preaching about thumb drive security, yet they still allow them to be used at will, including letting vendors come in and give presentations from their thumb drives plugged into the network. I'm no network security expert, but me thinks that's probably not a good idea.
     
  18. Susan Addams

    Susan Addams Unregistered User

    There was one well known breach where the attacker left a pile of free thumb drives in the lobby. Employees loved picking them up and using them. Just one problem: they were carrying a root kit and anybody that didn't have auto-run disabled got owned.

    Ever since I was still in school and my brother was in IT I've always disabled auto-run on inserted media as one of my first steps in setting up a new PC.

    Any organization that has data that they don't trust employees will not divulge should have thumb drives disabled. I don't work in that department any more but I'd zip up all removable media from regular employee PCs. I'd build the PCs without Blu-ray or DVD drives. I'd give the employees limited accounts and ever ever allow them to install software. Maybe I'd consider allowing the software development team to install software. Most of them are probably good enough to breach security anyway.
     
  19. Biker

    Biker Administrator Staff Member

    Considering many of the avenues of attack are via programs that are poorly designed, letting your developers install at will is a very bad idea.
     
  20. Arc

    Arc Full Member

    Yes, sir, one should hire people of the highest character, knowledge of every type security associated with computer systems and that we all should have the highest confidence in their ability to protect or make secure everything associated with such systems. Men like Edward Snowden and companies like Equifax along with their stellar staff.
     

Share This Page