7
whoam1
7y

So much talk about wannacry and security, but everyone will forget in a few weeks and go back to using old unpatched OS with vulnerabilities.. Why don't people understand that security is a necessity, not a luxury!

Comments
  • 2
    May I rephrase necessity to requirement? 😃
  • 2
    You always have the trade-off between security and comfort, you cannot have both at the same time.
    And people are lazy, so comfort always wins.
  • 1
    @ddephor I actually think that you'd very well be able to design ware that doesn't have that tradeoff
  • 0
    I feel that this is true especially in startups, where the primary focus is to get Shit done fast, and security is always an afterthought.
  • 0
    @linuxxx I don't think so. For security first of all you have to know how things work, and you need to trust your counterpart. To increase comfort you have to give up on these points and trust some stranger to make it right for you.

    Take Whatsapp as example, they startet encryption suddenly, it was simply there, no user had to do anything for it. Really comfortable and userfriendly. From the outside it seems to be quite secure, experts tested it.
    But on the other hand you don't know anything about the internal handling. How are the keys generated and stored, how does the whole PKI look like and is it standard or with prorietary parts, do they use system security or invented the wheel again, can security related data escape from your device, are all certificates checked correctly, etc. And at the end it's closed source so checking for security flaws is difficult.
    At least you would have to create the keys by yourself and have the possibility to change them, not even that is possible.
  • 1
    @ddephor That's why I don't use whatsapp. I use Signal and it already had an audit. It's very easy to use and considered to be about the most secure chat app in the world (notice the about part, since its at least very very close)
Add Comment