The Machine is Us/ing Us
“The Machine is Us/ing US”. Ordinary people are more involved into the digital world then ever before: sharing, discussing, creating virtual empires. The web is different. It is a Machine. It is a tool. It is home for many of us.
Not too long time ago I had been asked to describe what is the real purpose of Cross-site scripting and Cross-request forgeries and why they are so dangerous, or even more, compared to dozens of other attack vectors malicious minds can undertake. I had a deep breath.
I had been asked the same question many times. I knew that conversations like this one barely make a change in people’s ways of thinking. It is hard to explain something that you feel in your guts; the feeling of the coming danger.
I started my response by explaining that the web is the most versatile and dynamic system ever build and it empowers companies to do business on multiple levels, eliminating the need of the middle man, providing better quality of service and building communities around commercial products. I continued by describing that people’s intellect is the driving force of the web and it can be as beneficial as destructive. I explained that if not properly handled, the web is a tool for mass destruction. It is a tool that can be used to spread fears, to manipulate the way of thinking, to wage wars. The web is a tool that can be used to steal money, to hijack identities, to destroy lives. It is complicated. It is simple for those who understand it.
Cross-site scripting and Cross-request forgeries are simple techniques the computer security people like you and me came up with long time ago. These techniques can be a child play in unexperienced hands and a war gun in the hands of the cyber criminals. They are dangerous. Don’t underestimate their power.
It is funny how even professionals in the computer security industry don’t understand the real threat although it is in front of their eyes. We sell fears by telling corporations that their firewall is not configured, or that rootkits can get into their LAN, etc. No my friend. Be afraid of your people. Today, the low hanging fruit is the web. It is dangerous and anonymous. People blog, people like to share, people get hacked, not corporations.
Comments
Nice story. I will fully agree with what’s said above. And again, it is always pleasure to read on your blog pdp (architect), petko d. petkov.
Keep the good work!
I love the insideness feeling I get watching all this.
Original video, interesting text.
Nice one, pdp! :-)
Intellectual video. It is forcing you to think about it, about the web.
And your text is also nice, it is actual. I can understand you, because I had been asked for many times about danger of Cross-Site Scripting and other threats.
Two words: Proof, Read.
steveo, thanks man. i do proof read my posts although you can see that there are some leaks. it is hard to spot obvious errors when you communicating on three different languages on a daily basis.
I work in security at a well-known research uni on the west coast and i and my colleagues are getting more and more down on network computing. It is a war, and we are losing. The guys making all the calls for the evil side know exactly what they are doing. The decision makers on the “good” side have no idea what is going on or how to respond to it.
To johnny-rotten;
Sup johnny, it has been a while. Yes we know each other. I feel you have made an error in your comment.
Yes, this is a war. But the so called “good guys” are not losing it. They have already lost it and they just don’t know it.