I assume that it's always possible to compromise our security somehow

November 9, 2016

It can be very easy to get into a stark, binary mindset when you think about security and security issues, one where anything that introduces a potential insecurity must be resisted with full force. This mindset is a mistake, because real security almost always involves tradeoffs and a balance of risks, but it can be easy to find yourself in it. One of my tools for resisting it is to always assume that we can be compromised by a determined attacker who is specifically targeting us.

This sounds silly and obvious and surely everyone does it, but for me its power is in turning a binary situation into one with shades of gray. Instead of the introduction of a potential security issue taking us from 'totally secure' to 'potentially vulnerable', the question becomes whether this will introduce a bigger or worse vulnerability than we already have, or whether the exposure it adds is probably mostly theoretical because real attackers will just pick on a more easily accessible weak point.

(You can flip this around when considering security measures to add to your environment. Are you reinforcing something that an attacker is already not going to bother with, or are you shoring up a current weak point?)

Or in other words, the question is not 'could we be attacked through this' (because the answer is very often 'yes, in theory'), the question is 'will we be attacked through this' or the closely related one of 'how much easier have we just made the life of an attacker?'

(Of course, there are reasons to not add even low-likelihood weak points. A target rich environment with a bunch of weak points helps attackers, since they don't have to work very hard to find something to attack. But you are presumably getting something from any potential new security exposure, so you can balance the gain against the extra security risk.)

At the same time, I want to throw cold water on myself here. That something is a security tradeoff and the security exposure it introduces is low and attackers will target something else can be a convenient excuse for ignoring potential security issues in something I want to do. Security inevitably involves not doing things, and when I want to do something it's tempting to find a way to justify it (and I may not realize that that's what I'm doing).

Written on 09 November 2016.
« Security often involves not doing things
Getting a Yubikey 4 working on Ubuntu 14.04 LTS and other older Linuxes (in PIV mode) »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Wed Nov 9 00:04:26 2016
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.