Why do we insist on seeing the computer as a magic box for controlling other people?
Why do we want so much to control others when we won't control ourselves?
Computer memory is just fancy paper, CPUs are just fancy pens with fancy erasers, and the network is just a fancy backyard fence.
Monday, February 11, 2013
Security Basics 1 -- Perceived Value
If what you have is perceived to be valuable, there will be people who will decide they want it.
So the first rule of security is to avoid making something look more valuable than it is.
(A derived rule is to try to make it appear less valuable, but such attempts are generally all too easy to read through, and thus backfire. Going that route should be reserved for special cases, not engaged in without careful planning, and definitely left alone if you haven't throughly understand all the principles of security.)
Think about the old MS/PC-DOS machines. Internal storage was small. Networking was primitive. Data tended to be stored off-line. The biggest security problems were computer viruses written mostly by kids who had no idea of the value of the data their toys were mucking around in.
Well, the data itself wasn't that valuable either, because it was hard to dig into, hard to aggregate, hard to interpret.
Security was not a big problem because of a lack of value, and a lack of perceived value.
To get a grip on perceived value, however, you need to know what you are protecting.