I read this, and while I wanted to laugh along with the original blogger whose post led me to this, I have to feel sorry for all the rest of us who aren’t so arrogant:
He was reporting on the loss of 25 million bank account numbers, and thought the controversy was so silly that he actually read out his account information to his viewers. He honestly believed that it wouldn’t be possible to withdraw money from his account with that information.
Of course, the only reason why I’m writing anything about this is that he was spectacularly wrong — someone donated £500 to a charity from his account, and it cannot be traced.
I have to believe that there are plenty of reasonably technical folks out there who’d believe the same thing. Hell, I’ve been guilty of similarly arrogant statements in the past, and I can only thank the fates that I wasn’t similarly embarrassed by them. One of the core encryption technologies with which I worked turned out to have a brutal backdoor (that I don’t believe has yet been fixed) that I had claimed for years was patently impossible.
Am I embarrassed now? You bet.
What can I do to avoid that in the future? Well, I won’t pretend it didn’t happen. I can’t make reality go away. However, I can continue to remind myself (preferably with sharpened sticks) of these failures when I’m about to say:
- “There’s much bigger problems to worry about than that little security hole”
- “That’s a perfectly reasonable way to mitigate against the script kiddies”
- “Sure, there’s always the risk of some determined attacker spending unlimited time and resources, but the odds of that happening in this case is vanishingly small”
I know these sound like stupid statements when they’re presented in this fashion, but stop for a moment and ask: have you never said anything like this? What makes that different from this? Is it a perfectly sound security solution, or is it just that no one’s discovered the circumvention approach yet?