Conceptual integrity

I always admire people that can summarize your thinking into a simple and elegant phrase. This is akin to software design, reflecting the beautiful harmony. Behold:

“I will contend that conceptual integrity is the most important consideration in system design. It is better to have a system omit certain anomalous features and improvements, but to reflect one set of design ideas, than to have one that contains many good but independent and uncoordinated ideas.”

–- Frederick P. Brooks, Jr, “The Mythical Man-Month”

--> continue reading →

Why do they write insecure code?

First of all, nobody teaches engineers to write secure code. When people study mechanical engineering, they spend an awful lot of time calculating the designs for reliability and safety. They learn that the bridges must be redundantly safe, that there is a plethora of things that may go wrong with an elevator and so on. Do they learn anything like that in computer classes? No, far from it. People learn the computer programming languages and sometimes about cryptographic protocols. But they never learn how to make the systems stable, safe and secure. They never learn what may happen to a computer system in real life. They do not practice taking preventive measures the way any other engineering specialists would.

Many programmers are then lured into the fake safe heavens of firewalls, safe languages that “take care of things for them” and the proclaimed security of frameworks. Guess what, none of that is true, no language is “safe”, no firewall helps and no framework is perfect. But people are inherently lazy and they prefer to blame someone else instead of taking the responsibility.

And on top of all that comes the cost. Software is a form of art. The good, really professional programmers cost a lot of money. The good designs and their implementations take a lot of resources, read money. Security features are costly, security measures are even more costly. And companies are not willing to pay, customers are not willing to pay, everybody just bitches about poor security and the world moves on, selecting the lowest bidder for security critical infrastructure implementation.

We’re sitting on four million pounds of fuel, one nuclear weapon and a thing that has two hundred thousand moving parts built by the lowest bidder.
— “Rockhound” in the movie “Armageddon”

Do you really think anything will change to the better if none of the above changes?… -->

continue reading →

Biometrics is not for authentication, folks!

The capacity of people to persist in their delusions never seizes to amaze me.

A yet another researcher is wondering why biometric authentication does not work: “Ten to twenty per cent of utterances collected by voice biometrics systems are not strong identifiers of the individual that spoke them…”, says Dr. Clive Summerfield.

There is a serious problem with biometrics, and maybe this problem is not voiced sufficiently loud, since we have the same thing again and again. The problem is: biometric characteristics cannot be changed. Everybody knows that, right? The logical consequence of that is: the biometric data can be successfully used to identify a person but cannot be used to authenticate a person. Let me repeat that:

The biometric data can be used to identify but not to authenticate a person.

It works very well as a means of identifying someone and that is how we used it for so many years quite successfully (what do you think your picture in the passport is?) But in order to use it to authenticate a person, to be an authentication token, the person must be able to change it. Must be able to change the biometric data, period. There is no other way. And almost all research in biometrics rotates around this silly subject: how to change the immutable? After twenty years of this circus it should be obvious to everyone and their dog but no-o-o…

Biometric data is successfully used for identification for thousands of years precisely because it is difficult to change. And biometric data could never be used for authentication because it is so hard to change. It is that simple and still we have hundreds of people around the globe deny the obvious.

Here is a simple rule of thumb: if a “security specialist” talks about providing authentication based on biometric data – run for your life!… -->

continue reading →