In the realm of physical security, one obvious success story is position-broadcasting systems in cars. Perhaps that could be extended to less valuable good as well, such as computers and monitors, so that they'd start squealing if they were moved more than a few feet from their intended location. After all, we don't know how a burglar might break in, but we can be pretty sure he's gonna try to make off with the computer.
For computer security, one technique which is so obvious, easy, and practical people simply scoff at it stands out: write your program in a language which has garbage collection, bignums, and bounds checking. The days of C being the only widely supported language are long gone, and anyone using C for anything vaguely security-related which doesn't really (and I mean really) need tremendous performance is simply being pig-headed.
Very interesting topic, iang. Interesting in that it is weighted towards a technical analysis of security. What about the psychological analysis of security. The feeling felt by Londoners in the Blitz when they heard the British anti-aircraft guns. Especially those who knew that the anti aircraft guns were a poor defence yet still felt some sort of security. In a similar vein, what about those who buy some sort of security product on the basis that _everyone else uses it_. Any links or comments in this regard would be of interest.
Bram, I'm curious what you think of OpenBSD? It is AFAIK "the secure OS" when it comes down to it. Yet, it's written in C...
(Just to clear the air here, I don't disagree, and use Java and Perl for security code partly for that reason!).
Darren, that's exactly where Adam and I are looking ... we know that the ackack didn't do much good, but the locals still bought it anyway. So why is that? In terms of signally, it was a bad signal ("ackackackack..." :-) and in terms of economics, the appearance of a popular bad security product crowds out the potential for good ones to emerge.
What do we have to do to silence the guns?
Bram - sadly, the position tracking for cars appears to be easily defeated. Any steal-to-order thief who makes off with a high value car should be able to disable Tracker in under a minute (see discussion threads on sites such as pistonheads.com)
And although I agree in principle that having a language which has more security built in is a good thing (tm) in general, training programmers to code securely is key no matter what the underlying language is.
Darren/Ian - seems like sadly it takes a vast number of dead lemmings to alert the population. And then the swing moves the other way - look at Firefox. A sudden upswing because it is the 'secure alternative to IE.' Well, it appears to be more secure, and I generally use it because of that, but this may be down to more attacks aimed at IE due to it being MS or it having market dominance, or that the early adopters of Firefox are more technically savvy so patch better, or many other reasons. The less savvy new switchers to Firefox appear to believe it is 'Secure' so we could end up with unsuspecting victims thinking they are now securely browsing, but are still being exploited.
Rory, thanks for posting! On the issue of position sensors, there was an article (lost URL sadly) that reported that a special Merc owned by one of the directors of the company, laden with all the new stuff including position broadcasting ... was nicked!
On Firefox - I wholeheartedly recommend people to switch. That's because primarily it is different, so they benefit. But the point you make is indeed valid. Will it maintain any difference once it becomes targetted?
I think that the answer here is that the Mozilla people do think a bit about security. They do accept it as their responsibility. As and when they see the attacks, especially the classical spoofing attacks, I think they will be more proactive about fixing them and what's more important, more embarrassed!
It's been 2 years since Bill Gates' famous memo, and we've seen some evidence that the company is thinking about security. The shame and horror of it is that given their position and liability and scrutiny and all that, it is only "some evidence;" he has completely failed to turn the company onto this new direction.
That's where the difference lies, I believe. But I could be totally wrong in this. I have for example completely failed to convince Mozilla that phishing exists... And as far as I can tell, there is no Security Officer at Mozilla (wakeup call to Adam here...).
Crypto is done primarily in C, with some Java and other languages. But, it makes less difference than one would think as most crypto protocols are done with toolkits.
Banks never touch anything but full systems, so languages don't come into it. If it isn't supported by IBM, it probably won't get in the door as far as a bank is concerned. Well, not quite 100% true, more like 90% true, but good enough for a rule of thumb.