Reply to post: The Other Side of Security: (re-)Weighing Our Choices

Ukraine's cyber chief comes to Black Hat in surprise visit

An_Old_Dog Silver badge

The Other Side of Security: (re-)Weighing Our Choices

The (should-be) obvious problem with advanced feature sets is they require complex protocols, complex hardware, and complex software to implement, and, in that complexity lie bugs/vulnerabilities.

If we want substantially-better security, we need to re-weigh our choices, and put far more weight on minimalism and simplicity.

Do you recall "hypertext applications" (*.hta files)? Microsoft introduced these in the Windows 95~98 era. I ran MS' demo of these on my PC and thought, "Wow, that is very powerful, can be very useful, and is a terrible security risk. Running Joe Random Internet-persons' apps which can do anything to my PC? NO!". I immediately disabled that capability.

Today, we are doing that very same sort of HTA-like thing, with all its vulnerabilities, with Javascript, dynamic code loading, and NPM-like repos.

For security, we ought to go back to something like the simpler, static, mostly-text-based Web 0.5, where you had to explicitly click on a link to download an image.

That ain't gonna happen.

Between monkey-brain-wants-to-see-pretty-moving-images demand, and all the money in ad-slinging -- and the huge infrastructure behind it, it just ain't gonna happen.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon