Why your security is worse than you think

admin
September 18, 2015

Thoughts for Yom Kippur – the Jewish day of atonement – coming up next Wed.
Security on modern operating systems (Windows, OS/X, iOS, Android, Linux) is getting better all the time – but  Android using SELinux and MAC (mandatory access control) doesn’t make for catchy, social-media-sticky news items.
A client (a good one) once told me that people never remember your successes, only your failures. (He also believed that all software developers are innately incapable of telling the truth but that’s another story).
The corollary to this notion of failure-skew in the business (and security) world is media reporting. Consider media emphasis on reporting violent and/or negative events. It’s not a hot news item to say that 39% of Israeli Arabs are proud to be Israeli nor is it newsworthy to report that 29% are very proud. The world (Middle East included) is actually a much better place then it seems when not viewed through the lens of social media news reporting and re-purposing (I’m not sure what the correct term for the Huffington Post is so I’ll just use the word repurpose).

FB and Twitter create discussion threads, not examination-of-empirical data threads. Discussion is easier, more fun and cheaper than collecting data and examining it’s quality.
In addition, radical voices are far more interesting than statistics. Who cares that according to World Bank statistics, in 1990 there were 1.91 billion people who lived on less than $1.25 a day an in 2011 it was just one billion. Radical voices (amusingly adopted by the US President) will continue to blame poverty on the rise in Islamic and Iranian terror even though it emanates from the wealthiest countries in the world.
The Jews over the world are up to bat this coming Wed on Yom Kippur. We can bemoan how bad things are and what a terrible President or PM we all have and how our society is falling apart, or we can take a little piece of our own life and fix it. Send thank you notes to people.  Patch your systems once/week. That’s a good start. And pretty easy to do.
Now what does this have to do with software security you ask?

Everything.
Our clients read social media.  They read about zero-days and they get all excited and then do nothing.

Yet another serious Android security issue was publicized this week, with the latest exploit rendering devices “lifeless,” and said to affect more than half of units currently on the market.  Latest Android security exploit could leave more than half of current devices ‘dead’ & unusable

Now let’s check out that URL – its from Apple Insider. Hmm – somebody has an ax to grind I bet.
Security on modern operating systems (Windows, OS/X, iOS, Android, Linux) is getting better all the time – but  Android using SELinux and MAC (mandatory access control) doesn’t make for catchy, social-media-sticky news items.
So this year – I mean this Wednesday – don’t wring your hands.  Do a security assessment on your systems and prioritize 1 thing, find that one weakest link in your system and harden it up.
 

More Articles