Came across this video from the NSA on Advanced Persistent Threats, and it fits in nicely with what I've been posting about.
https://youtu.be/bDJb8WOJYdA
I really liked what he said about reputation trackers, because I was thinking about how hard it is for the average user to really know whether a site has put the effort in to secure itself.
Take sites that use login or credit card information in the head of the request (i.e. Like putting that info on the outside of an envelope).
The average user won't know that. At best, they know to look for the 'https' and/or lock on the browser. They don't know how to look at the message traffic or site code in order to tell what's really secure or not.
There's a million different ways to write a program. Some are better than others, but if it gives you the functionality you want how can you really tell?
It takes extra lines of code to validate user input and make sure nothing fishy is going on. It takes knowledge about which methods are more secure than others. But you won't necessarily see which companies put that effort in.
A reputation tracker might be useful for that.
No comments:
Post a Comment