October 02, 2014
Thinking About Computer Security Breaches
The latest security breach, in JPMorgan Chase computers, is amazing in its extent.
By the time the bank’s security team discovered the breach in late July, hackers had already obtained the highest level of administrative privilege to dozens of the bank’s computer servers,
The hackers against Chase found out all Chase's backend software (many apps leased from other companies), found out their vulnerabilities, and found lots of weaknesses.
Russian hackers, possibly working for the Russian government, know the names, addresses, and email addresses of 83 million people. Attacks against other companies have netted large amounts of credit card info.
What I worry about in our highly computerized society: computers automate and speed up our lives. But computers can also speed up how fast things can go wrong and can make things go wrong on a much larger scale. Will we some day witness a financial panic or a massive death toll because hacks craftily mess up critical infrastructure? Too many companies don't know how to make their computers secure.
Randall Parker, 2014 October 02 07:34 PM
Someday it's going to become impossible for businesses to keep up their SOP regarding upgrading their infrastructure--keeping systems unchanged for ten years is going to be seen as incredibly irresponsible. Letting systems operate forever without ways to change how they work will be seen as leaving yourself open to attack.
IT companies, though, are going to have to keep their codebases stable, and not deprecate so much stuff. It will have to be possible to use the same script or business program in the same capacity no matter what hardware or OS it's running on, and not depend on any quirks of a specific implementation. This may be more reasonable a proposition in the future when the requirements of most applications stabilize and become standardized.
They'll have to have software design practices they can expect to still be valid and easily understood and maintained by different programmers fifty years in the future.
Given that, last year, I earned less than a dollar on my savings, I'm thinking my pickle jar is less prone to data breaches than the bank.