To what extent are our security problems the result of feature creep and an inability to lock down simple protocols? For all the bloviating about national borders and so on, if a country can't secure its own legislature then its institutions are broken.
I wouldn't get too grandiose about saying the institutions are broken. It's just email, why not consider it like postal mail? Definitely not good, definitely needs to be fixed, but also definitely does not mean the legislature entirely is not secured or that institutions are all broken.
It is critical infrastructure. There are two parts: a.) mimic the thing our predecessors created: postal mail was so important that they had a person on a steed ride across barren land for days to deliver a message; b.) how do we adapte the modern equivalent. It's not so hideous for someone to make a copy of the payload on the horse, is it? It's not good to copy it. But it's much worse if the original is compromised: faked message or faked originator or destroyed.
It demonstrably doesn't fulfil that need; GP's point, I think, is that postal mail has (perhaps more obvious, especially outside HN) vulnerabilities that were coped with for millennia.
Not sure why this is downvoted. The main reason systems aren't secure is lack of simplicity.
To put it another way, pentesting is almost always the art of exploiting complexity. It's true that you can have a system that's both simple and broken, but that's the exception.
Some of the most effective security measures actually increase complexity.
Two-factor authentication increases complexity in every measurable way but mitigates against a number of softer attacks.
Adding encryption adds a ton of complexity but effectively removes all man-in-the-middle attacks.
The simplest way of storing passwords is in plaintext.
Privelege separation is far from the simplest way of structuring a daemon, but it effectively prevents exploits in the complex parts from allowing an attacker to gain remote root access.
Perhaps it is more that superfluous complexity is the problem.
I think we're talking past each other. Complexity probably refers to anything beyond essential complexity. In the systems you mention, they all lack complexity by that definition.
> The main reason systems aren't secure is lack of simplicity.
I don't think it's that simple.
There are two ways you can look at simplicity:
1. The lack of needless complexity, which is just another way of saying something is well built
2. Smaller modular components that do less and have clearer interfaces, ie: the unix way.
If you mean the 1st, then sure, the main reason systems aren't secure is lack of being well built.
But if you mean the second, all you're really doing is taking security concerns and spreading them out over more components. This makes them easier to reason about, but also means more entities need to reason about them. Like all things in engineering there are only trade offs, no pure wins.
That's what I was thinking. It seems like fundamental infrastructure should be boring but bulletproof, like mission-critical software in military or surgical applications.
