We made it all wrong, and then we started patching up here and there to keep it working and started running web applications to make it much easier to invite crackers to get inside, and then we patched again to give yet another insecurity…..Yes, I am talking about the internet, the big WWW. Welcome to another series of security that will make you understand why things are so insecure here.
Why We Made Internet?
The web was never designed to be secure. It was built for
- sharing information like physics documents.
- giving information to different war zones to act faster.
- to be stateless (i.e., not remembering when you go from one page to another).
- no control over the client.
The Internet was a project for the Department of Defense (DoD) to be used during the war.
HTTP(Hyper Text Transfer Protocol) = UFBP (Universal Firewall Bypass Protocol)
Those who know what I mean up there must have laughed at those who didn’t. Here is the deal.
- HTTP or hypertext transfer protocol is the set of rules or protocols which defines how data is transferred from one point to another.
- UFBP is an acronym which means HTTP is a firewall that can bypass everything or anybody can bypass, i.e., You made a door, so nobody comes in but then you left a hole below which allows everybody to get in and take your stuff.!!
That’s our problem with WEB. We made rules with holes, then we patched up, and then patched up again. Does one question always ring my mind with so many years gone Why is the Web still so insecure? It should have grown better and better, but that’s not the case.
Web is different
The web is not a traditional desktop or laptop. It’s a different animal, different from traditional software. Why? Because it’s open and accessible to anybody at any time at any point!
The web was never meant to run applications. We talked about Browser Based Operating system; today, we have web-based adobe designers and storage. Everything is on the web. Why? One reason you can say is that we want common access agreed but did you ever think applications running on the web are the open target, and hence your data is always insecure !! I got my point!!
- We want to safeguard information, but we want many people to access it (Opposite each other).
- We want to run web applications, but it’s open to everybody.
- We gave access permissions, but the web never knows it’s you or somebody else with your information (Genius?)
- Secret Question “What’s your pet name?” I know your pet name, and next moment I am looking at your Inbox ( Excellent ?)
We started good with an excellent idea of bringing the world together, but then we forgot our lessons and made it all insecure, and then the best thing was “PATCH”.
Take a break, think back, and read again. The article might be a little shaky for you, but that’s the fact. From tomorrow you will be on tour to understand some of the most addressed security issues. Till then, take a moment and think.
Two more posts in this series you can read are :
- Network Architecture and Security Vulnerabilities
- Cross-Site Scripting (XSS) Security Vulnerability
I guess when the internet evolved from plain sharing of information to one where the business side comes in, that’s where the security comes into play. Credit card numbers, online money accounts/ payment processors, customers’ information shared within the company, email contents, etc.. I guess you just can’t share those. When the internet has more uses than one, that is where it starts..
Thanks a ton for dedicating this post to me. 🙂
It would take a long time to make web a secure place. Thinkable article.
There are many reason the web is insecure (i will concentrate on two technical ones):
1. In the past the web relied on client-side scripting, which is by nature insecure
2. Writing “secure” code wasn’t really important until the last 4-5 years. Functionality and Design were kings. Security was seen as a nuisance. See Microsoft as an example – its applications become much secure only in the past 5 years or so.
The internet was the world without the limit, although we have tried to close all the gaps, but we could not close all the gaps, still must have the gap that could be penetrated.
That could be carried out by us was minimize the available gap.
Web is secure if you think it is , world’s biggest companies like microsoft and adobe are also not secure .Because everything is created by man and if one man can create security wall than second can break it also .
Nothing is secure. Even Norton who gives securities had a breakdown by hackers.
Anywayz interesting think. Bookmarked it!