We made it all wrong, and then we started patching up here and there to keep it working and started running web applications to make it much easier to invite crackers to get inside, and then we patched again to give yet another insecurity…..Yes, I am talking about the internet, the big WWW. Welcome to another series of security that will make you understand why things are so insecure here.
Why We Made Internet?
The web was never designed to be secure. It was built for
- sharing information like physics documents.
- giving information to different war zones to act faster.
- to be stateless (i.e., not remembering when you go from one page to another).
- no control over the client.
The Internet was a project for the Department of Defense (DoD) to be used during the war.
HTTP(Hyper Text Transfer Protocol) = UFBP (Universal Firewall Bypass Protocol)
Those who know what I mean up there must have laughed at those who didn’t. Here is the deal.
- HTTP or hypertext transfer protocol is the set of rules or protocols which defines how data is transferred from one point to another.
- UFBP is an acronym which means HTTP is a firewall that can bypass everything or anybody can bypass, i.e., You made a door, so nobody comes in but then you left a hole below which allows everybody to get in and take your stuff.!!
That’s our problem with WEB. We made rules with holes, then we patched up, and then patched up again. Does one question always ring my mind with so many years gone Why is the Web still so insecure? It should have grown better and better, but that’s not the case.
Web is different
The web is not a traditional desktop or laptop. It’s a different animal, different from traditional software. Why? Because it’s open and accessible to anybody at any time at any point!
The web was never meant to run applications. We talked about Browser Based Operating system; today, we have web-based adobe designers and storage. Everything is on the web. Why? One reason you can say is that we want common access agreed but did you ever think applications running on the web are the open target, and hence your data is always insecure !! I got my point!!
- We want to safeguard information, but we want many people to access it (Opposite each other).
- We want to run web applications, but it’s open to everybody.
- We gave access permissions, but the web never knows it’s you or somebody else with your information (Genius?)
- Secret Question “What’s your pet name?” I know your pet name, and next moment I am looking at your Inbox ( Excellent ?)
We started good with an excellent idea of bringing the world together, but then we forgot our lessons and made it all insecure, and then the best thing was “PATCH”.
Take a break, think back, and read again. The article might be a little shaky for you, but that’s the fact. From tomorrow you will be on tour to understand some of the most addressed security issues. Till then, take a moment and think.
Two more posts in this series you can read are :
- Network Architecture and Security Vulnerabilities
- Cross-Site Scripting (XSS) Security Vulnerability