We made it all wrong and then we started patching up here and there to keep it working and started running web application to make it much easier to invite crackers to get inside and then we patch again to give yet another insecurity…..Yes I am talking about internet, the big WWW. Welcome to another series of security which will make you understand why things are so insecure here.
Why we made internet ?
Web was never designed to be secure, it was built for
- sharing information like physics document.
- giving information to different war zones to act faster.
- to be stateless ( i.e not to remember when you go from one page to another).
- no control over the client.
In fact Internet was a project for Department of defense (DoD) to be used during the war.
HTTP( Hyper Text Transfer Protocol ) = UFBP ( Universal Firewall Bypass Protocol )
Those who know what I mean up there must have laughed to who didn’t here is the deal.
- Http or hyper text transfer protocol is the set of rule or protocol which defines how data is transfered from one point to another.
- UFBP is an acronym which means HTTP is a firewall which can bypass everything or anybody can bypass i.e You made a door so nobody comes in but then you left a hole below which allows everybody to get in and take your stuff.!!
Thats our problem with WEB, we made rules which has holes and then we patched up and then we patched up again. One question always rings my mind with so many years gone Why Web is still so insecure ? It should have grown better and better but thats not the case.
Web is different
Web is not a traditional desktop or laptop , its a different animal its different from traditional software.Why? because its open , accessible to anybody any time any point!
Web was never ment to run applications. We talked about Browser Based Operating system , today we have web based adobe designers, we have storage.Everything is on web why ? One reason you can say is because we want a common access agreed but did you ever thought applications running on web are open target and hence your data is always insecure !! Got my point!!
- We want to safeguard information but we want lot of people to access it (Opposite to each other).
- We want to run applications on web but again its open to everybody.
- We gave access permissions but web never knows its you or somebody else with your information (Genius?)
- Secret Question “Whats your pet name?” I know your pet name and next moment I am looking at your Inbox ( Excellent ?)
We started good with an excellent idea of bringing world together but then we forgot our lessons and made it all insecure and then what …the best thing “PATCH”.
Take a break, think back and read again.The article might be little shaky for you but thats the fact. From tomorrow you will be on tour to understand some of the most addressed security issues.Till then take a moment and think.
Two more posts in this series you can read are :
- Network Architecture and Security Vulnerabilities
- Cross Site Scripting (XSS) Security Vulnerability