Buy A Better Lock, Right? No… Not Always!
By Ian Scott
It amuses me sometimes to hear about the security practices of individuals, trying to protect their “stuff.” Take a look at some back yard sheds sometime. Often, you’ll find their owners have decorated with some ultra-expensive, hardened steel, guaranteed to be unpickable or some such thing, in order to protect a 100.00 lawnmower, some cheap garden tools, and a department store bike.
Yet, they leave the key to the house under the mat in front of the door, or in the flower pot beside the mailbox for their kids. If you were a thief, what’s the first thing you are going to do? Head to the shed to steal a lawnmower? Not likely.. you’d be checking under the mat or that flower pot beside the mailbox for a key. You want the more valuable stuff!
It’s amazing really, how some folks think about their own security. And when it comes to their computers, they’re not much better. Remember when the Internet was young, and there was all sorts of hype about using credit card information on websites, and the you could find ten newspaper articles a day cautioning about buying stuff on the ‘net? Yet… handing your credit card to a waiter to pay for dinner is about the LEAST secure thing you could ever do with your credit card.
People wouldn’t buy things on websites unless the little lock icon “thingie” would show up on their web browser. That meant the credit card transaction was going to be “safe,” right? Well.. safer than what, exactly?
You think that the little lock icon is going to protect your information if it’s stored in a database? Guess what… the media did you a poor service and provided a lot of hype and misinformation in those good ol’ days.
What that little lock icon really means is that any information you communicate with the server you are connected to will be encrypted DURING TRANSFER. That’s it. And the fact of the matter is, it’s not as likely for this to happen (your credit card information to be intercepted during transfer), as it is likely for some fraudulent gas station attendant to steal your credit card information after you’ve handed it to him to pay for your last fuel fill up.
So here we have folks who are paranoid about using credit cards on the Internet, and instead want to send a cheque (check for any US readers) instead. Now that’s really bad! If some merchant takes your cheque, cashes it, and never sends you the product you ordered, you don’t have a lot of recourse to get your money back.
However, if you used your credit card, and didn’t receive the service or goods, all it takes is a couple of phone calls, a signed document, and a brief investigation by the credit card company, and voila! You’ll see a reversal of the charge. The merchant will see what’s called a “Charge Back” on their statement, and merchants don’t like to see chargebacks.. it costs them money.
So many computer users are paranoid about using credit cards on the Internet, yet they will send emails that contain all sorts of personal information, love stories, business plans, etc., and don’t really seem to care that email is “about as private as a postcard” as someone once said. Like seriously.. it is not very difficult at all for someone to read your email! I’ll get more into that at a later time.
So, what’s the point of all this? Well, people being people, generally just accept what they are told instead of doing their own research. They allow others to dictate to them about what should be important, what their security policies are, and how they will act in the world. They never make their own security audits or do any sort of risk analysis for themselves.
Sometimes a better lock on the shed won’t hurt. But more often than not, you could probably spend your money and resources on more important things than protecting your lawnmower.
And this is a brief introduction to the “Philosophy” section, which I hope to add more to, later.
Read more in: Computer Security |