Tuesday, March 31, 2009

Security Talk

I liked Kai Er’s talk alot, because he explained the difference between security and privacy very clearly. While thinking about the differences between privacy and security, It never crossed my mind that better security may require privacy to be given up.

I had always thought that privacy is keeping things private, and security is to keep those private things from being public. So in that sense, security will never be able to invade privacy. However, since Kai Er’s definition of Security is “making sure that the program does what its supposed to do and not what its not supposed to do.”, or, in light of the luggage checks and surveillance camera example, protect people/information from external threats, higher security can lead to invasion of privacy in order to secure its parameters.

I prefer Kai Er’s definition of security, because it is a broader definition than mine and applies to more situations. ^_^

Another thing I felt was important is that “a program is only as strong as its weakest link” – very true. However, I especially like the part about social engineering, because no matter how good a program is, humans are always its weakest link.

So the best solution is actually to educate people and to encourage people to think and doubt more.. ^_^ Heehee.

Oh haha I remember Prof Ben asking Kai Er about Extensibility – for Kai Er’s product it was extending the product into other rfid readers and all that so that you don't have 2 spend extra resources 2 retrofit whatever you have. Prof Ben felt that its just basic common sense to work on a version that can be easily extensible from the start, and he was surprised to find out that this is not common practice. As a non-programmer, I’m not very sure about the specifics, but I understand perfectly when Kai Er said that when deadlines are coming, nobody really cares about the future, they just care about getting it to work now. I’ve seen this inefficiency happen several times in the many projects I’ve worked in – its not something that can be helped.

Other than that, I think Kai Er’s product is pretty cool, I wonder if it is available for personal use though? As in, you know how there are so many things to sign into – facebook, deviantart, gmail, etc etc every time I use the school computer – its such a chore. I wonder if it is possible to build a device that saves passwords in a secure format so that the public can use it on different PCs? Obviously it will be very different from the way the RFID program is build now, since it has to be customized for each client. How about a thumbdrive thing that can sense when you are trying to access gmail and inputs all the info for you? Of course, it has to be protected by a initial password when the user opens up the program, like the RFID program is now, but hmmmm does such a thing exist yet?

Haha. One thing I learnt after hanging around with tech geeks ( through WPF ) from this class: whenever I think of something new that is tech-ish, they’ll stare at me and say, “wei man. That is out in the market already.”

*Bleah*.

No comments:

Post a Comment