Brian Krebs did a pretty good article about the value of a hacked machine. ( http://voices.washingtonpost.com/securityfix/20... ) I would make a comparison to an old shed that is no longer being used. Even though I may not keep anything in there anymore. I still would not want someone squatting there.
Ryan
· 4 months ago
We (as a culture, even outside of security and IT) have been making poor choices for a long time in the name of laziness. The washing machine doesn't save any time in many househoulds I've seen. Instead people have 2 or 3 costume changes per day, so they create more volume, and in the end the same amount of time (plus money for electricity) is wasted by using the washing machine. One step forward, two steps back.
The same holds true in IT and IT security. The 'safer' I feel because of SSL certs, the lazier I get with my credit card info. The more promises of a safety net I get from VISA regarding internet fraud, the lazier I get with keeping my CC info secure. Etc.
In the end, most people would actually be happier living in a hut in the middle of nowhere. Less smog, less commute to work, and fewer people harassing them. But people are too stupid to see it that way. They want malls, and cell phones, and other 'big city' things. Security is the same way, imo. People want to be secure, but they also want a credit card with a chip in it, so they don't even have to swipe the card through a reader (or even take it out of their wallet).
CG
· 4 months ago
you didnt address the real point of security in that are they adequately protecting what they think is valuable with their current system? and is it meeting the Japanese level of efficiency they are known for, or do they just deal with it because its inconvenient?
dan
· 4 months ago
Mubix, You have a big point here as we all know that security through obscurity doesn't really work and complexity is just a synonym. Have you looked at why things in IT require so much complexity? I found two pertinent aspects: human behavior and outdated technology. Put them together and ... BOOM! Most people are trusting and find it hard to think about how to do harm. Thus, technological implimentation of more secure solutions such as IPV6, secure ARP tables, secure DNS, cryptography and even the latest patches never get implemented in a timely manner. Being secure requires us to change our behavior. That takes a lot of work and there's no pill for it. As you say, in the US we want it all the easy way. In my opinion we will shift into a industry that will focus on education while having to provide very high abstraction for users as well as coming up with ingenious ways of keeping those users secure without them having to change their behavior too much. Technology isn't always the answer. What do you think?
akibako
· 3 months ago
I wholeheartedly agree with your main point. That said -- and I hate to be the one to split hairs -- I would argue that your Japanese citations are inaccurate.
Japanese people have and use credit cards all the time. According to the Bank for International Settlements, the number of Japanese credit card holders is roughly equal to that of Germany, and even exceeds Canada. It *is* true, however, that Japan does not have 'check cards', but this is simply because Japan does not have checks. The vast majority of cards in Japan work the system of automatically deducting the *entire* balance of the credit card once every month.
Getting a credit card just as easy as in the States. I got my first Japanese credit card after filling out a half-page form which took less than 5 minutes. No major form of identification was necessary. I get offers for "pre-approved" credit cards in my mail box every month.
Japanese people bank online constantly. Earlier this year, #2-seated cell phone carrier AU launched a partnership with Tokyo Mitsubishi UFJ Bank to access all of your banking functions over your cell phone, including balance transfers. It's been hugely popular, and other carriers have followed suit. The most profitable bank in Japan in 2004 was Shinsei Bank, which differentiates itself by essentially running an online-banking-only presence. Visiting a branch requires you to interface with your account using a PC, not a bank clerk.
Japanese people buy stuff online constantly. Last year, online sales figures per capita in Japan were only slightly below that of America.
In such a disaster-prone country as Japan, It would be short-sighted to assume that the Japanese government doesn't keep easily-backup-able electronic versions of important documents. My family registry, proof of residency, and marriage certificate are all given to me via a laser-printed document (made official by a number of stamps).
Stamps (hanko, inkan) are just as easy to copy -- if not more so -- as written signatures. Life is made infinitely more difficult for the average person as one usually has a number of these stamps in slight variations in design. They are the antithesis of simplicity. There are no records provided telling you which stamp was used for a given document. I've had documents rejected for not having the "correct" inkan, only to have the company later apologize for incorrect verification. The illusion of security is amplified by the perception among people that hanko/inkan are un-forgeable (password analogy, anyone). It is common practice for a business to accept a document from someone other than the document holder simply because it has the correct hanko. There have been numerous news stories of wives emptying their husband's bank accounts and fleeing the country.
The amount of data I push over my lines every month would *easily* be classified as "excessive use" (many times over). While it might be detected by the ISP, disconnections due to it are unheard of.
I agree with, and appreciate, the crux of your argument completely, but do not think that these specific examples from Japanese society are strong fodder.
All Comments
I would make a comparison to an old shed that is no longer being used. Even though I may not keep anything in there anymore. I still would not want someone squatting there.
The same holds true in IT and IT security. The 'safer' I feel because of SSL certs, the lazier I get with my credit card info. The more promises of a safety net I get from VISA regarding internet fraud, the lazier I get with keeping my CC info secure. Etc.
In the end, most people would actually be happier living in a hut in the middle of nowhere. Less smog, less commute to work, and fewer people harassing them. But people are too stupid to see it that way. They want malls, and cell phones, and other 'big city' things. Security is the same way, imo. People want to be secure, but they also want a credit card with a chip in it, so they don't even have to swipe the card through a reader (or even take it out of their wallet).
Japanese people have and use credit cards all the time. According to the Bank for International Settlements, the number of Japanese credit card holders is roughly equal to that of Germany, and even exceeds Canada. It *is* true, however, that Japan does not have 'check cards', but this is simply because Japan does not have checks. The vast majority of cards in Japan work the system of automatically deducting the *entire* balance of the credit card once every month.
Getting a credit card just as easy as in the States. I got my first Japanese credit card after filling out a half-page form which took less than 5 minutes. No major form of identification was necessary. I get offers for "pre-approved" credit cards in my mail box every month.
Japanese people bank online constantly. Earlier this year, #2-seated cell phone carrier AU launched a partnership with Tokyo Mitsubishi UFJ Bank to access all of your banking functions over your cell phone, including balance transfers. It's been hugely popular, and other carriers have followed suit. The most profitable bank in Japan in 2004 was Shinsei Bank, which differentiates itself by essentially running an online-banking-only presence. Visiting a branch requires you to interface with your account using a PC, not a bank clerk.
Japanese people buy stuff online constantly. Last year, online sales figures per capita in Japan were only slightly below that of America.
In such a disaster-prone country as Japan, It would be short-sighted to assume that the Japanese government doesn't keep easily-backup-able electronic versions of important documents. My family registry, proof of residency, and marriage certificate are all given to me via a laser-printed document (made official by a number of stamps).
Stamps (hanko, inkan) are just as easy to copy -- if not more so -- as written signatures. Life is made infinitely more difficult for the average person as one usually has a number of these stamps in slight variations in design. They are the antithesis of simplicity. There are no records provided telling you which stamp was used for a given document. I've had documents rejected for not having the "correct" inkan, only to have the company later apologize for incorrect verification. The illusion of security is amplified by the perception among people that hanko/inkan are un-forgeable (password analogy, anyone). It is common practice for a business to accept a document from someone other than the document holder simply because it has the correct hanko. There have been numerous news stories of wives emptying their husband's bank accounts and fleeing the country.
The amount of data I push over my lines every month would *easily* be classified as "excessive use" (many times over). While it might be detected by the ISP, disconnections due to it are unheard of.
I agree with, and appreciate, the crux of your argument completely, but do not think that these specific examples from Japanese society are strong fodder.