Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I roll my eyes so hard at people who say "well our network is secured, so it can insecure on the inside" I'm surprised I don't have a repetitive stress injury by now. It shows a shocking lack of foresight and is honestly insanely unprofessional. This is the exact same kind of opinions that lead to just about every major data breach in recent memory.

Secure everything, and assume that everything is compromised. Anything less is downright negligent.



With all due respect, this is like saying the more locks you have, the more secure your building is. I mean, yes you have to lock some doors to have security, but on the other hand putting a lock on the bathroom door, the light switch and the flush handle isn't increasing security, and could be reducing security. I feel somewhat the opposite -- there should be a very good reason to add security overhead, and without a compelling story the default should be open.

This is why i've been so happy reading about wireguard in the kernel recently. This makes it possible to have a very secure, low hassle default that is completely independent of applications.


> putting a lock on the bathroom door, the light switch and the flush handle isn't increasing security

It certainly is if the thing you're securing is the flush handle itself.

Like all security questions, understanding exactly what you need/want to secure and the threat models surrounding it is extremely important.


We put valuables in a safe even if the door locks.


The key work is "valuables". You probably wouldn't put your pants in a safe (though I acknowledge that depends on your roommates). I'm saying that going through the motions doesn't make something secure. How many passwords are in slack channels or github repos? Creating a password barrier, but neglecting a secure mechanism for rotating them and distributing them doesn't buy any security.


The problem with this analogy is that its not a good one. We're humans so we tend to try and explain things in terms of concepts we understand but often latch on to incorrect ones.

The problem with locking every object in your home isn't that its an inherently bad thing, its that it introduces too much overhead to be worth the hassle. Now, if there were some touch ID enabled force-field that unlocked things only for you, within milliseconds and was highly reliable to work, that might change the dynamics a lot.

And that is what happens with crytographic security. There is very little overhead that modern systems impose on securing your systems so there is no reason for you to not enable them (setup may be hard, I acknowledge its a problem but its a one time cost to pay).

Taking the analogy further; if you had to repeat the authentication flow for every digital object it would still introduce a lot of hassle. So digital cryptography gets around this by instead requiring short lived tokens so the cost of enabling cryptography is amortized across all your digital assets. In our analogy; it would be that every object in our home is locked, but we use faceID to get a short lived key that is cached for e.g. 10 minutes. All locked objects check for the existence of that short lived key.


If you take protecting your users seriously then any of their personal info counts as a "valuable" so yes, you should secure everything. And it strains credulity that you might be running any kind of actual business where it would be appropriate not to take protecting your users' data seriously. Even if you're doing something as mundane as hosting cat pictures, you have email addresses and password hashes and analytics data.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: