October 23, 2006
Insecurity Through Ineptitude
As any self-respecting computer scientist worth her salt could tell you, in the last few years a big stink has been made about the concept of security through obscurity (long story short, it is more or less stupid). Much less has been written about the entirely false illusion of security bought by idiotic, time-consuming, and generally useless methods, or as I like to call it, insecurity through ineptitude. With the recent release of MS IE7 as well as my regrettable encounters with a multitude of ridiculous and generally maddening building security
measures, I thought it'd be the ideal time to let out some rage.
First things first. My old nemesis: Internet Explorer. It is back with a vengeance (supposedly), but introduces only features that have been on modern browsers for years and only fixes the most egregious flaws in the security model if you are using Windows Vista (which you're probably not). If using IE6 is comparable to having unprotected sex with a $2 crack whore that tells you she has AIDS (it's likely worse, but I can't think of a better analogy), then using IE7 could be compared to having sex using a 10-year-old ruptured condom with a promiscuous girl you meet at a frat party who tells you she is 21, looks 18, and is really 16. (What?)
Not that I would know about either of those things from personal experience, mind you. Never mind. The point is: with IE6, you are bound to get infected with some sort of nastiness; with IE7, you're likely to deceive yourself into a false sense of security only to find yourself with an unwanted pregnancy and a felony indictment. Okay, the analogy sort of breaks down right about now. But you get my point. Internet Explorer will never be secure
until Windows does not allow unfettered access to its internals. Any attempt to claim it is secure
is ultimately self-defeating.
Now for the more interesting topic of building security. Most buildings I have traveled to in San Francisco's Financial District have the most jerk-off security models ever. Instead of forcing everyone to badge into the building and/or escort visitors while they are on site, most buildings implement some moronic and ineffectual variant of these themes instead. Some require you to flash a badge (from twenty feet or more) to a security guard who is not paying attention anyway. Others require a paper sign-in with absolutely no provision for verification of one's identity. Still others have no security model whatsoever, allowing any random fuck off the streets to roam freely (at least in the elevators).
At this rate, why the hell are building security people employed at all? What's the point of having security guards if any determined five-year-old could circumvent the so-called security
and all legitimate employees/visitors are categorically harassed over irrelevant minutia? My personal favorite is the UCB Extension building in downtown. Ostensibly, they force all visitors to sign-in
; this, however, is the biggest lie of all. Although one must show their ID to a guard, no attempt is made to verify that what you wrote on the paper bears any resemblance to your ID. A determined intruder with an IQ of seventy could simply show his or her regular ID, write Semore Butts
as his (or her) name, and traipse on in. And sadly, no one would be the wiser.
Yet, if one makes the egregious error of attempting to bypass this waste of five minutes, one is chased down by petulant guards insisting that you show them your ID (to what end, no one knows!) and write down some moniker found only in elementary school textbooks. But, it's only five minutes, Rohit. Why stress about the little stuff?
a reader unfamiliar with my hypercritical ways might ask.
That's not the point, asshole! So what if it's only five minutes? So what if it doesn't take all that much effort to flash an ID and write your name on a piece of paper? That means nothing to me! Nothing! Just because something seems relatively trivial does not mean it should be accepted without question. Say I worked in that building and went there every weekday, entering and exiting twice each day. That would be ten minutes every day, of my life—gone! That's nearly an hour a week and two full days a year. Gone. All so the building manager can sleep better under the self-deluded notion of security.
I don't know about you, but those two days a year are definitely ones I could use.
So next time you experience some clearly inept security that wastes not only your time, but that of all those involved, just remember: most people don't die from gunshots; it's the slow-growing, undetected cancer that eventually gets them. And in this case, insecurity through ineptitude is the slow-growing cancer that threatens to destroy us all.
i just imagine in the future little rohits and rohalitas running around saying intelligent things way beyond their years and appending "asshole" to their brilliant statements. oh what a beautiful world to live in.
i do disagree that pseudo-security has no point though. any semblance of security will decrease the likelihood of a breach, however functionally pointless it is. it won't deter the highly motivated, but it will deter the other idiots that mostly fill up the participants of criminal activities. plus highly motivated people will find completely legal ways to do criminal activities.
what i wholeheartedly agree about is the enormous inconvenience it provides the general consumer. flying internationally has gotten so terrible with new security settings for the consumer that major airlines' earnings have been decreasing steadily at a ridiculous rate.
but at the end of the day, the security guys are human beings too. if they haven't lost the will to live, most of them are quite friendly and associable.
oh, and never fly into heathrow. it sucks my left nut.
Posted by Pv | October 26, 2006 07:54:02 -0700 | Permalink