Most overhyped security

Wednesday, June 16, 2010

Javvad Malik


Whether you call it security theatre or just a sales pitch that sets expectations too high. We've had lots of products and processes that have claimed to increase security only to contain enough hot air to propel one of Richard Bransons baloons across the world.

Here's the cynical breakdown of security that was too hyped up.

Airport security
Please remove your shoes, belts, loose change, clips, lighters and ensure you don't have more than 5ml of saliva in your mouth at any time. There, don't you just feel so much more secure getting on that aeroplane?

Single Sign on
The great technology that adds only depth of complexity, obfuscation and more moving parts, but with a single password on the front end. It was meant to be the great innovation, streamlining millions of applications, increase productivity and security. But compatability issues with corporations multitude of systems and general lack of ROI has killed much of its momentum.

In theory and principle biometrics still seem the future. Its just a shame the technology isn't quite there. Well at least the good type of technology which actually works.

Risk Registers
Lets get one thing absolutely straight, "managing" risks does in no way, shape or form make you more secure! Just because I've written down in a diary that my front door lock is broken, it doesn't mean my house is any more secure. How many times have I heard the excuse being used, "its not a problem, we've got it recorded on our risk register".

Government ID cards
The ultimate silver bullet to fight all crime if the government is to be believed. Tube bombings wouldn't have happened if we had ID cards. Knife crime in London will drop to zero with the introduction of ID cards. Overnight the UK will become a utopian society who only knows how to love. Get your ID card NOW!

Great Wall of China
The wall wasn't a fully effective line of defense. Various invaders managed to breach the barrier. Every sentry was a potential weak spot, because sentries could be bribed. In the mid-1600s at a well-fortified mountain pass near the Yellow Sea, a turncoat general simply let Manchu horse soldiers ride through. The invaders marched into Beijing, established a new dynasty, and did no further work on the Great Wall - which had, after all, failed to hinder their invasion. Good tourist attraction though.

Strategic Defence Initiative
Affectionately dubbed ‘Star wars' launched by then U.S President Ronald Reagan in 1983 never really reached completion. I guess the former actor-turned-president just couldn't shake off those hollywood influences.
The ultimate in network defence. Just after companies implemented firewalls to protect their internal networks, some bright spark kicked off the whole IDS craze. It's a phenomenon unlike any other. Every company insists on an IDS. Unfortunately hardly anyone remembers to monitor the output generated from IDS to make any meaningful decision. Or people who do monitor it just don't understand it. You're better off having the green matrix code scrolling down your screen.

That's right its YOU! Get with the program people are and stop being the biggest flaw and vulnerability in any security design. A 10 level mortise lock on a door is absolutely useless if no one actually shuts the door and turns the key in the lock.


This article was orginally published at

Possibly Related Articles:
Budgets Security Awareness
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.