Friday, September 11, 2009

Rant: Sad State of Affairs

No pun intended, but it's a sad, sad state of affairs out there boys and girls. There's a website that's being advertised on public television that's guaranteeing a discreet affair... how sick are we? You know what's more sick than that? Their website security is really good.

More to the point, have you noticed something about all the immoral, illegal and flat-out improper site out there? They (on average) have better security than the legitimate [business-oriented] websites we use every day.

Why is that? Here's why... -->$

Let's look at this rationally, shall we? Everyone knows that if you want to find the best security in the physical world, you go to one of two places - Las Vegas casinos or the Federal Reserve. Think about why those two places are so insanely guarded and why you never hear of someone knocking off a casino, or Fort Knox. That's where the money is! Make sense now?

Online gambling sites and similar web sites that make money by the truckload have a vested interest in keeping their security top-notch and have been proven to spare no expense. So why are you sitting at your desk, frustrated that your management won't spend more than the equivalent of bubble-gum on your enterprise web site security?

Damn good question, isn't it?

It's almost strange that some businesses see themselves as a magnet for would-be evildoers, while others choose (willingly) to think that they won't be a target. Maybe it's the whole subconscious guilt of knowing you're putting up a site that many people will find repugnant, and will target? Maybe it's the simple truth that where money is, criminals (not just hackers) will follow?

The more I thought about it, the more simple the answer became. The whole thing is a simple risk equation. By hosting a high risk site [simply by the nature of what is being hosted] the owners clearly want to add as little extra risk as possible. That makes sense! Let's look at the factors...
  1. Currency -- Gambling and "other sites of questionable moral value" {ahem} have a high value when it comes to currency. People pay big money to play online poker, gamble, or see adult content. The business of these sites is to minimize effort while maximizing profit, so few expenses are spared when it comes to keeping sites up, running, and secure.
  2. Users -- The users that generally frequent sites "of questionable moral value" typically aren't the type to give up their hard-earned dollars easily; therefore, they're always looking for a freebie. Maybe a way to get free content, cheat the system and make more money, or just play for free... let's face it, the hackers know that there is a ton of cash sitting in these sites and are always on the lookout to exploit them.
  3. Modus Operandi -- The general theme is make money, lots of it, often. Site owners recognize they will be the target of attack and manipulation, and counter accordingly. It's no secret that they're trying to make the most money off of you that they can... and they don't ever want to give it back.
So right about now you're saying... "Sure, but with those 3 factors, my business should have military-grade security as well, right?" Absolutely. Only not. Here's why...

Ordinary business sites can hide behind regulations, lawyers, and an apathetic public user base... those other guys don't get that luxury. It's just a sad state when the general banking site is used primarily by people who aren't smart enough, or intelligent enough, to care about their personal identity protection. These folks will keep using a site even after they've been compromised repeatedly (ahem, TJX...) without thinking twice. If only ordinary users were a little less forgiving right?

As far as regulations go... yes I see them as a bad thing. Companies can hide behind the shield of "well, we did the necessary minimum, so you can't sue me" rather than doing what is "right"... again, sad state of affairs. Then you throw lawyers and massive legal teams who go after anyone who should challenge the sovereignty of your company like rabid wolves into the mix... and the victims don't stand a chance.

Just sad... sick and sad.

