Chapter 23. The Bleeding Edge

What information consumes is rather obvious: it consumes the attention of its recipients. Hence a wealth of information creates a poverty of attention, and a need to allocate that attention efficiently among the overabundance of information sources that might consume it.

— Herb Simon

Voting machine software is a special case because the biggest danger to security comes from the people who are supposed to be responsible for it.

— Richard Stallman

Introduction

Our security group at Cambridge runs a blog, www.lightbluetouchpaper.org, where we discuss the latest hacks and cracks. We even found some vulnerabilities in the Wordpress blog software we use and reported them to the maintainers. But we weren't alone in finding flaws, and in October 2007, the blog itself was compromised by a Russian script kiddie who tried to put on some drug ads. The attack itself was only an inconvenience, as we spotted it quickly and recovered from backup, but it brought home how dependent we've all become on a vast range of applications that we just don't have time to evaluate. And the blog posts themselves show that many of the attacks, and much of the cutting-edge work in security research, hinge on specific applications. There will still be exploits against platforms like Windows and Symbian, but there are many more vulnerabilities out there in apps. As Microsoft cleans up its act, and as search engines make it easier to find machines running specific apps, that's where the ...

Get Security Engineering: A Guide to Building Dependable Distributed Systems, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.