In The Cuckoo’s Egg, Cliff Stoll recounts his experience tracking and countering a determined hacker. Perhaps the more persistent conflict, however, is Stoll’s battle with companies, governmental agencies, and individuals to acknowledge and respond to the threat. While Stoll’s hacker has long since been caught, the other conflict remains only partially resolved.
The great difficulty with security is that a single vulnerability can be enough for an attacker to exploit an entire system. Among other sources, these holes come from buggy software, poor passwords, and insecure networks. A system therefore depends on the integrity and care of people from several organizations. Each party shares responsibility for protecting the system by securing their entry point. Users should have secure passwords that they don’t share with anyone–or leave on a Post-It note on their computers. Software developers should perform thorough testing. System administrators have the responsibility of ensuring pieces work as advertised and interact appropriately; they should also ensure their users follow proper security procedures. A great deal of headache could be avoided if each participant better understood and carried out their role in security.
Even with informed and responsible contributors, however, no system is perfect. The source and extent of a breach is rarely obvious immediately. Due to the connected nature of the internet, it is in everyone’s interest to help fight for security. With recent security issues, such as Heartbleed in OpenSSL, the community has been quite responsive. Patches and fixes have been released within days (or sooner) of a vulnerability being published. This represents quite an improvement from a few decades ago when Stoll fought for anyone to even acknowledge the issue. These changes are comforting. Moving forwards, as more and more vital information becomes accessible from the cloud, the importance of these issues will increase. It will be ever more essential to educate casual users and administrators alike of the dangers and responsibilities of security.