Un petit blog sans prétention (enfin j'espère) sur ce qui retient mon attention en matière de sécurité informatique....mais pas que.
Je vous conseille très vivement de lire le papier de l'excellent Steven M. Bellovin. Je suis tombé dessus par hasard.
Tout ce qui est dit dedans est d'une justesse si grande que vous serez surpris quand vous aurez fini de le lire. Ce n'est pas long, juste deux pages.
https://www.cs.columbia.edu/~smb/papers/acm-predict.pdf
Voici quelques extraits du document pour les plus pressés :
"It seems that one cannot open a daily paper with-out reading of yet another computer security breach. Worse yet, even sites that one would think would be well-protected, such as the CIA ’ s web site, have been hacked. Is this inevitable? Will matters continue to get worse? Or is there some fix in site for the com-puter security problem?"
"In point of fact, most security problems are caused by buggy software. Buggy software is the oldest unsolved problem in computer science, and I don’t expect that to change in the forseeable fu-ture. Furthermore, the various panaceas proposed in this area—structured programming, high-level lan-guages, formal methods, n-version programming, code walk-throughs, and more—have not succeeded. There has certainly been progress—it is no longer surprising when I find that my departmental compute server has been running continuously for six months or more—but we are still a long way from perfection. And we cannot afford 25-year shakedown periods be-fore the complex new applications we are deploying
become reliable."
"There are certainly other technical approaches. For example, we can build fault-tolerant systems out of unreliable components; is there a way to do the same for security? But while that might improve the odds, it is unlikely to provide a perfect security shield. Fault-tolerant systems deal with natural fail-ures, and Nature, and Einstein reminded us, is subtle but not malicious. Hackers, of course, do their best to shift the odds and to create improbable situations that
they can exploit. But if we succeed at this challenge—if we can build distributed systems and a cyber society that is
attack-resistant—then our networks should survive and even flourish. No one expects major cities to be 100% crime-free, but we do expect to be able to carry out our daily activities in a reasonable degree of safety . The same can and should be true of the Net. There will never be absolute safety and perfect assurance, online or off—but there never was."
Enfin personnellement, j'ai été très surpris surtout par la date de publication. Cela date de.............. 2001.
Rien, absolument rien n'a changé.