Security is hard

published on 2014/10/05

We saw the latest example of flagrant privacy violation that to female celebrities last week where their private photos were accessed and published without consent.

There were accusations that this happened due to the vulnerability of Apple’s iCloud service.

This might or might not be true (Apple denies it), however security as a practice and topic are hard to implement properly.

There are some many layers in the modern software technologies that securing them at all level a constant challenge. Earlier this year we saw the expose of a bug in OpenSSL called Heatbleed bug that allows attackers to retrieve information on any servers utilizing it. OpenSSL was used by millions of websites and is an open source project (which in theory would have a better security track record by the concept of ‘given enough eyeballs, all bugs are shallow”.

There is also news about the abandonment of TrueCrypt by its developers, another important hard drive encryption utilities for unknown reason. There is an ongoing effort to audit the project to ensure that it is truly as safe as possible.

In this end, security is an ongoing effort. There is no complete security solution. What we can do is stay vigilant and keep pushing the boundary of safety as much as we can.