“Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing.” ~Helen Keller
I used to think this quote was spot on, and referred to it almost as security gospel. This quote came from a woman who could not see, hear, or speak. To be sure, these handicaps were the catalyst for a most honest epiphany, but the statement is at once imperfect and, possibly, because of the sensory deprivation of her handicaps, fails to address the larger picture.
Security DOES exist in nature, and we should seek to emulate her ways.
But let’s look at why we’re here.
I just got back from DEFCON 19. The DEFCON gathering, and hacking, exists solely on the fact that people are always trying to hide something from others, and that to a few others, it presents the challenge to reveal that which has been so carefully hidden away (Quod tanto impendio absconditur etiam solummodo demonstrare destruere est, [When a thing is hidden away with so much pains, merely to reveal it is to destroy it, ~Tertullian, Comte de Gabalis]). No truer words were spoken.
At DEFCON, you’ll see and hear everything from How to Pick locks, Cryptanalysis, hacking this, hacking that – anything that someone has attempted to make secure – there is a “How to” make it insecure. And rest assured, anything can be hacked.
So does that mean nothing is secure at all?
No. It doesn’t mean that perfect security will ever be achieved, but there is a way to achieve a far more inviolable defensive structure by following the ways of Nature.
From analysis of the passive security of camouflage in insects and animals (stealth) to the active security of skunk spray and bee stingers (weaponry), we can develop more strategic and effective methods which will always strive towards the equilibrium of perfection in security.
Do remember, if a Gypsy moth sitting on the bark of a tree had the ability to simply try to hide itself by scrambling all of its anatomical parts (encryption?), it would stick out like a sore thumb. A predator bird may not know it is a gypsy moth, but it will sure be curious as to what it is, and will eventually figure out it is food. Evolution of species dictates this eventuality.
But, the fact that it uses camouflage to hide itself from its predators, ensures a higher percentage of safety simply by blending in and not drawing attention to itself.
And, what if, when we were attacked by say, a TDSS rootkit, we were able to strike back?
Nature provides us with insight into how real security should be dealt with – on a global scale.
More to follow……