[Dailydave] Semi-Private numbers
Michal Zalewski
lcamtuf at coredump.cx
Mon Apr 2 15:24:55 EDT 2012
> When something is felt to be a secret, but is really something you give to
> everyone, I call it a semi-private numbers. You'll see them everywhere,
> social security numbers, credit card numbers, biometrics of all sorts, your
> maiden name, etc. It's weird how people get upset when huge collections of
> semi-private numbers get stolen.
Why weird?
They don't have a choice but to use these numbers, and the leak has a
negative impact on their life.
I'd wager that it's mostly a failure of our industry, in one of two
possible ways:
1) We failed to provide any practical alternatives (we are not shunned
by the industry, we *are* the industry - and frankly, most of our
supposed solutions look good only on paper).
- OR -
2) Our fixation on perfect security is actually based on a
misunderstanding of how societies work and can flourish. Keep in mind
that in many areas, the physical world is probably much better off
specifically because we're quite willing to rely on trust and casual,
imperfect deterrence, and no on perfect security. I actually fancy
that thought, if you recall ;-)
/mz
More information about the Dailydave
mailing list