December 7, 2007

The Firewall Flaw

Firewalls, like security guards, eletric fences and alarm systems are a useful component of a security system. But firewalls are not secure within themselves any more than a bulletproof vest makes you bulletproof.

I have tried to come up with a number of analogies to explain what is wrong with relying purely on a firewall, but none explains it so clearly as this image that come through my inbox a day or two ago.


(This image arrived with no credit attached, if it is yours, add a comment so it can be credited properly)

September 3, 2006

Easypay is secure, take their word for it

You have to love the deep level of understanding of security demonstrated by builders of the Easypay website.


More specifically, the text:

"Note that you may not see the security lock because of the frames design, but we guarantee that your credit card will be securely encrypted."

Who is "we"? The real Easypay site, or a fake website generated as part of a phishing attempt?

As it turns out, if you open up the right hand frame, and check the certificate on that frame, you see it is secured by Thawte. Of course the average user has no idea what a frame is, or how to check a certificate on one.

It is difficult enough trying to teach people to understand the security lock and why it is important while browsing. Trying to convince users a site is secure through a random sentence on a page not only demonstrates gross cluelessness on the part of the website creators, but is also downright irresponsible.