I am an unabashed fan of Star Trek. Its positive vision for the future of humans resonates with me and has for 40 years. I like other SciFi genres as well, but for me nothing compares with Star Trek. I am also a fan of Wired Magazine. It is the only magazine subscription for which I pay. Stay with me a moment, the tie in will be obvious.
Security through obscurity is likely the biggest challenge corporate programmers have, not so much because our developers aren't smart, but rather because we can't think in the time scales of hackers. We often believe that if something is complicated enough, it is secure because no one would have the time to guess it out. We tend to confuse layers of security with added complexity - but these are not the same.
Corporate developers have to produce results on a deadline, within fixed constraints of time, money, and other programmers. The concept of unlimited time in which to work through complicated system is a foreign to us as glee to a Vulcan (trust me, it's foreign). But to a hacker, time is an endless quantity. Consider some of these systems which have been hacked:
I had a lot of fun with this Wired and was surprised when a month later, in the Letters to the Editor, someone pointed out that the spine label of the magazine (usually a series of uniformly spaced blocks) was itself a coded message. Can you figure it out? I'll give you this one, if you promise to think about how someone who wasn't even told that the spine contained a puzzle, figured out the FIVE BIT BINARY CODE that spells "Trekkie."
If you are concerned about the security of your system, don't rely on obfuscation and complexity. If you can figure it out, someone else will too. The only things you can rely on being secret are passwords and certificates (because they can be changed after the solution is deployed). Assume everything else is knowable. I know a lot of developers who have trouble with that, because they assume that it is impossible to build systems that the original programmer can't break into. Not true. If this sounds like you - here's a good book; Writing Secure Code by Howard and LeBlanc.
Lastly, there are three puzzles in this post for you to solve:
- How to hack my password (what's the key that helps me remember it)?
- What's Commander Data's password?
- What is the name of the sculpture which contains a code the CIA cannot crack?