Moving Information Security Into the 21st Century
The barriers to using technology have never been easier. Same with screwing up security.
I haven't lived on this planet for that long, but even during my own lifetime technology has changed in so many wonderful ways--especially from a coding perspective. The tools have never been cheaper, the programming languages never easier to learn, and the diversity of platforms never been so vibrant. But it really pains me that in that ease to make things 'just work' security has not really kept pace with saving people from themselves.
I am a research engineer by day, an independent developer by night, and that night job keeps me in contact with a lot of people from different backgrounds. One app I have, Webmail++, gives me a steady stream of people trying to connect to their webmail. When you type in a URL and leave off the http
part of it I prepend it with https
. I default to accessing your mail securely in the name of trying to protect you. What astounds me is how many people who contact me that are unable to access their company's mail over https
. It's not even that they have an expired or self-signed certificate--they flat out haven't even setup their webserver to allow secure communication.
Sysadmins of the year 2015: it is not 1994 anymore. We've had SSL for more than twenty years. You have a duty to protect your users and the people that employ you.