First of all, there’s a bunch of stuff from 30c3 that I will comment on, but I’ve been too busy following it. For the moment, only one question… who’s forwarding my stuff on to Appelbaum? Because as accurate as this quote is, it sure sounds like something I’ve been saying for ages! *grin*
“If you can’t understand and control every piece of hardware if your computer, it’s hopeless.” — Appelbaum at his post-tinfoil press conference
It DOES do a pretty good job of summing up the latest revelations. (even if those of us who’ve been paying attention to e.g JMA aren’t too surprised by the stuff that was supposed to blow our fucking minds, but like I said, more on that later.)
Right, so in my opinion, a good story beats overly technical details any day. If the story involves technical ingenuity, all the better!
In that respect the following article-in-3-parts on Houdini’s tricks is perfect. There is, in fact, too much to quote or even really summarize. But the main lesson is quite relevant to any kind of security:
You have to make it physically impossible.
I mean, not just “kinda sorta unlikely nobody would really do that.”
Actually, gotta-break-the-laws-of-physics impossible.
When you read through the article, you start to see what happens when people accept “kinda sorta”…!
(And for anyone thinking of going against the big boys, if some of the more obscure research from guys in UWB or guys like Tesla is anything to go by… I’m not sure I’d trust even physics!)
http://blog.modernmechanix.com/exposing-houdinis-tricks-of-magic/ http://blog.modernmechanix.com/houdinis-mystifying-magic-stunts-exposed/ http://blog.modernmechanix.com/houdinis-master-magic-tricks-explained/