Hi there. Settle in and worry about everything.

Hello, I’m some 20 something Asian boy that absorbs too much random information and needlessly obsesses over what is wrong with the world. Welcome to my humble little blog where we worry about how insecure everything is and do absolutely nothing about it.

Security is ultimately a compromise between risk management and cost in the context that it is applied in. Risk is described in the DHS’s Risk Lexicon as a combination of the loss incurred by an event and the probability of it occuring. An alien invation striking the earth might have high loss associated with it but the probability is so low that the UN hasn’t thought to build their own Starfleet. The inverse may also be handled as such. Let’s take music for example. Music regularly suffers from piracy however the loss is usually not significant enough to overshadow normal sales. The simple answer might be to prevent piracy but that runs into the second problem of cost. Music is simply too easy to distribute and record which typically forces publishers to resort to costly legal action for every site or offender they encounter. However, the resulting expense often exceeds the potential revenue that could have been made. This ties in nicely with the discussion of cost which does come in more forms than just money. For example, there is an opportunity cost if iTunes did not permit offline usage or Hulu expected you to type in your password for each episode of a popular medieval sex and murder show.

While the examples I have given are somewhat removed from the mundane life that you and I might have, the goal of this blog is to try to pick apart and critique how society and the average user interact with various security issues. That might sound pointless since at least everything that is important should already be secure. Unfortunately, security is often assumed by end users much like how honesty is assumed in conversation as described by Paul Grice. Bank accounts can be jacked through ATM exploits, ID can be fished for by perusing unsuspecting garbage, and little kids get their lunch money stolen by the bratty jerk that never gets off the swing at recess.

This blog also aims to try to answer the why behind security holes. Government security ususally has a very low tolerance for potential breaches although in later posts we will try to explore where other costs and politics limit how effective it is in practice. Commercial security often ends just a bit after where the money trail ends. Customer confidence and cost effective loss prevention form the core objectives of commercial security. When people realize that their cards can be jacked when they swipe at a gas station or that shoplifters are calculated into the budgets of supermarket chains, it begins to show the stilts that society uses to hold itself up.

Lastly, there is going to be a persistent focus on how the ever important digital realm affects this issue much like how amateur writing on the internet has affected the nature of certain classes. The popularization of computers and the internet has resulted in a burst of productivity that wasn’t around just two or three decades ago. State sized power grids can now be accessed remotely by electrical engineers at home. Government databases full of classified information can have large files moved when it would have required boxes of papers and a security escort. Even the stubborn military is getting in on the digital era with AWACs, drones, and other fancy gadgets. Just remember though that all of that is totally secure and that nothing could ever go wrong. After all, none of those have been hit yet.

Right?