Posted on 2017-07-18 by: Axel Kloth
I received a decent number of comments and requests to my most recent post on the crypto malware. One thing is certain: there is no 100% security, and there is no guarantee for anything. That simply does not exist. As a result, we should all try to make secure communication as simple as possible.
That means that the hardware should support crypto algorithms, the firmware and software should be able to make use of these features through the use of APIs, and then all security should ideally have a no-nonsense setup and use policy. If security software needs a complex setup, it won’t be used by people who are non-technical – and they are most vulnerable to be attacked in the first place. Therefore, security should be the default setup without any need to configure it beyond what is needed to set up email or Skype, or any other means of communication. That is unfortunately not yet the case.
However, there are also other factors at play. Social engineering and creating the feeling of fear as well as outright threatening users seems to work well enough for the cyber criminals that they keep doing it. Technology can only solve the implementation problems; it is beyond technology to solve the social engineering issues unless there are no more keys and passwords, and the authentication is automatic.