Copyright © 2009 What The Hell? Security
Convenient to the point I make here, the terms Moore’s Law and Hypertext were both coined in 1965.
Since then, if I’m counting correctly on fingers and toes, CPUs should have improved by roughly a factor of (2 **(((2009 - 1965)*12)/18)) = 676,414,963. The actual number doesn’t matter because I’m using it as a point of reference.
Also since then, hypertext has improved by roughly a factor of 0 (zero). Which is perfectly fine when you consider that hypertext was designed to link relevant tidbits of information. It does that, in spades. With quarter of a billion active sites, if it didn’t, we’d know it.
It follows that hypertext security has improved by zero, meaning it remains at zero. Which is perfectly fine when you consider that security was as far out of scope as was changing kitty’s litter box.
Not all Web security hinges on hypertext. Classification-wise, very little does. But there’s no denying that some does, and dollar-wise, it’s very expensive.
The stuff that hinges is, well, the hypertext-y stuff. Links. Forms. Clicks (a term let’s agree right now encompasses all flavors of actuation). Ever get phished or pick up a case of drive-by malware without clicking on a link or a submit button? Didn’t think so. (Domain name typos don’t count.)
It’s the clicks, stupid. You know I’m right. If phishing and drive-by malware aren’t problems rooted in hypertext then I don’t know what are. But we don’t treat them like hypertext problems. We treat them like email problems, like advertising problems, like search problems. What the hell?
So what does this have to do with Moore’s Law? Not much, other than it makes me wonder if we’ll cross the “times a billion” CPU performance mark before we figure out we need to add some security to links and forms. Not all mind you, just the ones that count.
Filed under: fraud, malware, phishing, security, security soapbox
