On a Highway to …
Welcome
The Internet is a vast and beautiful thing – our ancestors would be amazed. I probably wouldn't have my job without the Internet, and if you work with Linux, the chances are your job, either directly or indirectly, depends on the Internet as well.
Dear Reader,
The Internet is a vast and beautiful thing – our ancestors would be amazed. I probably wouldn't have my job without the Internet, and if you work with Linux, the chances are your job, either directly or indirectly, depends on the Internet as well.
People in high tech like to talk about the Internet in glowing and heroic terms. The popular view is that the Internet is not just an information highway but is actually a highway on which we are all journeying to the future.
Part of the story is that the Internet is "good business," but the recent Equifax debacle illustrates how difficult it is to determine how much the Internet actually costs. A hack on the massive consumer credit reporting company comprised 143 million identities. The problem, according to several sources, was that the company failed to install routine security updates for the Apache Struts web application framework. A vulnerability in the platform was fixed back in March, but reports indicate that Equifax didn't get around to installing the update and therefore fell prey to the attack.
So now is the time when we all collectively say "What a bunch of slackers." Everybody knows you're supposed to keep current on security patches, and on Internet-facing servers, keeping up to date is an extremely critical and solemn responsibility. Internally, the company probably has its own "What a bunch of slackers" dialog going on. Some people have probably already been fired – or they will be soon.
Firing a few Equifax employees certainly seems appropriate, but it is a little too easy. We humans have a way of focusing blame on other humans, rather than on systems. When something goes wrong, we assign the blame to a person, and then when we punish that person, we all get the feeling that we're acting decisively to address the issue. Deeper down, though, the questions are a little more complicated – and thus more scary. For instance:
- Why was this vulnerability present in the first place and how did it go undetected until March of this year?
- What other vulnerabilities are still out there now that could be the cause of future events as bad as or worse than the Equifax debacle?
I don't really know the solution to the insecurity problems that face the Internet. In fact, I'm not sure I really believe an obvious solution actually exists – certainly not something that could happen within the next 5 to 10 years – but I think we would be in a better place if we would start understanding the real cost of operating the Internet and investing resources to address that cost.
The rosy picture we paint about Internet efficiency and convenience creates an imaginary world where a company can hide, making business decisions based on the illusion of security rather than on gritting out the labor-intensive reality of life in a jungle.
At Apache Struts, more code reviews, more testers, and bigger bounties would have helped find vulnerabilities sooner, but who is going to pay for it? Equifax probably could have used more training and a bigger, more qualified web admin staff, but who's going to pay for it? The way a company pays for overhead is to pass the costs back to the consumer, so they would have to raise their prices and would then lose business to competitors who are willing to live dangerously and do without enhanced security measures. (Pricing on the Internet is always a race to the bottom.)
Could the government step in and mandate security inspections or timely security patching for all companies, so failure to comply wouldn't just get you fired but would get you a fine or a jail term? Certainly not the US government, which is obsessed with reducing the regulatory burden on businesses to let them be "more efficient." The system encourages businesses to stay lean and unsafe, and the cost and inconvenience of all-too-frequent failures are passed to intrusion victims.
The effects of hidden costs are weird and difficult to trace; they are off the balance sheets used by traditional accounting, but they always show up somewhere. One of the possible effects of the Equifax intrusion, which compromised names and social security numbers, is that someone could theoretically hijack your income tax return. The remedy suggested by several experts is to file your taxes early. In other words, because you do business with a company that does business with a company that underfunded its security needs, instead of filing your taxes in April (which is your right under US law), you now have to file them in January or else someone you never met will steal your tax refund.
Isn't the Internet a marvelous thing?
Joe Casad, Editor in Chief
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.