The Curse of the Internet

The Internet simply ended up having to swallow far more than it was designed to handle. The dot-com boom paved the way for it becoming essential and inseparable to our livelihoods.<p>Michal Zalewski&#x27;s <i>The Tangled Web</i> is an excellent technical book on how the technologies that power the web are interconnected, and how they&#x27;re all a vulnerable mess of hacks. On the surface, it looks like everything is running smoothly, but on the inside, everything we&#x27;ve architected is subpar for our current needs. It&#x27;s amazing that the web is hanging by its nooks and crannies, but the constant series of gaffes that is infosec and most people&#x27;s refusal to accept it, speaks for itself.<p>Who knew that one day, a handful of nerds and social outcasts would end up maintaining core infrastructure that the entire Western economy depends on so dearly?<p>Of course, people have realized this and have been hard at work building new protocols, abstractions and mechanisms on top of current cruft. It&#x27;s still a mad, mad, mad, mad ecosystem out there, though.<p>The author&#x27;s sentiments go completely off rails by the end of this, however. It&#x27;s almost eery. What is there to possibly trust?

It&#x27;s alarming to me just how many supposedly &quot;secure&quot; websites follow such awful practices, such as:<p>- Using HTTPS only for the login or purchase page, and sending the user to plain-old HTTP for everything else<p>- And to make the above even worse, storing passwords in plain text in a cookie<p>- Disallowing certain characters in passwords, or forcing passwords to be under a certain length<p>- Allowing people to reset passwords from the browser with just one answer to a security question, i.e. not even sending a confirmation email<p>- Not supporting any form of two-factor authentication<p>The question I keep asking myself lately is, is there a better method to authentication than just plain ole&#x27; passwords? There are other systems that we&#x27;re starting to see now being used more often in consumer devices, such as RFID and fingerprint&#x2F;face scanners, but those have some obvious weaknesses as well.

Ultimately, we&#x27;ll probably have to adjust our culture to the fact that the combination of technology and capitalism sooner or later leads to the end of privacy. It&#x27;s going to be a long, difficult and certainly painful path and there will be victims. But if the current trend continues, there will be a time where everybody will be able to know almost anything about anybody, anytime.<p>Edit: And if we really have a problem with this, we better start our engines.