It is very interesting how the interaction of cookies and HTML as well as javascript and java create a programming environment which is distributed in nature. Just a cursory glance at the contents of cookies and flash indicates that major security issues exist. AFAIK there is no way to stop it if you have any persistent state information. By its very nature, the storage and retrieval of information is a computer when combined with remote computation on that data.
It is vastly more complex than even the most unusual effects like XSS and cookie "bugs". It can be modeled and analogies can be made in other fields. The intent to manipulate using this data or method is information enough for me to imply that it is improper, if not actually criminal in its action. It doesn't end there and no laws or enforcement will ever remove intent, it simply adds another player to the game that has their own hidden motives.
I analyzed the contents of a single page not long ago and was impressed with the vast increase in data collection as well as the lack of security that it implies. It is a mess, but actually it is just the beginning of a mess. It was considered a risk when originally implemented and some other technology which is analogous is more useful and it has not ever been investigated to determine if it is risk or benefit. It seems that it is always a surprise when technology is misapplied for personal or corporate gain and you would think that after a person had been bitten by the wolf that many times that they might consider that every new technology is another thing that schedules a lunch date with Little Red Riding Hood.
It is chaos and it never resolves to order after a certain complexity is achieved. I have no scientific proof of that, simply observation of process and the boundary conditions at which stable systems become measurably non determinant. It serves no one in the end, but does serve those in the middle.
I was aware that flash had become a severe security problem long ago, and at some point they may kill the goose by hanging all this bling about its neck.
Many other situations exist that have this same problem and it seems to me that this is the root cause. I am aware of something similar that would yield great profit from misapplication of something which is considered to be no risk or in fact negative risk. They have failed to consider that whatever is available will be applied outside of design intent eventually. Did Springfield and Colt really believe that all those rifles would be used for duck hunting?
It can't really be regulated as it has to be understood and named to be made into statute law. I suppose you could just ban existence and this would stop it. It reminds me of a couple five year olds. Stop it! Stop what? That. I can't stop breathing. No, what you are doing! What am I doing? Just stop that. And it will end the same way, somebody will be unconscious or run screaming with a bloody nose and it will repeat again in a couple days. The problem is that there are no parents on the planet. He started it! Really, I was just sitting here watching TV.
0 comments:
Post a Comment