Hacker News new | ask | show | jobs
by sillysaurus3 3285 days ago
Not sure why this is downvoted. The main reason systems aren't secure is lack of simplicity.

To put it another way, pentesting is almost always the art of exploiting complexity. It's true that you can have a system that's both simple and broken, but that's the exception.
3 comments
dpwm 3285 days ago
Some of the most effective security measures actually increase complexity.

Two-factor authentication increases complexity in every measurable way but mitigates against a number of softer attacks.

Adding encryption adds a ton of complexity but effectively removes all man-in-the-middle attacks.

The simplest way of storing passwords is in plaintext.

Privelege separation is far from the simplest way of structuring a daemon, but it effectively prevents exploits in the complex parts from allowing an attacker to gain remote root access.

Perhaps it is more that superfluous complexity is the problem.

link
sillysaurus3 3285 days ago
I think we're talking past each other. Complexity probably refers to anything beyond essential complexity. In the systems you mention, they all lack complexity by that definition.
link
wdewind 3285 days ago
> The main reason systems aren't secure is lack of simplicity.

I don't think it's that simple.

There are two ways you can look at simplicity:

1. The lack of needless complexity, which is just another way of saying something is well built

2. Smaller modular components that do less and have clearer interfaces, ie: the unix way.

If you mean the 1st, then sure, the main reason systems aren't secure is lack of being well built.

But if you mean the second, all you're really doing is taking security concerns and spreading them out over more components. This makes them easier to reason about, but also means more entities need to reason about them. Like all things in engineering there are only trade offs, no pure wins.

link
sillysaurus3 3285 days ago
To an extent. But a simpler interface is also easier to pentest. That means a pentest is more likely to catch a problem.

Pentests can't catch everything, so a simple system costs less to secure.

link
anigbrowl 3285 days ago
That's what I was thinking. It seems like fundamental infrastructure should be boring but bulletproof, like mission-critical software in military or surgical applications.

The downvotes are just my regular stalkers.

link