Exploit tools are the new point and shoot video games. If my grandma were alive, she could probably figure out how to install a Firefox plug-in and pwn all her nursing home friends on Facebook. Unfortunately, you can¹t say it’s getting easier to protect yourself on the Internet. If anything, it’s getting much harder.
Firesheep is a great example of how wide this divide has become. It’s just the newest entry in a category we used to call script kiddie exploits. Firesheep is a new Firefox plug-in that lets a user gain access to other user accounts, see pages they shouldn¹t access and in many cases, post as
the account owner. Attacks like Firesheep are so easy to use that any kid can execute them. You don’t even need to know how to run a script or open a shell prompt. We should probably rename the whole category “one-click kiddies”.
When was the last time you read an article or saw a tweet boasting about a single click that can protect your online privacy? Never, right? Maybe the one-click fix is too much to ask. How about the 10-click protection system? The truth is that protecting your privacy and security just isn’t as
interesting or as easy or as fun as spying.
I think it’s human nature to find joy in something a little naughty as opposed to more difficult tasks that don’t offer immediate rewards. Choosing the apple instead of the cookie takes thought, self-awareness and a long-term view of the benefits. Eating the cookie is easy, one quick second
of compulsion and you get immediate gratification.
The same principle is at work with information security. Wouldn’t you rather spy on your neighbor’s Gmail instead of telling him how to fix his wireless? Of course you would, at least for a few minutes. And you might even find so much joy in the voyeurism that you tell your buddies all about it the next time you all sit down for a beer. On the other hand, I helped my mother-in-law install about a gigabyte of Mac updates this weekend, but that’s so boring I’ll never be able to brag about it.
The reality is that it’s so much easier now for anyone to breach your privacy and getting increasingly difficult, time-consuming and boring to protect it. Unfortunately, if you don’t pay attention to your online privacy the neighbor kids will post all your private files to 4chan and you’ll be left wondering how it all happened.
Andrew Storms is director of security operations at nCircle.