Tuesday, 5 April 2016

Do you have the brains for cybersecurity?

Image result for cybersecurity fail
If the question annoys you - and it should - the BBC article ought to register a code green.

For starters, it's not remotely about cybersecurity.  For seconds, it contains sentences like this:
From ancient times to the present day, security, codes and puzzles have been intertwined, as have the people who have tried to crack those codes to read messages they were never meant to see.
and this:
This time there is no key to help decipher this short string of numbers, so it is a bit harder. However, here is a hint - once deciphered the string will reveal the name of a famous maths code that uses numbers.
A....famous...maths...code....that...uses...numbers....?  Who wrote this? (the 'code' is the Fibonacci Sequence, as the picture of the sunflower hints.)

They are all trivial apart from number six.  Obviously 6.1 one is hex-coded, but it's not simply ASCII coded as hex. Presumably some arbitrary typographical manipulation is needed to reveal the cleartext. The clue suggests that it's a quote from Alice in Wonderland.  I'd start by writing a script to look for quotes of that length in the text of the book, rather than trying to figure out the arbitrary transformation.

6.2 looks harder.  I'm guessing that you have to work around the wheel to generate a sequence of numbers which will act as some kind of key.  My guess is that you pick a starting point on the wheel and step round it clockwise or anti-clockwise to generate a number of the same length as the one below, then perform some operation with the two numbers.  The other clue is that there's a computer science theme, so I'd start with logical operations.

I'm not sure about the third one, but I'd start with Morse code.  If it isn't Morse, then the message is very densely packed.  I expect the trick is to find a route around the chess board that reveals a message in Morse.

But anyway, that's not I really wanted to write about.  The problems are either trivial on the face of it (1 through 5) or (unless I'm missing something obvious) require a lot of tedious trial and error of trivial operations (6).

This has nothing to do with cybersecurity.  It's actively harmful to the goal of cybersecurity because it suggests that an ability to solve codes and cyphers is somehow related to security practice. Here's how the BBC puts it:
In the modern day, the ability to work through a problem and decipher it is essential to anyone who works in cybersecurity, partly because a lot of what they do involves working out what is going on with less than perfect knowledge.
That's not even coherent but that's OK because it's also completely wrong.  Here's what you need to work successfully in cybersecurity:

  1. An understanding of how systems work. Technical systems, human systems, the interface between them... 3 of the 4 wifi networks I can see from here have routers that use the default password.  They all have the default security configuration, too, which is shit and would be vulnerable even if they weren't using the default password.  If you want to protect people, this is your starting point - knowing about this kind of thing - not whether you can solve arbitrary puzzles.
  2. An ability to abstract, to be creative. I wouldn't seriously try to solve the 6.x puzzles on paper because I can see the shape of the puzzles and it'd be so much easier to write code to solve them for me.  Creative people solve puzzles by looking at them in a way that makes them easier to solve.

Fuck you, Mark Ward of the BBC for insinuating that cybersecurity is scary. YOU  are part of the problem.


No comments:

Post a Comment