Press "Enter" to skip to content

Should Everything in the World Be Facing the Internet?

From its inception, we knew the Internet to be an unsafe place. Before the first server was cracked by an online hacker, we knew that was bound to happen sooner or later. We knew because people were already breaking into computers, even without the Internet offering 24/7 cracker/hacker convenience.

Back in the early 90s, when I was living in the college town of Chapel Hill, I shelled-out five bucks or so at the local Egghead Software store for a shrink wrapped floppy disk loaded with “shareware” utilities for MS-DOS. Twenty years have passed, so I don’t remember what tool I needed, but I’d gone there specifically looking for something or another and had been directed to that particular product by a clerk at the store. Once I got home, I stuck the disk into the drive, looked over its contents and installed a couple of the apps.

securityThat was the end of it, or so I thought.

Several months later a biology major friend of mine with no computer skills — yes, in those days it was possible to earn an undergraduate science degree without knowing how to use a computer — dropped by to use my computer, a 486 with a whopping 4 megs of RAM. She was set to graduate soon and needed to use my machine to prepare a resume. I opened WordPerfect and set her loose to type away, answering any questions she had as she worked — such as how to remove a formatting code or preview how the document would look when printed.

An hour or so later, when she finished, I saved her work to a new blank floppy and sent her to see our mutual friend, Tony, to print it, as all I had was an old, noisy and beat-up Epson dot matrix printer and he had a fancy daisy wheel job. Two days later, she was back at my door, mad as hell.

“Tony told me to tell you that you have a virus,” she said. “That was so embarrassing.”

Many southern women would rather be burned alive than suffer embarrassment.

She’d gotten her resume printed all right, after Tony removed a virus from her disk when his purloined-from-work copy of Norton Antivirus raised an alarm as he inserted the floppy into his machine. I consoled her, apologized, explained that catching a computer bug wasn’t a big deal, and sent her on her way back to her boyfriend Keith, who was a coworker of mine.

A few days later, Tony dropped by with his copy of Norton and we disinfected my machine. The infection, of course, had come from the software I’d purchased at Egghead.

That wasn’t the only time I was infected sans Internet.

Several years later I was working for a newspaper located about an hour’s drive away. Since I was still using a computer with no modem — that same 486 — and still wasn’t connected to the web at home, I’d write my story, save it to a floppy and send it to the paper through a Hotmail account I accessed at the local library.

Surprise! Surprise! The library sent a virus home with me.

By that time I had Norton AV installed, but it had missed the malicious payload. Because I had no way of going online, I also had no way of keeping the virus definitions up-to-date. Oh well. Luckily, in those days viruses hardly ever did much harm and were mainly a way for teenage nerds to get some street cred.

These two instances illustrate the fact that security was an issue even back in the day when computers were mostly stand alone and not facing a public network. So it came as no surprise to anyone when security became a prime issue in the online world.

That hasn’t stopped us from having absolutely everything, no matter how valuable or sensitive, facing the Internet. Our military puts sensitive and secret documents on servers facing the web. Nuclear power plants can be controled online. Everything from the eletrical grid to oil pipelines are now monitored and controlled through online interfaces. Everything a bank does on a computer, which is everything a bank does, is stored either on a public facing server, or on a machine with a gateway to a web server, which is the same thing. As I wrote on FOSS Force nearly a year and a half ago, the Internet has become a giant basket into which we’ve placed all of our eggs. All of our finances, all of our country’s defense, all of our infrastructure is facing the web, while our white hat security guys play a losing game of whack-a-mole trying to keep this data safe.

It’s not purdent to have every scrap of data ever collected facing the Internet. I’ve been saying this for over a decide, but finding hardly anyone who agrees with me.

Lighting Fast KVM Cloud based on SSD!

On Monday, I was pleased to see that Robert X. Cringely shares my thoughts. In an article well worth reading on Forbes, he writes: “Here’s the simple truth: it makes no sense, none, nada, for a bank to send financial transactions over the public Internet. It makes no sense for a bank or any other company to build gateways between their private networks and the public Internet. If a company PC connects to both the corporate network and the Internet, then the corporate network is vulnerable.”

No kidding.

Again, retailers are being hit for billions of dollars, almost daily it seems; our military defenses are being constantly prodded and breached by foreign governments; and our infrastructure is a sitting duck waiting to be exploited. It’s time we realize that not everything needs to be online.

3 Comments

  1. tracyanne tracyanne October 9, 2014

    A whisper in a Hurricane. But true never the less.

    Too many people/Companies have too many vested interests in getting everyone to put everything on line.

  2. Richard Richard October 9, 2014

    A business newsbite on the BBC a couple of days ago said it all. Samsung, loosing sales of smart phones/tablets to cheaper Chinese manufacturers, is investing a large amount of money in a new chip fabrication plant. To paraphrase the comment, Samsung will make chips for the Internet of Everything. (IoE.)
    Said ‘Internet of Everything’ is already here. In its infancy and still in nappies, but here, and here to stay. The only thing that could stop it is a lack of food. (Electricity)

  3. Duncan Duncan October 9, 2014

    It’s a calculated balance of risks. That stuff’s on the public internet because using the public internet (hopefully via a VPN tunnel) and insuring for the calculated risk of crack and loss is less expensive than running the same connections over a dedicated private network. When laying dedicated lines can be a million a mile…

    And even using a private network isn’t much of a guarantee since portions of most of them, including the telco networks, are now run over the internet, and what’s not over the internet now, likely will be in another couple decades if even that long. Certainly my own phone is already VoIP and has been for years. ($30/year or four years for $100, entire US as local, no additional fees unless I dial international, compared to about that much a month for a legacy line, single-city-local-only, but I gotta have a net connection to run it over. But since I already have one…)

    Duncan

Comments are closed.

Latest Articles