[Cryptography] Threatwatch: CIN - Corruptor-Injector Network

[Jerry Leichter]

> ...I think we've hit and passed the peak of complexity that is tractable for security.
Definitely - but why limit this to "security"?  Our ability to *correctly* build *working*, large computerized systems hasn't kept up with our desire for them.  Security is an area where this happens to stand out, for a number of reasons - but it's an endemic problem, it's been around for years, and it's not clear how to do better.

> We know that attacks and breaches have been rising rapidly in the last 5 years or so;  complexity has been rising since the web was invented. Have we created a situation where only very large players can muster the ability to defend themselves, large attackers can do what they want, and the rest are sheep for slaughter?
What makes you think even the large players can defend themselves?

Complexity - it's not alone - has led to a situation where the attack/defend tradeoff is is all on the attacker's side.  This probably won't last - it never has - though one has to be careful about the lessons of history:  Network and system architectures may prove more pervasive and thus much harder to change than things like military strategy.
                                                        -- Jerry