Click to Skip Ad
Closing in...

Why it’s impossible to make an NSA-proof computer

Published May 27th, 2014 11:00PM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

The past year has not been a great one for computer security. Last summer, Edward Snowden revealed how the NSA has been exploiting vulnerabilities to spy on people, Target suffered a massive security breach that exposed the credit card information for as much as a third of the American population, the Heartbleed bug was a major vulnerability found in the Internet’s most common encryption standard, and eBay just asked all 145 million of its customers to change their passwords after a security breach. But that was just the tip of the iceberg.

If you think it seems like computer security isn’t doing very well to combat the constant threat from hackers, you’re right. At least, that’s what Quinn Norton argues in a piece on his Medium blog titled Everything is Broken.

She argues that every computer and every piece of software we use is vulnerable to hackers because of terrible security flaws. The reason for all these flaws, Norton says, it that these programs are being written by developers who face immense pressure to ship software quickly. Security is simply not a top priority in this context. Even the people who focus on computer security struggle to keep track of every vulnerability.

How bad is it? Every time you are asked to update your software and the release notes say that security bugs have been fixed, Norton says that those bugs may have been there for years unnoticed, leaving systems susceptible to attacks.

Norton cites a couple of scary examples to show just how broken everything is. One of her friends was able to accidentally take control of more than 50,000 computers in four hours after finding a security vulnerability. Another one of her colleagues accidentally shut down a factory for a day after sending a “malformed ping.”

Definitely check out the Norton’s full piece, which is linked in the source section below.