Craig Timberg: Linus Torvalds' broader message was this: Security of any system can never be perfect. So it always must be weighed against other priorities -- such as speed, flexibility and ease of use -- in a series of inherently nuanced trade-offs. At a time when leading computer scientists are debating whether the Internet is so broken that it needs to be replaced, the network is expanding faster than ever, layering flaw upon flaw in an ever-expanding web of insecurity. Torvalds has often said -- and reiterated after the meeting in Seoul -- that he is open to new kernel defenses if the cost in performance is reasonable. But debate remains about what qualifies as "reasonable."
Economist: The average time between an attacker breaching a network and its owner noticing the intrusion is 205 days. Many companies do not have a proper understanding of the threat they face. Eventually, they will become choosier and thriftier. But for now, cyber-security companies of all kinds can feast on misfortune.
Dan Goodin: Almost as soon as one hole is closed, hackers find a new one. Over the weekend, a researcher demonstrated two unpatched weaknesses that Web masters can exploit to track millions of people who visit their sites. Taken together, the attacks allow websites to compile a list of previously visited domains, even when users have flushed their browsing history, and to tag visitors with a tracking cookie that will persist even after users have deleted all normal cookies. Ironically, the techniques abuse relatively new security features that are already built into Google Chrome and Mozilla Firefox and that may make their way into other mainstream browsers in the future.
|