Light shed on 'unbreakable' code

We need to get our collective heads around hacking.

For example, this article on CNN blew my mind:

"Laser beams which are used at the moment send billions of photons, making it easy for hackers to steal some of them and break the code, said Rabeau." (link at bottom of this rant)

Come on. There aren't hackers running around with vampire taps, stealing photons from AT&T's fiber optic links.

99.9% of all "hacking" reported in the world today is one of three things:

1) Someone working inside a company using that access to get information that they shouldn't. (Credit cards, medical access, etc)

2) Someone realizes that there's a hole in a new piece of software, and writes something to use that hole to get access to information they shouldn't. This is usually fixed very quickly by the software manufacturer. This leads us to the most common....

3) Someone uses an old hack to get access to a machine that hasn't been upgraded with enough security patches. IE, the problem has been completely solved, but your IT guys aren't very good, and you're still wide open to attack.

Seriously, that's pretty much it.

The reason this is important is that we've lost the distinction between theoretical hacking and actual hacking. When a new cryptosystem comes out and is found to have some incredibly tiny flaw that no one would ever actually spend the time to write the exploit, it's still discounted. (Not that it shouldn't be.) People spend so much time and effort making things like a "single photon datastream" that they start describing the ability to break into the physical data path of some company as "easy". It's not easy. It's actually probably never been done.

So the millions of dollars go to research (which I approve of), but almost no money goes to training your employees how to avoid being socially engineered. And many, many companies still don't keep their internet-facing machines up to date when it comes to security patches. Which ends up making all the money spent on theoretically secure data transmission completely wasted.

CNN.com - Light shed on 'unbreakable' code - May 3, 2005