I just read a great summary by Robin Good of the mire internet security seems to be in. He followed this up with a discussion on the lack of security infastructure and how a PKI could help. I am relativley new to the field of internet security so many of these problems are just something that has to be dealt with. It has gotten to the point where the security onion¹ barley fits in my cupboard. We need some serious researchinto protocols of the future. I imagine a sort of world where you identify yourself and then everything that occurs is authenticated maybe even to the point of CPU cycles (an extreme), but this would require some form of comman infastructure for us to auth to. Some massive thought and research is needed². I hope my supervisor is reading this.

Good quotation:
'It seems that everyone is so completely numbed by Microsoft smooth and systematic release of security patches, that the new mantra for feeling OK when it comes to Internet security is simply: "SP2 and automatic updates, with a sprinkle of good anti-virus, anti-spyware and a slice of anti-malware software tools is all (!) you need to keep Internet threats at bay".'

¹An idealised defense strategy using layered defense in depth, where each layer corresponds to a layer on the onion.

²Two of my fellow researchers are working towards this goal. Russell Cloran is looking into trust issues on the semantic web, while Yusuf Motara, is looking at in-kernel, cryptographic verification of binaries. We need more of this kind of work.