OpenIDEO is an open innovation platform. Join our global community to solve big challenges for social good. Sign Up / Login or Learn more

Now you're speaking my Language (or: the false premise)

Is logic alone sufficient?

Photo of Thomas Grimer
2 3

Written by

Sketch 1 (1,500 characters)

The SQL reference in this concept was inspired by commentators on this platform (thank you Ben Banks). In true creative fashion - I have taken a different visual angle. A master skeleton key has been depicted with the SQL injection 1=1. Technically 1=1=TRUE and exploited to gain access to systems and databases. But, as this injection can be used by bad players - it is not 'true' in practical reality. Hence the word TRUE is reversed in the background to demonstrate its half truth. As a layman - this raises several questions. Can our systems/computer languages cope when faced with apparent illogical, human/hacker behavior? If systems are written on logical semantics such as 1=1, are Lexical semantics included as a fail safe? Are systems fundamentally vulnerable?

What have you learned through this sketching process? (1,000 characters)

Initially this was a simplistic visual regarding an SQL injection. But the apparent simplicity raised further questions (at least from a non technical lay person!)

Tell us more about you. (1,000 characters)

I am a product designer who loves to work on ideas of all types.

Why are you participating in this Challenge? (750 characters)

It seems a very complicated subject to understand, let alone convey - thus a challenge. Ubiquitous data and reliance on technology has big consequences which may be both positive and negative. I believe that individuals and groups need to understand the implication of digital security as it evolves and importantly to understand - not only how it can be gathered but what the value of it is to others. If you do not understand why your data is important to keep safe, then you will not defend it.

Website(s)

https://www.linkedin.com/in/thomasgrimer

What is your experience with the field of cybersecurity?

  • I have never worked in cybersecurity before but am excited to learn more and get involved.

What best describes you?

  • I’m a professional visual creator freelancer.

How did you hear about this OpenIDEO Challenge?

  • OpenIDEO email / social media

Location: City

London

Location: Country

  • United Kingdom

2 comments

Join the conversation:

Comment
Photo of Jason Kravitz

This is a great way to depict the 'skeleton key' like power of a good exploit.

You are also tapping into an important truth in that a high percentage of all web based vulnerabilities have to do with some form of improper handling of untrusted inputs. SQL Injection being something of a quintessential example, but many others involved in things like Cross Site Scripting (XSS) and other web based attacks.

One small point if you are seeking technical accuracy is in an attack like this, the additional prefix " 'OR " (single quote and word "or") is as important as the 1=1.

Photo of Thomas Grimer

Thanks for the note Jason - appreciated. As I am not technical I will err on the side of general artistic interpenetration to get the message across.