[Cryptography] North Korea and Sony
Ray Dillinger
bear at sonic.net
Tue Dec 9 22:41:50 EST 2014
On 12/09/2014 11:55 AM, dan at geer.org wrote:
> "Banks Dreading Computer Hacks Call for Cyber War Council"
> The document sketches an unusually frank and pessimistic view by
> the industry of its readiness for attacks wielded by nation-states
> or terrorist groups that aim to "destroy data and machines." It
> says the concerns are "compounded by the dependence of financial
> institutions on the electric grid," which is also vulnerable to
> physical and cyber attack.
The hell of this is effective security doesn't have to be anywhere
near this hard. We are fighting things that shouldn't even be on
the field in the first place because they were bad ideas from the
beginning. Everybody who understood them already knew what
vulnerabilities were implicit in their operation, and JUST DIDN'T
GIVE A DAMN because OOH, NEW FEATURE, NEAT!!
I guarantee that if software and hardware manufacturers could be
and routinely were successfully prosecuted for insecure products,
we would see within two years a generation of *DRASTICALLY* more
secure systems. They would have reduced feature sets, but if
insecurity became a real expense for the people producing it,
the marginal additional revenue from increased feature sets would
be offset.
We shouldn't have to work out how to PREVENT mail clients from
opening executable attachments; we should be establishing legal
frameworks for recovering the entirely forseeable losses from
the criminally negligent entities who make mail clients which
CAN!
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141209/a600f4ee/attachment.sig>
More information about the cryptography
mailing list