[Cryptography] North Korea and Sony
iang at iang.org
Wed Dec 10 11:41:25 EST 2014
On 10/12/2014 15:49 pm, John Ioannidis wrote:
> On Tue, Dec 9, 2014 at 2:55 PM, <dan at geer.org <mailto:dan at geer.org>> wrote:
> "Banks Dreading Computer Hacks Call for Cyber War Council"
> Bloomberg, July 8, 2014
> Are these people that clueless (which makes me even more worried about
> the vulnerability of our financial systems), or are they trying to
> accomplish something else?
This is a real development. Large IT companies (I'm referring to the
banks here, who are by majority vote are IT orgs at this stage in their
evolution) are unable to secure themselves. This is a gathering trend.
The number of large groups that find themselves unable to deal with the
increasing number of serious attacks is an indication on the security
E.g., Did we not predict this? Did we not prepare? Did we not know how
to prepare? Was it considered an acceptable risk?
It's probably OK to say, we got the risk wrong, now we'll just do some
re-work, add some stuff and get back to business. That will just cost
hard money, no hard thing for banks at least.
But that might not be what is happening. If these orgs are demanding
state representation, that looks awfully like going to the USG and
saying we need NSA help. Google and others have also in the past cut
deals with the NSA to get their help, before backing off in realisation
that the NSA isn't exactly going to help them.
The point here is if google can make this choice, even for a short time,
what hope Sony?
Does the security industry actually know enough to deal with this?
The implications of this question are pretty severe. If the security
industry has the smarts to deal with it, then there are institutions
(NSA, companies, etc) that can do the Sony makeover and turn the story
into one that will sell.
If not, then not. What does the world look like when no-one can save
Sony? Or the banks? Or...
ps; long term readers will know that what is being tested today is the
hypothesis that security is a market in lemons, or the alternate, a
market in silver bullets.
More information about the cryptography