[Cryptography] North Korea and Sony
ji at tla.org
Wed Dec 10 12:35:43 EST 2014
On Wed, Dec 10, 2014 at 11:41 AM, ianG <iang at iang.org> wrote:
> On 10/12/2014 15:49 pm, John Ioannidis wrote:
>> On Tue, Dec 9, 2014 at 2:55 PM, <dan at geer.org <mailto:dan at geer.org>>
>> "Banks Dreading Computer Hacks Call for Cyber War Council"
>> Bloomberg, July 8, 2014
>> Are these people that clueless (which makes me even more worried about
>> the vulnerability of our financial systems), or are they trying to
>> accomplish something else?
> This is a real development. Large IT companies (I'm referring to the
> banks here, who are by majority vote are IT orgs at this stage in their
> evolution) are unable to secure themselves. This is a gathering trend.
> The number of large groups that find themselves unable to deal with the
> increasing number of serious attacks is an indication on the security
> E.g., Did we not predict this? Did we not prepare? Did we not know how
> to prepare? Was it considered an acceptable risk?
> It's probably OK to say, we got the risk wrong, now we'll just do some
> re-work, add some stuff and get back to business. That will just cost hard
> money, no hard thing for banks at least.
> But that might not be what is happening. If these orgs are demanding
> state representation, that looks awfully like going to the USG and saying
> we need NSA help. Google and others have also in the past cut deals with
> the NSA to get their help, before backing off in realisation that the NSA
> isn't exactly going to help them.
> The point here is if google can make this choice, even for a short time,
> what hope Sony?
I am not aware of any deal between Google and the NSA. Quite the contrary.
What are you referring to?
> Does the security industry actually know enough to deal with this?
> The implications of this question are pretty severe. If the security
> industry has the smarts to deal with it, then there are institutions (NSA,
> companies, etc) that can do the Sony makeover and turn the story into one
> that will sell.
> If not, then not. What does the world look like when no-one can save
> Sony? Or the banks? Or...
> ps; long term readers will know that what is being tested today is the
> hypothesis that security is a market in lemons, or the alternate, a market
> in silver bullets.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography