On Feb 8, 4:40 pm, Paul Boniol <paul.bon...@gmail.com> wrote: > On Tue, Feb 8, 2011 at 3:01 PM, Will Drewry <w...@gmail.com> wrote: > > On Tue, Feb 8, 2011 at 1:48 PM, Chris McQuistion > > <cmcquist...@watkins.edu> wrote: > >> While I agree with your assessment, you have to consider that a serious > >> cyber attack could (and probably would) include multiple vectors and have > >> multiple delivery mechanisms. We can't just blame the guy with a 10 year > >> old Windows XP machine with no firewall. > >> One thing Stuxnet taught us is that machines that AREN'T connected to the > >> Internet can be successfully attacked by using spearphishing and different > >> delivery mechanisms. Stuxnet is considered by some to not even be very > >> advanced. God help us if we get something really advanced created and > >> aimed > >> at us! > > > It also shows that the consumer (and industrial .. thanks stuxnet) > > computing world right now has a big, soft underbelly. There's no > > evidence to say that more computers that do industrial control, that > > are home desktops, that are DoD owned, etc aren't infected with more > > targeted malware. Nor it there any way to prove that there haven't > > been manufacturing line code injection into firmware or hosting > > compromises for widely used software. > > > The more you think about security and privacy with computing, the > > sadder it'll probably make you. There's certainly nothing our > > government is going to be able to do in the short term to magically > > change this. :/ At least with the extra interest in security these > > days, maybe we'll see some improvement driven by consumers ... right? > > ;) > > I've had similar thoughts for years. I finally came to the conclusion > that you have to trust that other people will find and alert proper > people, and that other coders have at least thought about security and > how their code could be attacked and taken appropriate steps. > > Dell (and other companies) computers are largely if not entirely > manufactured in China these days. I've long wondered what would > prevent the Chinese government from altering BIOS or other components' > code to put a back door, kill switch, worm, etc. in most computers in > the world. Most PCs are connected to the internet these days, so it > wouldn't take much to activate and coordinate an targeted attack. > > I finally figured out you have to trust that others have written their > code in the most secure way they know, and haven't hidden anything > unexpected. > > Paul Boniol
Sadly as long as the majority fears education and prefers convenience over security, there will be little need for anything advanced. I assume eventually we will have to admit that FOSS is really only for those who values learning, which sad to say, a growing number seem to dislike. Which I mean that FOSS will always be in the background, and it the common practices of FOSS will also be in the background as Norton tries to scare everyone into buying it's next virus called, ironically, Norton "Security Suite" . That being said, I would support an internet kill switch if and only if, we were able to build a new internet AROUND it, I do believe it has been suggested as of late to fork the internet (see below). We could then make two "zones" if you will, one for general services and another that keeps everything separate from the Internet, but I admit the call for forking was over net neutrality, and I don't see why we need ISPs in the first place, but I digress. Yes, most PCs are connected to the Internet, and that trend will only continue, should the US enforce a type of "Kill Switch," I would imagine it would only serve to annoy all the "twitterers" and Facebook addicts, plus by the time the government would build and get it set up, the planets will align *twice* and the kill switch will make the President (at the time) cookies while leveling up his farm for him or her on farmville. Also, stuxnet also got to computers that were not connected to the Internet. So perhaps the Kill Switch won't be as effective since we use this model of, "look secure but don't BE secure" will be more of what the kill switch will do, much like our *favorite* Government department, the DMS. -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
