On Tue, Feb 8, 2011 at 3:01 PM, Will Drewry <[email protected]> wrote:
> On Tue, Feb 8, 2011 at 1:48 PM, Chris McQuistion
> <[email protected]> wrote:
>> While I agree with your assessment, you have to consider that a serious
>> cyber attack could (and probably would) include multiple vectors and have
>> multiple delivery mechanisms.  We can't just blame the guy with a 10 year
>> old Windows XP machine with no firewall.
>> One thing Stuxnet taught us is that machines that AREN'T connected to the
>> Internet can be successfully attacked by using spearphishing and different
>> delivery mechanisms.  Stuxnet is considered by some to not even be very
>> advanced.  God help us if we get something really advanced created and aimed
>> at us!
>
> It also shows that the consumer (and industrial .. thanks stuxnet)
> computing world right now has a big, soft underbelly.  There's no
> evidence to say that more computers that do industrial control, that
> are home desktops, that are DoD owned, etc aren't infected with more
> targeted malware.  Nor it there any way to prove that there haven't
> been manufacturing line code injection into firmware or hosting
> compromises for widely used software.
>
> The more you think about security and privacy with computing, the
> sadder it'll probably make you.  There's certainly nothing our
> government is going to be able to do in the short term to magically
> change this. :/  At least with the extra interest in security these
> days, maybe we'll see some improvement driven by consumers ... right?
> ;)

I've had similar thoughts for years.  I finally came to the conclusion
that you have to trust that other people will find and alert proper
people, and that other coders have at least thought about security and
how their code could be attacked and taken appropriate steps.

Dell (and other companies) computers are largely if not entirely
manufactured in China these days.  I've long wondered what would
prevent the Chinese government from altering BIOS or other components'
code to put a back door, kill switch, worm, etc. in most computers in
the world.  Most PCs are connected to the internet these days, so it
wouldn't take much to activate and coordinate an targeted attack.

I finally figured out you have to trust that others have written their
code in the most secure way they know, and haven't hidden anything
unexpected.

Paul Boniol

-- 
You received this message because you are subscribed to the Google Groups 
"NLUG" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/nlug-talk?hl=en

Reply via email to